Re: [CHANNEL-BINDING] [TLS] [sasl] Updates to draft-altman-tls-channel-bindings, take two (PLEASE REVIEW)

Simon Josefsson <simon@josefsson.org> Tue, 23 March 2010 20:55 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: channel-binding@core3.amsl.com
Delivered-To: channel-binding@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA2413A6B0C; Tue, 23 Mar 2010 13:55:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.39
X-Spam-Level:
X-Spam-Status: No, score=0.39 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eT+VoNuqaV-P; Tue, 23 Mar 2010 13:55:59 -0700 (PDT)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id 6F7BA3A6C17; Tue, 23 Mar 2010 13:55:58 -0700 (PDT)
Received: from mocca (c80-216-24-99.bredband.comhem.se [80.216.24.99]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o2NKuCKI028492 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 23 Mar 2010 21:56:14 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Larry Zhu <larry.zhu@microsoft.com>
References: <20100317231522.GA18167@Sun.COM> <20100322232150.GB21244@Sun.COM> <20100323065301.GE21244@Sun.COM> <20100323190629.GR21244@Sun.COM> <4B17DE30119FF1429798D9F5D94BDE8C0EB563F1@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com> <20100323195956.GY21244@Sun.COM> <4B17DE30119FF1429798D9F5D94BDE8C0EB5667A@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:100323:pasi.eronen@nokia.com::EaU0EPSz3yMhigJE:+jD
X-Hashcash: 1:22:100323:larry.zhu@microsoft.com::ZVEV0fDXcLOtZ+4N:2IYZ
X-Hashcash: 1:22:100323:tls@ietf.org::xOK62HCsm5pLnEHP:GG2F
X-Hashcash: 1:22:100323:nicolas.williams@sun.com::1KZ6TEccych/TX3R:6XgO
X-Hashcash: 1:22:100323:sasl@ietf.org::kED2xVqIGkWKv1+4:a1Xs
X-Hashcash: 1:22:100323:mark.novak@microsoft.com::kbhf9pHtuotuvtBb:Ng3l
X-Hashcash: 1:22:100323:channel-binding@ietf.org::IVuOqot0C31Y2lCT:tDDF
Date: Tue, 23 Mar 2010 21:56:12 +0100
In-Reply-To: <4B17DE30119FF1429798D9F5D94BDE8C0EB5667A@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com> (Larry Zhu's message of "Tue, 23 Mar 2010 20:48:41 +0000")
Message-ID: <87r5napxjn.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: clamav-milter 0.95.3 at yxa-v
X-Virus-Status: Clean
Cc: Mark Novak <Mark.Novak@microsoft.com>, "channel-binding@ietf.org" <channel-binding@ietf.org>, Nicolas Williams <Nicolas.Williams@sun.com>, Pasi Eronen <pasi.eronen@nokia.com>, "tls@ietf.org" <tls@ietf.org>, "sasl@ietf.org" <sasl@ietf.org>
Subject: Re: [CHANNEL-BINDING] [TLS] [sasl] Updates to draft-altman-tls-channel-bindings, take two (PLEASE REVIEW)
X-BeenThere: channel-binding@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of channel binding IANA registry requests and specifications <channel-binding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/channel-binding>
List-Post: <mailto:channel-binding@ietf.org>
List-Help: <mailto:channel-binding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2010 20:56:00 -0000

Larry Zhu <larry.zhu@microsoft.com> writes:

> I briefly chatted with Sam who was in the tls-unique design/discussion meeting last Sunday. It turns out that the community as represented by key stake holders in that meeting believed that:
>
> 1) TLS renegotiation is driven by TLS apps.

I recall that both OpenSSL and NSS drive TLS renegotiation internally
(i.e., TLS apps are not required to do the handshake).  For GnuTLS, it
is the apps that drives TLS renegotiation.  Can someone confirm/deny my
recollection?  As far as I recall, the reason the TLS renegotiation
issue was problematic for OpenSSL/NSS (and not for GnuTLS) was that the
former libraries drives renegotiation internally in the library.

/Simon