RE: [TLS] Comments on TLS identity protection
Peter Williams <home_pw@msn.com> Wed, 20 December 2006 06:54 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwvLQ-0005VR-HW; Wed, 20 Dec 2006 01:54:28 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwvLP-0005VJ-2w for tls@ietf.org; Wed, 20 Dec 2006 01:54:27 -0500
Received: from bay0-omc1-s40.bay0.hotmail.com ([65.54.246.112]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwvLK-00049l-9b for tls@ietf.org; Wed, 20 Dec 2006 01:54:27 -0500
Received: from BAY103-W6 ([65.54.174.106]) by bay0-omc1-s40.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Tue, 19 Dec 2006 22:54:21 -0800
X-Originating-IP: [69.227.152.254]
X-Originating-Email: [home_pw@msn.com]
Message-ID: <BAY103-W6AD24C4B15A2B5777C8F192CF0@phx.gbl>
From: Peter Williams <home_pw@msn.com>
To: EKR <ekr@networkresonance.com>
Subject: RE: [TLS] Comments on TLS identity protection
Date: Tue, 19 Dec 2006 22:54:21 -0800
MIME-Version: 1.0
X-OriginalArrivalTime: 20 Dec 2006 06:54:21.0592 (UTC) FILETIME=[AD64E180:01C72403]
X-Spam-Score: 2.1 (++)
X-Scan-Signature: 3b3709b7fb3320c78bd7b1555081f0fc
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1497820590=="
Errors-To: tls-bounces@lists.ietf.org
Eric: I hope Im doing ok on CRLFs. I add them manually in my paragraphs, when I remember. As far as I can determine , there is no way for a hotmail.com users to meet the IETF usability rules (wordwrap before 65chars, affixing CRLF each line), I'm happy to be shown how, tho, by power user! I'm keeping msn, tho, as it gives me excellent IETF S/MIME from my EVDO PDA, via a webmail. > > Peter Williams <home_pw@msn.com> writes:> > Id say the nth handshake can select to send "no server cert" whenever its > > cooperating to complete an anonymous-ciphersuite-targeted handshake.> > So, assume there are only two ciphers suite values in the HSM : RSA, RSA-ANON. > > There is no such thing as RSA anon in SSLv3 or TLS. For a long time Ive regarded SSLv3 as http://wp.netscape.com/eng/ssl3/3-SPEC.HTM#8-1 Its an old bookmark! it doesnt even contain a set of ciphersuite declarations. It clearly reinforces what I said tho: server cert presentation is ALWAYS optional architecturally, and ServerKeyExchange is then used, instead. Netcape documents were never particular formal! They were always in a rush. What I learned today is something i NEVER EVER REALIZED :-) was that the ServerKeyExchange.RSA could be ephemeral. While I always knew about the "temporary key" idea (which demands a server cert...), I never equated it with the equivalent "ephemeral DH". If they had meant ephemeral RSA, they would have used the word ... like DH! I reasoned. I was always interested in the no-cert case, in any case, per the first line in the text in 7.6.3. For no cert RSA, obviously they intended the RSA block to be used. How otehrwise could key transport ever work... if you don't signal the public key!!? It seemed so obvious to (a) do a full cert-based handshake (with no privacy) and then do an immediate second (full) handshake, "accelerated", referring back to the full "previously cert chain verified" public key, whose chain was verified properly just moments before, and stored in my client session context. It seemed silly to do all that chain checking work again, on the client. This way, the second handshake would be under the session protection of the first SSL Connection, giving basic privacy to the negotiation of the ciphersuites, etc. for the SSL connection that would then takeover. Why would anyone want an attacker to see the good stuff!? like the ciphersuite selection!!? So... handshake#1 is just a foil to boot handshake#2. This was a variation from 10 years ago of the current argument over client id protection, from Ibrahim and co. If TLS RSA CipherSuite DENY this mode (as I think they do, on simple reading), I will simply locally-define a local-RSA ciphersuite for use on handshake#2, that removes anything in the std RSA that follows from requiring server auth "via certs". I can declare this a profile, and shut up about it, here in standards land. _________________________________________________________________ Fixing up the home? Live Search can help. http://imagine-windowslive.com/search/kits/default.aspx?kit=improve&locale=en-US&source=wlmemailtaglinenov06
_______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection badra
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Kyle Hamilton
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- RE: [TLS] Comments on TLS identity protection Peter Williams
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection Bodo Moeller
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection badra
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection badra
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection Badra
- Re: [TLS] Comments on TLS identity protection Omirjan Batyrbaev
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection Martin Rex
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection home_pw