IETF Logo Mail Archive

Re: [TLS] New cached-info draft 09 posted

"Brian Smith" <brian@briansmith.org> Mon, 12 July 2010 05:39 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 30F143A6A17 for <tls@core3.amsl.com>; Sun, 11 Jul 2010 22:39:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.229
X-Spam-Level:
X-Spam-Status: No, score=-0.229 tagged_above=-999 required=5 tests=[AWL=0.511, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k9tUoJZ5cX8e for <tls@core3.amsl.com>; Sun, 11 Jul 2010 22:39:03 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) by core3.amsl.com (Postfix) with ESMTP id 3E3CC3A694D for <tls@ietf.org>; Sun, 11 Jul 2010 22:39:03 -0700 (PDT)
Received: from T60 (unknown [98.200.197.88]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id A036F509B4; Mon, 12 Jul 2010 01:39:03 -0400 (EDT)
From: Brian Smith <brian@briansmith.org>
To: 'Michael D'Errico' <mike-list@pobox.com>, 'Marsh Ray' <marsh@extendedsubset.com>
References: <C8601653.C649%stefan@aaa-sec.com> <4C3A6CE4.3030601@pobox.com> <4C3A6F2E.9090808@extendedsubset.com> <4C3A77AA.3040008@pobox.com> <4C3A8E19.9050001@extendedsubset.com> <4C3A9882.10907@pobox.com>
In-Reply-To: <4C3A9882.10907@pobox.com>
Date: Mon, 12 Jul 2010 00:39:01 -0500
Message-ID: <00b401cb2184$8afd3200$a0f79600$@briansmith.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFifH0bBHBpMkRBwYQop2owgCgdbAMOVCwVAf2vkeACorUEswIwV4APAvRvly8CIrP4vg==
Content-Language: en-us
Cc: tls@ietf.org
Subject: Re: [TLS] New cached-info draft 09 posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2010 05:39:10 -0000

Michael D'Errico
> Point taken, but this is only to make cached-info work with TLS 1.0 and
1.1.  If
> you upgrade to TLS 1.2 you get to use a better hash function (SHA-256).

There should be no problem with requiring TLS 1.2 as the minimum version for
this extension, snap start, and false start. In fact, you could even require
even a brand new TLS version for them at this point in time, and things
would work out just fine.

Regards,
Brian

v2.23.0 | Report a Bug | By Email