IETF Logo Mail Archive

Re: [TLS] Abbreviated Handshake != Renegotiated Handshake

Martin Rex <mrex@sap.com> Mon, 21 December 2009 14:22 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DE0D828C0E5 for <tls@core3.amsl.com>; Mon, 21 Dec 2009 06:22:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.194
X-Spam-Level:
X-Spam-Status: No, score=-6.194 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YBl+XPQPeUkV for <tls@core3.amsl.com>; Mon, 21 Dec 2009 06:22:01 -0800 (PST)
Received: from smtpde03.sap-ag.de (smtpde03.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 9351C28C0D0 for <tls@ietf.org>; Mon, 21 Dec 2009 06:22:01 -0800 (PST)
Received: from mail.sap.corp by smtpde03.sap-ag.de (26) with ESMTP id nBLELf6Y011503 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 21 Dec 2009 15:21:41 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <200912211421.nBLELeiU012354@fs4113.wdf.sap.corp>
To: marsh@extendedsubset.com
Date: Mon, 21 Dec 2009 15:21:40 +0100
In-Reply-To: <4B2D22C6.9090109@extendedsubset.com> from "Marsh Ray" at Dec 19, 9 01:00:22 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: ravi@findravi.com, tls@ietf.org
Subject: Re: [TLS] Abbreviated Handshake != Renegotiated Handshake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2009 14:22:03 -0000

Marsh Ray wrote:
> 
> Ravi Ganesan wrote:
> > 
> > But regardless even if there is something in existence called a
> > "renegotiated abbreviated handshake", I think the distinction between
> > 'abbreviated handshakes without renegoitation' which are very very
> > widely used should not be confused with 'renegotiated handshakes of any
> > kind'.

Ravi, your terminology is slightly confusing.  Renegotiation refers
to a TLS handshake that is performed under protection of an existing
TLS session, so the two things you could distinguish are:

  - renegotiation with a full handshake
  - renegotiation with an abbreviated handshake (aka session resume)

> 
> Nowhere in the draft does it talk about "abbreviated handshakes".

That might be considered a defect, because it is the terminology
established by RFC-5246 7.3 Handshake Protocol Overview, Figure 2

http://tools.ietf.org/html/rfc5246#page-37


>
> Whether or not a handshake is "abbreviated" has absolutely nothing to do
> with whether or not it is an initial or a renegotiation handshake.

Correct.


-Martin

v2.23.0 | Report a Bug | By Email