From: Eric Marsden <eric.marsden@risk-engineering.org>
To: emacs-devel@gnu.org
Cc: rms@gnu.org
Subject: Re: ALPN support for GnuTLS connections
Date: Thu, 31 Oct 2024 14:31:22 +0100 [thread overview]
Message-ID: <de75cfcc-e5dd-40ed-a499-bca48093c88f@risk-engineering.org> (raw)
In-Reply-To: <E1t37bA-0002Ei-Pi@fencepost.gnu.org>
On 22/10/2024 07:38, Richard Stallman wrote:
> > For a service provider who makes it possible to access PostgreSQL
> > over the internet, there are many benefits to the new ALPN-based mechanism, such
> > as allowing the use of commercial “TLS gateways” (that do no application-level
> > processing) as entrypoints to their network. I expect that over time, an
> > increasing proportion of internet services will require ALPN.
>
> What is a TLS gateway, and what would a usage scenario look like?
> Who would choose to use one -- would it be the server, or the client?
>
> In particular, if you are running your own server and you could set up
> whatever network access methods you like, why would someone use a
> "gateway" to talk with your server? And presuming a decision to do
> that, why would someone want to use a "commercial" one?
(This is a little tangential to the relevance of ALPN to Emacs when operating as a
TLS client; the main argument in favour in my view is the RFC “shall implement”
requirement for ALPN that I mentioned previously, and the fact that some application
protocols require ALPN. I will try to answer your question as best I can, but I’m not
an expert on this topic.)
TLS gateways are more often called application gateways: a type of server used by
service providers to dispatch requests originating from the outside network to a
suitable backend server. They implement functionality such as load balancing and
request filtering, and they often terminate TLS connections (this offloads expensive
cryptographic processing from the backend servers, and centralizes the management of
TLS certificates and access control rules). They are used by organizations that run
large numbers of servers, as well as by small service providers who use “cloud"”
computing, where some types of services and features are implemented by application
gateways.
My reason for mentioning this concerning Emacs’ ALPN support is that when Emacs
establishes network connections as a client, the other end will often be a
TLS-terminating application gateway. These gateways will, I believe, expand their use
of ALPN in the future.
Eric
prev parent reply other threads:[~2024-10-31 13:31 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-29 8:23 ALPN support for GnuTLS connections Eric Marsden
2024-09-30 9:21 ` Robert Pluim
2024-09-30 10:21 ` Eric Marsden
2024-09-30 13:13 ` Robert Pluim
2024-09-30 17:26 ` Eric Marsden
2024-10-07 8:22 ` Robert Pluim
2024-10-10 13:54 ` Robert Pluim
2024-10-10 16:23 ` Eli Zaretskii
2024-10-11 7:32 ` Robert Pluim
2024-10-12 9:30 ` Eric Marsden
2024-10-14 9:22 ` Robert Pluim
2024-10-15 7:06 ` Eric Marsden
2024-10-18 12:37 ` Robert Pluim
2024-10-15 3:02 ` Richard Stallman
2024-10-15 7:33 ` Eric Marsden
2024-10-22 5:38 ` Richard Stallman
2024-10-31 13:31 ` Eric Marsden [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=de75cfcc-e5dd-40ed-a499-bca48093c88f@risk-engineering.org \
--to=eric.marsden@risk-engineering.org \
--cc=emacs-devel@gnu.org \
--cc=rms@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).