Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft

Simon Josefsson <simon@josefsson.org> Mon, 01 March 2010 20:44 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B208A28C590 for <tls@core3.amsl.com>; Mon, 1 Mar 2010 12:44:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3+i1Q-TAgQJK for <tls@core3.amsl.com>; Mon, 1 Mar 2010 12:44:20 -0800 (PST)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id 991B228C58F for <tls@ietf.org>; Mon, 1 Mar 2010 12:44:18 -0800 (PST)
Received: from mocca (c80-216-24-99.bredband.comhem.se [80.216.24.99]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o21KiCKZ004949 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 1 Mar 2010 21:44:13 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Brian Smith <brian@briansmith.org>
References: <201002252011.o1PKBdRJ015456@fs4113.wdf.sap.corp> <4B8BD27A.8070608@briansmith.org>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:100301:mrex@sap.com::NXBUJbsr86ok0OOF:1LxB
X-Hashcash: 1:22:100301:tls@ietf.org::W0jlWj0QBE6Qj0cg:AE6y
X-Hashcash: 1:22:100301:brian@briansmith.org::JTZI8HG6pNI8+12S:E/9z
Date: Mon, 01 Mar 2010 21:44:11 +0100
In-Reply-To: <4B8BD27A.8070608@briansmith.org> (Brian Smith's message of "Mon, 01 Mar 2010 08:43:06 -0600")
Message-ID: <87r5o3lqlg.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: clamav-milter 0.95.3 at yxa-v
X-Virus-Status: Clean
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Mar 2010 20:44:20 -0000

Brian Smith <brian@briansmith.org>; writes:

>> Btw. the certificate fingerprinting and public key fingerprinting
>> algorithms currently also still use SHA-1 (e.g. rfc-5280 4.2.1.2).
>>    
> RFC-5280 4.2.1.2 just says that SHA-1 is a "common method" for
> generating the subject key identifier and "Other methods of generating
> unique numbers are also acceptable." In other words, it is an opaque
> unique identifier like I am advocating to simplify this
> extension.

Further, remember that TLS can be used without any X.509 at all (PSK,
SRP, OpenPGP etc).

The main use case for cached info is likely X.509 CA lists and large
X.509 chains, but there could be other things that needs caching for
non-X.509 in the future.

/Simon