Re: [TLS] Proposed text for removing renegotiation

Martin Thomson <martin.thomson@gmail.com> Thu, 12 June 2014 18:34 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BF331A0248 for <tls@ietfa.amsl.com>; Thu, 12 Jun 2014 11:34:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hd05nVdFMG5n for <tls@ietfa.amsl.com>; Thu, 12 Jun 2014 11:34:25 -0700 (PDT)
Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13D741B2AE0 for <tls@ietf.org>; Thu, 12 Jun 2014 11:34:24 -0700 (PDT)
Received: by mail-wi0-f173.google.com with SMTP id cc10so6170596wib.6 for <tls@ietf.org>; Thu, 12 Jun 2014 11:34:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=PfzLeezulpbyBJ9idYS9cCQghIoO1vo7iR77B6Z93uI=; b=DGtDwXXYwvJ5A2+Y4bP7QAJjoJo1Pz04sKd2dSw0uVhkuxz/I2tuENto4Ge6QKWUCj GqRNyljcXlfr3Vc6YWnOakba6xpe0jY2JC/+siviqb6USnTcCzft80hX1a55q6MK2k7T BtfA1ueQmHty6YT21AR1shByVPeLO4T4hti0AoNXVtVIRbasHAlwfrILSoqfCslj9V6p WMDf80T2j6C15snMJ2NNFN7sReO6kpG6HFGXfn/ssk/gL6j0PpCA1YaVU3JbHqJ6JUKO Y8ikzGsR528vwnB6AMWZrIrPaYOkN8tFTatMtav4uAFPOSaN+GHC0MBMoa7kihAtxQqN kGDg==
MIME-Version: 1.0
X-Received: by 10.195.18.8 with SMTP id gi8mr64732434wjd.75.1402598063602; Thu, 12 Jun 2014 11:34:23 -0700 (PDT)
Received: by 10.194.51.134 with HTTP; Thu, 12 Jun 2014 11:34:23 -0700 (PDT)
In-Reply-To: <859F43324A6FEC448BFEA30C90405FA9055451@SEAEMBX02.olympus.F5Net.com>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <1402388399.2369.5.camel@dhcp-2-127.brq.redhat.com> <CACsn0cm5OzzjOh5nSXcu-cx+ZYFeJiJ5eGvgwjsWPUeX4ozz2g@mail.gmail.com> <1402476304.2305.8.camel@dhcp-2-127.brq.redhat.com> <CACsn0cmM4KpMgwXo0iTygsQ+En6N3J46jPY-Q3hfwzqG431M1w@mail.gmail.com> <5B1D7E570380A64989D4C069F7D14BC8CB7F66D6@PINTO.missi.ncsc.mil> <CACsn0ckoNvNQye09ekHPNtEMdhU58QzbWJiufTwGfkjBynKqxA@mail.gmail.com> <859F43324A6FEC448BFEA30C90405FA90550E0@SEAEMBX02.olympus.F5Net.com> <CABcZeBNqU5WdDfdGF391ntCDHThWOg8ZQ0CxKPj5yiV--cY-+w@mail.gmail.com> <859F43324A6FEC448BFEA30C90405FA9055451@SEAEMBX02.olympus.F5Net.com>
Date: Thu, 12 Jun 2014 11:34:23 -0700
Message-ID: <CABkgnnWDiZ4dhkPLSwrbgfuO+WjhLp+YaB8HVokAM7yC1edJQA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: David Holmes <d.holmes@f5.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/K3V2168x57FaYpl5TyIK-ajQ-ko
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jun 2014 18:34:27 -0000

On 12 June 2014 11:22, David Holmes <d.holmes@f5.com> wrote:
> The data points we have on “why” are the following:
>
> 1. low-bandwidth connections from automated teller machines (ATM) that can last for days or even weeks.
> 2. sites that start “open” but will require renegotiation w/ client cert when you try to enter a protected area.
> 3. infrastructure pieces use iQuery over TLS and these renegotiate periodically.

That suggests 1. rekeying 2. client auth'n 3. rekeying (I think)