Re: [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08

Eric Rescorla <ekr@networkresonance.com> Tue, 16 May 2006 14:50 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fg0sO-0003N4-7O; Tue, 16 May 2006 10:50:20 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fg0sN-0003Mu-IR for tls@ietf.org; Tue, 16 May 2006 10:50:19 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fg0sM-000298-8a for tls@ietf.org; Tue, 16 May 2006 10:50:19 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 240EF1E8C1F; Tue, 16 May 2006 07:50:15 -0700 (PDT)
To: Simon Josefsson <jas@extundo.com>
Subject: Re: [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08
References: <B356D8F434D20B40A8CEDAEC305A1F2402A7978F@esebe105.NOE.Nokia.com> <B356D8F434D20B40A8CEDAEC305A1F2402A799DB@esebe105.NOE.Nokia.com> <87slna3wkc.fsf@latte.josefsson.org>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Tue, 16 May 2006 07:50:15 -0700
In-Reply-To: <87slna3wkc.fsf@latte.josefsson.org> (Simon Josefsson's message of "Tue, 16 May 2006 15:53:39 +0200")
Message-ID: <86mzdiowgo.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
Cc: tls-bounces@lists.ietf.org, tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Simon Josefsson <jas@extundo.com> writes:
> <Pasi.Eronen@nokia.com> writes:
>> In current uses of TLS with X.509 certificates, this infrastructure
>> is not necessarily present, and the ability to send several
>> certificates is used.
>>
>> Thus, I would not hard-code this limitation in the specification,
>> especially when it's very easy to avoid (just allow a list just
>> as in normal TLS), and there's just 3 bytes of overhead for 
>> implementations that send only one PGP key... (and in fact
>> even this overhead could be avoided if we remove the redundant
>> length field by stating that the "key descriptor type" is the
>> first byte of the key data)
>
> I'd disagree that it is that simple to fix that: If the draft permit
> more than one key, I believe it has to describe how implementations
> are supposed to use more than one key to build the chain, or at least
> mandate some specific behaviour.

I don't agree with this. PGP at least theoretically knows how
to build cert chains from a "bucket of keys". 

-Ekr

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls