IETF Logo Mail Archive

Re: [TLS] First TLS cached information draft posted

Stefan Santesson <stefan@aaa-sec.com> Sat, 06 June 2009 01:17 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 06D493A6901 for <tls@core3.amsl.com>; Fri, 5 Jun 2009 18:17:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.074
X-Spam-Level:
X-Spam-Status: No, score=-2.074 tagged_above=-999 required=5 tests=[AWL=0.175, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lSxIUCtKG3Qo for <tls@core3.amsl.com>; Fri, 5 Jun 2009 18:17:11 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.112]) by core3.amsl.com (Postfix) with ESMTP id BBF473A687A for <TLS@ietf.org>; Fri, 5 Jun 2009 18:17:09 -0700 (PDT)
Received: (qmail 69206 invoked from network); 6 Jun 2009 01:17:20 -0000
Received: from s34.loopia.se (HELO s19.loopia.se) ([194.9.94.70]) (envelope-sender <stefan@aaa-sec.com>) by s87.loopia.se (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <TLS@ietf.org>; 6 Jun 2009 01:17:20 -0000
Received: (qmail 49394 invoked from network); 6 Jun 2009 01:17:10 -0000
Received: from 213-64-142-21-no153.business.telia.com (HELO [192.168.0.17]) (stefan@fiddler.nu@[213.64.142.21]) (envelope-sender <stefan@aaa-sec.com>) by s19.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <martin.rex@sap.com>; 6 Jun 2009 01:17:10 -0000
User-Agent: Microsoft-Entourage/12.17.0.090302
Date: Sat, 06 Jun 2009 03:17:08 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: martin.rex@sap.com, Simon Josefsson <simon@josefsson.org>
Message-ID: <C64F9034.27AD%stefan@aaa-sec.com>
Thread-Topic: [TLS] First TLS cached information draft posted
Thread-Index: AcnmRIKZ8VcrZfh87UavqXY8qgfrGg==
In-Reply-To: <200906052055.n55KtrQ2024766@fs4113.wdf.sap.corp>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: TLS@ietf.org
Subject: Re: [TLS] First TLS cached information draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jun 2009 01:17:12 -0000

Martin,

I liked Simon's suggestion as he expressed my original thought that the
Server would know beforehand the hashes for acceptable information objects.

However, what you suggest actually makes sense to me.

I also found another minor error as the draft refer to hash_value (single
hash) when I should refer to the "hashes" (multiple hash) element.

We have to think through the concept of sending over multiple hashes and
what the appropriate response from the server is.

1) The server accepts replacement in principle, but does not know at the
time of sending the server hello if any of the hashes match.

2) The server accepts one or more hashes from the client hello (for one
object type) and includes the hashes it accepts in the server hello

3) The server accepts one or more hashes from the client hello (for one
object type) but includes only 1 (the preferred one) hash for that object
type in the server hello.

Once we can agree on this, I will update and submit a new version of the
draft.

/Stefan




On 09-06-05 10:55 PM, "Martin Rex" <Martin.Rex@sap.com> wrote:

> Simon Josefsson wrote:
>> 
>> First, this paragraph:
>> 
>>    Servers that receive an extended client hello containing a
>>    "cached_information" extension, MAY indicate that they support one or
>>    more of the cached information objects by including an extension of
>>    type "cached_information" in the (extended) server hello, which SHALL
>>    contain at least one CachedObject received from the client.
>> 
>> The intention here appears under-specified.  What does it mean if the
>> client sent two CachedObject's and the server just returned one of them?
>> One plausible interpretation would be that the server did not support
>> the hash/type-combination that were not returned.  Enforcing that
>> interpretation is needed to resolve my second concern.
>> 
>> I suggest to add a sentence:
>> 
>>    The CachedObject's returned by the server MUST include the types the
>>    server supports and has accepted to replace with cached data.
> 
> I don't know whether I correctly understand the suggestion
> that you're making.  But I'm very unhappy with one possible
> interpretation that I see in your poposal.
> 
> Having the TLS server indicate for which objects its TLS implementation
> supports the caching _in_principle_ is fine with me.
> 
> Requiring the server to already know the hash values of
> parts the contents of future SSL handshake messages, specifically
> the to-be-cached data at the time when composing the ServerHello
> handshake message is something I would definitely not like.
> 
> The impact on implementations of TLS should be as small as possible.
> To me, a requirement for a TLS server to precompute hashes over
> parts of future handshake messages during ServerHello looks like
> a significant additional burden, and personally, I do not yet see
> any benefit this might provide.
> 
> 
> -Martin

v2.23.0 | Report a Bug | By Email