IETF Logo Mail Archive

[TLS] concers about draft-balfanz-tls-obc

zhou.sujing@zte.com.cn Fri, 18 November 2011 09:11 UTC

Return-Path: <zhou.sujing@zte.com.cn>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C22621F85EF for <tls@ietfa.amsl.com>; Fri, 18 Nov 2011 01:11:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.877
X-Spam-Level:
X-Spam-Status: No, score=-100.877 tagged_above=-999 required=5 tests=[AWL=0.961, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_DOUBLE_IP_LOOSE=0.76, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1GZhmTRc2FkG for <tls@ietfa.amsl.com>; Fri, 18 Nov 2011 01:11:09 -0800 (PST)
Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id CB41C21F84E5 for <tls@ietf.org>; Fri, 18 Nov 2011 01:10:42 -0800 (PST)
Received: from [10.30.17.99] by mx5.zte.com.cn with surfront esmtp id 566901626001193; Fri, 18 Nov 2011 16:58:51 +0800 (CST)
Received: from [10.30.3.20] by [192.168.168.15] with StormMail ESMTP id 20387.1626001193; Fri, 18 Nov 2011 17:10:36 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id pAI9AOiA016414 for <tls@ietf.org>; Fri, 18 Nov 2011 17:10:24 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn)
To: tls@ietf.org
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OFC57A0976.6BDE818B-ON4825794C.0031B1B5-4825794C.00326539@zte.com.cn>
From: zhou.sujing@zte.com.cn
Date: Fri, 18 Nov 2011 17:10:08 +0800
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2011-11-18 17:10:25, Serialize complete at 2011-11-18 17:10:25
Content-Type: multipart/alternative; boundary="=_alternative 003265384825794C_="
X-MAIL: mse01.zte.com.cn pAI9AOiA016414
Subject: [TLS] concers about draft-balfanz-tls-obc
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2011 09:11:10 -0000

Hi,
   I don't think the origin-bound-certificate is meaningful.
   The reasons are:
   1. CA signed client certificate is used to authenticate the client 
user, now it is replaced by a self-signed certificate, how can a server 
trust or authenticate a self confirmed user?
   2. If client authentication is not required, then there is neither need 
to send a self-signed certificate.
   3. To the goal of bindling cookie with self-signed certificate, the 
ordinary CA signed certificates also work.


Sujing Zhou

--------------------------------------------------------
ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others.
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender.
This message has been scanned for viruses and Spam by ZTE Anti-Spam system.

v2.23.0 | Report a Bug | By Email