Re: [TLS] First TLS cached information draft posted
Simon Josefsson <simon@josefsson.org> Fri, 05 June 2009 11:38 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC7BA3A6CBA for <tls@core3.amsl.com>; Fri, 5 Jun 2009 04:38:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nwyxYOgim+BU for <tls@core3.amsl.com>; Fri, 5 Jun 2009 04:38:29 -0700 (PDT)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id 81C2F3A6BA8 for <TLS@ietf.org>; Fri, 5 Jun 2009 04:38:28 -0700 (PDT)
Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n55BcO9G024881 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 5 Jun 2009 13:38:27 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Stefan Santesson <stefan@aaa-sec.com>
References: <C64DD3D3.2714%stefan@aaa-sec.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:090605:tls@ietf.org::DcPCVVl5lPHNI9wR:EHFX
X-Hashcash: 1:22:090605:stefan@aaa-sec.com::tymxI0ax7Y2GLcsG:kP8B
Date: Fri, 05 Jun 2009 13:38:24 +0200
In-Reply-To: <C64DD3D3.2714%stefan@aaa-sec.com> (Stefan Santesson's message of "Thu, 04 Jun 2009 19:41:07 +0200")
Message-ID: <87fxeerjv3.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Cc: TLS wg <TLS@ietf.org>
Subject: Re: [TLS] First TLS cached information draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2009 11:38:30 -0000
Stefan Santesson <stefan@aaa-sec.com> writes: > I have finally incorporated the agreed changes to what previously was called > the cached certs extension, now changed to the cached information extension, > and submitted the first (00) TLS draft. > > The draft is available from the following staging URL until it¹s made > available as a TLS draft. > http://www.ietf.org/proceedings/staging/draft-ietf-tls-cached-info-00.txt I support this. I've seen 40kb handshakes due to the server return a list of acceptable CAs, and that has generated some interop problems with GnuTLS [1]. The document appears to be in good shape. I believe I could implement the document if two (minor) concerns were resolved. First, this paragraph: Servers that receive an extended client hello containing a "cached_information" extension, MAY indicate that they support one or more of the cached information objects by including an extension of type "cached_information" in the (extended) server hello, which SHALL contain at least one CachedObject received from the client. The intention here appears under-specified. What does it mean if the client sent two CachedObject's and the server just returned one of them? One plausible interpretation would be that the server did not support the hash/type-combination that were not returned. Enforcing that interpretation is needed to resolve my second concern. I suggest to add a sentence: The CachedObject's returned by the server MUST include the types the server supports and has accepted to replace with cached data. Secondly, this paragraph: After negotiation of the use of cached certificates has been successfully completed (by exchanging hello messages including "cached_certs" extensions), the server MAY replace the cached information objects in its handshake messages with a corresponding hash_value from CachedInformationHash that was included in the cached_information extension of the server hello message. Why a MAY here? How would a client distinguish whether the server did replace the data or not? Why not use the extended server hello to return the supported types (as suggested above)? This appears to add complexity for no particular reason, at least as far as I can understand. I suggest to replace MAY with MUST here. Thanks, /Simon [1] GnuTLS refuses large handshakes due to DoS concerns, and we had to increase the limit.
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- [TLS] First TLS cached information draft posted Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Min Huang
- Re: [TLS] First TLS cached information draft post… Min Huang
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson