Re: [http-state] draft-salgueiro-secure-state-management

"Yngve Nysaeter Pettersen" <yngve@opera.com> Thu, 01 July 2010 16:54 UTC

Return-Path: <yngve@opera.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE1CA3A6781 for <http-state@core3.amsl.com>; Thu, 1 Jul 2010 09:54:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.392
X-Spam-Level:
X-Spam-Status: No, score=-7.392 tagged_above=-999 required=5 tests=[AWL=-3.207, BAYES_40=-0.185, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DeRrm7iZrJje for <http-state@core3.amsl.com>; Thu, 1 Jul 2010 09:54:08 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id 640943A6824 for <http-state@ietf.org>; Thu, 1 Jul 2010 09:54:08 -0700 (PDT)
Received: from killashandra.oslo.osa (pat-tdc.opera.com [213.236.208.22]) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o61Gs80s023035 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 1 Jul 2010 16:54:09 GMT
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: "'Gonzalo Salgueiro'" <gsalguei@cisco.com>, http-state@ietf.org, "Paul E. Jones" <paulej@packetizer.com>
References: <E022D1C0-F0DF-4BF3-B309-317B38314788@cisco.com> <op.u9floursqrq7tp@acorna> <008401cac1b9$a7f767c0$f7e63740$@com> <op.u9gbuuzqqrq7tp@acorna> <005001cae689$ce603500$6b209f00$@com>
Date: Thu, 01 Jul 2010 18:54:35 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: "Yngve Nysaeter Pettersen" <yngve@opera.com>
Organization: Opera Software
Message-ID: <op.ve6bw9z3vqd7e2@killashandra.oslo.osa>
In-Reply-To: <005001cae689$ce603500$6b209f00$@com>
User-Agent: Opera Mail/10.54 (Win32)
Subject: Re: [http-state] draft-salgueiro-secure-state-management
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: yngve@opera.com
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2010 16:54:09 -0000

Hi,

As I indicated earlier, I would strongly suggest that you replace the  
current key agreement with the method described in RFC 5705 ("Keying  
Material Exporters for Transport Layer Security") which uses an already  
established TLS connection and master secret to agree on the encryption  
key, removing the overhead caused by establishing an independent key  
agreement protocol, and also makes the key agreement independent of any  
specific algorithm, instead relying on the TLS protocol's security.

http://datatracker.ietf.org/doc/rfc5705/


On Wed, 28 Apr 2010 06:18:07 +0200, Paul E. Jones <paulej@packetizer.com>  
wrote:

> Yngve, et al.,
>
> We took everybody's comments into consideration and revised the draft to  
> add
> a means of exchanging the encryption key used to encrypt the secure HTTP
> state management information using TLS.  So, the draft now provides a web
> server with both the option to use HTTP (and Diffie Hellman) to  
> establish a
> secret key, or use TLS to exchange the key.
>
> We look forward to your comments on draft -03:
> http://tools.ietf.org/html/draft-salgueiro-secure-state-management
>
> Paul


-- 
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer		     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 23 69 32 60              Fax:    +47 23 69 24 01
********************************************************************