Re: [TLS] Proposed text for removing renegotiation

Martin Thomson <martin.thomson@gmail.com> Mon, 09 June 2014 21:29 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9847D1A0331 for <tls@ietfa.amsl.com>; Mon, 9 Jun 2014 14:29:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uEUGMdLo99HM for <tls@ietfa.amsl.com>; Mon, 9 Jun 2014 14:29:15 -0700 (PDT)
Received: from mail-we0-x22b.google.com (mail-we0-x22b.google.com [IPv6:2a00:1450:400c:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AD581A01CF for <tls@ietf.org>; Mon, 9 Jun 2014 14:29:15 -0700 (PDT)
Received: by mail-we0-f171.google.com with SMTP id q58so2841200wes.2 for <tls@ietf.org>; Mon, 09 Jun 2014 14:29:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=F81CBXRO2mcczI3lb4U56LIJmBZjztXe7HBLXo9TL7M=; b=A6/5RQxHxyICd3+1mmXpsxRcsiqCmUx/XC8ofyRHTihJL9qcMSOGIGyllqV/nceNEe ibsJIcZjBYm/H8yRh9wjBlTzXMdhDYYH+vhTx6gGwrWNN6sxlDmkbt1F5rfgEtkvPlC8 23KvghkApd3r6DXvfQI3kpfmANp3H4KBM+wCDz/LH5hdZivre5CgRC9cDdIDMIZNUrDE Xehh2EF/bZAXts1THyGwI+b7Ek11B83l5fIthOhUsRLez7A+RcMRfc5xoBMyMtZ6zXus 6WcAUbxan5I2RzdeuzTM+XCpJAW6pgR821YqmwKWXQHyG2d+2orLSTSBroLm3gnSu+uv oVDg==
MIME-Version: 1.0
X-Received: by 10.194.92.148 with SMTP id cm20mr33608242wjb.53.1402349353724; Mon, 09 Jun 2014 14:29:13 -0700 (PDT)
Received: by 10.194.51.134 with HTTP; Mon, 9 Jun 2014 14:29:13 -0700 (PDT)
In-Reply-To: <CACsn0cmJUXFS0+Rj0r9rYvXdn=b_Ynr1tfdnwx23Mv2uoxTRdw@mail.gmail.com>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <fab4976db86243c5a02039866e3be457@BL2PR03MB419.namprd03.prod.outlook.com> <CACsn0cmJUXFS0+Rj0r9rYvXdn=b_Ynr1tfdnwx23Mv2uoxTRdw@mail.gmail.com>
Date: Mon, 9 Jun 2014 14:29:13 -0700
Message-ID: <CABkgnnXQDBbyq_BuYD5pW1_E5_8pcvjBF-0Wrm0_qb-GcmRQkQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/g1-yunECGX7We4XbyRDeFxndBII
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jun 2014 21:29:16 -0000

On 9 June 2014 14:21, Watson Ladd <watsonbladd@gmail.com> wrote:
> TLS still includes the Certificate Request message to indicate which client
> certificates are being used. If we have an extension to allow clients to say
> "I want to offer a cert, what cert do you want?", this can be used.

That would be the second draft that Andrei referenced.  Note that my
preference is to have the ability to unilaterally offer authentication
as a client in TLS 1.3.