Re: [TLS] draft-ietf-tls-renegotation: next
Martin Rex <mrex@sap.com> Thu, 17 December 2009 23:08 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 299193A69EA for <tls@core3.amsl.com>; Thu, 17 Dec 2009 15:08:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.847
X-Spam-Level:
X-Spam-Status: No, score=-5.847 tagged_above=-999 required=5 tests=[AWL=-0.298, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4, SARE_BIZOP=0.7]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y-8QNPgvutfw for <tls@core3.amsl.com>; Thu, 17 Dec 2009 15:08:18 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id 16F203A6976 for <tls@ietf.org>; Thu, 17 Dec 2009 15:08:17 -0800 (PST)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id nBHN80q5021163 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 18 Dec 2009 00:08:00 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <200912172307.nBHN7xPC023485@fs4113.wdf.sap.corp>
To: marsh@extendedsubset.com
Date: Fri, 18 Dec 2009 00:07:58 +0100
In-Reply-To: <4B2AA4AE.5070306@extendedsubset.com> from "Marsh Ray" at Dec 17, 9 03:37:50 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-renegotation: next
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2009 23:08:19 -0000
Marsh Ray wrote: > > > The only reason why secure TLS renegotiation can be considered > > an update to the existing installed base at all (and not a different > > non-interoperable protocol), is that renegotiation has never been > > a core element of SSLv3/TLS and is optional-to-implement. There seems to be an illusion that this secure TLS renegotiation update can be forced upon vendors or implementors. No, it can not. There is an incentive called "competitive advantage", but it does not apply to commodity items in the consumer market that are 2+ years old. If you can force anything from those vendors, then it is a switch to disable old renegotiation, in case that is (unintentially) available. That's it. If you really want to do the community a favor, then this update should be so "small&easy" for those vendors that they can actually put it into installed base, even when that is 2+ years old. If the IETF's "solution" is that you can only implement the whole schmear or nothing, then this is not going to happen to the installed base -- and it is not the fault of those vendors, they can point to the IETF, because of a new spec that may cause their customers interop problems in the future. Some vendors will appreciate this as a "business opportunity", but I think this is a big waste of money. -Martin
- [TLS] draft-ietf-tls-renegotation: next steps Pasi.Eronen
- Re: [TLS] draft-ietf-tls-renegotation: next steps Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next steps Paul Hoffman
- Re: [TLS] draft-ietf-tls-renegotation: next steps Michael D'Errico
- Re: [TLS] draft-ietf-tls-renegotation: next steps Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next steps Marsh Ray
- Re: [TLS] draft-ietf-tls-renegotation: next steps Eric Rescorla
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Kemp, David P.
- Re: [TLS] draft-ietf-tls-renegotation: next steps Marsh Ray
- Re: [TLS] draft-ietf-tls-renegotation: next steps Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Marsh Ray
- [TLS] Generic process issues (Re: Re: draft-ietf-… Nicolas Williams
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Marsh Ray
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next steps David-Sarah Hopwood
- Re: [TLS] draft-ietf-tls-renegotation: next steps David-Sarah Hopwood
- Re: [TLS] draft-ietf-tls-renegotation: next steps Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Marsh Ray
- Re: [TLS] draft-ietf-tls-renegotation: next Pasi.Eronen
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next Marsh Ray
- Re: [TLS] draft-ietf-tls-renegotation: next Kyle Hamilton
- Re: [TLS] draft-ietf-tls-renegotation: next Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next Michael D'Errico
- Re: [TLS] draft-ietf-tls-renegotation: next David-Sarah Hopwood