Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft

"Kemp, David P." <> Fri, 19 February 2010 17:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 58B0628C2E7 for <>; Fri, 19 Feb 2010 09:57:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hip-lZ9rjKIW for <>; Fri, 19 Feb 2010 09:57:45 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 635B628C2DF for <>; Fri, 19 Feb 2010 09:57:45 -0800 (PST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CAB18D.435A3238"
Date: Fri, 19 Feb 2010 12:59:20 -0500
Message-ID: <>
In-Reply-To: <>
Thread-Topic: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
Thread-Index: AcqxhcVnPwHX2EQWTiug/TUBqANa3wAAZiMQ
References: <> <> <> <>
From: "Kemp, David P." <>
To: <>
X-OriginalArrivalTime: 19 Feb 2010 18:00:17.0640 (UTC) FILETIME=[64FEB680:01CAB18D]
Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 19 Feb 2010 17:57:46 -0000

As Stefan pointed out, MUST support does not equal MUST use.  If you or your customers cannot be convinced that the NIST guidance is irrelevant to cache item tagging, then your implementation can certainly support SHA-2.  It is even “legal” (in an RFC 2119 sense) for your customers to configure your application to refuse to use SHA-1 if they believe that is necessary to comply with NIST guidance, as long as other customers (guided by appropriate documentation and common sense) are able to configure it to use SHA-1.


I oppose removing a requirement to MUST support a common algorithm.   And I would oppose making the common algorithm SHA-2 because that is moving in the wrong direction for saving bytes:  a single uint32 is sufficient; more (SHA-1) is excessive, and much more (SHA-2) is much more excessive.   This applies equally whether the server pre-calculates an opaque token and sends it to the client or the client and server each calculate the token interoperably.





From: Brian Smith [] 
Sent: Friday, February 19, 2010 12:05 PM

And, I am definitely not convinced that all users/customers will be convinced, so I would rather be safe than sorry.

Perhaps this all can be avoided by simply not having the client calculate hashes at all.


It is strongly recommended that the server use a secure hash algorithm (e.g. SHA-2) of the value as the token.