Re: [TLS] TLS Digest, Vol 65, Issue 76
Ravi Ganesan <ravi@findravi.com> Fri, 18 December 2009 06:50 UTC
Return-Path: <ravi@findravi.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B60A3A6A4A for <tls@core3.amsl.com>; Thu, 17 Dec 2009 22:50:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.176
X-Spam-Level:
X-Spam-Status: No, score=-2.176 tagged_above=-999 required=5 tests=[AWL=-0.800, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_66=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOYw9G-Np8ss for <tls@core3.amsl.com>; Thu, 17 Dec 2009 22:50:23 -0800 (PST)
Received: from mail-pz0-f176.google.com (mail-pz0-f176.google.com [209.85.222.176]) by core3.amsl.com (Postfix) with ESMTP id A377B3A6A59 for <tls@ietf.org>; Thu, 17 Dec 2009 22:50:17 -0800 (PST)
Received: by pzk6 with SMTP id 6so2029128pzk.29 for <tls@ietf.org>; Thu, 17 Dec 2009 22:49:58 -0800 (PST)
MIME-Version: 1.0
Received: by 10.114.119.6 with SMTP id r6mr2397613wac.45.1261118998140; Thu, 17 Dec 2009 22:49:58 -0800 (PST)
In-Reply-To: <mailman.5706.1261104584.32729.tls@ietf.org>
References: <mailman.5706.1261104584.32729.tls@ietf.org>
Date: Thu, 17 Dec 2009 22:49:58 -0800
Message-ID: <3561bdcc0912172249i678bdbf5p89f1c3b3e8fd635@mail.gmail.com>
From: Ravi Ganesan <ravi@findravi.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="0016369208c4e75836047afb25d1"
Subject: Re: [TLS] TLS Digest, Vol 65, Issue 76
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2009 06:50:25 -0000
> I do agree with you there. Unless the saved session mechanism also > triggers the functionality and checks that a full handshake would, but > I think that's too much to hope for. > > -Kyle H I know everyone on this thread knows otherwise, but the way the terms get used, can easily result in confusion between "full handshake", "abbreviated handshake" and "renegotiated full handshake". The attack only applies of course to last category, and NOT to the abbreviated handshake. To be pedantic, in the "full" handshake the two sides (or at least the Server) prove identity to each other using their private keys and certificates chaining to mutually trusted roots, and exchange the "master_secret" which is really the "session key". This "master_secret" can be used by the "abbreviated handshake" to create many (including parallel) subsequent sessions with each party proving identity here by proving possession of the session key (the "master secret"). During the abbreviated handshake one simply CANNOT do all the checks in the full handshake, not because the developer chose not to do it, but because there is no question of public key credentials...the abbreviated handshake is relying purely on the shared secret (via the server.verify and client.verify). Sorry if this is so obvious to those on this thread, but a lot about SSL is *not* obvious to the world at general, and unfortunately a number of people are convinced that the attack discovered a flaw in session resumption or opening parallel sessions using the abbreviated handshake. If it did, I missed it perhaps. If not, perhaps language in text clarifying this 'obvious' point might be useful. Thanks, Ravi -- Ravi Ganesan ravi@findravi.com www.findravi.com
- Re: [TLS] TLS Digest, Vol 65, Issue 76 Ravi Ganesan
- Re: [TLS] TLS Digest, Vol 65, Issue 76 Marsh Ray
- Re: [TLS] TLS Digest, Vol 65, Issue 76 Ravi Ganesan
- Re: [TLS] TLS Digest, Vol 65, Issue 76 David-Sarah Hopwood