[TLS] TLS Cached Information Extension - version 11
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 26 December 2011 09:47 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C363321F84D2 for <tls@ietfa.amsl.com>; Mon, 26 Dec 2011 01:47:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a-tQeDrIZClZ for <tls@ietfa.amsl.com>; Mon, 26 Dec 2011 01:47:01 -0800 (PST)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 9BA2E21F8AEA for <tls@ietf.org>; Mon, 26 Dec 2011 01:47:00 -0800 (PST)
Received: (qmail invoked by alias); 26 Dec 2011 09:46:59 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.107]) [88.115.216.191] by mail.gmx.net (mp008) with SMTP; 26 Dec 2011 10:46:59 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX182B/tKzi02z3XqxPdTkHotsihJYvYNn3JHTUwi86 TCfPRj8eQINmQB
Message-ID: <4EF84292.50201@gmx.net>
Date: Mon, 26 Dec 2011 11:46:58 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Subject: [TLS] TLS Cached Information Extension - version 11
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Dec 2011 09:47:02 -0000
Hi all, Nikos provided review comments (see http://www.ietf.org/mail-archive/web/tls/current/msg08338.html) and I have incorporated them in version 11 of the draft: http://www.ietf.org/internet-drafts/draft-ietf-tls-cached-info-11.txt As you can see, there are a number of smaller changes here and there. I hope that readability has improved. There is an open issue: algorithm negotiation Currently, the draft defines a registry for hash algorithms that are used to produce the hashes of cached information. The client can tell the server that it has already cached, for example, the certificate chain. The server then has to only send the fingerprint of it (rather than the complete certificate chain). The other information (besides certificate chains) that can be "fingerprinted" is the list of trusted CAs. Does this cover all use cases? A few algorithms are defined, namely SHA-1, SHA-224, SHA-256, SHA-384, SHA-512. Is this a good list to start with? The draft does not define a way for the client to tell the server that it only supports a certain hash algorithm. Should we allow the client to indicate what algorithm it supports? Ciao Hannes
- [TLS] TLS Cached Information Extension - version … Hannes Tschofenig
- Re: [TLS] TLS Cached Information Extension - vers… Rob Stradling
- Re: [TLS] TLS Cached Information Extension - vers… Sean Turner
- Re: [TLS] TLS Cached Information Extension - vers… Hannes Tschofenig
- [TLS] cached-info and multiple-ocsp Rob Stradling
- Re: [TLS] cached-info and multiple-ocsp Joseph Salowey (jsalowey)
- Re: [TLS] cached-info and multiple-ocsp Hannes Tschofenig
- Re: [TLS] cached-info and multiple-ocsp Rob Stradling