[TLS] Closing some open comments on draft-ietf-tls-renegotiation

Sebastian Gajek <gajek@post.tau.ac.il> Mon, 14 December 2009 15:42 UTC

Return-Path: <gajek@post.tau.ac.il>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E29A028C126 for <tls@core3.amsl.com>; Mon, 14 Dec 2009 07:42:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aOan3wrQmKZA for <tls@core3.amsl.com>; Mon, 14 Dec 2009 07:42:53 -0800 (PST)
Received: from doar.tau.ac.il (gate.tau.ac.il [132.66.16.26]) by core3.amsl.com (Postfix) with ESMTP id 6634028C124 for <tls@ietf.org>; Mon, 14 Dec 2009 07:42:52 -0800 (PST)
Received: from [192.168.0.25] (85.64.127.18.dynamic.barak-online.net [85.64.127.18]) by doar.tau.ac.il (Postfix) with ESMTP id 40D5CBEFA for <tls@ietf.org>; Mon, 14 Dec 2009 17:42:38 +0200 (IST)
User-Agent: Microsoft-Entourage/12.17.0.090302
Date: Mon, 14 Dec 2009 17:42:06 +0200
From: Sebastian Gajek <gajek@post.tau.ac.il>
To: tls@ietf.org
Message-ID: <C74C296E.63A%gajek@post.tau.ac.il>
Thread-Topic: Closing some open comments on draft-ietf-tls-renegotiation
Thread-Index: Acp80/0d4zm97OCPEkiT1QBeYxZnuQ==
Mime-version: 1.0
Content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3343657326_5270230"
X-Mailman-Approved-At: Mon, 14 Dec 2009 07:52:14 -0800
Subject: [TLS] Closing some open comments on draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2009 15:44:37 -0000

Hi there,

sorry for putting another mail into the long list of TLS renegotiation
mails. I skimmed the TLS-renegotiation draft. Surely, a countermeasure is to
cryptographically link the TLS sessions. There are different approaches to
achieve this goal. I was wondering why you introduce a new cipher suite.
Wouldn't it be easier to require that finished values are a function of all
values received so far (incl. previous TLS sessions or at least their
finished values.) This countermeasure is simple, complies with the present
TLS spec and could result in faster adaption.

Is there a technicality I am not aware?

Thx for any feedback.

-- 
Sebastian Gajek
School of Computer Science
Tel Aviv University, Israel

Web: http://www.cs.tau.ac.il/~gajek/