Re: [TLS] assert TLSext in renego-ServerHello instead of disable renego

Bodo Moeller <bmoeller@acm.org> Sun, 15 November 2009 19:36 UTC

Return-Path: <bmoeller@acm.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 61CD73A69DC for <tls@core3.amsl.com>; Sun, 15 Nov 2009 11:36:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.909
X-Spam-Level:
X-Spam-Status: No, score=-99.909 tagged_above=-999 required=5 tests=[AWL=-0.260, BAYES_50=0.001, HELO_EQ_DE=0.35, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JthS74QPvYvU for <tls@core3.amsl.com>; Sun, 15 Nov 2009 11:36:16 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by core3.amsl.com (Postfix) with ESMTP id 682983A68FF for <tls@ietf.org>; Sun, 15 Nov 2009 11:36:16 -0800 (PST)
Received: from [192.168.1.3] (c-76-102-12-92.hsd1.ca.comcast.net [76.102.12.92]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0MM2YK-1NHQvt2eIm-0089Xc; Sun, 15 Nov 2009 20:36:11 +0100
From: Bodo Moeller <bmoeller@acm.org>
To: Eric Rescorla <ekr@networkresonance.com>
In-Reply-To: <20091113060004.55DC569F31E@kilo.networkresonance.com>
References: <200911092035.nA9KZviE026489@fs4113.wdf.sap.corp> <4AF8EF8F.3090100@jacaranda.org> <4AF8F7B4.7020101@pobox.com> <4AF8FDBD.4080003@jacaranda.org> <4AF9070E.4050305@jacaranda.org> <4AF99E04.3060604@pobox.com> <20091112055910.58D2369EF16@kilo.networkresonance.com> <4AFC46D8.9050905@pobox.com> <20091113060004.55DC569F31E@kilo.networkresonance.com>
Message-Id: <3494BBB0-E80A-4CCA-92EF-A7EC794BEF9D@acm.org>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Sun, 15 Nov 2009 11:36:07 -0800
X-Mailer: Apple Mail (2.936)
X-Provags-ID: V01U2FsdGVkX18MY6+Fs3IB29uNdJpZEH1hcdScZaXKeM1pUAu DE+zEnQFru74HwS5x9YahorFep8w82JQYuZjHGmVUe9bDNTXOn Wh0WimTFthcDtwoWn+W1w==
Cc: tls@ietf.org
Subject: Re: [TLS] assert TLSext in renego-ServerHello instead of disable renego
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2009 19:36:17 -0000

On Nov 12, 2009, at 10:00 PM, Eric Rescorla wrote:

>
> The issue isn't whether the client sends it. Of course the client
> sends it. It's whether the client aborts the connection of the server
> doesn't return it.

Why make a client send it on the initial handshake if that client  
wouldn't have plans to abort the connection if the server doesn't  
acknowledge it?  Interoperability seems easier if you don't send it.

Bodo