Re: [TLS] SAS extension?
Peter Saint-Andre <stpeter@stpeter.im> Thu, 07 August 2008 21:23 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D7F6C28C1C4; Thu, 7 Aug 2008 14:23:58 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5A49028C1B7 for <tls@core3.amsl.com>; Thu, 7 Aug 2008 14:23:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oxCzd1RrTRzE for <tls@core3.amsl.com>; Thu, 7 Aug 2008 14:23:56 -0700 (PDT)
Received: from dizzyd.com (dizzyd.com [207.210.219.225]) by core3.amsl.com (Postfix) with ESMTP id 1AF823A6819 for <tls@ietf.org>; Thu, 7 Aug 2008 14:21:45 -0700 (PDT)
Received: from wrk225.corp.jabber.com (dencfw1.jabber.com [207.182.164.5]) (Authenticated sender: stpeter) by dizzyd.com (Postfix) with ESMTPSA id 676E44009D; Thu, 7 Aug 2008 15:18:50 -0600 (MDT)
Message-ID: <489B675F.1080203@stpeter.im>
Date: Thu, 07 Aug 2008 15:21:35 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.16) Gecko/20080707 Thunderbird/2.0.0.16 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Yaron Sheffer <yaronf@checkpoint.com>
References: <038301c8f712$1b4c33f0$c2f0200a@cisco.com> <48988666.8020405@stpeter.im> <052f01c8f71d$be2fe020$c2f0200a@cisco.com> <48988FA6.9010703@stpeter.im> <48994DC4.5010406@checkpoint.com> <489B0968.9020804@stpeter.im> <489B14B5.1040601@checkpoint.com>
In-Reply-To: <489B14B5.1040601@checkpoint.com>
Cc: tls@ietf.org
Subject: Re: [TLS] SAS extension?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0367660245=="
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
Yaron Sheffer wrote: > Hi Peter, > > > sorry, I wasn't clear. I didn't mean manual comparison of the > fingerprint. I meant if you've been communicating with this person > multiple times, you can store their fingerprint once and compare it > *automatically* in the future. I think SAS should only be needed for the > first communication, and something stronger should be used afterwards. Oh yes, for sure -- those principles are part of the core cert checking rules for XMPP in the client-to-server and server-to-server cases, but we'll need to define something similar in the end-to-end case as well. More here: http://www.xmpp.org/internet-drafts/draft-saintandre-rfc3920bis-06.html#security-certificates Peter
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] SAS extension? Eric Rescorla
- Re: [TLS] SAS extension? Pasi.Eronen
- [TLS] SAS extension? Peter Saint-Andre
- Re: [TLS] SAS extension? Peter Saint-Andre
- Re: [TLS] SAS extension? Dan Wing
- Re: [TLS] SAS extension? Peter Saint-Andre
- Re: [TLS] SAS extension? Dan Wing
- Re: [TLS] SAS extension? Peter Saint-Andre
- Re: [TLS] SAS extension? Yaron Sheffer
- Re: [TLS] SAS extension? Peter Saint-Andre
- Re: [TLS] SAS extension? Yaron Sheffer
- Re: [TLS] SAS extension? Peter Saint-Andre