Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft

Stefan Santesson <stefan@aaa-sec.com> Fri, 26 February 2010 12:09 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1FF633A878C for <tls@core3.amsl.com>; Fri, 26 Feb 2010 04:09:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.965
X-Spam-Level:
X-Spam-Status: No, score=-1.965 tagged_above=-999 required=5 tests=[AWL=0.285, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hy2KkFMbuFsi for <tls@core3.amsl.com>; Fri, 26 Feb 2010 04:09:01 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.114]) by core3.amsl.com (Postfix) with ESMTP id 56D9E3A878B for <tls@ietf.org>; Fri, 26 Feb 2010 04:09:01 -0800 (PST)
Received: from s128.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 8D68D347DF5 for <tls@ietf.org>; Fri, 26 Feb 2010 13:11:19 +0100 (CET)
Received: (qmail 87018 invoked from network); 26 Feb 2010 12:11:15 -0000
Received: from unknown (HELO [192.168.1.2]) (stefan@fiddler.nu@[85.235.2.114]) (envelope-sender <stefan@aaa-sec.com>) by s128.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <simon@josefsson.org>; 26 Feb 2010 12:11:15 -0000
User-Agent: Microsoft-Entourage/12.23.0.091001
Date: Fri, 26 Feb 2010 13:11:13 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: Simon Josefsson <simon@josefsson.org>, Brian Smith <brian@briansmith.org>
Message-ID: <C7AD78F1.89D1%stefan@aaa-sec.com>
Thread-Topic: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
Thread-Index: Acq23Mnomt5WrrPJ+0WEPjfWEFUKbg==
In-Reply-To: <877hq0balz.fsf@mocca.josefsson.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2010 12:09:02 -0000

Simon and Brian,

On 10-02-26 10:38 AM, "Simon Josefsson" <simon@josefsson.org>; wrote:

>> My second suggestion is to have the server calculate the hash, and
>> give the calculated hash to the client along with the content. Then
>> the client and the server don't have to agree on any algorithms at
>> all, and the server can choose whatever algorithm it wants.
> 
> I like this approach.  The server gets to chose the hash, and the client
> will have to comply.  It is easy to implement, and it is possible to
> transition to other checksum algorithms over time.


I'm sorry, but this seems like a really bad idea.

The idea of this draft is that a client should be able to cash information
form a perfectly normal handshake (one where the server does not provide a
hash that may represent what it sends).

/Stefan