Re: [TLS] Next steps for draft-ietf-tls-renegotiation
Nicolas Williams <Nicolas.Williams@sun.com> Mon, 30 November 2009 17:19 UTC
Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0FEA13A6AD7 for <tls@core3.amsl.com>; Mon, 30 Nov 2009 09:19:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.842
X-Spam-Level:
X-Spam-Status: No, score=-5.842 tagged_above=-999 required=5 tests=[AWL=0.204, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFY3lyo7ku97 for <tls@core3.amsl.com>; Mon, 30 Nov 2009 09:19:41 -0800 (PST)
Received: from sca-ea-mail-1.sun.com (sca-ea-mail-1.Sun.COM [192.18.43.24]) by core3.amsl.com (Postfix) with ESMTP id 2FD3C3A6AD6 for <tls@ietf.org>; Mon, 30 Nov 2009 09:19:41 -0800 (PST)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by sca-ea-mail-1.sun.com (8.13.7+Sun/8.12.9) with ESMTP id nAUHJUhw022004 for <tls@ietf.org>; Mon, 30 Nov 2009 17:19:30 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id nAUHJTwv049493 for <tls@ietf.org>; Mon, 30 Nov 2009 10:19:29 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id nAUH7kF7006790; Mon, 30 Nov 2009 11:07:46 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id nAUH7jl6006789; Mon, 30 Nov 2009 11:07:45 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Mon, 30 Nov 2009 11:07:45 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Pasi.Eronen@nokia.com
Message-ID: <20091130170745.GH773@Sun.COM>
References: <808FD6E27AD4884E94820BC333B2DB774F3118C3CA@NOK-EUMSG-01.mgdnok.nokia.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <808FD6E27AD4884E94820BC333B2DB774F3118C3CA@NOK-EUMSG-01.mgdnok.nokia.com>
User-Agent: Mutt/1.5.7i
Cc: tls@ietf.org
Subject: Re: [TLS] Next steps for draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2009 17:19:42 -0000
On Fri, Nov 27, 2009 at 11:26:34PM +0100, Pasi.Eronen@nokia.com wrote: > <wearing Area Director hat> > > I have asked the secretariat to start IETF Last Call for > draft-rescorla-tls-renegotiation-01. > > I've gone through the list archives for the past month, and it seems a > large majority of the WG members support the overall approach in this > draft (with a small, but very vocal, minority preferring a totally > extension-less approach to signalling). I don't think that's a fair nor complete characterization of the current differences of opinion. A more complete and correct characterization might be: - The RI proposal has a fail-unsafe requirement that peers check the contents of the extensions sent. NOTE: A fix for this wouldn't require an extension-less signalling solution. [IMO: This is serious objection that goes beyond protocol design aesthetics or ease of retrofitting for SSLv3. I think we can live without a fix for this problem, but I'd much rather have a fail-safe solution.] - There seems to be a desire, among some, for a signalling solution that is somehow easier to retrofit for SSLv3 implementations. This couldn't be an extension-less scheme, since some bits are needed to signal the use of the fix in the client's initial hello, but it might avoid the use of server hello extensions. [IMO: This is a concern that we can safely ignore.] Nico --
- [TLS] Next steps for draft-ietf-tls-renegotiation Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Bodo Moeller
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… David-Sarah Hopwood
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Michael D'Errico
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Steve Dispensa
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… David-Sarah Hopwood
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Michael D'Errico
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Yoav Nir
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Ben Laurie
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- [TLS] draft-renego "even after previous handshake… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Yoav Nir
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen