IETF Logo Mail Archive

Re: [CHANNEL-BINDING] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard)

Larry Zhu <larry.zhu@microsoft.com> Wed, 28 October 2009 10:17 UTC

Return-Path: <larry.zhu@microsoft.com>
X-Original-To: channel-binding@core3.amsl.com
Delivered-To: channel-binding@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E97B83A679C; Wed, 28 Oct 2009 03:17:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2IKN+Ft8fX88; Wed, 28 Oct 2009 03:17:49 -0700 (PDT)
Received: from smtp.microsoft.com (mail2.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 1A5003A67D8; Wed, 28 Oct 2009 03:17:49 -0700 (PDT)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Wed, 28 Oct 2009 03:18:03 -0700
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) with Microsoft SMTP Server id 14.0.639.20; Wed, 28 Oct 2009 03:18:03 -0700
Received: from TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com ([169.254.3.181]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Wed, 28 Oct 2009 03:18:04 -0700
From: Larry Zhu <larry.zhu@microsoft.com>
To: "channel-binding@ietf.org" <channel-binding@ietf.org>, "tls@ietf.org" <tls@ietf.org>, "sasl@ietf.org" <sasl@ietf.org>
Thread-Topic: lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard)
Thread-Index: AQHKV7fuvme20kL+T0ihZxz3sI4KRA==
Date: Wed, 28 Oct 2009 10:18:04 +0000
Message-ID: <D3DC9D45B39CFC4CB312B2DD279B354C29BAE0E5@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com>
References: <20091005162704.8C1B43A6873@core3.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Wed, 28 Oct 2009 09:17:14 -0700
Subject: Re: [CHANNEL-BINDING] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard)
X-BeenThere: channel-binding@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of channel binding IANA registry requests and specifications <channel-binding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/channel-binding>
List-Post: <mailto:channel-binding@ietf.org>
List-Help: <mailto:channel-binding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2009 10:17:50 -0000

There is a design issue in tls-unique. For vendors who implement TLS in a separate library, the TLS library does not by itself control the transport therefore it would not know if there is a new connection, so that the current specification is not implementable for these vendors.

It would be much easier to say the following instead:

The client's TLS Finished message from the first handshake of the session (note: TLS session, not connection, so that the channel binding is specific to each TLS session regardless of whether session resumption is used).

And the updated text does reflect what has been deployed for tls-unique.  

I would like to raise a red flag now. Needless to say that I will start a discussion with the responsible AD and the rest of the editors of this ID to fix this issue, and do so based on consensus. 

Pasi, please consider this issue blocking for now.

Thanks,

--Larry

-----Original Message-----
From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of The IESG
Sent: Monday, October 05, 2009 9:27 AM
To: IETF-Announce
Cc: channel-binding@ietf.org; tls@ietf.org; sasl@ietf.org
Subject: [TLS] Last Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard

The IESG has received a request from an individual submitter to consider 
the following document:

- 'Channel Bindings for TLS '
   <draft-altman-tls-channel-bindings-07.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send substantive comments to the
ietf@ietf.org mailing lists by 2009-11-02. Exceptionally, 
comments may be sent to iesg@ietf.org instead. In either case, please 
retain the beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://www.ietf.org/internet-drafts/draft-altman-tls-channel-bindings-07.txt


IESG discussion can be tracked via
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=15087&rfc_flag=0

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email