Re: [TLS] Negotiating with known_configuration

Martin Thomson <martin.thomson@gmail.com> Tue, 21 July 2015 11:10 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A87A01A00BF for <tls@ietfa.amsl.com>; Tue, 21 Jul 2015 04:10:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wEl04zRlM4yc for <tls@ietfa.amsl.com>; Tue, 21 Jul 2015 04:10:57 -0700 (PDT)
Received: from mail-yk0-x230.google.com (mail-yk0-x230.google.com [IPv6:2607:f8b0:4002:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D49A61A00C0 for <tls@ietf.org>; Tue, 21 Jul 2015 04:10:56 -0700 (PDT)
Received: by ykdu72 with SMTP id u72so162190005ykd.2 for <tls@ietf.org>; Tue, 21 Jul 2015 04:10:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=bwOWYgbq+Pnk+S3rQHDpZFMwuSYr9nYZt6sXSfC1Oac=; b=j6QBnvCnJumiD4Yh2Ht3VNrIWqYWfh5gCrfFpYMNHwIrU1IgQBeb4NSDKgFWlXgQmB lUsyjUcGc/m0pyGG/apHyZGp4nWkuEXEQ88G1omsCpnbkWq8PakKRenyTl0dCc2hE62p pUwXxPL86xGV6Vk7GnJthg08IuP6/Epz2qGob99HxfjNTPk1sA1rWV/xQyRDFfToHgub ES5u1fhjGPeI+5G/fk7AvsjZ1tvuFygFrhEIaPHAuNyXTOEzXqGoXlTVGgNVf9aQvevM f4sl29xL6mi+aL2SSXKmCHkBq1GCWh5ZqEUPdkbCNtZQXLm/xfoAsi3STxUR0jvOgDFj Qagg==
MIME-Version: 1.0
X-Received: by 10.129.103.84 with SMTP id b81mr33038005ywc.55.1437477056259; Tue, 21 Jul 2015 04:10:56 -0700 (PDT)
Received: by 10.129.110.138 with HTTP; Tue, 21 Jul 2015 04:10:56 -0700 (PDT)
In-Reply-To: <CABcZeBOEUuVKHYRs5+DY6h8vcQ9uLWW9SXzN=VH=ovHbnEK0AA@mail.gmail.com>
References: <CABcZeBOEUuVKHYRs5+DY6h8vcQ9uLWW9SXzN=VH=ovHbnEK0AA@mail.gmail.com>
Date: Tue, 21 Jul 2015 04:10:56 -0700
Message-ID: <CABkgnnUn5_Wo9XDRe=KQKO64MWcBGw0Pk6aviyigR+H7yVBaUg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/JA-nflMRtqaouyNcXBg1vJwGA2A>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Negotiating with known_configuration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 11:10:58 -0000

On 21 July 2015 at 04:04, Eric Rescorla <ekr@rtfm.com> wrote:
> - The client indicates configuration ID and cryptographic configuration,
>   including the cipher suites and cryptographic extensions. This
>   MUST replicate the server's selection from a previous handshake


That's not going to work if there was no previous session.  For
instance, if the configuration was learned out of band.  It also
implies that the selection can come from ANY previous session, where I
think that it only makes sense to identify the session where the
configuration was learned.