IETF Logo Mail Archive

Re: [TLS] Summarizing identity change discussion so far

<Pasi.Eronen@nokia.com> Wed, 09 December 2009 13:48 UTC

Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3DCBC3A69F7 for <tls@core3.amsl.com>; Wed, 9 Dec 2009 05:48:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.548
X-Spam-Level:
X-Spam-Status: No, score=-6.548 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MDnbaKSCq7Oy for <tls@core3.amsl.com>; Wed, 9 Dec 2009 05:48:56 -0800 (PST)
Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233]) by core3.amsl.com (Postfix) with ESMTP id 17D353A6895 for <tls@ietf.org>; Wed, 9 Dec 2009 05:48:55 -0800 (PST)
Received: from vaebh105.NOE.Nokia.com (vaebh105.europe.nokia.com [10.160.244.31]) by mgw-mx06.nokia.com (Switch-3.3.3/Switch-3.3.3) with ESMTP id nB9DfjLP015407; Wed, 9 Dec 2009 15:42:22 +0200
Received: from vaebh104.NOE.Nokia.com ([10.160.244.30]) by vaebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 9 Dec 2009 15:42:20 +0200
Received: from vaebh101.NOE.Nokia.com ([10.160.244.22]) by vaebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 9 Dec 2009 15:42:15 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.7]) by vaebh101.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 9 Dec 2009 15:42:10 +0200
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-03.mgdnok.nokia.com ([65.54.30.7]) with mapi; Wed, 9 Dec 2009 14:42:09 +0100
From: Pasi.Eronen@nokia.com
To: marsh@extendedsubset.com, tls@ietf.org
Date: Wed, 09 Dec 2009 14:42:08 +0100
Thread-Topic: [TLS] Summarizing identity change discussion so far
Thread-Index: Acp4Xg2Ap/Z/zUyGSRO2VT2liK8slgAdwcxg
Message-ID: <808FD6E27AD4884E94820BC333B2DB774F31D2409D@NOK-EUMSG-01.mgdnok.nokia.com>
References: <200912082044.nB8Kifxv006654@fs4113.wdf.sap.corp> <4B1EE0BD.7020403@extendedsubset.com>
In-Reply-To: <4B1EE0BD.7020403@extendedsubset.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 09 Dec 2009 13:42:10.0620 (UTC) FILETIME=[6844FFC0:01CA78D5]
X-Nokia-AV: Clean
Subject: Re: [TLS] Summarizing identity change discussion so far
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2009 13:48:57 -0000

Marsh Ray wrote:

> After this fix, the TLS concept of "remote party identity" becomes
> maximally "the identity established by the union of all valid and
> correct credentials validated during the establishment of a
> connection state on this connection, and transitively to all
> connections sharing at least one master_secret".

If this was what the TLS libraries present to applications in their
APIs, all would be fine. But clearly the current APIs lead app
developers to expect quite different concept of "remote party
identity"...

Best regards,
Pasi

v2.23.0 | Report a Bug | By Email