Re: [TLS] TLS Cached Information Extension - version 11
Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 13 July 2012 09:40 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A29B221F86C5 for <tls@ietfa.amsl.com>; Fri, 13 Jul 2012 02:40:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.459
X-Spam-Level:
X-Spam-Status: No, score=-102.459 tagged_above=-999 required=5 tests=[AWL=0.140, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wA5OQhkkXwGl for <tls@ietfa.amsl.com>; Fri, 13 Jul 2012 02:40:15 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 2827B21F86B8 for <tls@ietf.org>; Fri, 13 Jul 2012 02:40:14 -0700 (PDT)
Received: (qmail invoked by alias); 13 Jul 2012 09:40:49 -0000
Received: from unknown (EHLO [10.255.128.232]) [194.251.119.201] by mail.gmx.net (mp019) with SMTP; 13 Jul 2012 11:40:49 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX184cuUrNAw4cj1Pbm1mhsW7oUmDkccT2CMFTSqiM8 IGfv6KlRU3CX7Z
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <4F2FC5AA.5070600@comodo.com>
Date: Fri, 13 Jul 2012 12:40:38 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <7E329BCB-EFA1-423B-8F20-F6EA382D2901@gmx.net>
References: <4EF84292.50201@gmx.net> <4F2FC5AA.5070600@comodo.com>
To: Rob Stradling <rob.stradling@comodo.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: tls@ietf.org
Subject: Re: [TLS] TLS Cached Information Extension - version 11
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2012 09:40:16 -0000
Hi Rob, me again. > > 2. Currently, cached-info only allows a TLS Client to indicate to the TLS Server a list of static Objects that it _doesn't_ want to receive (because it already has them). > i.e. "Don't send me any Objects of Type X, Y or Z that match Digests A, B or C". > > How about extending this so that the TLS Client can indicate types of Object that it _does_ want to receive? > i.e. "Do send me any Objects of Type X, Y and Z that you have, excluding any that match Digests A, B or C". I am open for feedback from the group on this issue. I have not heard anyone asking for it so far. > > This added functionality could meet the needs of several other TLS extensions that are being proposed, for example... > - Multiple OCSP Responses [2]. > - Audit proofs for Google's Certificate Transparency proposal [3]. > - TACK rules for Convergence [4]. > > Or, is it your explicit intention to restrict cached-info so that it only supports the "standard" TLS handshake objects (e.g. Certificate, Trusted CAs list). > (I can see that such a restriction could help to ensure that client-side code can be implemented entirely within the network layer rather than bleeding into the application layer). There is no intention to restrict the functionality to certain extensions. I do, however, believe that new documents should add a description to their document how this document could be used in combination with the TLS cached information extension. I don't think it makes sense to add text about, for example, draft-pettersen-tls-ext-multiple-ocsp when that work is still in progress. Ciao Hannes [2] http://tools.ietf.org/html/draft-pettersen-tls-ext-multiple-ocsp [3] http://www.links.org/file/CertificateAuthorityTransparencyandAuditability.pdf [4] https://github.com/moxie0/Convergence/wiki/TACK
- [TLS] TLS Cached Information Extension - version … Hannes Tschofenig
- Re: [TLS] TLS Cached Information Extension - vers… Rob Stradling
- Re: [TLS] TLS Cached Information Extension - vers… Sean Turner
- Re: [TLS] TLS Cached Information Extension - vers… Hannes Tschofenig
- [TLS] cached-info and multiple-ocsp Rob Stradling
- Re: [TLS] cached-info and multiple-ocsp Joseph Salowey (jsalowey)
- Re: [TLS] cached-info and multiple-ocsp Hannes Tschofenig
- Re: [TLS] cached-info and multiple-ocsp Rob Stradling