[TLS] FWD: First TLS cached information draft posted
Sean Shen <sshen@huawei.com> Tue, 09 June 2009 00:58 UTC
Return-Path: <sshen@huawei.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1F47728C17D for <tls@core3.amsl.com>; Mon, 8 Jun 2009 17:58:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.107
X-Spam-Level: ***
X-Spam-Status: No, score=3.107 tagged_above=-999 required=5 tests=[AWL=1.151, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cVd3TEXHViZb for <tls@core3.amsl.com>; Mon, 8 Jun 2009 17:58:14 -0700 (PDT)
Received: from szxga01-in.huawei.com (unknown [119.145.14.64]) by core3.amsl.com (Postfix) with ESMTP id E04F33A6C15 for <TLS@ietf.org>; Mon, 8 Jun 2009 17:58:13 -0700 (PDT)
Received: from huawei.com (szxga01-in [172.24.2.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KKY002OG5CWXD@szxga01-in.huawei.com> for TLS@ietf.org; Tue, 09 Jun 2009 08:58:09 +0800 (CST)
Received: from huawei.com ([172.24.1.24]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KKY00JZO5CWJX@szxga01-in.huawei.com> for TLS@ietf.org; Tue, 09 Jun 2009 08:58:08 +0800 (CST)
Received: from s00102542 ([10.111.12.128]) by szxml04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KKY00AB85CWLP@szxml04-in.huawei.com> for TLS@ietf.org; Tue, 09 Jun 2009 08:58:08 +0800 (CST)
Date: Tue, 09 Jun 2009 08:58:13 +0800
From: Sean Shen <sshen@huawei.com>
To: TLS@ietf.org
Message-id: <001201c9e89d$5db40c40$800c6f0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
X-Mailer: Microsoft Office Outlook 11
Content-type: multipart/alternative; boundary="Boundary_(ID_9QrrR5XriHIXUsuNxNghFA)"
Thread-index: AcnlO6PBlXmAY4WdFEeoge4+B0iYEgCsiy/QACvXePA=
Subject: [TLS] FWD: First TLS cached information draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2009 00:58:15 -0000
It looks this message was not sent out successfully, have to try it again.
_____
发件人: Sean Shen [mailto:sshen@huawei.com]
发送时间: 2009年6月8日 12:08
收件人: 'Stefan Santesson'; 'TLS wg'
主题: 答复: [TLS] First TLS cached information draft posted
Hi, Stefan,
I support the idea and like the benefit of not transporting Certs.
The drafts looks good and clear to me, except that I get some questions
regarding the following part in section 4:
Servers that receive an extended client hello containing a
"cached_information" extension, MAY indicate that they support one or
more of the cached information objects by including an extension of
type "cached_information" in the (extended) server hello, which SHALL
contain at least one CachedObject received from the client. The
CachedObject's returned by the server MUST include the types the
server supports and has accepted to replace with a hash of the cached
data.
It gives me impression that server's reply can include items that is beyond
cached items which
clients provide. Is it possible (or leagal) for clients to use those items
which he did not
mentioned but were indicated usable by server?
For example clients provides items {A, B}, server replied {B, C}.
B has been confirmed by both sides, C is confirmed only by Server. If B and
C are both acceptable,
but the two negotiation base are not quite same, will there be a problem ?
Not quite sure it would
cause trouble or not though, but wondering whether it will.
For example, since hello message are not crypto protected yet, is it
possible for a man-in-middle to
let clients accept expired certs or fake CAs?
Sean
_____
发件人: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] 代表 Stefan
Santesson
发送时间: 2009年6月5日 1:41
收件人: TLS wg
主题: [TLS] First TLS cached information draft posted
I have finally incorporated the agreed changes to what previously was called
the cached certs extension, now changed to the cached information extension,
and submitted the first (00) TLS draft.
The draft is available from the following staging URL until it’s made
available as a TLS draft.
http://www.ietf.org/proceedings/staging/draft-ietf-tls-cached-info-00.txt
I hope I didn’t miss any agreed changes.
/Stefan