[TLS] renego, patricide, putting out to stud, etc.
Ravi Ganesan <ravi@findravi.com> Thu, 31 December 2009 06:23 UTC
Return-Path: <ravi@findravi.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9A5203A6A77 for <tls@core3.amsl.com>; Wed, 30 Dec 2009 22:23:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.007
X-Spam-Level:
X-Spam-Status: No, score=-2.007 tagged_above=-999 required=5 tests=[AWL=-0.031, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mJbnJFaF9jOt for <tls@core3.amsl.com>; Wed, 30 Dec 2009 22:23:06 -0800 (PST)
Received: from mail-pw0-f50.google.com (mail-pw0-f50.google.com [209.85.160.50]) by core3.amsl.com (Postfix) with ESMTP id DAEA73A6A19 for <tls@ietf.org>; Wed, 30 Dec 2009 22:21:47 -0800 (PST)
Received: by pwi20 with SMTP id 20so8402703pwi.29 for <tls@ietf.org>; Wed, 30 Dec 2009 22:20:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.114.253.6 with SMTP id a6mr8879191wai.209.1262240415714; Wed, 30 Dec 2009 22:20:15 -0800 (PST)
Date: Wed, 30 Dec 2009 22:20:15 -0800
Message-ID: <3561bdcc0912302220t7fad9ccfqf5103e6f120288ba@mail.gmail.com>
From: Ravi Ganesan <ravi@findravi.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="0016e68786dd999277047c003fb2"
Subject: [TLS] renego, patricide, putting out to stud, etc.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2009 06:23:10 -0000
>> Ravi Ganesan wrote: >> ii) A node can create a child node by performing renegotiation, followed by >> a full handshake. Such a full-renego-child, starts afresh with new values >> for all of the first five parameters. The only parameter which keeps it tied >> to this tree is the renegotiation-information, which is derived from the >> handshake and the parent-node's renegotiation-information. The primary >> use-case for this technique is to update authentication-knowledge of the >> Server (i.e. does it know who the Client is?). The creation of such a child >> node means the parent node can no longer be used. >That (the last sentence) is not the case, as far as I'm aware. Renegotiating >on some connection currently associated with a session does not mean that >that session can no longer be resumed. >David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com What I meant by 'that node can no longer be used', is that since the effective encryption/hashing keys have been rolled over, trying to send data using the values in that node to the side should not work. In that sense either of the renego child nodes renders its parent inactive. It did occur to me that the node while it cannot be 'used' (per my def) might still be able to have progeny (put out to stud if you will!). I just figured that one could get an identical result by using the parameters in the child to do the "resume", and that would be preferable.
- Re: [TLS] renego, patricide, putting out to stud,… David-Sarah Hopwood
- Re: [TLS] renego, patricide, putting out to stud,… Ravi Ganesan
- [TLS] renego, patricide, putting out to stud, etc. Ravi Ganesan
- Re: [TLS] renego, patricide, putting out to stud,… Michael D'Errico
- Re: [TLS] renego, patricide, putting out to stud,… Marsh Ray
- [TLS] Fw: renego, patricide, putting out to stud,… tom.petch