IETF Logo Mail Archive

Re: [TLS] Summarizing identity change discussion so far

Stefan Santesson <stefan@aaa-sec.com> Tue, 08 December 2009 19:11 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EEC8F3A6A4C for <tls@core3.amsl.com>; Tue, 8 Dec 2009 11:11:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.141
X-Spam-Level:
X-Spam-Status: No, score=-2.141 tagged_above=-999 required=5 tests=[AWL=0.108, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nDJViyBk1ksY for <tls@core3.amsl.com>; Tue, 8 Dec 2009 11:11:57 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.114]) by core3.amsl.com (Postfix) with ESMTP id C16DB3A693F for <tls@ietf.org>; Tue, 8 Dec 2009 11:11:56 -0800 (PST)
Received: from s60.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 47E93289CF3 for <tls@ietf.org>; Tue, 8 Dec 2009 20:11:51 +0100 (CET)
Received: (qmail 58329 invoked from network); 8 Dec 2009 19:11:43 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.3]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s60.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <Pasi.Eronen@nokia.com>; 8 Dec 2009 19:11:43 -0000
User-Agent: Microsoft-Entourage/12.23.0.091001
Date: Tue, 08 Dec 2009 20:11:41 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: Pasi.Eronen@nokia.com, stephen.farrell@cs.tcd.ie
Message-ID: <C744637D.7178%stefan@aaa-sec.com>
Thread-Topic: [TLS] Summarizing identity change discussion so far
Thread-Index: Acp4BoPJVyVgAyqSSPeFPl2hJhz35gAACQzwAAznfMo=
In-Reply-To: <808FD6E27AD4884E94820BC333B2DB774F31D235DE@NOK-EUMSG-01.mgdnok.nokia.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Summarizing identity change discussion so far
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2009 19:11:59 -0000

Pasi,

On 09-12-08 2:12 PM, "Pasi.Eronen@nokia.com" <Pasi.Eronen@nokia.com> wrote:

> It's not absolutely required that the text makes recommendations how
> to avoid those vulnerabilities, but IMHO it would be a bit strange to
> just describe the security problem without saying anything how to
> avoid it...

Following the BCP on how to write security considerations it seems perfectly
valid to point out a security issue and to declare it out of scope for the
present document to handle.

/Stefan

v2.23.0 | Report a Bug | By Email