Re: [TLS] Avoiding first use of RI in ClientHello

Stefan Santesson <stefan@aaa-sec.com> Thu, 26 November 2009 17:34 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4AF383A6A9D for <tls@core3.amsl.com>; Thu, 26 Nov 2009 09:34:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.651
X-Spam-Level:
X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[AWL=0.598, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bavGXXOu8f2T for <tls@core3.amsl.com>; Thu, 26 Nov 2009 09:34:43 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.113]) by core3.amsl.com (Postfix) with ESMTP id 777FF3A6893 for <tls@ietf.org>; Thu, 26 Nov 2009 09:34:42 -0800 (PST)
Received: from s128.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 16BF028E446 for <tls@ietf.org>; Thu, 26 Nov 2009 18:34:42 +0100 (CET)
Received: (qmail 69341 invoked from network); 26 Nov 2009 17:34:35 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.3]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s128.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <ekr@networkresonance.com>; 26 Nov 2009 17:34:35 -0000
User-Agent: Microsoft-Entourage/12.23.0.091001
Date: Thu, 26 Nov 2009 18:34:33 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: Eric Rescorla <ekr@networkresonance.com>, Pasi.Eronen@nokia.com
Message-ID: <C7347AB9.6B6B%stefan@aaa-sec.com>
Thread-Topic: [TLS] Avoiding first use of RI in ClientHello
Thread-Index: Acpuvrc0UVkTKl7F80GNEIeeiJ1abA==
In-Reply-To: <20091126161812.A30A96C36F7@kilo.networkresonance.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Avoiding first use of RI in ClientHello
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2009 17:34:44 -0000

Reading the draft I realize I misunderstood one aspect.

I don't understand the benefit from having different signaling in the
initial handshakes and renegotiation handshakes.

Especially since I think it is better security design to not send the verify
data from previous handshakes.

Do you think sending the verify data is better security design? And why?

/Stefan


On 09-11-26 5:18 PM, "Eric Rescorla" <ekr@networkresonance.com> wrote:

> At Thu, 26 Nov 2009 08:03:48 +0100,
>> Unless the WG believes these goals are not actually met (that is, this
>> still could break too many things, or is excessively complex to
>> implement/deploy), I'd like to see an updated draft soon, and start
>> IETF Last Call.
> 
> I've just submitted an updated draft with this change.
> 
> -Ekr
> 
> 
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls