[TLS] TLS Cached Information Extension - version 11

Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 26 December 2011 09:47 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C363321F84D2 for <tls@ietfa.amsl.com>; Mon, 26 Dec 2011 01:47:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a-tQeDrIZClZ for <tls@ietfa.amsl.com>; Mon, 26 Dec 2011 01:47:01 -0800 (PST)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 9BA2E21F8AEA for <tls@ietf.org>; Mon, 26 Dec 2011 01:47:00 -0800 (PST)
Received: (qmail invoked by alias); 26 Dec 2011 09:46:59 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.107]) [88.115.216.191] by mail.gmx.net (mp008) with SMTP; 26 Dec 2011 10:46:59 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX182B/tKzi02z3XqxPdTkHotsihJYvYNn3JHTUwi86 TCfPRj8eQINmQB
Message-ID: <4EF84292.50201@gmx.net>
Date: Mon, 26 Dec 2011 11:46:58 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Subject: [TLS] TLS Cached Information Extension - version 11
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Dec 2011 09:47:02 -0000

Hi all,

Nikos provided review comments (see 
http://www.ietf.org/mail-archive/web/tls/current/msg08338.html) and I 
have incorporated them in version 11 of the draft:
http://www.ietf.org/internet-drafts/draft-ietf-tls-cached-info-11.txt

As you can see, there are a number of smaller changes here and there. I 
hope that readability has improved.

There is an open issue: algorithm negotiation

Currently, the draft defines a registry for hash algorithms that are 
used to produce the hashes of cached information. The client can tell 
the server that it has already cached, for example, the certificate 
chain. The server then has to only send the fingerprint of it (rather 
than the complete certificate chain). The other information (besides 
certificate chains) that can be "fingerprinted" is the list of trusted 
CAs. Does this cover all use cases?

A few algorithms are defined, namely SHA-1, SHA-224, SHA-256, SHA-384, 
SHA-512. Is this a good list to start with?

The draft does not define a way for the client to tell the server that 
it only supports a certain hash algorithm. Should we allow the client to 
indicate what algorithm it supports?

Ciao
Hannes