[TLS] Closing some open comments on draft-ietf-tls-renegotiation
Eric Rescorla <ekr@networkresonance.com> Mon, 07 December 2009 22:01 UTC
Return-Path: <ekr@networkresonance.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A5A243A694E for <tls@core3.amsl.com>; Mon, 7 Dec 2009 14:01:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.928
X-Spam-Level:
X-Spam-Status: No, score=0.928 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NTmBoLoAca3t for <tls@core3.amsl.com>; Mon, 7 Dec 2009 14:01:09 -0800 (PST)
Received: from kilo.networkresonance.com (216.156.83.78.ptr.us.xo.net [216.156.83.78]) by core3.amsl.com (Postfix) with ESMTP id ED1CD3A6919 for <tls@ietf.org>; Mon, 7 Dec 2009 14:01:08 -0800 (PST)
Received: from kilo.local (localhost [127.0.0.1]) by kilo.networkresonance.com (Postfix) with ESMTP id DA1A06C5242 for <tls@ietf.org>; Mon, 7 Dec 2009 14:02:44 -0800 (PST)
Date: Mon, 07 Dec 2009 14:02:44 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: tls@ietf.org
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20091207220244.DA1A06C5242@kilo.networkresonance.com>
Subject: [TLS] Closing some open comments on draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2009 22:01:09 -0000
Hi folks, I've been going through the list discussion on draft-ietf-tls-renegotiation and wanted to try to close on some of the edits people have proposed. 1. Replace "cipher suite" with magic cipher suite value (MCSV) throughout. 2. Add "Updates: RFC 5246, 4366, 4347". Pasi, should we be explicitly stating 4346 and 2246? ISTM we already transitively update them, but I don't care either way. 3. Rewrite the introduction along the lines suggested by Marsh Ray, Nicolas Williams, David-Sarah Hopwood, and others to more accurately capture the entities which are being spliced here. I will propose new text on the list. 4. Channel bindings: replace the end of S 1. with: "The data used in the extension is similar to, but not the same as, the channel binding data used in [I-D.altman-tls-channel-bindings], however this extension is not a generic-purpose RFC 5056 channel binding facility." Nico, did you have other text you wanted? 5. Explicitly state that this extension also applies to DTLS and that the same normativity levels apply. 6. Explicitly state that this extension may also be used with SSLv3 (we don't have any authority to update SSLv3 in any way but we can certainly say that there is no technical obstacle.) 7. Clarify that RI MUST be generated in all rehandshakes, per the issue Martin raised earlier and proposed resolution by Marsh and Nelson. 8. Rewrite the introduction to more clearly elucidate the impact on app-level protocols. As Chris Newman has pointed out it currently apples primarily to HTTPS, but we should have some non-HTTPS text. I will propose new text on the list. 9. Rewrite the section about identity changes in Security Considerations. I'll propose new text on the list. I'll also make whatever small editorial changes I see. If I've missed something important that people think there is consensus on, please let me know. There are a lot of messages, so I may well have. Best, -Ekr
- [TLS] Closing some open comments on draft-ietf-tl… Eric Rescorla
- Re: [TLS] Closing some open comments on draft-iet… Nicolas Williams
- Re: [TLS] Closing some open comments on draft-iet… Eric Rescorla
- Re: [TLS] Closing some open comments on draft-iet… David-Sarah Hopwood
- Re: [TLS] Closing some open comments on draft-iet… Pasi.Eronen
- Re: [TLS] Closing some open comments on draft-iet… Dr Stephen Henson
- Re: [TLS] Closing some open comments on draft-iet… Marsh Ray
- Re: [TLS] Closing some open comments on draft-iet… Dr Stephen Henson
- Re: [TLS] Closing some open comments on draft-iet… Martin Rex
- Re: [TLS] Closing some open comments on draft-iet… Marsh Ray
- Re: [TLS] Closing some open comments on draft-iet… Michael Gray
- Re: [TLS] Closing some open comments on draft-iet… Martin Rex
- Re: [TLS] Closing some open comments on draft-iet… Marsh Ray
- Re: [TLS] Closing some open comments on draft-iet… Eric Rescorla
- Re: [TLS] Closing some open comments on draft-iet… Michael D'Errico
- Re: [TLS] Closing some open comments on draft-iet… Peter Saint-Andre
- Re: [TLS] Closing some open comments on draft-iet… Michael D'Errico
- Re: [TLS] Closing some open comments on draft-iet… Bill Frantz
- Re: [TLS] Closing some open comments on draft-iet… Dr Stephen Henson
- Re: [TLS] Closing some open comments on draft-iet… David-Sarah Hopwood
- Re: [TLS] Closing some open comments on draft-iet… Michael Gray
- [TLS] Closing some open comments on draft-ietf-tl… Sebastian Gajek
- Re: [TLS] Closing some open comments on draft-iet… Yoav Nir
- Re: [TLS] Closing some open comments on draft-iet… David-Sarah Hopwood
- Re: [TLS] Closing some open comments on draft-iet… Yoav Nir
- Re: [TLS] Closing some open comments on draft-iet… David-Sarah Hopwood
- Re: [TLS] Closing some open comments on draft-iet… Yoav Nir
- Re: [TLS] Closing some open comments on draft-iet… Sebastian Gajek