Re: [TLS] matching identity, by default

David-Sarah Hopwood <david-sarah@jacaranda.org> Fri, 04 December 2009 00:30 UTC

Return-Path: <djhopwood@googlemail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 667FA3A67F8 for <tls@core3.amsl.com>; Thu, 3 Dec 2009 16:30:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.587
X-Spam-Level:
X-Spam-Status: No, score=-2.587 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQ5tZUqrVPSU for <tls@core3.amsl.com>; Thu, 3 Dec 2009 16:30:15 -0800 (PST)
Received: from mail-ew0-f216.google.com (mail-ew0-f216.google.com [209.85.219.216]) by core3.amsl.com (Postfix) with ESMTP id ECC793A67B7 for <tls@ietf.org>; Thu, 3 Dec 2009 16:30:13 -0800 (PST)
Received: by ewy8 with SMTP id 8so2263897ewy.15 for <tls@ietf.org>; Thu, 03 Dec 2009 16:30:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type; bh=e79hqp9V9aXPX52v2Dtc5lkxDqm+q3hLW/oLrFvUDyc=; b=PYiDe7VLvwXz8yE4O2uFlILRJq0IhfVQt7RBnsPdDxgzF0npw7tMh544dW6eOBiP2N nieMsd3uGsCzuxGSsFcPQEW21espKwJUofU84s3sYHLfmQQ6ClATT79wnLl6I9wOYQDv FfHtBoSYJqhAoCT9VIIaWngtNCer0f3ODTyrc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; b=CNNNi7APCaqK7VftSMsZKj6IeWtK06x55/9ql2LaYmn/UY+aZ1WF6TZ5BXB+ey1zPb 1IiG2YNfOpl8Dt52Tbw8RV+Wru5Z5wmh++QZmVKdJQJk82l2sXy/LymnYvqFsCLaXV52 95r8JB7VniKL6D6c9/8NTT/YO75ZrOnQ06zEo=
Received: by 10.216.86.7 with SMTP id v7mr760843wee.203.1259886602072; Thu, 03 Dec 2009 16:30:02 -0800 (PST)
Received: from ?192.168.0.2? (5adcc5d2.bb.sky.com [90.220.197.210]) by mx.google.com with ESMTPS id 28sm8690683eye.7.2009.12.03.16.30.01 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 03 Dec 2009 16:30:01 -0800 (PST)
Sender: David-Sarah Hopwood <djhopwood@googlemail.com>
Message-ID: <4B185802.6070306@jacaranda.org>
Date: Fri, 04 Dec 2009 00:29:54 +0000
From: David-Sarah Hopwood <david-sarah@jacaranda.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: tls@ietf.org
References: <C2329F9D-F5EF-4E8B-9EE8-ED246D7B7287@manger.com.au> <BF782069-544A-4842-B8C8-A9472C9794BB@acm.org> <4B17C2F9.9010802@extendedsubset.com> <A1ECF717-4E06-4654-8B1D-7FDE6C5A2F24@acm.org> <4B18096E.20805@extendedsubset.com>
In-Reply-To: <4B18096E.20805@extendedsubset.com>
X-Enigmail-Version: 0.96.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------enig91405FED3574A8A58D2B8257"
Subject: Re: [TLS] matching identity, by default
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2009 00:30:16 -0000

Marsh Ray wrote:
> * The TLS protocol allows application data to be interleaved within
> rengotiation handshake messages. Sometimes this is desired, but may
> require extra care. The application-supplied callback and TLS library
> normally SHOULD discard any buffered plaintext at the point of
> renegotiation.

I appreciate the problem that this recommendation is trying to solve,
but as stated here it may do more harm than good. Discarding any plaintext
may cause the application protocol states at the client and server to
lose synchronization, creating a vulnerability, or at least incorrect
behaviour.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com