Re: [TLS] TLS Digest, Vol 65, Issue 76
Marsh Ray <marsh@extendedsubset.com> Fri, 18 December 2009 07:25 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE4D53A6A1C for <tls@core3.amsl.com>; Thu, 17 Dec 2009 23:25:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.591
X-Spam-Level:
X-Spam-Status: No, score=-2.591 tagged_above=-999 required=5 tests=[AWL=0.008, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Pb8dGrogSvh for <tls@core3.amsl.com>; Thu, 17 Dec 2009 23:25:32 -0800 (PST)
Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id E35433A67E1 for <tls@ietf.org>; Thu, 17 Dec 2009 23:25:31 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1NLXDB-000CwJ-05; Fri, 18 Dec 2009 07:25:17 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id BDCD26678; Fri, 18 Dec 2009 07:25:15 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX19z1gTItDS22lalnjUMy6auFHaZh3aGuYs=
Message-ID: <4B2B2E5A.90805@extendedsubset.com>
Date: Fri, 18 Dec 2009 01:25:14 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Ravi Ganesan <ravi@findravi.com>
References: <mailman.5706.1261104584.32729.tls@ietf.org> <3561bdcc0912172249i678bdbf5p89f1c3b3e8fd635@mail.gmail.com>
In-Reply-To: <3561bdcc0912172249i678bdbf5p89f1c3b3e8fd635@mail.gmail.com>
X-Enigmail-Version: 0.96.0
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] TLS Digest, Vol 65, Issue 76
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2009 07:25:32 -0000
Ravi Ganesan wrote: > > I know everyone on this thread knows otherwise, but the way the terms > get used, can easily result in confusion between "full handshake", > "abbreviated handshake" and "renegotiated full handshake". It took me a long time to stop getting mixed up between "renegotiation" and "resumption". There was some discussion about this, but it turns out they are completely orthogonal. > The attack > only applies of course to last category, and NOT to the abbreviated > handshake. No, it applies equally to session resumption "abbreviated" handshakes. They can also be conducted during a renegotiation. OpenSSL even defines an option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. I'm sure there's a story behind that one. > [...] > > Sorry if this is so obvious to those on this thread, but a lot about SSL > is *not* obvious to the world at general, and unfortunately a number of > people are convinced that the attack discovered a flaw in session > resumption or opening parallel sessions using the abbreviated handshake. > If it did, I missed it perhaps. If not, perhaps language in text > clarifying this 'obvious' point might be useful. draft-ietf-tls-renegotiation-02 contains the text: > The above rules apply even when TLS session resumption is used. and > TLS clients which support this specification MUST generate either the > "renegotiation_info" extension or the TLS_RENEGO_PROTECTION_REQUEST > SCSV with every ClientHello, including ClientHellos where session > resumption is being offered. The RI extension should fix renegotiation regardless of whether a new session is being established or a previous session is being resumed. - Marsh
- Re: [TLS] TLS Digest, Vol 65, Issue 76 Ravi Ganesan
- Re: [TLS] TLS Digest, Vol 65, Issue 76 Marsh Ray
- Re: [TLS] TLS Digest, Vol 65, Issue 76 Ravi Ganesan
- Re: [TLS] TLS Digest, Vol 65, Issue 76 David-Sarah Hopwood