[TLS] FWD: First TLS cached information draft posted
Sean Shen <sshen@huawei.com> Tue, 09 June 2009 00:58 UTC
Return-Path: <sshen@huawei.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1F47728C17D for <tls@core3.amsl.com>; Mon, 8 Jun 2009 17:58:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.107
X-Spam-Level: ***
X-Spam-Status: No, score=3.107 tagged_above=-999 required=5 tests=[AWL=1.151, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cVd3TEXHViZb for <tls@core3.amsl.com>; Mon, 8 Jun 2009 17:58:14 -0700 (PDT)
Received: from szxga01-in.huawei.com (unknown [119.145.14.64]) by core3.amsl.com (Postfix) with ESMTP id E04F33A6C15 for <TLS@ietf.org>; Mon, 8 Jun 2009 17:58:13 -0700 (PDT)
Received: from huawei.com (szxga01-in [172.24.2.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KKY002OG5CWXD@szxga01-in.huawei.com> for TLS@ietf.org; Tue, 09 Jun 2009 08:58:09 +0800 (CST)
Received: from huawei.com ([172.24.1.24]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KKY00JZO5CWJX@szxga01-in.huawei.com> for TLS@ietf.org; Tue, 09 Jun 2009 08:58:08 +0800 (CST)
Received: from s00102542 ([10.111.12.128]) by szxml04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KKY00AB85CWLP@szxml04-in.huawei.com> for TLS@ietf.org; Tue, 09 Jun 2009 08:58:08 +0800 (CST)
Date: Tue, 09 Jun 2009 08:58:13 +0800
From: Sean Shen <sshen@huawei.com>
To: TLS@ietf.org
Message-id: <001201c9e89d$5db40c40$800c6f0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
X-Mailer: Microsoft Office Outlook 11
Content-type: multipart/alternative; boundary="Boundary_(ID_9QrrR5XriHIXUsuNxNghFA)"
Thread-index: AcnlO6PBlXmAY4WdFEeoge4+B0iYEgCsiy/QACvXePA=
Subject: [TLS] FWD: First TLS cached information draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2009 00:58:15 -0000
It looks this message was not sent out successfully, have to try it again. _____ 发件人: Sean Shen [mailto:sshen@huawei.com] 发送时间: 2009年6月8日 12:08 收件人: 'Stefan Santesson'; 'TLS wg' 主题: 答复: [TLS] First TLS cached information draft posted Hi, Stefan, I support the idea and like the benefit of not transporting Certs. The drafts looks good and clear to me, except that I get some questions regarding the following part in section 4: Servers that receive an extended client hello containing a "cached_information" extension, MAY indicate that they support one or more of the cached information objects by including an extension of type "cached_information" in the (extended) server hello, which SHALL contain at least one CachedObject received from the client. The CachedObject's returned by the server MUST include the types the server supports and has accepted to replace with a hash of the cached data. It gives me impression that server's reply can include items that is beyond cached items which clients provide. Is it possible (or leagal) for clients to use those items which he did not mentioned but were indicated usable by server? For example clients provides items {A, B}, server replied {B, C}. B has been confirmed by both sides, C is confirmed only by Server. If B and C are both acceptable, but the two negotiation base are not quite same, will there be a problem ? Not quite sure it would cause trouble or not though, but wondering whether it will. For example, since hello message are not crypto protected yet, is it possible for a man-in-middle to let clients accept expired certs or fake CAs? Sean _____ 发件人: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] 代表 Stefan Santesson 发送时间: 2009年6月5日 1:41 收件人: TLS wg 主题: [TLS] First TLS cached information draft posted I have finally incorporated the agreed changes to what previously was called the cached certs extension, now changed to the cached information extension, and submitted the first (00) TLS draft. The draft is available from the following staging URL until it’s made available as a TLS draft. http://www.ietf.org/proceedings/staging/draft-ietf-tls-cached-info-00.txt I hope I didn’t miss any agreed changes. /Stefan