Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to draft-altman-tls-channel-bindings, take two (PLEASE REVIEW)

Nicolas Williams <Nicolas.Williams@sun.com> Tue, 23 March 2010 21:15 UTC

Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7D39A3A6CBB; Tue, 23 Mar 2010 14:15:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.698
X-Spam-Level:
X-Spam-Status: No, score=-4.698 tagged_above=-999 required=5 tests=[AWL=0.770, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SgJ6HjZm6xyw; Tue, 23 Mar 2010 14:15:36 -0700 (PDT)
Received: from acsinet12.oracle.com (acsinet12.oracle.com [141.146.126.234]) by core3.amsl.com (Postfix) with ESMTP id 204FA3A6BA1; Tue, 23 Mar 2010 14:15:24 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by acsinet12.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id o2NLFfkk002572 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 23 Mar 2010 21:15:43 GMT
Received: from acsmt354.oracle.com (acsmt354.oracle.com [141.146.40.154]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o2N2MLqB028527; Tue, 23 Mar 2010 21:15:39 GMT
Received: from abhmt020.oracle.com by acsmt353.oracle.com with ESMTP id 109872701269378847; Tue, 23 Mar 2010 14:14:07 -0700
Received: from Sun.COM (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 23 Mar 2010 14:14:06 -0700
Date: Tue, 23 Mar 2010 16:14:01 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Larry Zhu <larry.zhu@microsoft.com>
Message-ID: <20100323211401.GE21244@Sun.COM>
References: <20100317231522.GA18167@Sun.COM> <20100322232150.GB21244@Sun.COM> <20100323065301.GE21244@Sun.COM> <20100323190629.GR21244@Sun.COM> <4B17DE30119FF1429798D9F5D94BDE8C0EB563F1@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com> <20100323195956.GY21244@Sun.COM> <4B17DE30119FF1429798D9F5D94BDE8C0EB5667A@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com> <20100323205554.GC21244@Sun.COM> <4B17DE30119FF1429798D9F5D94BDE8C0EB567FF@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4B17DE30119FF1429798D9F5D94BDE8C0EB567FF@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Source-IP: acsmt354.oracle.com [141.146.40.154]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090201.4BA92F7C.00CB,ss=1,fgs=0
Cc: Mark Novak <Mark.Novak@microsoft.com>, "channel-binding@ietf.org" <channel-binding@ietf.org>, Pasi Eronen <pasi.eronen@nokia.com>, "tls@ietf.org" <tls@ietf.org>, "sasl@ietf.org" <sasl@ietf.org>
Subject: Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to draft-altman-tls-channel-bindings, take two (PLEASE REVIEW)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2010 21:15:40 -0000

On Tue, Mar 23, 2010 at 09:07:12PM +0000, Larry Zhu wrote:
> Nicolas Williams wrote:
> > It does.  However, it does also mean that I had to write a bunch of
> > normative text in draft-altman-... to say that apps must do this.
> > That strikes me as ugly complexity.  If you never have
> > re-negotiation happening before authentication then why do we need
> > to worry about this?  -- that's my question.
> 
> It is amusing that if you actually suggest that it is more complex to
> leave the behavior as undefined.

I _never_ said that.

Nico
--