Re: [TLS] draft-ietf-tls-cached-info-10.txt
"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Sun, 18 December 2011 10:30 UTC
Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C72A321F84C5 for <tls@ietfa.amsl.com>; Sun, 18 Dec 2011 02:30:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.648
X-Spam-Level:
X-Spam-Status: No, score=-104.648 tagged_above=-999 required=5 tests=[AWL=-0.650, BAYES_50=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7bvzpMc9UDbJ for <tls@ietfa.amsl.com>; Sun, 18 Dec 2011 02:30:37 -0800 (PST)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [93.183.12.31]) by ietfa.amsl.com (Postfix) with ESMTP id 2E42C21F84C1 for <tls@ietf.org>; Sun, 18 Dec 2011 02:30:36 -0800 (PST)
Received: from demuprx016.emea.nsn-intra.net ([10.150.129.55]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id pBIAUWTw022082 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <tls@ietf.org>; Sun, 18 Dec 2011 11:30:33 +0100
Received: from DEMUEXC048.nsn-intra.net ([10.159.32.94]) by demuprx016.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id pBIAUSxK022940 for <tls@ietf.org>; Sun, 18 Dec 2011 11:30:32 +0100
Received: from FIESEXC035.nsn-intra.net ([10.159.0.25]) by DEMUEXC048.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675); Sun, 18 Dec 2011 11:29:06 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CCBD6F.DEA7E737"
Date: Sun, 18 Dec 2011 12:30:56 +0200
Message-ID: <999913AB42CC9341B05A99BBF358718DE38072@FIESEXC035.nsn-intra.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Re: [TLS] draft-ietf-tls-cached-info-10.txt
Thread-Index: Acy9cCCb9bJDz3F4S7GA7Ct801NRZA==
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: tls@ietf.org
X-OriginalArrivalTime: 18 Dec 2011 10:29:06.0608 (UTC) FILETIME=[DEEE4B00:01CCBD6F]
X-Mailman-Approved-At: Sun, 18 Dec 2011 03:57:21 -0800
Subject: Re: [TLS] draft-ietf-tls-cached-info-10.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Dec 2011 10:30:40 -0000
Hi Nikos, thanks for your quick feedback. Your remark regarding the hash algorithm is correct. There are a few other questions, namely a) Should there be more than one hash function be used? I would say that in general the opinion is "yes" because of the crypto-agility requirement. b) When there is more than one algorithm what registry should be used? The registry for HashAlgorithm registry established with RFC 5246 is one possible option but clearly defined for a different purpose. When someone adds a new hash algorithm purely for usage with the TLS cached info extension then the question arises of how valuable this is for what it was initially created for by RFC 5246. I personally would just create a separate registry rather than overloading an existing one. c) Should there be a negotiation of hash algorithms, as you suggest, or rather a pure indication. I am OK with negotiation. d) What should be the hash algorithm that is mandatory-to-implement? I would not pick one. Your interpretation of the text in Section 5.1 is correct. There is definitely a chance to improve the text. Regarding your question about the usage of TLS in communication environments with low bandwidth, and high loss rate. Yes, there are communities who run IP-based protocols, including DTLS/TLS on constrained devices, such as sensors. Have a look at this workshop report: http://tools.ietf.org/html/draft-iab-smart-object-workshop-06 I would appreciate your feedback on the remaining questions concerning the hash algorithm topic. I will produce an updated version of the draft that clarifies the text in Section 5.1. Ciao Hannes On Wed, Dec 14, 2011 at 5:08 PM, Hannes Tschofenig <Hannes.Tschofenig at gmx.net> wrote: > Hi all, > Ekr suggested during the Taipei IETF TLS meeting to remove the functionality of conveying a public key fingerprint from draft-wouters-tls-oob-pubkey. I did that already during that meeting with the submission of draft-wouters-tls-oob-pubkey-02. [...] > In any case, please review the document and share your comments with us. Hello, Some comments. page 5: The hash algorithm used to calculate hash values SHALL be the hash algorithm that was used to generate the Finished message in the handshake exchange from which the hashed information was cached. Hash algorithm identifiers are defined in the RFC 5246 [RFC5246] HashAlgorithm registry. The finished message doesn't use a hash algorithm, but rather a PRF. That PRF is based on SHA1 in TLS 1.0 and SHA256 in TLS 1.2, but there is no guarantee that a PRF must be based on a hash. Why doesn't this extension negotiate the hash on the previous (non-cached) run? page 8: I cannot understand the meaning of 5 and 5.1. Does it mean that the certificate message sent is: struct { CachedObject ASN.1Cert<1..2^24-1>; } Certificate; If this is the meaning then "Substitution syntax is defined by expanding the syntax of the opaque ASN.1Cert structure" should be better phrased. I'd use "The certificate message is replaced by the CachedCertificate message defined as:" ... same applies in 5.2. page 3: "Significant benefits can be achieved in low bandwidth and high latency networks". Out of curiosity. Is TLS being used in any low-bandwidth channels, where this extension is needed? (latency low or high doesn't really matter since the round-trips are not affected by this extension) regards, Nikos
- [TLS] draft-ietf-tls-cached-info-10.txt Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-cached-info-10.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-cached-info-10.txt Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [TLS] draft-ietf-tls-cached-info-10.txt Chris Richardson