Re: [TLS] Summarizing identity change discussion so far
Kyle Hamilton <aerowolf@gmail.com> Fri, 18 December 2009 01:45 UTC
Return-Path: <aerowolf@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8AEF43A6860 for <tls@core3.amsl.com>; Thu, 17 Dec 2009 17:45:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.56
X-Spam-Level:
X-Spam-Status: No, score=-2.56 tagged_above=-999 required=5 tests=[AWL=0.039, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yyBVS+sltIbG for <tls@core3.amsl.com>; Thu, 17 Dec 2009 17:45:55 -0800 (PST)
Received: from mail-pz0-f176.google.com (mail-pz0-f176.google.com [209.85.222.176]) by core3.amsl.com (Postfix) with ESMTP id C8A083A6824 for <tls@ietf.org>; Thu, 17 Dec 2009 17:45:55 -0800 (PST)
Received: by pzk6 with SMTP id 6so1879368pzk.29 for <tls@ietf.org>; Thu, 17 Dec 2009 17:45:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=wGPEAoXI2m2URhQ3MixnviIxhdlP30Cz72XQSL2RHXc=; b=ha/QKL14jebvwItSKxG9V7RcFcAKD+vzQ/qnnWZooFvKIykgi4uzSTUFtCZ7E0nkAb bRvE71keFT5VHhc8R4aloHtAgsB37Is30oNMyTFmETfwD3DgzUOOKshMtbgFPYEzkXPu FsVO9lqAfV7ABKR7vlk9X4c0AK6MuSUm2Ug3g=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=cEX6Dzflg9j/V+H6zCDLqwosCiU2uS1zvUEM4ntUBTZpF18N564eFqOXA6H+r5L5j1 DIWzvkcL+xDAkVnPwq50Lb3NrxI9bLB6L1KEJ9fnuWlrmLZW2vXwvJiWJx7hxGPHhefO 3n5WoA1UfW2IF8M3Ioyuepu6mUV8f1y9sZ1rY=
MIME-Version: 1.0
Received: by 10.143.27.31 with SMTP id e31mr2135527wfj.173.1261100738964; Thu, 17 Dec 2009 17:45:38 -0800 (PST)
In-Reply-To: <200912180131.nBI1VCoS002680@fs4113.wdf.sap.corp>
References: <6b9359640912171715p75ad2266y2a07f057ed8a7b63@mail.gmail.com> <200912180131.nBI1VCoS002680@fs4113.wdf.sap.corp>
Date: Thu, 17 Dec 2009 17:45:38 -0800
Message-ID: <6b9359640912171745k3be3d9a9je84a449fd998dab0@mail.gmail.com>
From: Kyle Hamilton <aerowolf@gmail.com>
To: mrex@sap.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: tls@ietf.org
Subject: Re: [TLS] Summarizing identity change discussion so far
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2009 01:45:56 -0000
On Thu, Dec 17, 2009 at 5:31 PM, Martin Rex <mrex@sap.com> wrote: > The application was able to perform the initial authentication > (log-on or ACL-check), so it is the duty of the application to > perform any reauthentication in the very same fashion when > renegotiation results in a different cert(chain). Everything > else will result in endless pain. > > > ...and that is a reason why personally, I prefer that the necessity > for cert renewal requires a new connection and full initial handshake-- > because that is exaclty the code path which has all of the > functionality and checks that we are looking for! I do agree with you there. Unless the saved session mechanism also triggers the functionality and checks that a full handshake would, but I think that's too much to hope for. -Kyle H
- [TLS] Summarizing identity change discussion so f… Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] Summarizing identity change discussion … Stephen Farrell
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Eric Rescorla
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Stefan Santesson
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Michael Gray
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Kyle Hamilton
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Michael Gray
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Michael Gray
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Michael Gray
- Re: [TLS] Summarizing identity change discussion … Kyle Hamilton
- [TLS] OpenPGP Certs for TLS [was: Re: Summarizing… Daniel Kahn Gillmor
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] Summarizing identity change discussion … Kyle Hamilton
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Kyle Hamilton
- Re: [TLS] Summarizing identity change discussion … Peter Saint-Andre
- Re: [TLS] Summarizing identity change discussion … Peter Saint-Andre
- Re: [TLS] Summarizing identity change discussion … Peter Saint-Andre
- Re: [TLS] Summarizing identity change discussion … Peter Saint-Andre
- Re: [TLS] Summarizing identity change discussion … David-Sarah Hopwood
- Re: [TLS] Summarizing identity change discussion … Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Joseph Salowey (jsalowey)
- Re: [TLS] Summarizing identity change discussion … Stephen Farrell
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Nelson B Bolyard
- Re: [TLS] Summarizing identity change discussion … Nasko Oskov
- Re: [TLS] Summarizing identity change discussion … David-Sarah Hopwood
- Re: [TLS] Summarizing identity change discussion … David-Sarah Hopwood
- Re: [TLS] Summarizing identity change discussion … Joseph Salowey (jsalowey)
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Joseph Salowey (jsalowey)