Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft

Stefan Santesson <stefan@aaa-sec.com> Thu, 25 February 2010 20:36 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE15E3A8727 for <tls@core3.amsl.com>; Thu, 25 Feb 2010 12:36:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.179
X-Spam-Level:
X-Spam-Status: No, score=-2.179 tagged_above=-999 required=5 tests=[AWL=0.070, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cVUhWuESyPA7 for <tls@core3.amsl.com>; Thu, 25 Feb 2010 12:36:07 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.114]) by core3.amsl.com (Postfix) with ESMTP id EAE703A8726 for <tls@ietf.org>; Thu, 25 Feb 2010 12:36:06 -0800 (PST)
Received: from s24.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 8ABA0364E85 for <tls@ietf.org>; Thu, 25 Feb 2010 20:29:34 +0100 (CET)
Received: (qmail 62959 invoked from network); 25 Feb 2010 19:29:27 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.16]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s24.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <brian@briansmith.org>; 25 Feb 2010 19:29:27 -0000
User-Agent: Microsoft-Entourage/12.23.0.091001
Date: Thu, 25 Feb 2010 20:29:25 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: Brian Smith <brian@briansmith.org>
Message-ID: <C7AC8E25.8986%stefan@aaa-sec.com>
Thread-Topic: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
Thread-Index: Acq2UNa/IkUC1/Tix0y8RgbMSwyMLA==
In-Reply-To: <4B86AECF.2000207@briansmith.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2010 20:36:07 -0000

Brian,

On 10-02-25 6:09 PM, "Brian Smith" <brian@briansmith.org>; wrote:

> Stefan Santesson wrote:
>> Simon,
>> 
>> Note that the requirement is MUST support, it is not MUST use.
>> It is perfectly allowed to use SHA-256.
>> 
>> Does that solve your concern?
> This doesn't make sense. If the server doesn't implement SHA-1, then a
> client that only sends SHA-1 to it won't be able to use the extension
> effectively. If the client cannot rely on SHA-1 working then what is the
> value of the "MUST" requirement?

MUST support means that the client can rely on that SHA-1 is working.

> Similarly, if the client doesn't
> implement SHA-1, but the server only supports SHA-1, then they won't be
> able to take advantage of the optimization.
> 

It just means that the server won't accept caching this time around. It's
not like the end of the world. The client can try multiple hashes next time
to figure out what the server really accepts.

/Stefan