IETF Logo Mail Archive

Re: [TLS] Revised TLS Charter

Brian Smith <bsmith@mozilla.com> Mon, 23 May 2011 22:46 UTC

Return-Path: <bsmith@mozilla.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C2A8E06BA for <tls@ietfa.amsl.com>; Mon, 23 May 2011 15:46:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cPUGDZ5Qz9JP for <tls@ietfa.amsl.com>; Mon, 23 May 2011 15:46:17 -0700 (PDT)
Received: from mail.mozilla.com (corp01.sj.mozilla.com [63.245.208.141]) by ietfa.amsl.com (Postfix) with ESMTP id A31D8E0688 for <tls@ietf.org>; Mon, 23 May 2011 15:46:17 -0700 (PDT)
Received: from mail.mozilla.com (zimbra1.shared.sjc1.mozilla.com [10.2.72.238]) by mail.mozilla.com (Postfix) with ESMTP id ED5ADAE64672 for <tls@ietf.org>; Mon, 23 May 2011 15:46:16 -0700 (PDT)
Date: Mon, 23 May 2011 15:46:16 -0700
From: Brian Smith <bsmith@mozilla.com>
To: tls@ietf.org
Message-ID: <618342307.5601.1306190776733.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>
In-Reply-To: <BANLkTik==6bPmARJRBJwsLo_wegFMjC4BQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [63.245.220.240]
X-Mailer: Zimbra 6.0.8_GA_2661 (ZimbraWebClient - FF3.0 (Win)/6.0.8_GA_2661)
Subject: Re: [TLS] Revised TLS Charter
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2011 22:46:18 -0000

Eric Rescorla wrote:
> Can you advise on which drafts you have in mind?

1. draft-pettersen-tls-ext-multiple-ocsp

2. http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00 (NPN)

3. An extension to move the client certificate message to be between its ChangeCipherSuite and Finished messages (next to the NPN message), to protect it. Hopefully we can resurrect one of the previous drafts that proposed to do this.

4. An explicit one-roundtrip False-Start(-like) full handshake. (Needs a new I-D.)

We are planning to implement all of these extensions in Firefox. I believe that there are other major implementers that are planning to implement at least the first three.

We may also implement the current TLS False Start mechanism, but I think it would be better to have an opt-in one-round-trip handshake mechanism. Such a mechanism would probably involve the client optimistically putting a ClientKeyExchange (probably formatted like a ServerKeyExchange) message in a ClientHello extension, so that the server can send its ChangeCipherSuite and Finished messages immediately after its ServerHelloDone message.

Cheers,
Brian

v2.23.0 | Report a Bug | By Email