Re: [TLS] Making post-handshake messages optional in TLS 1.3 (#676)
Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 12 October 2016 08:17 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33ADD1294B3 for <tls@ietfa.amsl.com>; Wed, 12 Oct 2016 01:17:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.896
X-Spam-Level:
X-Spam-Status: No, score=-4.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-2.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7QZMWD2b3EAi for <tls@ietfa.amsl.com>; Wed, 12 Oct 2016 01:17:32 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id C068A12957A for <TLS@ietf.org>; Wed, 12 Oct 2016 01:17:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id BB9C616B0B; Wed, 12 Oct 2016 11:17:30 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id CZ344Xa51w5l; Wed, 12 Oct 2016 11:17:30 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-237-87.bb.dnainternet.fi [87.100.237.87]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 8648B2310; Wed, 12 Oct 2016 11:17:30 +0300 (EEST)
Date: Wed, 12 Oct 2016 11:17:24 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Message-ID: <20161012081724.GB16436@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAOjisRznhk-Fww=EnRg7zXO-zaHWyNgi0g+reRBj+y3ZOhwMhw@mail.gmail.com> <d267aa85-56fc-b7b0-dc1f-3373f3b0c563@gmx.net> <CAOjisRxMAyzEVG_0THV9q6R9EHtPNKk94OB+pOzH_Q3kyi-ZQg@mail.gmail.com> <87fuo2vy81.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <87fuo2vy81.fsf@alice.fifthhorseman.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/stwPmWf32S8YsWfqV3VnLkN_Ah0>
Cc: "tls@ietf.org" <TLS@ietf.org>
Subject: Re: [TLS] Making post-handshake messages optional in TLS 1.3 (#676)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2016 08:17:34 -0000
On Wed, Oct 12, 2016 at 03:10:54AM -0400, Daniel Kahn Gillmor wrote: > > I don't think it's too much to ask that implementations be able to > reject a post-handshake CertificateRequest gracefully, even if they have > no intention of ever implementing a proper Client Certificate response. Unfortunately, currently it is too much: One can't just send a message saying "NAK CertficiateRequest X", since that message is followed by Finished message, that is quite annoying to compute (even requires forkable hash, when nothing else requires that, and if one is to be able to freeze connection, requires very exotic features from hash implementation. -Ilari
- [TLS] Making post-handshake messages optional in … Nick Sullivan
- Re: [TLS] Making post-handshake messages optional… Ilari Liusvaara
- Re: [TLS] Making post-handshake messages optional… David Benjamin
- Re: [TLS] Making post-handshake messages optional… Nick Sullivan
- Re: [TLS] Making post-handshake messages optional… David Benjamin
- Re: [TLS] Making post-handshake messages optional… Ilari Liusvaara
- Re: [TLS] Making post-handshake messages optional… Eric Rescorla
- Re: [TLS] Making post-handshake messages optional… Nick Sullivan
- Re: [TLS] Making post-handshake messages optional… Benjamin Kaduk
- Re: [TLS] Making post-handshake messages optional… Martin Thomson
- Re: [TLS] Making post-handshake messages optional… Tom Ritter
- Re: [TLS] Making post-handshake messages optional… Hannes Tschofenig
- Re: [TLS] Making post-handshake messages optional… Eric Rescorla
- Re: [TLS] Making post-handshake messages optional… Nick Sullivan
- Re: [TLS] Making post-handshake messages optional… Andrei Popov
- Re: [TLS] Making post-handshake messages optional… Mike Bishop
- Re: [TLS] Making post-handshake messages optional… Daniel Kahn Gillmor
- Re: [TLS] Making post-handshake messages optional… Ilari Liusvaara
- Re: [TLS] Making post-handshake messages optional… Hannes Tschofenig
- Re: [TLS] Making post-handshake messages optional… David Benjamin