[TLS] Antwort: Re: Verifying X.509 Certificate Chains out of order

Axel.Heider@gi-de.com Wed, 08 October 2008 15:53 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 332BE3A6BE5; Wed, 8 Oct 2008 08:53:31 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 07EDD3A6BD0 for <tls@core3.amsl.com>; Wed, 8 Oct 2008 08:53:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BmJJ1hx6j0Eo for <tls@core3.amsl.com>; Wed, 8 Oct 2008 08:53:28 -0700 (PDT)
Received: from mail.gi-de.com (mail.gi-de.com [193.108.184.25]) by core3.amsl.com (Postfix) with ESMTP id 1BA923A6780 for <tls@ietf.org>; Wed, 8 Oct 2008 08:53:27 -0700 (PDT)
Received: from notessmtp1.domino.intern [10.4.4.49] by mail.gi-de.com id S7QMTLZW outgoing id S7QMTLZW; 08 Oct 2008 15:13:14 +0200
In-Reply-To: <E1KnBcw-0000hC-1u@wintermute01.cs.auckland.ac.nz>
To: tls@ietf.org
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 7.0.3 HF655 May 16, 2008
Message-ID: <OF6700843C.8A4DF52B-ONC12574DC.0046FC87-C12574DC.00489F16@gi-de.com>
From: Axel.Heider@gi-de.com
Date: Wed, 8 Oct 2008 15:13:12 +0200
X-MIMETrack: Serialize by Router on NOTESSMTP1/SRV/GuD at 08.10.2008 15:13:13, Serialize complete at 08.10.2008 15:13:13
Subject: [TLS] Antwort: Re: Verifying X.509 Certificate Chains out of order
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

Peter,

> Again, how can you create an implementation that can run the entire SSL
> protocol but can't manage a few 32-bit pointers across three or four 
certs?
> This seems like a total red herring, it's difficult to think of an
> implementation that can perform the necessary cert verification but 
somehow
> can't manage an extra pointer swap.

It's not the pointers, but the certificates that need to be stored 
temporary, too. If you sum all this little things that could be 
allowed at the cost of just some more memory, using TLS for low end 
devices becomes harder and harder - and less interesting despite it
beeing a well known standard that people really trust in.


regards,
Axel Heider
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls