Re: [TLS] First TLS cached information draft posted
Stefan Santesson <stefan@aaa-sec.com> Thu, 11 June 2009 21:32 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 66F693A6BB2 for <tls@core3.amsl.com>; Thu, 11 Jun 2009 14:32:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.133
X-Spam-Level:
X-Spam-Status: No, score=-2.133 tagged_above=-999 required=5 tests=[AWL=0.116, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gj2bK2ILlUJB for <tls@core3.amsl.com>; Thu, 11 Jun 2009 14:32:30 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.112]) by core3.amsl.com (Postfix) with ESMTP id D06783A6AF2 for <tls@ietf.org>; Thu, 11 Jun 2009 14:32:28 -0700 (PDT)
Received: (qmail 41130 invoked from network); 11 Jun 2009 21:32:39 -0000
Received: from s34.loopia.se (HELO s128.loopia.se) ([194.9.94.70]) (envelope-sender <stefan@aaa-sec.com>) by s87.loopia.se (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <tls@ietf.org>; 11 Jun 2009 21:32:38 -0000
Received: (qmail 29156 invoked from network); 11 Jun 2009 21:32:28 -0000
Received: from 213-64-142-21-no153.business.telia.com (HELO [192.168.0.17]) (stefan@fiddler.nu@[213.64.142.21]) (envelope-sender <stefan@aaa-sec.com>) by s128.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <simon@josefsson.org>; 11 Jun 2009 21:32:28 -0000
User-Agent: Microsoft-Entourage/12.17.0.090302
Date: Thu, 11 Jun 2009 23:32:28 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: Simon Josefsson <simon@josefsson.org>, martin.rex@sap.com
Message-ID: <C657448C.2950%stefan@aaa-sec.com>
Thread-Topic: [TLS] First TLS cached information draft posted
Thread-Index: Acnq3B5e96I5mdVVPUGV2jqDzvKtdg==
In-Reply-To: <87hbynajhs.fsf@mocca.josefsson.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] First TLS cached information draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2009 21:32:32 -0000
Thanks for all the analysis and proposals. Unfortunately I have been on constant travel and meetings since Monday morning and it is not over until tomorrow night when I get home again. I will go through this more carefully then and get back to you no later than Monday. /Stefan On 09-06-10 11:04 PM, "Simon Josefsson" <simon@josefsson.org> wrote: > Martin Rex <Martin.Rex@sap.com> writes: > >> What you could do, is to unconditionally use an additional framing >> for that being-cached parts of the TLS handshake messages for >> for which the Client requested caching in the ClientHelloExtension >> and and the Server acknowledged caching support in the >> ServerHelloExtension. >> >> (I'm not really accustomed to TLS spec language, so please >> apply common sense / corrections yourself): >> >> enum { >> original_data(1), >> hash_over_original_data(2), >> omitted_hash_over_original_data(3), >> original_data_and_suggestion_to_not_cache(4), >> (255) >> } CacheControlContentType; >> >> struct { >> CacheControlContentType type; >> opaque content<0..2^16-1>; >> } CacheControlContent; >> >> >> ...and drop the things that are not needed (but mentioned for completeness) >> >> >> This approach would unconditionally change the (affected) PDU if caching is >> negotiated but hashes do not match (as well). It facilitates to omit >> the actual hash value at this point in a non-ambiguous fashion >> (the hash should be part of the handshake once, but having it >> three times looks like waste). > > I like this approach, it addresses both your and my original concerns. > Stefan, what do you think? > > The resulting protocol is more complex with the above, but given that > the original proposal is unreliable, I think the complexity is warranted > here. > > /Simon > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- [TLS] First TLS cached information draft posted Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Min Huang
- Re: [TLS] First TLS cached information draft post… Min Huang
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Simon Josefsson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Martin Rex
- Re: [TLS] First TLS cached information draft post… Stefan Santesson
- Re: [TLS] First TLS cached information draft post… Stefan Santesson