Re: [TLS] A la carte handshake negotiation

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 27 June 2015 20:12 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F32611A8935 for <tls@ietfa.amsl.com>; Sat, 27 Jun 2015 13:12:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rq91rFV78az1 for <tls@ietfa.amsl.com>; Sat, 27 Jun 2015 13:12:52 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id A9F901A87BF for <tls@ietf.org>; Sat, 27 Jun 2015 13:12:52 -0700 (PDT)
Received: from fifthhorseman.net (h-67-101-29-115.nycm.ny.dynamic.megapath.net [67.101.29.115]) by che.mayfirst.org (Postfix) with ESMTPSA id A732EF984; Sat, 27 Jun 2015 16:12:49 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id F1B2720119; Sat, 27 Jun 2015 16:12:35 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Dave Garrett <davemgarrett@gmail.com>, Nico Williams <nico@cryptonector.com>
In-Reply-To: <201506262151.47456.davemgarrett@gmail.com>
References: <201506111558.21577.davemgarrett@gmail.com> <201506261924.24454.davemgarrett@gmail.com> <20150627014034.GL6117@localhost> <201506262151.47456.davemgarrett@gmail.com>
User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Sat, 27 Jun 2015 16:12:35 -0400
Message-ID: <87vbe86hcc.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/k1kyls7Qz446FS_a8BkRk1R6OTs>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] A la carte handshake negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jun 2015 20:12:54 -0000

On Fri 2015-06-26 21:51:47 -0400, Dave Garrett wrote:
> On Friday, June 26, 2015 09:40:35 pm Nico Williams wrote:
>> We could do even better: stop cartesian products altogether.
>> 
>>   TLS_SRV_AUTH_NONE (anon)
>>   TLS_SRV_AUTH_PKIX (certs)
>>   TLS_SRV_AUTH_PSK  (also authenticates the client)
>
> What's "SRV" in this context, short for "server"?

Yeah, the in-fixed term here is "SRV_AUTH", not just "SRV".  They're
"server authentication" mechanisms (with the caveat Nico mentions above
that "PSK" also authenticates the client).

         --dkg