Re: [TLS] Proposed text for removing renegotiation

"Salz, Rich" <rsalz@akamai.com> Wed, 28 May 2014 20:05 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A75011A0051 for <tls@ietfa.amsl.com>; Wed, 28 May 2014 13:05:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level:
X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5OSS2148m2Bu for <tls@ietfa.amsl.com>; Wed, 28 May 2014 13:05:50 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id 7A4981A0383 for <tls@ietf.org>; Wed, 28 May 2014 13:05:49 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id B704D1655A8; Wed, 28 May 2014 20:05:45 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id AC25E1655A5; Wed, 28 May 2014 20:05:45 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub4.kendall.corp.akamai.com [172.27.105.20]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id 7D9FB1E03D; Wed, 28 May 2014 20:05:45 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([172.27.107.26]) by USMA1EX-CASHUB4.kendall.corp.akamai.com ([172.27.105.20]) with mapi; Wed, 28 May 2014 16:05:45 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Brian Smith <brian@briansmith.org>, Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 28 May 2014 16:05:44 -0400
Thread-Topic: [TLS] Proposed text for removing renegotiation
Thread-Index: Ac96r16l7yk8kWpGRv2qW7XAq1vidAAAHuww
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C7130E4C141C@USMBX1.msg.corp.akamai.com>
References: <CABkgnnXaLKmxXL01hQEdxHSNGt3nZQQNBLDD5H2LqBzTo3vK4g@mail.gmail.com> <CAFewVt5GCmH8wSdUYLy_Q9RNEtAggzG3_k-9E8ME-nP9jZNX3Q@mail.gmail.com> <CABkgnnW0YAhsbMoN0JSdWWpxt9TsOWpvq3c67cw8_eyt4mprbA@mail.gmail.com> <CAFewVt6p95UidCverJ4aHoaHUW7fUEte70fhsxo-Hz6pup=1RQ@mail.gmail.com>
In-Reply-To: <CAFewVt6p95UidCverJ4aHoaHUW7fUEte70fhsxo-Hz6pup=1RQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_2A0EFB9C05D0164E98F19BB0AF3708C7130E4C141CUSMBX1msgcorp_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/92KNdfieJw0Encz7K8EDjD8v364
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 May 2014 20:05:52 -0000

Ø  The advantage with this is that only the applications that need to deal with this problem are impacted by it.

Strongly disagree.  This requires applications to know way to much about the TLS layer:  what cipher is being used, how SSL is packing things into records, and how often a cipher needs to be “reset” and what that entails.

--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rsalz@jabber.me<mailto:rsalz@jabber.me>; Twitter: RichSalz