Re: [TLS] Summarizing identity change discussion so far

<Pasi.Eronen@nokia.com> Tue, 08 December 2009 20:07 UTC

Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4F8B53A65A6 for <tls@core3.amsl.com>; Tue, 8 Dec 2009 12:07:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.546
X-Spam-Level:
X-Spam-Status: No, score=-6.546 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LaJRQGCox-67 for <tls@core3.amsl.com>; Tue, 8 Dec 2009 12:07:09 -0800 (PST)
Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233]) by core3.amsl.com (Postfix) with ESMTP id 11F5C3A6403 for <tls@ietf.org>; Tue, 8 Dec 2009 12:07:08 -0800 (PST)
Received: from vaebh106.NOE.Nokia.com (vaebh106.europe.nokia.com [10.160.244.32]) by mgw-mx06.nokia.com (Switch-3.3.3/Switch-3.3.3) with ESMTP id nB8K0MLI029427; Tue, 8 Dec 2009 22:00:35 +0200
Received: from vaebh104.NOE.Nokia.com ([10.160.244.30]) by vaebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 8 Dec 2009 22:00:27 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.7]) by vaebh104.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Tue, 8 Dec 2009 22:00:22 +0200
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-03.mgdnok.nokia.com ([65.54.30.7]) with mapi; Tue, 8 Dec 2009 21:00:22 +0100
From: Pasi.Eronen@nokia.com
To: marsh@extendedsubset.com, tls@ietf.org
Date: Tue, 08 Dec 2009 21:00:20 +0100
Thread-Topic: [TLS] Summarizing identity change discussion so far
Thread-Index: Acp4G3oN0NWhjB1DREe6/un+HKvWtgAI59Yg
Message-ID: <808FD6E27AD4884E94820BC333B2DB774F31D23932@NOK-EUMSG-01.mgdnok.nokia.com>
References: <808FD6E27AD4884E94820BC333B2DB774F31A4FD08@NOK-EUMSG-01.mgdnok.nokia.com> <4B1E7124.1040301@extendedsubset.com>
In-Reply-To: <4B1E7124.1040301@extendedsubset.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 08 Dec 2009 20:00:22.0681 (UTC) FILETIME=[1360F890:01CA7841]
X-Nokia-AV: Clean
Subject: Re: [TLS] Summarizing identity change discussion so far
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2009 20:07:10 -0000

Marsh Ray wrote:

> Are there other actual accepted RFCs that provide recommendations for
> libraries? In a quick search, I could only find one or two uses of the
> term in the sense we use it here. Most were something like:

Plenty, starting from the TLS specification itself (RFC 5246).
For example:

   "These cipher suites MUST NOT be used by TLS 1.2 implementations
   unless the application layer has specifically requested to allow
   anonymous key exchange."

(It's basically saying the TLS library MUST NOT enable this feature by
default, unless the application explicitly asks for it via an API.)

But I agree that the word "library" is very rarely used; it's much
more common to talk about "implementation" or something like that. 

Best regards,
Pasi