Re: [TLS] Review of draft-wouters-tls-oob-pubkey-00.txt

Paul Wouters <paul@xelerance.com> Thu, 28 July 2011 18:18 UTC

Return-Path: <paul@xelerance.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F9F711E8121 for <tls@ietfa.amsl.com>; Thu, 28 Jul 2011 11:18:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.54
X-Spam-Level:
X-Spam-Status: No, score=-6.54 tagged_above=-999 required=5 tests=[AWL=0.059, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PTtmSjhhkL4e for <tls@ietfa.amsl.com>; Thu, 28 Jul 2011 11:18:33 -0700 (PDT)
Received: from newtla.xelerance.com (newtla.xelerance.com [193.110.157.143]) by ietfa.amsl.com (Postfix) with ESMTP id 0CA3011E811F for <tls@ietf.org>; Thu, 28 Jul 2011 11:18:33 -0700 (PDT)
Received: from newtla.xelerance.com (newtla.xelerance.com [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by newtla.xelerance.com (Postfix) with ESMTP id 8422857124; Thu, 28 Jul 2011 14:19:32 -0400 (EDT)
Date: Thu, 28 Jul 2011 14:19:32 -0400 (EDT)
From: Paul Wouters <paul@xelerance.com>
To: Eric Rescorla <ekr@rtfm.com>
In-Reply-To: <CABcZeBMdDFKteHjK_Y4K-4S96KyUmU+KaVaYxg8FokYwMe0vmQ@mail.gmail.com>
Message-ID: <alpine.LFD.1.10.1107281416460.2289@newtla.xelerance.com>
References: <CABcZeBOVWtTgRcCQ_C8jq_E=LW5nKtUYFrTYyaDcb6-WtdtLWQ@mail.gmail.com> <alpine.LFD.1.10.1107271532220.26845@newtla.xelerance.com> <CABcZeBMbA9nzs-e_sdZ0V7hADJexoDQwvAvQ0LbHACQZAhkk=Q@mail.gmail.com> <alpine.LFD.1.10.1107271706230.27352@newtla.xelerance.com> <CABcZeBMerdSOU7bqGRB2D=cB4CquYW3qxsn781xcpb4AwcSy=A@mail.gmail.com> <alpine.LFD.1.10.1107271935380.28391@newtla.xelerance.com> <CABcZeBNggXm443GD9JEO3RU5vTPUyKdMET1x1kaKHk0DbsaGFg@mail.gmail.com> <alpine.LFD.1.10.1107281000420.648@newtla.xelerance.com> <CABcZeBMdDFKteHjK_Y4K-4S96KyUmU+KaVaYxg8FokYwMe0vmQ@mail.gmail.com>
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: tls@ietf.org
Subject: Re: [TLS] Review of draft-wouters-tls-oob-pubkey-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 18:18:33 -0000

On Thu, 28 Jul 2011, Eric Rescorla wrote:

> As I said, you should *extend* cached-info.

Note that it was you told me in Prague you found it important that the TLS
public key remained transfered and covered by the Finished Message. Using
a cached object would only have the hash of the object to be covered by
the Finished Message.

Would you have no objection to a scheme using cached-info and that would trust
a public key that has never been transferred in-band?

Paul