Re: [TLS] [POSSIBLE SPAM] Re: Asking the browser for a different certificate
"Kemp, David P." <DPKemp@missi.ncsc.mil> Tue, 30 March 2010 14:24 UTC
Return-Path: <DPKemp@missi.ncsc.mil>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BBEB43A6A6E for <tls@core3.amsl.com>; Tue, 30 Mar 2010 07:24:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.542
X-Spam-Level:
X-Spam-Status: No, score=-3.542 tagged_above=-999 required=5 tests=[AWL=-0.673, BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-VOUXdnI-mr for <tls@core3.amsl.com>; Tue, 30 Mar 2010 07:24:18 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by core3.amsl.com (Postfix) with ESMTP id 78CB33A68C7 for <tls@ietf.org>; Tue, 30 Mar 2010 07:24:17 -0700 (PDT)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Tue, 30 Mar 2010 10:24:44 -0400
Message-ID: <201003301424.o2UEOiJv013761@stingray.missi.ncsc.mil>
In-Reply-To: <4BB15250.6080306@extendedsubset.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [POSSIBLE SPAM] Re: [TLS] Asking the browser for a different certificate
thread-index: AcrPp43S8i48fH28StapEVowqg3EnwAZec5g
References: <4BAE396B.9090104@extendedsubset.com> <201003291745.o2THjKgr017986@fs4113.wdf.sap.corp> <6b9359641003291236t4e7bd0c6ycc5c5a435f38f3cf@mail.gmail.com> <4BB1077D.4030506@pobox.com><6b9359641003291622y4310e1f2p18301fde231701c8@mail.gmail.com> <4BB15250.6080306@extendedsubset.com>
From: "Kemp, David P." <DPKemp@missi.ncsc.mil>
To: TLS Mailing List <tls@ietf.org>
X-OriginalArrivalTime: 30 Mar 2010 14:25:43.0703 (UTC) FILETIME=[E1A41270:01CAD014]
Subject: Re: [TLS] [POSSIBLE SPAM] Re: Asking the browser for a different certificate
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2010 14:24:23 -0000
What is this, a little geek humor? Jerry Seinfeld doing TLS standup? It gave me a good chuckle anyway. If there exists an atomic mutual authentication protocol (nothing about either party is revealed to the other until both become aware of the other's authenticated identity), then it hasn't been written up as a TLS ciphersuite. Until that magic happens, ADH is a pretty standard way of reducing ID exposure from an infinite number of attackers down to 1 active party and 0 passive parties. That's a fairly significant reduction. Dave -----Original Message----- From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Marsh Ray >> Kyle Hamilton wrote: > There's no way to know if you've negotiated ADH with an attacker -- > but you've only got one attacker, Mallory. You can't know that, either. If there were some way to know this (say IP hop count), you could simply get a trusted party to "attack" you and thus gain immunity from other attacks.
- Re: [TLS] Asking the browser for a different cert… Story Henry
- [TLS] Asking the browser for a different certific… Story Henry
- Re: [TLS] Asking the browser for a different cert… Martin Rex
- Re: [TLS] Asking the browser for a different cert… Martin Rex
- Re: [TLS] Asking the browser for a different cert… Wan-Teh Chang
- Re: [TLS] Asking the browser for a different cert… Martin Rex
- Re: [TLS] Asking the browser for a different cert… Marsh Ray
- Re: [TLS] Asking the browser for a different cert… Martin Rex
- Re: [TLS] Asking the browser for a different cert… Marsh Ray
- Re: [TLS] Asking the browser for a different cert… Kyle Hamilton
- Re: [TLS] Asking the browser for a different cert… Michael D'Errico
- Re: [TLS] Asking the browser for a different cert… Marsh Ray
- Re: [TLS] Asking the browser for a different cert… Martin Rex
- Re: [TLS] Asking the browser for a different cert… Dale Gustafson
- Re: [TLS] Asking the browser for a different cert… Kyle Hamilton
- Re: [TLS] Asking the browser for a different cert… Bruno Harbulot
- Re: [TLS] Asking the browser for a different cert… Marsh Ray
- Re: [TLS] [POSSIBLE SPAM] Re: Asking the browser … Kemp, David P.
- Re: [TLS] [POSSIBLE SPAM] Re: Asking the browser … Marsh Ray
- Re: [TLS] [POSSIBLE SPAM] Re: Asking the browser … Kemp, David P.
- Re: [TLS] [POSSIBLE SPAM] Re: Asking the browser … Marsh Ray