Re: [TLS] Proposed text for removing renegotiation

"Kemp, David P." <> Wed, 11 June 2014 16:08 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id F1A801A01E7 for <>; Wed, 11 Jun 2014 09:08:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.851
X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rfMR9l5bOX7d for <>; Wed, 11 Jun 2014 09:08:02 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 862ED1A01A5 for <>; Wed, 11 Jun 2014 09:08:02 -0700 (PDT)
Received: from ( []) by with ESMTP id s5BG81PZ043738 for <>; Wed, 11 Jun 2014 12:08:01 -0400 (EDT)
Received: from ([fe80::60c7:cec6:b35c:deed]) by ([fe80::a8ee:8532:895b:b420%14]) with mapi id 14.03.0181.006; Wed, 11 Jun 2014 12:08:01 -0400
From: "Kemp, David P." <>
To: "" <>
Thread-Topic: [TLS] Proposed text for removing renegotiation
Thread-Index: AQHPhVGEfA6PTH75QESiVYAkFY18F5tsDc0A///9z+A=
Date: Wed, 11 Jun 2014 16:08:00 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] Proposed text for removing renegotiation
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 11 Jun 2014 16:08:10 -0000

A decision on the proper place to do access control has nothing to do with the skill of implementers.

If a web server (or any service provider) doesn't know how to grant access to resources based on authenticated user identity, user attributes, resource attributes and access policy, then a perfect bug-free network stack is not going to help them.

If a "certificate changes", then either the application should have requested renegotiation synchronously or it should have asynchronously established conditions for when the stack renegotiates and registered to be notified when it happens.  The proper response to renegotiation is identical to the proper response to negotiating the first time.

"We know more than the application layer people" - pure hubris.  TLS/IPSEC practitioners should definitely know more about cryptography, which application developers should be able to largely ignore as a black box.  But access control to application resources is inherently an application function for which TLS library coding expertise is no substitute.

-----Original Message-----
From: TLS [] On Behalf Of Watson Ladd
Sent: Wednesday, June 11, 2014 7:46 AM
To: Nikos Mavrogiannopoulos
Subject: Re: [TLS] Proposed text for removing renegotiation

On Wed, Jun 11, 2014 at 5:45 AM, Nikos Mavrogiannopoulos <> wrote:
> On Tue, 2014-06-10 at 14:04 -0300, Watson Ladd wrote:
>> Quick: what is the proper response when the Certificate changes 
>> between a negotiation and a renegotiation?
> That is on the application protocol to decide.

Always the wrong answer: we know more then the application layer people do about security, just as the networking people know more than we do about sending packets through the network.