IETF Logo Mail Archive

Re: [TLS] COMMENT: draft-ietf-tls-renegotiation

"Robert Dugal" <rdugal@certicom.com> Tue, 15 December 2009 12:29 UTC

Return-Path: <rdugal@certicom.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA0AE3A69FD for <tls@core3.amsl.com>; Tue, 15 Dec 2009 04:29:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.203
X-Spam-Level:
X-Spam-Status: No, score=-5.203 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FtApDpHfV7v5 for <tls@core3.amsl.com>; Tue, 15 Dec 2009 04:29:28 -0800 (PST)
Received: from mhs03ykf.rim.net (mhs03ykf.rim.net [216.9.243.80]) by core3.amsl.com (Postfix) with ESMTP id 4C6173A67E9 for <tls@ietf.org>; Tue, 15 Dec 2009 04:29:27 -0800 (PST)
X-AuditID: 0a401fcb-b7ba8ae000007099-00-4b2781194e1d
Received: from XCH38YKF.rim.net ( [10.64.31.208]) by mhs03ykf.rim.net (RIM Mail) with SMTP id 80.0E.28825.911872B4; Tue, 15 Dec 2009 07:29:13 -0500 (EST)
Received: from XCH57YKF.rim.net ([10.64.31.54]) by XCH38YKF.rim.net with Microsoft SMTPSVC(6.0.3790.3959); Tue, 15 Dec 2009 07:29:13 -0500
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CA7D82.35B94071"
Date: Tue, 15 Dec 2009 07:29:13 -0500
Message-ID: <7E1DF37F1F42AB4E877E492C308E6AC402D31A80@XCH57YKF.rim.net>
In-Reply-To: <c24c21d80912150400v49633ef4hc66f4aceb680c871@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] COMMENT: draft-ietf-tls-renegotiation
Thread-Index: Acp9fj3wQxPHPqXPSWu43rKcNj2LAgAAGZKw
References: <20091214191959.427A53A6A27@core3.amsl.com> <20091214194431.GO1516@Sun.COM> <7E1DF37F1F42AB4E877E492C308E6AC402D31A78@XCH57YKF.rim.net> <c24c21d80912150400v49633ef4hc66f4aceb680c871@mail.gmail.com>
From: Robert Dugal <rdugal@certicom.com>
To: tls@ietf.org
X-OriginalArrivalTime: 15 Dec 2009 12:29:13.0302 (UTC) FILETIME=[35A9C760:01CA7D82]
X-Brightmail-Tracker: AAAABAAAAZESBPV4EgT2vhIE9r8=
Subject: Re: [TLS] COMMENT: draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2009 12:29:35 -0000

The GSA spec supports resumption but also requires renegotiation.  

 

The spec requires mutual authentication and I believe that the
certificates  have fairly short lifetimes, definitely far shorter than
those used in typical web servers. 

The spec requires SCEP and there are requirements that when a new
certificate is issued it must use a different public key.

So on renegotiation there may be new certificates exchanged. 

And the implementers that I have talked to are establishing all their
TLS connections once at startup and not closing them unless they
absolutely have to.

 

Maybe GSA would be willing to drop renegotiation  requirements, forcing
implementers to close and re-establish their connections.  I cannot
answer that question.

But on the other hand adding the RI extension doesn't seems that complex
to me.  The GSA spec requires TLS 1.0 so implementations should be TLS
extension compliant already.

 

I will implement whatever the TLS group feels is the most appropriate
action for the renegotiation vulnerability. 

But we need to be careful about dropping features that may be used in
applications/specifications outside of the WEB server/browser world.

 

-- 

Robert Dugal                        Senior Software Developer

Certicom Corp.                    A Subsidiary of Research In Motion 

rdugal@certicom.com <mailto:rdugal@certicom.com> 

direct        905.501.3848

fax             905.507.4230

www.certicom.com <http://www.certicom.com> 

 

From: mbadra@gmail.com [mailto:mbadra@gmail.com] On Behalf Of Badra
Sent: Tuesday, December 15, 2009 7:01 AM
To: Robert Dugal
Cc: tls@ietf.org
Subject: Re: [TLS] COMMENT: draft-ietf-tls-renegotiation

 

On Tue, Dec 15, 2009 at 3:46 PM, Robert Dugal <rdugal@certicom.com>
wrote:

The server based gaming specs require renegotiation periodically in
order to refresh TLS session keys.

 

What about resumed handshake? you don't need a new handshake to refresh
your keys

 

Best regards

Badra

 

	On Mon, Dec 14, 2009 at 11:19:57AM -0800, Russ Housley wrote:
	>   As a protocol climbs the IETF standards-track maturity
ladder, we
	>   sometimes drop features.  I would rather see renegotiation
dropped
	>   from TLS than see this complexity added to TLS protocol.
	
	I would like to agree.  There's no real-world need to
re-negotiate for
	re-keying nowadays: with the advent of 128-bit block block
ciphers
	there's little need.
	
	But re-negotiation remains useful for other purposes.  Probably
the most
	obvious ones are optional authentication and privacy protection
for
	client credentials.  I'm not sure those are sufficiently useful
or
	important to warrant keeping the feature, but if not then
dropping the
	feature does seem like a better option than fixing it.
	
	Nico
	--
	_______________________________________________
	TLS mailing list
	TLS@ietf.org
	https://www.ietf.org/mailman/listinfo/tls

	
---------------------------------------------------------------------
	This transmission (including any attachments) may contain
confidential information, privileged material (including material
protected by the solicitor-client or other applicable privileges), or
constitute non-public information. Any use of this information by anyone
other than the intended recipient is prohibited. If you have received
this transmission in error, please immediately reply to the sender and
delete this information from your system. Use, dissemination,
distribution, or reproduction of this transmission by unintended
recipients is not authorized and may be unlawful.

	_______________________________________________
	TLS mailing list
	TLS@ietf.org
	https://www.ietf.org/mailman/listinfo/tls

 


---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

v2.23.0 | Report a Bug | By Email