Re: [TLS] Renegotation redux
Juho Vähä-Herttua <juhovh@iki.fi> Mon, 14 April 2014 15:04 UTC
Return-Path: <juhovh@iki.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC98F1A049D for <tls@ietfa.amsl.com>; Mon, 14 Apr 2014 08:04:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id weHqrRp-eoTz for <tls@ietfa.amsl.com>; Mon, 14 Apr 2014 08:04:25 -0700 (PDT)
Received: from gw01.mail.saunalahti.fi (gw01.mail.saunalahti.fi [195.197.172.115]) by ietfa.amsl.com (Postfix) with ESMTP id D3B7B1A0262 for <tls@ietf.org>; Mon, 14 Apr 2014 08:04:24 -0700 (PDT)
Received: from [10.178.100.3] (85-76-79-19-nat.elisa-mobile.fi [85.76.79.19]) by gw01.mail.saunalahti.fi (Postfix) with ESMTP id 1553540017; Mon, 14 Apr 2014 18:04:17 +0300 (EEST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Juho Vähä-Herttua <juhovh@iki.fi>
X-Mailer: iPhone Mail (11D167)
In-Reply-To: <CACsn0c=mLgKor7PLPG0PNMYqJP9bDD1yfVeCzM0yUFwnkgMQXg@mail.gmail.com>
Date: Mon, 14 Apr 2014 18:04:14 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <65998A05-0400-41D9-A641-11F9BE18568F@iki.fi>
References: <CACsn0c=mLgKor7PLPG0PNMYqJP9bDD1yfVeCzM0yUFwnkgMQXg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Cgb0w9a3UiRHw1jPW9gWC68PGzs
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Renegotation redux
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 15:04:26 -0000
> On 14.4.2014, at 17.48, Watson Ladd <watsonbladd@gmail.com> wrote: > > Dear all, > > Are there any users of renegotiation beyond authentication with client > side certificates? In particular has anyone come up with a use for > changing the claimed identity of the server? I've been under the impression that renegotiation can be used to keep the connection open when the encryption is based on nonces and client/server runs out of usable nonces. The current counters are large enough that this is unlikely to happen, but if some crypto defines smaller nonces it might be a problem. Disallowing renegotiation would leave both parties with no other choice than hanging up the connection. Juho
- [TLS] Renegotation redux Watson Ladd
- Re: [TLS] Renegotation redux Salz, Rich
- Re: [TLS] Renegotation redux Juho Vähä-Herttua
- Re: [TLS] Renegotation redux Alyssa Rowan
- Re: [TLS] Renegotation redux Nick Mathewson
- Re: [TLS] Renegotation redux Nico Williams
- Re: [TLS] Renegotation redux Nico Williams
- Re: [TLS] Renegotation redux Watson Ladd
- Re: [TLS] Renegotation redux Nico Williams
- Re: [TLS] Renegotation redux Salz, Rich