Re: [TLS] Collisions (Re: Consensus Call: FNV vs SHA1)
Marsh Ray <marsh@extendedsubset.com> Tue, 11 May 2010 19:52 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4CFBC3A6896 for <tls@core3.amsl.com>; Tue, 11 May 2010 12:52:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.716
X-Spam-Level:
X-Spam-Status: No, score=-0.716 tagged_above=-999 required=5 tests=[AWL=0.024, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8o3RQkYk6FeM for <tls@core3.amsl.com>; Tue, 11 May 2010 12:52:26 -0700 (PDT)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id 731393A69CD for <tls@ietf.org>; Tue, 11 May 2010 12:51:37 -0700 (PDT)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1OBvUE-000L4q-Fj; Tue, 11 May 2010 19:51:26 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 2CC49631D; Tue, 11 May 2010 19:51:23 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX184V4PzkcA0EHTI7qK+nevZRz0DjpT4bCE=
Message-ID: <4BE9B53C.9060702@extendedsubset.com>
Date: Tue, 11 May 2010 14:51:24 -0500
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.8) Gecko/20100216 Thunderbird/3.0.2
MIME-Version: 1.0
To: Nicolas Williams <Nicolas.Williams@oracle.com>
References: <AC1CFD94F59A264488DC2BEC3E890DE50A43B479@xmb-sjc-225.amer.cisco.com> <20100510190954.GV9429@oracle.com> <87r5lj4eee.fsf@mocca.josefsson.org> <20100510215652.GA9429@oracle.com> <20100511192350.GS9429@oracle.com>
In-Reply-To: <20100511192350.GS9429@oracle.com>
X-Enigmail-Version: 1.0.1
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Simon Josefsson <simon@josefsson.org>, tls@ietf.org
Subject: Re: [TLS] Collisions (Re: Consensus Call: FNV vs SHA1)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2010 19:52:27 -0000
On 5/11/2010 2:23 PM, Nicolas Williams wrote: > > Some of those devilish details: > > - Clients MUST NOT cache objects from failed handshakes. Bad guy may see the impending failure and delay the client's recognition of it arbitrarily. > - Clients MAY cache objects from succesful handshakes, and only when > the clients authenticate the server (including validation of the > server's cert chain to a TA). It appears that in a large class of client applications, the client TLS stack may not even know how to fully verify the certificate until he returns to the application code. Commonly the TLS stack validates that the server's cert chains to a TA, but the application code queries for and checks the CN after-the-fact. The method for checking CN is protocol-specific. Does the current proposal give more semantic meaning to the exchange of Finished messages than was expected by such an application? > - In particular there MUST NOT be any caching in cases where the server > is authenticated by the use of pre-shared certificates. Sorry if I missed this earlier, what's special about PSK here? > - There must be no chance of caching objects when a user clicks > through one of those "give your money to the bad guys?" dialogs. Haven't seen that one. - Marsh
- Re: [TLS] Wrapping up cached info Blumenthal, Uri - 0668 - MITLL
- [TLS] Consensus Call: FNV vs SHA1 Joseph Salowey (jsalowey)
- Re: [TLS] Consensus Call: FNV vs SHA1 Simon Josefsson
- Re: [TLS] Consensus Call: FNV vs SHA1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Consensus Call: FNV vs SHA1 Adam Langley
- Re: [TLS] Consensus Call: FNV vs SHA1 Marsh Ray
- Re: [TLS] Consensus Call: FNV vs SHA1 Robert Dugal
- Re: [TLS] Consensus Call: FNV vs SHA1 Stefan Santesson
- Re: [TLS] Consensus Call: FNV vs SHA1 Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Stefan Santesson
- Re: [TLS] Consensus Call: FNV vs SHA1 Martin Rex
- Re: [TLS] Consensus Call: FNV vs SHA1 Jeffrey A. Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Paul Hoffman
- [TLS] Collisions (Re: Consensus Call: FNV vs SHA1) Nicolas Williams
- [TLS] Nico's suggestions - Re: Consensus Call: FN… Stefan Santesson
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Blumenthal, Uri - 0668 - MITLL
- [TLS] Collisions (Re: Nico's suggestions - Re: Co… Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Simon Josefsson
- [TLS] Collisions (Re: Consensus Call: FNV vs SHA1) Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Simon Josefsson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Stefan Santesson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Consensus Call: FNV vs SHA1 Hovav Shacham
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Simon Josefsson
- Re: [TLS] Consensus Call: FNV vs SHA1 Yoav Nir
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Martin Rex
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Consensus Call: FNV vs SHA1 Simon Josefsson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Michael D'Errico
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Martin Rex
- Re: [TLS] Consensus Call: FNV vs SHA1 Kemp, David P.
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Consensus Call: FNV vs SHA1 Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Martin Rex
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Kemp, David P.
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Kemp, David P.
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Marsh Ray
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- Re: [TLS] [POSSIBLE SPAM] Re: Collisions (Re: Nic… Kemp, David P.
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] [POSSIBLE SPAM] Re: Collisions (Re: Nic… Marsh Ray
- Re: [TLS] [POSSIBLE SPAM] Re: Collisions (Re: Con… Kemp, David P.
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Stefan Santesson
- Re: [TLS] [POSSIBLE SPAM] Re: Collisions (Re: Con… Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Marsh Ray
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Stefan Santesson
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Simon Josefsson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Brian Smith
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Simon Josefsson
- Re: [TLS] Justification Adam Langley
- Re: [TLS] Justification Brian Smith
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Adam Langley
- Re: [TLS] Justification Marsh Ray
- Re: [TLS] Justification Brian Smith
- Re: [TLS] [POSSIBLE SPAM] Re: Collisions (Re: Con… Kemp, David P.
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Adam Langley
- [TLS] Use HTTP (Re: Justification) Nicolas Williams
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Justification Yoav Nir
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Martin Rex
- Re: [TLS] Justification Marsh Ray
- Re: [TLS] Justification Stefan Santesson
- Re: [TLS] Justification Martin Rex
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Yoav Nir
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- Re: [TLS] Justification Dean Anderson
- [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Simon Josefsson
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Justification Stefan Santesson
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Joseph Salowey (jsalowey)
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Ben Laurie
- Re: [TLS] Wrapping up cached info Yoav Nir
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Ben Laurie
- Re: [TLS] Wrapping up cached info Martin Rex
- [TLS] Possible alternative to current cached info… Michael D'Errico
- Re: [TLS] Wrapping up cached info (and PRF WTF) Kemp, David P.
- Re: [TLS] Wrapping up cached info (and PRF WTF) Martin Rex
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info (and PRF WTF) Nicolas Williams
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Joseph Salowey (jsalowey)
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Michael D'Errico
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Joseph Salowey (jsalowey)
- Re: [TLS] Wrapping up cached info Joseph Salowey (jsalowey)
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Michael D'Errico
- Re: [TLS] Wrapping up cached info Michael D'Errico
- Re: [TLS] Wrapping up cached info Kemp, David P.
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Ben Laurie
- Re: [TLS] Wrapping up cached info Brian Smith
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Martin Rex
- Re: [TLS] Wrapping up cached info Brian Smith
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Brian Smith
- Re: [TLS] Wrapping up cached info Brian Smith
- Re: [TLS] Wrapping up cached info Nicolas Williams