Re: [TLS] TLS Proxy Server Extension

David McGrew <mcgrew@cisco.com> Wed, 27 July 2011 01:51 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC55211E8090 for <tls@ietfa.amsl.com>; Tue, 26 Jul 2011 18:51:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.849
X-Spam-Level:
X-Spam-Status: No, score=-102.849 tagged_above=-999 required=5 tests=[AWL=-0.850, BAYES_00=-2.599, J_CHICKENPOX_12=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TYaNE5cooDmk for <tls@ietfa.amsl.com>; Tue, 26 Jul 2011 18:51:00 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 156F011E8086 for <tls@ietf.org>; Tue, 26 Jul 2011 18:51:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mcgrew@cisco.com; l=747; q=dns/txt; s=iport; t=1311731460; x=1312941060; h=cc:message-id:from:to:in-reply-to: content-transfer-encoding:mime-version:subject:date: references; bh=/7h77j64qyVr5C8lDFaGtVyjKuDYw2AdePSUtOcmaKQ=; b=fjxXu0lAQz0bQlVp2FrPzmfEE9UUi2vpcGkGyQO7EGAgpeZZzq0ZK8Gy 1QORyDVG7UEQ/G8HfAgscIIYTs85DXLQTD/e1lYbcH262Yoc13kr9gdFW 2agAXgLhLAi3mYpc9qpoRCjGdqpjZxqc5Bbl2QVkAc6VVaFI2NP481hob Y=;
X-IronPort-AV: E=Sophos;i="4.67,272,1309737600"; d="scan'208";a="6745805"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by rcdn-iport-8.cisco.com with ESMTP; 27 Jul 2011 01:50:59 +0000
Received: from dhcp-1783.meeting.ietf.org (bxb-vpn3-810.cisco.com [10.86.251.42]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p6R1owps002005; Wed, 27 Jul 2011 01:50:58 GMT
Message-Id: <C4F3BF4F-5151-4472-9147-026B253181E6@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: Philip Gladstone <pgladstone@cisco.com>
In-Reply-To: <4E2F38EE.2030401@cisco.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 26 Jul 2011 18:50:57 -0700
References: <E210EEE3-1855-4513-87E3-C315E611AB5E@cisco.com> <8FEC3C4B-32F9-46AF-A049-BE6FD3C2FE1A@checkpoint.com> <4E2F38EE.2030401@cisco.com>
X-Mailer: Apple Mail (2.936)
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS Proxy Server Extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2011 01:51:00 -0000

On Jul 26, 2011, at 3:00 PM, Philip Gladstone wrote:

>
>
> On 7/26/2011 5:17 PM, Yoav Nir wrote:
>>
>> I am wondering why you would need the ConnectionSecurityParameters  
>> structure. Wouldn't the 2-byte ciphersuite be a more compact way to  
>> represent this information?
>>
> Yes it would. Thank you for that comment!

Agreed that much of the info is redundant with the ciphersuite, but  
there are some info that might be worth reporting on, such as the key  
sizes and the truncated HMAC extension.

David

>
> Philip
>
> -- 
> Philip Gladstone
> Distinguished Engineer
> Product Development
> pgladstone@cisco.com
> Phone: +1 978-ZEN-TOAD (+1 978 936 8623)
> Google: +1 978 800 1010
> Ham radio: N1DQ
>
>