Re: [TLS] Handshake not under protection
Marsh Ray <marsh@extendedsubset.com> Mon, 21 December 2009 18:59 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CAD513A697D for <tls@core3.amsl.com>; Mon, 21 Dec 2009 10:59:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.592
X-Spam-Level:
X-Spam-Status: No, score=-2.592 tagged_above=-999 required=5 tests=[AWL=0.007, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzoe28VqRT0L for <tls@core3.amsl.com>; Mon, 21 Dec 2009 10:59:21 -0800 (PST)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id 196943A6834 for <tls@ietf.org>; Mon, 21 Dec 2009 10:59:21 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1NMnTE-00063u-M2; Mon, 21 Dec 2009 18:59:04 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 6C4CE603A; Mon, 21 Dec 2009 18:59:03 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1/2lKMaAh+63ghkhoRmWb76tLPYcxD6Gis=
Message-ID: <4B2FC57B.4070908@extendedsubset.com>
Date: Mon, 21 Dec 2009 12:59:07 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Ravi Ganesan <ravi@findravi.com>
References: <mailman.6034.1261412925.32729.tls@ietf.org> <3561bdcc0912211027l642d7085kf825965d3b0d6ec9@mail.gmail.com>
In-Reply-To: <3561bdcc0912211027l642d7085kf825965d3b0d6ec9@mail.gmail.com>
X-Enigmail-Version: 0.96.0
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Handshake not under protection
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2009 18:59:21 -0000
Ravi Ganesan wrote: > > Ravi, your terminology is slightly confusing. Renegotiation refers > to a TLS handshake that is performed under protection of an existing > TLS session, so the two things you could distinguish are: > > Martin, Point well taken. Thx, Ravi > > p.s. I prefer not to think of the handshake happening "under protection" > of previous session. Another example of this is in current draft which > says: "The handshake is in the clear to the attacker but encrypted over > the attacker's TLS connection to the server." The handshake itself is > always of course is in the clear, certain values in it are encrypted > with certain keys. And in some cases this results in binding to previous > sessions. This sounds nitpicky, but I only say this because perfectly > smart security people with some knowledge of SSL can read sentences like > above to assume the entire handshake (including client_random and > server_random) is encrypted. +1. There is no "protection" being provided. People who are thinking renegotiation provides real security for client certificates are somewhat misguided. At the TLS level, it's possible for the current session to be anon-anon-DH, which provides no protection. In practice, client apps will hand over the plaintext client certificate to any MitM that asks for it. - Marsh
- Re: [TLS] Handshake not under protection Michael D'Errico
- Re: [TLS] TLS Digest, Vol 65, Issue 88 Ravi Ganesan
- Re: [TLS] TLS Digest, Vol 65, Issue 88 Martin Rex
- Re: [TLS] Handshake not under protection Marsh Ray
- Re: [TLS] Handshake not under protection Martin Rex
- Re: [TLS] Handshake not under protection Marsh Ray
- Re: [TLS] Handshake not under protection Martin Rex
- Re: [TLS] Handshake not under protection Geoffrey Keating
- Re: [TLS] Handshake not under protection Martin Rex
- Re: [TLS] Handshake not under protection Marsh Ray
- Re: [TLS] Handshake not under protection Martin Rex
- Re: [TLS] Handshake not under protection Marsh Ray
- Re: [TLS] Handshake not under protection Michael D'Errico
- Re: [TLS] Handshake not under protection Martin Rex