[TLS] Re: [MMUSIC] Re: comedia-tls: proposed change for certificate identities
Eric Rescorla <ekr@networkresonance.com> Sat, 25 February 2006 22:53 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FD8Hd-0007yb-Dx; Sat, 25 Feb 2006 17:53:01 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FD8Hc-0007yD-6i; Sat, 25 Feb 2006 17:53:00 -0500
Received: from laser.networkresonance.com ([198.144.196.2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FD8Ha-0007hh-Pe; Sat, 25 Feb 2006 17:53:00 -0500
Received: from networkresonance.com (raman.networkresonance.com [198.144.196.3]) by laser.networkresonance.com (Postfix) with ESMTP id 4D34C222457; Sat, 25 Feb 2006 14:22:52 -0800 (PST)
To: Colin Perkins <csp@csperkins.org>
In-reply-to: Your message of "Fri, 24 Feb 2006 15:53:24 GMT." <DD146132-AB2C-45DA-B735-1010C568B113@csperkins.org>
X-Mailer: MH-E 7.4.3; nmh 1.0.4; XEmacs 21.4 (patch 18)
Date: Sat, 25 Feb 2006 14:21:28 -0800
From: Eric Rescorla <ekr@networkresonance.com>
Message-Id: <20060225222252.4D34C222457@laser.networkresonance.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Cc: IETF MMUSIC working group <mmusic@ietf.org>, Jon Peterson <jon.peterson@neustar.biz>, Jonathan Lennox <lennox@cs.columbia.edu>, tls@ietf.org, Sam Hartman <hartmans-ietf@mit.edu>
Subject: [TLS] Re: [MMUSIC] Re: comedia-tls: proposed change for certificate identities
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Colin Perkins <csp@csperkins.org> wrote: > On 30 Jan 2006, at 13:22, Jonathan Lennox wrote: > > On Sunday, January 29 2006, "Sam Hartman" wrote: > >> What about hop-by-hop authenticated with each hop integrity > >> protected. > >> IMHO in many environments, this presents acceptable man-in-the-middle > >> risk. I think that it may present significantly easier to deal with > >> usability issues so I think it should at least be allowed if not > >> encouraged. > > > > This will certainly be the most common way of securing SDP, I think > > -- this > > describes how sips, i.e. sip over hop-by-hop TLS, works. You're > > vulnerable > > to a broken or subverted sip proxy server, but otherwise you're safe. > > > > If there's consensus that it's acceptable to allow this mode, I can > > add > > language allowing it. However, I think this is a big enough change > > I'd like > > to hear positive consensus for it; this should get something more > > than just > > consent-by-silence from the working group. > > There was a comment from Hadriel Kaplan supporting this change, but > this is a big enough issue that I'd like more feedback before we go > forward. Any comments from other members of the working group (or > from the security ADs)? This seems like the right approach to me. -Ekr _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Re: comedia-tls: proposed change for certif… Sam Hartman
- [TLS] Re: comedia-tls: proposed change for certif… Sam Hartman
- [TLS] Re: [MMUSIC] Re: comedia-tls: proposed chan… Sam Hartman
- [TLS] Re: [MMUSIC] Re: comedia-tls: proposed chan… Eric Rescorla