Re: [TLS] Proposed changes to draft-ietf-tls-rfc4366-bis
Michael D'Errico <mike-list@pobox.com> Sat, 15 May 2010 03:02 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E7A833A67FE for <tls@core3.amsl.com>; Fri, 14 May 2010 20:02:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.841
X-Spam-Level:
X-Spam-Status: No, score=-0.841 tagged_above=-999 required=5 tests=[AWL=-0.842, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7PK2K72zHvFu for <tls@core3.amsl.com>; Fri, 14 May 2010 20:02:18 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by core3.amsl.com (Postfix) with ESMTP id ABA063A67EB for <tls@ietf.org>; Fri, 14 May 2010 20:02:17 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 7D3C1B3B11; Fri, 14 May 2010 23:02:07 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=Gk5aMLZpNEIw hnsAn7djb+nVC0U=; b=IKEiU+oUcqn6Gxvypet9vfVTnIEyxvxb78c3jItm7ZHp AZUZqMd8cDnAVifT6jALz9A/r/ewra+vl/eIeU2l96n1SzDZIqdZJzDHXdu3rg9M V6/3zvB/knbshcfan85lTi2Yh1Iu+HVeselOhPOxl8ZrUOnb8cOc/ykzWVM5O+Y=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=J09ne5 p4OxHJqzMksJuYonHjCQrQBJV7l46SNB69Yh82d2u21b8a2lv/QugXI74OAoJUFp bYeAurPuaDzvw760I7b9Uow8H4ogdTKPUTSJHEu2ptpMTvgNaL/4CVuIgSpEdHLj GluNobSRtA+Un8aJLenyaUeMye8gixTYyN1o8=
Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 6A5B9B3B0F; Fri, 14 May 2010 23:02:06 -0400 (EDT)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id E6911B3B0E; Fri, 14 May 2010 23:02:04 -0400 (EDT)
Message-ID: <4BEE0EAB.5030806@pobox.com>
Date: Fri, 14 May 2010 20:02:03 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Donald Eastlake <d3e3e3@gmail.com>
References: <AC1CFD94F59A264488DC2BEC3E890DE50A43B2D7@xmb-sjc-225.amer.cisco.com> <808FD6E27AD4884E94820BC333B2DB775B82DD0CE1@NOK-EUMSG-01.mgdnok.nokia.com> <AANLkTikvkuR5_6kHnpwM19PxSvtBv4qrC1_QldxMnOWE@mail.gmail.com>
In-Reply-To: <AANLkTikvkuR5_6kHnpwM19PxSvtBv4qrC1_QldxMnOWE@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 3EB08504-5FCE-11DF-9351-D033EE7EF46B-38729857!a-pb-sasl-quonix.pobox.com
Cc: tls@ietf.org
Subject: Re: [TLS] Proposed changes to draft-ietf-tls-rfc4366-bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 May 2010 03:02:20 -0000
Donald Eastlake wrote:
> There having been no objections to the changes posted at the beginning
> of this thread, I've gone ahead and made them.
Sorry, I've been busy. One of the things added was:
Add to section 3 before the last paragraph to clarify session
resumption behavior:
"When the server resumes a session, the server_name extension
is ignored."
I have not yet done it, but I plan to have my session resumption
logic look at the SNI to see if it matches the name used for the
cached session. If they don't match, a full handshake will be
completed. We already have to verify that TLS version, cipher
suite, and compression method are compatible with the hello
parameters. I don't see why the SNI is any less important.
Does the above text suggest that my plan would be non-compliant?
Thanks,
Mike
> Thanks,
> Donald
> =============================
> Donald E. Eastlake 3rd +1-508-333-2270 (cell)
> 155 Beaver Street +1-508-634-2066 (home)
> Milford, MA 01757 USA
> d3e3e3@gmail.com
- [TLS] Proposed changes to draft-ietf-tls-rfc4366-… Joseph Salowey (jsalowey)
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Pasi.Eronen
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Donald Eastlake
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Michael D'Errico
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Marsh Ray
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Joseph Salowey (jsalowey)
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Michael D'Errico
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Martin Rex
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Joseph Salowey (jsalowey)
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Michael D'Errico
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Joseph Salowey (jsalowey)
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Martin Rex
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Michael D'Errico
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Joseph Salowey (jsalowey)
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Michael D'Errico