[TLS] TLS Renegotiation - Any implications to EAP-TLS ?
Zheng Kanghong <zkanghon@hotmail.com> Tue, 10 November 2009 06:51 UTC
Return-Path: <zkanghon@hotmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1010A3A6927 for <tls@core3.amsl.com>; Mon, 9 Nov 2009 22:51:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.002
X-Spam-Level:
X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AJ1DZt3hWuAL for <tls@core3.amsl.com>; Mon, 9 Nov 2009 22:51:53 -0800 (PST)
Received: from snt0-omc3-s9.snt0.hotmail.com (snt0-omc3-s9.snt0.hotmail.com [65.55.90.148]) by core3.amsl.com (Postfix) with ESMTP id 3E8ED3A6824 for <tls@ietf.org>; Mon, 9 Nov 2009 22:51:53 -0800 (PST)
Received: from SNT102-W8 ([65.55.90.137]) by snt0-omc3-s9.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 9 Nov 2009 22:52:20 -0800
Message-ID: <SNT102-W84B51C4FCAB90E3599CA2DFAB0@phx.gbl>
Content-Type: multipart/alternative; boundary="_ff81266f-8b0d-46ee-ba16-f88af7ca2011_"
X-Originating-IP: [58.185.114.117]
From: Zheng Kanghong <zkanghon@hotmail.com>
To: tls@ietf.org
Date: Tue, 10 Nov 2009 14:52:20 +0800
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 10 Nov 2009 06:52:20.0084 (UTC) FILETIME=[59303B40:01CA61D2]
X-Mailman-Approved-At: Tue, 10 Nov 2009 06:41:18 -0800
Subject: [TLS] TLS Renegotiation - Any implications to EAP-TLS ?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 06:52:45 -0000
Hi all, Anyone discussed the implications of the TLS renegotiation vulnerability to EAP-TLS? >From my little understanding, it seems like EAP-TLS is not vulnerable. There is no application layer protocol involved when EAP-TLS is executed [Please correct me if I'm wrong].If client certificate authentication is required (it should), the server will always request for client certificates.After a successful EAP-TLS exchange, the TLS tunnel is not used; only the keying material is exported [Although the tunnel is not used, is it still present and can be used in some way? Or is there no state information stored for the EAP method after a successful EAP exchange?).EAP re-authentication is a new EAP exchange which is independent of the previous exchange. It is not the same as TLS renegotiation which is executed in the previous TLS tunnel. Any comments? Thanks. - kh _________________________________________________________________ New Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop
- [TLS] TLS Renegotiation - Any implications to EAP… Zheng Kanghong
- Re: [TLS] TLS Renegotiation - Any implications to… Yair Elharrar