[TLS] server auth on renegoiate
<home_pw@msn.com> Sun, 31 December 2006 20:45 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H17Z3-0001GQ-5f; Sun, 31 Dec 2006 15:45:53 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H17Z1-0001GJ-Nn for tls@ietf.org; Sun, 31 Dec 2006 15:45:51 -0500
Received: from bay0-omc3-s26.bay0.hotmail.com ([65.54.246.226]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H17Xd-0003wG-Ov for tls@ietf.org; Sun, 31 Dec 2006 15:44:27 -0500
Received: from hotmail.com ([65.54.174.86]) by bay0-omc3-s26.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, 31 Dec 2006 12:44:25 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 31 Dec 2006 12:44:24 -0800
Message-ID: <BAY103-DAV14FDA12172240BDB9C8A5292C40@phx.gbl>
Received: from 69.227.152.254 by BAY103-DAV14.phx.gbl with DAV; Sun, 31 Dec 2006 20:44:22 +0000
X-Originating-IP: [69.227.152.254]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: EKR <ekr@networkresonance.com>
References: <BAY103-DAV10609A530D84AA68BD08B792C40@phx.gbl> <86ac1328ba.fsf@delta.rtfm.com>
Date: Sun, 31 Dec 2006 12:44:38 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 31 Dec 2006 20:44:24.0905 (UTC) FILETIME=[75069B90:01C72D1C]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581
Cc: tls@ietf.org
Subject: [TLS] server auth on renegoiate
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
We disagreed earlier on whether the spec required that a (std) RSA cipersuite MUST send a certificate. I argued that it wasn't necessary for the case of renegotiate given the DAO of the confidentiality service; and we disagreed on that rationale, even. So, I've been attempting to accommodate:- which would the list prefer:- (a) a self-signed (static) cert (b) an unsigned (static) cert (c) a message with no content I feel very comfortable with (a) for re-negotiation scenarios, within a decent ciphersuite. I can quote Eric's book (p.220), at least: "However, its is of course possible to use self-signed (and hence unverified) certificates and get the effect of an anonymous connection with any SSL mode." If I recall, TLS-PSK also mentions the self-signed cert practice. _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] TLS1.2: focus on non X.509 certs, cert URLs… home_pw
- Re: [TLS] TLS1.2: focus on non X.509 certs, cert … EKR
- Re: [TLS] TLS1.2: focus on non X.509 certs, cert … home_pw
- Re: [TLS] TLS1.2: focus on non X.509 certs, cert … home_pw
- [TLS] server auth on renegoiate home_pw
- Re: [TLS] TLS1.2: focus on non X.509 certs, cert … Mike
- Re: [TLS] TLS1.2: focus on non X.509 certs, cert … home_pw
- Re: [TLS] TLS1.2: focus on non X.509 certs, cert … Martin Rex