IETF Logo Mail Archive

Re: [TLS] COMMENT: draft-ietf-tls-renegotiation

Marsh Ray <marsh@extendedsubset.com> Tue, 15 December 2009 16:31 UTC

Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 251E43A68ED; Tue, 15 Dec 2009 08:31:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.593
X-Spam-Level:
X-Spam-Status: No, score=-2.593 tagged_above=-999 required=5 tests=[AWL=0.006, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6qg9zjSyDre1; Tue, 15 Dec 2009 08:31:39 -0800 (PST)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id 5DE3E3A6881; Tue, 15 Dec 2009 08:31:39 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1NKaJ3-000FW6-HK; Tue, 15 Dec 2009 16:31:25 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id D2D396678; Tue, 15 Dec 2009 16:31:23 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX192ZZKCHN1JWEk++MpTwL9HgDyzyBbWTaU=
Message-ID: <4B27B9DF.1020300@extendedsubset.com>
Date: Tue, 15 Dec 2009 10:31:27 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Ran Canetti <canetti@tau.ac.il>
References: <20091214191959.427A53A6A27@core3.amsl.com> <4B269153.9070701@tau.ac.il>
In-Reply-To: <4B269153.9070701@tau.ac.il>
X-Enigmail-Version: 0.96.0
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: iesg@ietf.org, tls@ietf.org
Subject: Re: [TLS] COMMENT: draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2009 16:31:40 -0000

Ran Canetti wrote:
> Indeed.
> 
> Or, at least, a strong case should be made why renegotiation (within the
> same session, from the point of view of the application) is an important
> feature to preserve.

A large number of systems are currently using it. We don't know exactly,
but this might give you an idea:

http://www.google.com/search?q=microsoft+iis+client+certificate

Do they really need it? Probably some do, some don't. Some installations
could rearrange their sites to not need it, and some have more IIS web
servers than they could begin to count.

Why should we keep renegotiation?

Because any spec which "drops" it is just going to be ignored, with the
side effect of the industry dropping the IETF rather than the IETF
dropping renegotiation.

Removing support for (i.e., not fixing) a fundamental and widely-used
protocol feature like renegotiation is not an option.

- Marsh

v2.23.0 | Report a Bug | By Email