[CHANNEL-BINDING] registration for channel binding unique prefix "tls-unique"
Larry Zhu <lzhu@windows.microsoft.com> Wed, 11 June 2008 15:11 UTC
Return-Path: <channel-binding-bounces@ietf.org>
X-Original-To: channel-binding-archive@optimus.ietf.org
Delivered-To: ietfarch-channel-binding-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC3E33A699A; Wed, 11 Jun 2008 08:11:31 -0700 (PDT)
X-Original-To: channel-binding@core3.amsl.com
Delivered-To: channel-binding@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B19203A6A56 for <channel-binding@core3.amsl.com>; Tue, 10 Jun 2008 13:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00Z3PuDi8ofS for <channel-binding@core3.amsl.com>; Tue, 10 Jun 2008 13:41:11 -0700 (PDT)
Received: from smtp.microsoft.com (smtp.microsoft.com [131.107.115.214]) by core3.amsl.com (Postfix) with ESMTP id 59BA33A6943 for <channel-binding@ietf.org>; Tue, 10 Jun 2008 13:41:11 -0700 (PDT)
Received: from tk1-exhub-c101.redmond.corp.microsoft.com (157.54.46.185) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.1.251.2; Tue, 10 Jun 2008 13:41:34 -0700
Received: from tk5-exmlt-w602.wingroup.windeploy.ntdev.microsoft.com (157.54.18.33) by tk1-exhub-c101.redmond.corp.microsoft.com (157.54.46.185) with Microsoft SMTP Server id 8.1.240.5; Tue, 10 Jun 2008 13:41:34 -0700
Received: from NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com ([fe80::8de9:51a2:cd62:f122]) by tk5-exmlt-w602.wingroup.windeploy.ntdev.microsoft.com ([157.54.18.33]) with mapi; Tue, 10 Jun 2008 13:41:33 -0700
From: Larry Zhu <lzhu@windows.microsoft.com>
To: "channel-binding@ietf.org" <channel-binding@ietf.org>
Date: Tue, 10 Jun 2008 13:41:32 -0700
Thread-Topic: registration for channel binding unique prefix "tls-unique"
Thread-Index: AcjLOl2tKQQcwQ5iTrqreWGZZZ5Hkw==
Message-ID: <AB1E5627D2489D45BD01B84BD5B900460618301EEC@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
MIME-Version: 1.0
X-Mailman-Approved-At: Wed, 11 Jun 2008 08:11:30 -0700
Cc: "iana@iana.org" <iana@iana.org>, "Nicolas.Williams@sun.com" <Nicolas.Williams@sun.com>
Subject: [CHANNEL-BINDING] registration for channel binding unique prefix "tls-unique"
X-BeenThere: channel-binding@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of channel binding IANA registry requests and specifications <channel-binding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/channel-binding>
List-Post: <mailto:channel-binding@ietf.org>
List-Help: <mailto:channel-binding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: channel-binding-bounces@ietf.org
Errors-To: channel-binding-bounces@ietf.org
Subject: Registration of TLS unique channel binding (generic)
Channel binding unique prefix: tls-unique
Channel binding type: unique
Channel type: TLS
Published specification: none
Channel binding is secret: no
Description: The client's TLS Finished messages from the first handshake
of the connection (note: connection, not session, so that the
channel binding is specific to each connection regardless of
whether session resumption is used).
Intended usage: COMMON
Person and email address to contact for further information:
Larry Zhu(lzhu@microsoft.com)
Owner/Change controller name and email address:
Larry Zhu(lzhu@microsoft.com)
Expert reviewer name and contact information: Nicolas Williams
(Nicolas.Williams@sun.com)
Note: This channel binding construction is thought to not require
confidentiality protection. We think this is so because the TLS
PRF() should be resistant to key recovery attacks given that it
is a simple construction based on HMAC and given the fact that
the PRF key used in the Finished message computation is secret.
In any event, the most common deployments of TLS always provide
for session encryption, and when they don't then Finished
messages are sent in clear text. Thus the fact that most
authentication mechanisms that support channel binding do not
send the original channel binding in clear text over the wire is
not even relevant (but if it were then it would be a mitigation
should it turn out that TLS Finished messages require
confidentiality protection).
Note: This registration was initially authored by Nicolas Williams
(Nicolas.Williams@sun.com).
_______________________________________________
CHANNEL-BINDING mailing list
CHANNEL-BINDING@ietf.org
https://www.ietf.org/mailman/listinfo/channel-binding