[TLS] draft-ietf-tls-renegotiation-01.txt and DTLS
Michael Tüxen <Michael.Tuexen@lurchi.franken.de> Mon, 30 November 2009 17:38 UTC
Return-Path: <Michael.Tuexen@lurchi.franken.de>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5DA8028C11F for <tls@core3.amsl.com>; Mon, 30 Nov 2009 09:38:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.3
X-Spam-Level:
X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sQ-aOqBBXKRk for <tls@core3.amsl.com>; Mon, 30 Nov 2009 09:38:50 -0800 (PST)
Received: from mail-n.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) by core3.amsl.com (Postfix) with ESMTP id 4E6493A6959 for <tls@ietf.org>; Mon, 30 Nov 2009 09:38:50 -0800 (PST)
Received: from [IPv6:2002:508f:ce17::224:36ff:feef:67d1] (unknown [IPv6:2002:508f:ce17:0:224:36ff:feef:67d1]) by mail-n.franken.de (Postfix) with ESMTP id DFCB41C0B404A for <tls@ietf.org>; Mon, 30 Nov 2009 18:38:41 +0100 (CET)
From: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: Mon, 30 Nov 2009 18:38:41 +0100
Message-Id: <61840634-EA19-470F-A77A-2494F493DE85@lurchi.franken.de>
To: tls@ietf.org
Mime-Version: 1.0 (Apple Message framework v1077)
X-Mailer: Apple Mail (2.1077)
Subject: [TLS] draft-ietf-tls-renegotiation-01.txt and DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2009 17:38:51 -0000
Dear all, I would like to get the relation of the RI Extension and DTLS clarified. If I'm not wrong, then the attack which works against TLS does not work against DTLS, since DTLS has an epoch counter. If a client tries to establish a DTLS connection and a MITM intercepts it, establishes itself a DTLS connection, the epoch is 1. There will be a final mismatch in the epoch and the packets will be discarded. When using the RI extension one could enforce the sending of the alert message. But the original attack is not possible, I think. Is my analysis correct or am I overlooking something? If I'm right, is the alert worth using the RI also for DTLS? Can we add a statement to draft-ietf-tls-renegotiation-01.txt clearly stating that the RI MUST also be used for DTLS or MUST NOT be used. Best regards Michael
- [TLS] draft-ietf-tls-renegotiation-01.txt and DTLS Michael Tüxen
- Re: [TLS] draft-ietf-tls-renegotiation-01.txt and… Marsh Ray
- Re: [TLS] draft-ietf-tls-renegotiation-01.txt and… Michael Tüxen
- Re: [TLS] draft-ietf-tls-renegotiation-01.txt and… Eric Rescorla
- Re: [TLS] draft-ietf-tls-renegotiation-01.txt and… Eric Rescorla
- Re: [TLS] draft-ietf-tls-renegotiation-01.txt and… Kyle Hamilton
- Re: [TLS] draft-ietf-tls-renegotiation-01.txt and… Michael Tüxen
- Re: [TLS] draft-ietf-tls-renegotiation-01.txt and… Tolga Acar
- Re: [TLS] draft-ietf-tls-renegotiation-01.txt and… Marsh Ray
- Re: [TLS] draft-ietf-tls-renegotiation-01.txt and… Eric Rescorla
- Re: [TLS] draft-ietf-tls-renegotiation-01.txt and… David-Sarah Hopwood