Re: [TLS] AD comments on draft-ietf-tls-rfc3546bis
David Hopwood <david.nospam.hopwood@blueyonder.co.uk> Thu, 25 August 2005 21:26 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8PF9-0003LE-9x; Thu, 25 Aug 2005 17:26:39 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8PF8-0003L9-0E for tls@megatron.ietf.org; Thu, 25 Aug 2005 17:26:38 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA20903 for <tls@ietf.org>; Thu, 25 Aug 2005 17:26:35 -0400 (EDT)
Received: from smtp-out1.blueyonder.co.uk ([195.188.213.4]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E8PFh-0002qA-TT for tls@ietf.org; Thu, 25 Aug 2005 17:27:15 -0400
Received: from [127.0.0.1] ([82.42.16.20]) by smtp-out1.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Thu, 25 Aug 2005 22:27:19 +0100
Message-ID: <430E3792.1050003@blueyonder.co.uk>
Date: Thu, 25 Aug 2005 22:26:42 +0100
From: David Hopwood <david.nospam.hopwood@blueyonder.co.uk>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: tls@ietf.org
Subject: Re: [TLS] AD comments on draft-ietf-tls-rfc3546bis
References: <DFA899265632764F9B5C9DAF9866D83C01FB761B@gpsmx10.gps.internal.vodafone.com>
In-Reply-To: <DFA899265632764F9B5C9DAF9866D83C01FB761B@gpsmx10.gps.internal.vodafone.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 25 Aug 2005 21:27:19.0436 (UTC) FILETIME=[C5EA1CC0:01C5A9BB]
X-Spam-Score: 0.1 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Content-Transfer-Encoding: 7bit
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: david.nospam.hopwood@blueyonder.co.uk
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Sender: tls-bounces@lists.ietf.org
Errors-To: tls-bounces@lists.ietf.org
Wright, Timothy, VF-Group wrote:
> No hollering forthcoming from me!
No objection from me, either. I think it's unnecessary to change the
spec from RFC 3546.
It's worth pointing out that:
- ciphersuite-specific extensions are useful only if the TLS *client*
has extension options that depend on the ciphersuite. If the server
has such options, no additional mechanism or conventions are needed,
since the server can choose the ciphersuite and its extension replies
together.
Note that the issue of hardware that only supports certain ECC curves
*mainly* affects servers, not clients.
- not discussing ciphersuite-specific extensions in RFC3546bis will
not prevent ECC (or anything else) from using a ciphersuite-specific
extension. It just defers the issue of how to define such extensions
to the documents that actually use them.
(While I remember, although it's not very important: Simon's proposal in
Message ID <05d801c58d6d$36c3f210$3200a8c0@simon> would have had a minor
incompatibility with RFC 3546 -- it depended on sending multiple extensions
of the same type, and section 2.3 of RFC 3546 explicitly disallows that.
A spec that wanted to define ciphersuite-specific extensions would have
to encode them all into a single extension to avoid this. I don't think
that's a problem, though.)
--
David Hopwood <david.nospam.hopwood@blueyonder.co.uk>
_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
- [TLS] AD comments on draft-ietf-tls-rfc3546bis Eric Rescorla
- Re: [TLS] AD comments on draft-ietf-tls-rfc3546bis David Hopwood