Re: [TLS] Closing some open comments on draft-ietf-tls-renegotiation
Martin Rex <mrex@sap.com> Tue, 08 December 2009 23:37 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BA2503A683D for <tls@core3.amsl.com>; Tue, 8 Dec 2009 15:37:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.191
X-Spam-Level:
X-Spam-Status: No, score=-6.191 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xmjreixCAZK for <tls@core3.amsl.com>; Tue, 8 Dec 2009 15:37:08 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id BD7B93A681C for <tls@ietf.org>; Tue, 8 Dec 2009 15:37:07 -0800 (PST)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id nB8NatUW008342 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 9 Dec 2009 00:36:55 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <200912082336.nB8NatS7017577@fs4113.wdf.sap.corp>
To: ekr@networkresonance.com
Date: Wed, 09 Dec 2009 00:36:55 +0100
In-Reply-To: <20091207220244.DA1A06C5242@kilo.networkresonance.com> from "Eric Rescorla" at Dec 7, 9 02:02:44 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal08
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Closing some open comments on draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2009 23:37:08 -0000
Eric Rescorla wrote: > > 6. Explicitly state that this extension may also be used with > SSLv3 (we don't have any authority to update SSLv3 in any > way but we can certainly say that there is no technical > obstacle.) What we're doing is giving recommendations to implementors what to do in their implementations when protocol version { 0x03, 0x00 } is negotiated. We do not need any formal authority to do so. I would suggest to mention the sizes of the SSLv3 finished messages (36 octets), since these are considerably larger than in TLS (12 octets). > > 7. Clarify that RI MUST be generated in all rehandshakes, per the > issue Martin raised earlier and proposed resolution by Marsh > and Nelson. Please add that this applies to _all_ handshakes, including TLS session resumes, i.e. the Server must return the TLS extension RI in the ServerHello of a TLS session resume as well! I feel a little uneasy with the term "rehandhshake". I assume you refer to "renegotiation", i.e. a handshake that is performed when the "current connection state" differs from "no encrytion, no compression, no MAC". I realize that the word "rehandshake" was added in one place to rfc5246 -- but I still would prefer a single term only. -Martin
- [TLS] Closing some open comments on draft-ietf-tl… Eric Rescorla
- Re: [TLS] Closing some open comments on draft-iet… Nicolas Williams
- Re: [TLS] Closing some open comments on draft-iet… Eric Rescorla
- Re: [TLS] Closing some open comments on draft-iet… David-Sarah Hopwood
- Re: [TLS] Closing some open comments on draft-iet… Pasi.Eronen
- Re: [TLS] Closing some open comments on draft-iet… Dr Stephen Henson
- Re: [TLS] Closing some open comments on draft-iet… Marsh Ray
- Re: [TLS] Closing some open comments on draft-iet… Dr Stephen Henson
- Re: [TLS] Closing some open comments on draft-iet… Martin Rex
- Re: [TLS] Closing some open comments on draft-iet… Marsh Ray
- Re: [TLS] Closing some open comments on draft-iet… Michael Gray
- Re: [TLS] Closing some open comments on draft-iet… Martin Rex
- Re: [TLS] Closing some open comments on draft-iet… Marsh Ray
- Re: [TLS] Closing some open comments on draft-iet… Eric Rescorla
- Re: [TLS] Closing some open comments on draft-iet… Michael D'Errico
- Re: [TLS] Closing some open comments on draft-iet… Peter Saint-Andre
- Re: [TLS] Closing some open comments on draft-iet… Michael D'Errico
- Re: [TLS] Closing some open comments on draft-iet… Bill Frantz
- Re: [TLS] Closing some open comments on draft-iet… Dr Stephen Henson
- Re: [TLS] Closing some open comments on draft-iet… David-Sarah Hopwood
- Re: [TLS] Closing some open comments on draft-iet… Michael Gray
- [TLS] Closing some open comments on draft-ietf-tl… Sebastian Gajek
- Re: [TLS] Closing some open comments on draft-iet… Yoav Nir
- Re: [TLS] Closing some open comments on draft-iet… David-Sarah Hopwood
- Re: [TLS] Closing some open comments on draft-iet… Yoav Nir
- Re: [TLS] Closing some open comments on draft-iet… David-Sarah Hopwood
- Re: [TLS] Closing some open comments on draft-iet… Yoav Nir
- Re: [TLS] Closing some open comments on draft-iet… Sebastian Gajek