Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft

Simon Josefsson <simon@josefsson.org> Fri, 26 February 2010 09:22 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4062A3A8664 for <tls@core3.amsl.com>; Fri, 26 Feb 2010 01:22:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.708
X-Spam-Level:
X-Spam-Status: No, score=-2.708 tagged_above=-999 required=5 tests=[AWL=-0.109, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d-YaHPqFPGEG for <tls@core3.amsl.com>; Fri, 26 Feb 2010 01:22:17 -0800 (PST)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id B65FF28C0F3 for <tls@ietf.org>; Fri, 26 Feb 2010 01:22:16 -0800 (PST)
Received: from mocca (c80-216-24-99.bredband.comhem.se [80.216.24.99]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o1Q9MUNA021702 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 26 Feb 2010 10:22:35 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Stefan Santesson <stefan@aaa-sec.com>
References: <87tyt5cr0b.fsf@mocca.josefsson.org> <C7AC683C.8960%stefan@aaa-sec.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:100226:stefan@aaa-sec.com::El/fOoiY2btXbQIo:1GhG
X-Hashcash: 1:22:100226:tls@ietf.org::3gLLrmvtSwgL2D2H:YoJh
X-Hashcash: 1:22:100226:dpkemp@missi.ncsc.mil::G9fz61qyQnpPjIEZ:JQpU
Date: Fri, 26 Feb 2010 10:22:29 +0100
In-Reply-To: <C7AC683C.8960%stefan@aaa-sec.com> (Stefan Santesson's message of "Thu, 25 Feb 2010 17:47:40 +0100")
Message-ID: <87bpfcbbca.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: "Kemp, David P." <DPKemp@missi.ncsc.mil>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2010 09:22:18 -0000

Stefan Santesson <stefan@aaa-sec.com>; writes:

> Simon,
>
> Note that the requirement is MUST support, it is not MUST use.
> It is perfectly allowed to use SHA-256.
>
> Does that solve your concern?

My concern is to get algorithm agility working here, and that involves
some form of negotiation.  Either explicitly in the protocol or
implicitly through normative statements in the document.

Saying 'you MUST support SHA-1 and MAY use SHA-256' without explaining
how the choice is negotiated would not solve my concern -- if that
wording is the only alternative to hard-coding SHA-1, I would actually
prefer the latter.

/Simon