Re: [TLS] matching identity, by default
David-Sarah Hopwood <david-sarah@jacaranda.org> Fri, 04 December 2009 00:30 UTC
Return-Path: <djhopwood@googlemail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 667FA3A67F8 for <tls@core3.amsl.com>; Thu, 3 Dec 2009 16:30:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.587
X-Spam-Level:
X-Spam-Status: No, score=-2.587 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQ5tZUqrVPSU for <tls@core3.amsl.com>; Thu, 3 Dec 2009 16:30:15 -0800 (PST)
Received: from mail-ew0-f216.google.com (mail-ew0-f216.google.com [209.85.219.216]) by core3.amsl.com (Postfix) with ESMTP id ECC793A67B7 for <tls@ietf.org>; Thu, 3 Dec 2009 16:30:13 -0800 (PST)
Received: by ewy8 with SMTP id 8so2263897ewy.15 for <tls@ietf.org>; Thu, 03 Dec 2009 16:30:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type; bh=e79hqp9V9aXPX52v2Dtc5lkxDqm+q3hLW/oLrFvUDyc=; b=PYiDe7VLvwXz8yE4O2uFlILRJq0IhfVQt7RBnsPdDxgzF0npw7tMh544dW6eOBiP2N nieMsd3uGsCzuxGSsFcPQEW21espKwJUofU84s3sYHLfmQQ6ClATT79wnLl6I9wOYQDv FfHtBoSYJqhAoCT9VIIaWngtNCer0f3ODTyrc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; b=CNNNi7APCaqK7VftSMsZKj6IeWtK06x55/9ql2LaYmn/UY+aZ1WF6TZ5BXB+ey1zPb 1IiG2YNfOpl8Dt52Tbw8RV+Wru5Z5wmh++QZmVKdJQJk82l2sXy/LymnYvqFsCLaXV52 95r8JB7VniKL6D6c9/8NTT/YO75ZrOnQ06zEo=
Received: by 10.216.86.7 with SMTP id v7mr760843wee.203.1259886602072; Thu, 03 Dec 2009 16:30:02 -0800 (PST)
Received: from ?192.168.0.2? (5adcc5d2.bb.sky.com [90.220.197.210]) by mx.google.com with ESMTPS id 28sm8690683eye.7.2009.12.03.16.30.01 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 03 Dec 2009 16:30:01 -0800 (PST)
Sender: David-Sarah Hopwood <djhopwood@googlemail.com>
Message-ID: <4B185802.6070306@jacaranda.org>
Date: Fri, 04 Dec 2009 00:29:54 +0000
From: David-Sarah Hopwood <david-sarah@jacaranda.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: tls@ietf.org
References: <C2329F9D-F5EF-4E8B-9EE8-ED246D7B7287@manger.com.au> <BF782069-544A-4842-B8C8-A9472C9794BB@acm.org> <4B17C2F9.9010802@extendedsubset.com> <A1ECF717-4E06-4654-8B1D-7FDE6C5A2F24@acm.org> <4B18096E.20805@extendedsubset.com>
In-Reply-To: <4B18096E.20805@extendedsubset.com>
X-Enigmail-Version: 0.96.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------enig91405FED3574A8A58D2B8257"
Subject: Re: [TLS] matching identity, by default
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2009 00:30:16 -0000
Marsh Ray wrote: > * The TLS protocol allows application data to be interleaved within > rengotiation handshake messages. Sometimes this is desired, but may > require extra care. The application-supplied callback and TLS library > normally SHOULD discard any buffered plaintext at the point of > renegotiation. I appreciate the problem that this recommendation is trying to solve, but as stated here it may do more harm than good. Discarding any plaintext may cause the application protocol states at the client and server to lose synchronization, creating a vulnerability, or at least incorrect behaviour. -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
- Re: [TLS] matching identity, by default Stephen Farrell
- [TLS] matching identity, by default James Manger
- Re: [TLS] matching identity, by default Bodo Moeller
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Bodo Moeller
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Bill Frantz
- Re: [TLS] matching identity, by default Nelson B Bolyard
- Re: [TLS] matching identity, by default James Manger
- Re: [TLS] matching identity, by default David-Sarah Hopwood
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Michael Gray
- Re: [TLS] matching identity, by default Martin Rex
- Re: [TLS] matching identity, by default Martin Rex
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Martin Rex
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default James Manger
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Bill Frantz
- Re: [TLS] matching identity, by default Kyle Hamilton
- Re: [TLS] matching identity, by default Kyle Hamilton
- Re: [TLS] matching identity, by default Martin Rex
- Re: [TLS] matching identity, by default Bodo Moeller