Re: [TLS] Updated draft

"tom.petch" <cfinss@dial.pipex.com> Thu, 24 December 2009 18:42 UTC

Return-Path: <cfinss@dial.pipex.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2E3BD3A695B for <tls@core3.amsl.com>; Thu, 24 Dec 2009 10:42:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.047
X-Spam-Level:
X-Spam-Status: No, score=-2.047 tagged_above=-999 required=5 tests=[AWL=0.552, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F+Zb1AH78Civ for <tls@core3.amsl.com>; Thu, 24 Dec 2009 10:42:02 -0800 (PST)
Received: from mk-outboundfilter-5.mail.uk.tiscali.com (mk-outboundfilter-5.mail.uk.tiscali.com [212.74.114.1]) by core3.amsl.com (Postfix) with ESMTP id D37933A68F1 for <tls@ietf.org>; Thu, 24 Dec 2009 10:42:01 -0800 (PST)
X-Trace: 225887958/mk-outboundfilter-5.mail.uk.tiscali.com/PIPEX/$PIPEX-ACCEPTED/pipex-customers/62.188.100.180/None/cfinss@dial.pipex.com
X-SBRS: None
X-RemoteIP: 62.188.100.180
X-IP-MAIL-FROM: cfinss@dial.pipex.com
X-SMTP-AUTH:
X-MUA: Microsoft Outlook Express 6.00.2800.1106Produced By Microsoft MimeOLE V6.00.2800.1106
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtYFAJREM0s+vGS0/2dsb2JhbACCXiqFMIhmxEwKgiWCBAQ
X-IronPort-AV: E=Sophos;i="4.47,450,1257120000"; d="scan'208";a="225887958"
X-IP-Direction: IN
Received: from 1cust180.tnt1.lnd9.gbr.da.uu.net (HELO allison) ([62.188.100.180]) by smtp.pipex.tiscali.co.uk with SMTP; 24 Dec 2009 18:41:43 +0000
Message-ID: <044301ca84c0$6f34d0c0$0601a8c0@allison>
From: "tom.petch" <cfinss@dial.pipex.com>
To: "Eric Rescorla" <ekr@networkresonance.com>, <tls@ietf.org>
References: <20091216213202.C5CC26C82B8@kilo.networkresonance.com>
Date: Thu, 24 Dec 2009 18:41:34 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Subject: Re: [TLS] Updated draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "tom.petch" <cfinss@dial.pipex.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Dec 2009 18:42:03 -0000

I find the reference to
      immediately previous handshake
in s.3 unclear.

Thinking of session resumption, as identified in RFC5246, there are three cases
namely
  "The session identifier MAY be from an earlier connection,
   this connection, or from another currently active connection."

Which connection should the immediately previous handshake come from
given that there may be one session and multiple connections
(each of which may be independently re-negotiating) in each of these three
cases?

My grasp of TLS session and TLS connection may not be as crystal clear
as it might be; I see session as defined by a common session
identifier but connection being the construct whose protocol is changed by
this I-D.

Tom Petch

----- Original Message -----
From: "Eric Rescorla" <ekr@networkresonance.com>
To: <tls@ietf.org>
Sent: Wednesday, December 16, 2009 10:32 PM
Subject: [TLS] Updated draft


> I've just submitted a new draft that is intended to enact most of
> Pasi's message as well as the noncontroversial editorial comments
> people have raised. Here is what I know still needs work:
>
> - The final resolution to what's sent in the legacy renegotiation
>   case (see Pasi's message and the text I sent earlier).
> - New text for the identity section in Security considerations.
>   (Pending closure on the list).
> - Make a pass through for clarity for implementors.
>   (Also, I have some text here that Pasi contributed that I
>   need to work in).
>
> If you think you made a comment which is noncontroversial
> that didn't make it in and/or I screwed up incorporating your
> comment, please let me know and I'll try to fix.
>
> For some reason, the submission tool is forcing manual
> submission. In the interim you can find it at:
> https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-ietf-tls-renegotiate.txt
>
> Thanks,
> -Ekr
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls