[TLS] Test server available for Opaque PRF Input extension
Simon Josefsson <simon@josefsson.org> Sun, 23 September 2007 08:18 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZMfD-0003k5-Rm; Sun, 23 Sep 2007 04:18:03 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZMfC-0003Vz-N5 for tls@ietf.org; Sun, 23 Sep 2007 04:18:02 -0400
Received: from yxa.extundo.com ([83.241.177.38]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IZMey-0004vp-0a for tls@ietf.org; Sun, 23 Sep 2007 04:17:54 -0400
Received: from mocca.josefsson.org (yxa.extundo.com [83.241.177.38]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l8N8HMZr009622 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <tls@ietf.org>; Sun, 23 Sep 2007 10:17:22 +0200
X-Hashcash: 1:22:070923:tls@ietf.org::i/O+uUDnCq+SQRq5:0ZQJq
From: Simon Josefsson <simon@josefsson.org>
To: tls@ietf.org
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Date: Sun, 23 Sep 2007 10:17:25 +0200
Message-ID: <87vea1kd7u.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-0.0 required=4.0 tests=SPF_PASS autolearn=disabled version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Cc:
Subject: [TLS] Test server available for Opaque PRF Input extension
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
All, There is a test server running that supports the Opaque PRF Input extension, see: http://www.gnu.org/software/gnutls/server.html The test server uses the extension value 42 until a value have been properly allocated with IANA. Btw, I think the current allocation policy in TLS is harmful to deployment of TLS extensions. It should be possible to get an early allocation for interop. For the announcement of GnuTLS v2.1.0 (an experimental branch) with this support, see: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2328 If someone wants to do interop tests, please try it directly against the server or contact me for assistance. I have one final comment on the document, it says: struct { opaque opaque_prf_input_value<0..2^16-1>; } OpaquePRFInput; However it is not clear what a length of zero means. It would not contribute to the PRF computation. Thus negotiation of the extension with empty strings may give a false sense of security. I don't think the extension should be negotiated at all if the length is zero, and that is enforced by our implementation. One modification to the document could be: struct { opaque opaque_prf_input_value<1..2^16>; } OpaquePRFInput; But the problem could also be handled by adding some text. Generally, having some discussion on recommended lengths of the opaque prf input data in the document would be useful. Thanks, Simon _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Test server available for Opaque PRF Input … Simon Josefsson