Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to draft-altman-tls-channel-bindings, take two (PLEASE REVIEW)
Larry Zhu <larry.zhu@microsoft.com> Tue, 23 March 2010 21:07 UTC
Return-Path: <larry.zhu@microsoft.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EDE313A6855; Tue, 23 Mar 2010 14:07:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.097
X-Spam-Level:
X-Spam-Status: No, score=-9.097 tagged_above=-999 required=5 tests=[AWL=0.372, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BOT2mI2+CbFC; Tue, 23 Mar 2010 14:07:02 -0700 (PDT)
Received: from smtp.microsoft.com (mail1.microsoft.com [131.107.115.212]) by core3.amsl.com (Postfix) with ESMTP id 6092D3A67F9; Tue, 23 Mar 2010 14:07:00 -0700 (PDT)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.2.176.0; Tue, 23 Mar 2010 14:07:19 -0700
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) with Microsoft SMTP Server (TLS) id 14.0.639.21; Tue, 23 Mar 2010 14:07:19 -0700
Received: from TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com ([169.254.3.141]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Tue, 23 Mar 2010 14:07:20 -0700
From: Larry Zhu <larry.zhu@microsoft.com>
To: Nicolas Williams <Nicolas.Williams@sun.com>
Thread-Topic: [TLS] [CHANNEL-BINDING] [sasl] Updates to draft-altman-tls-channel-bindings, take two (PLEASE REVIEW)
Thread-Index: AQHKyst4cHoPCX6ioEukU/ZiwyF8DJIAA2KQ
Date: Tue, 23 Mar 2010 21:07:12 +0000
Message-ID: <4B17DE30119FF1429798D9F5D94BDE8C0EB567FF@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com>
References: <20100317231522.GA18167@Sun.COM> <20100322232150.GB21244@Sun.COM> <20100323065301.GE21244@Sun.COM> <20100323190629.GR21244@Sun.COM> <4B17DE30119FF1429798D9F5D94BDE8C0EB563F1@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com> <20100323195956.GY21244@Sun.COM> <4B17DE30119FF1429798D9F5D94BDE8C0EB5667A@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com> <20100323205554.GC21244@Sun.COM>
In-Reply-To: <20100323205554.GC21244@Sun.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Mark Novak <Mark.Novak@microsoft.com>, "channel-binding@ietf.org" <channel-binding@ietf.org>, Pasi Eronen <pasi.eronen@nokia.com>, "tls@ietf.org" <tls@ietf.org>, "sasl@ietf.org" <sasl@ietf.org>
Subject: Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to draft-altman-tls-channel-bindings, take two (PLEASE REVIEW)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2010 21:07:04 -0000
Nicolas Williams wrote: > It does. However, it does also mean that I had to write a bunch of normative text in draft-altman-... to say that apps must do this. That strikes me as ugly complexity. > If you never have re-negotiation happening before authentication then why do we need to worry about this? -- that's my question. It is amusing that if you actually suggest that it is more complex to leave the behavior as undefined. -----Original Message----- From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Nicolas Williams Sent: Tuesday, March 23, 2010 1:56 PM To: Larry Zhu Cc: Mark Novak; channel-binding@ietf.org; Pasi Eronen; tls@ietf.org; sasl@ietf.org Subject: Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to draft-altman-tls-channel-bindings, take two (PLEASE REVIEW) On Tue, Mar 23, 2010 at 08:48:41PM +0000, Larry Zhu wrote: > I briefly chatted with Sam who was in the tls-unique design/discussion > meeting last Sunday. It turns out that the community as represented by > key stake holders in that meeting believed that: > > 1) TLS renegotiation is driven by TLS apps. > 2) as the result, the apps can figure out, based on the app specific > context, which TLS side will start renegotiation and when, e.g. in a > locked-step fashion. > 2) therefore it is acceptable to leave the behavior in the case of the > described synchronization undefined. > > If this does not capture the spirit of that discussion, please let me > know. It does. However, it does also mean that I had to write a bunch of normative text in draft-altman-... to say that apps must do this. That strikes me as ugly complexity. If you never have re-negotiation happening before authentication then why do we need to worry about this? -- that's my question. > Shall we proceed with that and capture the discussion in the ID (that > means another update to the ID). I wrote -09 so as to capture that discussion. > Personally I am not aware of any new > data points that would invalidate the above recommendation. I'm asking questions about your implementation. The answers to those questions might actually bring new data points to light that, while they wouldn't invalidate our earlier decision, might lead us to re-consider that decision. Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] Updates to draft-altman-tls-channel-binding… Nicolas Williams
- Re: [TLS] [sasl] Updates to draft-altman-tls-chan… Pasi.Eronen
- Re: [TLS] [sasl] Updates to draft-altman-tls-chan… Dave Cridland
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Simon Josefsson
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Nicolas Williams
- Re: [TLS] [sasl] [CHANNEL-BINDING] Updates to dra… Larry Zhu
- Re: [TLS] [sasl] [CHANNEL-BINDING] Updates to dra… Nicolas Williams
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Nicolas Williams
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Nicolas Williams
- Re: [TLS] [sasl] [CHANNEL-BINDING] Updates to dra… Alexey Melnikov
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Alexey Melnikov
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Simon Josefsson
- Re: [TLS] [CHANNEL-BINDING] Updates to draft-altm… Simon Josefsson
- Re: [TLS] [CHANNEL-BINDING] Updates to draft-altm… Nicolas Williams
- Re: [TLS] [CHANNEL-BINDING] Updates to Martin Rex
- [TLS] Updates to draft-altman-tls-channel-binding… Nicolas Williams
- Re: [TLS] [CHANNEL-BINDING] Updates to draft-altm… Alexey Melnikov
- Re: [TLS] [sasl] Updates to draft-altman-tls-chan… Nicolas Williams
- Re: [TLS] [sasl] Updates to draft-altman-tls-chan… Nicolas Williams
- Re: [TLS] [sasl] Updates to draft-altman-tls-chan… Larry Zhu
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Nicolas Williams
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Nicolas Williams
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Larry Zhu
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Simon Josefsson
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Nicolas Williams
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Nicolas Williams
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Simon Josefsson
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Larry Zhu
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Nicolas Williams
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to Martin Rex
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to Simon Josefsson
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to dra… Nicolas Williams
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to Martin Rex
- Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to Larry Zhu
- [TLS] Avoiding CB sync problem via server-side so… Nicolas Williams
- Re: [TLS] [sasl] Updates to draft-altman-tls-chan… Eliot Lear
- Re: [TLS] [sasl] Updates to draft-altman-tls-chan… Nicolas Williams
- Re: [TLS] [sasl] Updates to draft-altman-tls-chan… Sean Turner