As part of the HTTP/2.0 effort, the industry is collaborating to reinforce Internet communication security in the IETF Transport Layer Security Working Group (TLS WG). Two security experts from Cisco and Microsoft Corp. have submitted ALPN-01 (Application Layer Protocol Negotiation), a safer and simpler application protocol negotiation approach, backed up by a new HTML5 Labs HTTP/2.0 prototype by Microsoft Open Technologies, Inc., incorporating an initial implementation of ALPN-01.
Stephan Friedl (Cisco) and Andrei Popov (Microsoft Corp.) co-authored the ALPN-01 Internet draft that is under discussion among the TLS WG mailing lists. This is in response to discussions at the IETF 85 meeting in Atlanta where the IETF TLS WG received a request from the HTTPBIS Working Group for “a mechanism that allows clients and servers to negotiate the particular application protocol to use once the session is established." Currently, there are two proposals:
The new ALPN-01 (Application Layer Protocol Negotiation) Internet draft proposes a protocol negotiation in accordance with established TLS architecture with the following benefits:
Thanks to these benefits, and because of its stricter adherence to established TLS design principles, ALPN represents the best choice to address the requirements articulated by the HTTBIS working group for HTTP/2.0 protocol negotiation.
Our HTML5 Labs prototype is the first implementation that is based on the ALPN-01 Internet draft. It is an evolution of earlier prototypes that couples a modified command-line C# client with a basic HTTP/2.0 server. We plan to further develop it in the coming weeks, and we look forward to your feedback both on the TLS WG mailing list and through Html5 Labs. We will gladly apply changes to the draft as well whenever applicable.
Go ahead and download the MS Open Tech HTTP/2.0 prototype using ALPN from HTML5 Labs! And please share your thoughts on this post below.