Re: [TLS] Justification

Dean Anderson <dean@av8.com> Fri, 14 May 2010 00:24 UTC

Return-Path: <dean@av8.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 62E4D3A67C1 for <tls@core3.amsl.com>; Thu, 13 May 2010 17:24:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.536
X-Spam-Level:
X-Spam-Status: No, score=-0.536 tagged_above=-999 required=5 tests=[AWL=-0.537, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p8mkv6Kq0Ksr for <tls@core3.amsl.com>; Thu, 13 May 2010 17:24:08 -0700 (PDT)
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) by core3.amsl.com (Postfix) with ESMTP id 2DBF43A6D16 for <tls@ietf.org>; Thu, 13 May 2010 17:23:57 -0700 (PDT)
Received: from citation2.av8.net (citation2.av8.net [130.105.12.10]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id o4E0NX6U017601 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 13 May 2010 20:23:43 -0400
Date: Thu, 13 May 2010 20:23:33 -0400
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@citation2.av8.net
To: Michael D'Errico <mike-list@pobox.com>
In-Reply-To: <4BEAC145.60607@pobox.com>
Message-ID: <Pine.LNX.4.44.1005132018460.13071-100000@citation2.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: Simon Josefsson <simon@josefsson.org>, "Kemp, David P." <DPKemp@missi.ncsc.mil>, tls@ietf.org
Subject: Re: [TLS] Justification
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 May 2010 00:24:09 -0000

I rather thought the objective of caching was to have faster startup by
having to move less data around, particularly when its already been
moved before. But I haven't been following the extension too closely. 

I am only concerned when I see suggestions that 'http be used to get TLS
data. I'm not sure whether to those were serious or tongue-in-cheek.  
HTTP secured by and depends on TLS, so you can't draw on HTTP to solve
HTTP-TLS-HTTP without looping or creating security holes.

		--Dean

On Wed, 12 May 2010, Michael D'Errico wrote:

> Can someone please remind me why we want cached-info?  It seems that
> the problems it creates aren't worth the small optimization it might
> provide.
> 
> Mike
> 
> 
> 
> Simon Josefsson wrote:
> > Marsh Ray <marsh@extendedsubset.com> writes:
> > 
> >> Alternatively, if we determine that indeed the non-collision-resistance
> >> of the hash function is the root of all remaining concerns that would be
> >> very positive. We could solve them all in one stroke with
> >> s/FNV-1a/SHA-256/g.
> > 
> > If collision-resistance is a required property (I'm not convinced yet),
> > I believe we need hash agility for the possibility that SHA-256 is weak.
> > 
> > /Simon
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 
> 

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 256 5494