IETF Logo Mail Archive

Re: [TLS] Comments on TLS identity protection

badra <badra@isima.fr> Wed, 20 December 2006 10:28 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwygV-0003Ib-4A; Wed, 20 Dec 2006 05:28:27 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwygU-0003FR-Bm for tls@ietf.org; Wed, 20 Dec 2006 05:28:26 -0500
Received: from sp.isima.fr ([193.55.95.1]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwygS-0006d4-Ub for tls@ietf.org; Wed, 20 Dec 2006 05:28:26 -0500
Received: from [127.0.0.1] (pc158.isima.fr [193.55.95.158]) by sp.isima.fr (8.9.3/jtpda-5.3.1) with ESMTP id LAA61766 ; Wed, 20 Dec 2006 11:27:01 +0100
Message-ID: <4589103B.1050402@isima.fr>
Date: Wed, 20 Dec 2006 11:28:11 +0100
From: badra <badra@isima.fr>
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
Subject: Re: [TLS] Comments on TLS identity protection
References: <20061219204505.5F2EE5C01E@laser.networkresonance.com> <61434.86.72.162.216.1166567558.squirrel@www.isima.fr> <86ejqvpl6s.fsf@raman.networkresonance.com> <45890C86.5090803@enst.fr>
In-Reply-To: <45890C86.5090803@enst.fr>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Eric Rescorla writes:
> badra@isima.fr writes:
>  
>> In EAP-TLS, an implementation of TLS for Wireless LAN and later for 
>> WiMAX,
>> the client is authenticated based on the certificate's use. This is the
>> initial motivation of this work.
>>     
>
> Yes, but I don't think this really explains why the certificate
> needs to be kept secret or why the double handshake technique isn't
> good enough.
>   

Hi Eric,

IMHO, double handshake technique isn't good enough to many environments, 
especially in performance-constrained environments. In addition:

- As you cited in your early mail, double handshake needs two sets of 
crypto computations and 4 RTTs. The number of RTT significantly 
increases when using TLS over EAP or UDP. Moreover, the client and the 
server need to encrypt/decrypt the whole messages of the second handshake.

- Double handshake reduces the server performance by a factor of 2 or 3 
at least.

- In the case where the client has no certificate and the server isn't 
configured to accept connexions from unauthenticated clients, we can't 
stop the TLS negotiation early. So the server is overloaded for nothing: 
the first handshake is already done and the sever doesn't receive a 
certificate from the client. In the ciphersuites approach, the server 
and the client can detect such configuration early during the hello phase.

- With double handshake, the "privacy" and "no privacy" cannot be 
implemented together. I mean TLS servers aren't so smart to do that 
without external configuration and that the client cannot set or 
negotiate "privacy" with a given server.

- Configuration cost.

Best regards,
Badra


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email