IETF Logo Mail Archive

Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to

Simon Josefsson <simon@josefsson.org> Tue, 23 March 2010 21:23 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B09803A688F; Tue, 23 Mar 2010 14:23:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.004
X-Spam-Level:
X-Spam-Status: No, score=-1.004 tagged_above=-999 required=5 tests=[AWL=0.465, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1mI0iLULZCTu; Tue, 23 Mar 2010 14:23:04 -0700 (PDT)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id D8DB73A6C82; Tue, 23 Mar 2010 14:22:32 -0700 (PDT)
Received: from mocca (c80-216-24-99.bredband.comhem.se [80.216.24.99]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o2NLMmYS029041 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 23 Mar 2010 22:22:49 +0100
From: Simon Josefsson <simon@josefsson.org>
To: mrex@sap.com
References: <201003232115.o2NLFuOS025546@fs4113.wdf.sap.corp>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:100323:sasl@ietf.org::q3hLuYtbnEiOkGyN:0XIc
X-Hashcash: 1:22:100323:mark.novak@microsoft.com::FKNbJ8VWUoBSOcXf:0R2p
X-Hashcash: 1:22:100323:mrex@sap.com::v8WriY35/ekHmmJR:3vEE
X-Hashcash: 1:22:100323:tls@ietf.org::ga7SBYIhlUKe8795:82jM
X-Hashcash: 1:22:100323:pasi.eronen@nokia.com::DgSMwaGj6oY7jcnj:49qw
X-Hashcash: 1:22:100323:channel-binding@ietf.org::YpNJMeHGxcZnrYy4:DVw8
X-Hashcash: 1:22:100323:nicolas.williams@sun.com::dvqHkJJ/4o+K7vop:HoUM
Date: Tue, 23 Mar 2010 22:22:48 +0100
In-Reply-To: <201003232115.o2NLFuOS025546@fs4113.wdf.sap.corp> (Martin Rex's message of "Tue, 23 Mar 2010 22:15:56 +0100 (MET)")
Message-ID: <871vfapwbb.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Scanned: clamav-milter 0.95.3 at yxa-v
X-Virus-Status: Clean
Cc: Mark.Novak@microsoft.com, channel-binding@ietf.org, Nicolas.Williams@sun.com, pasi.eronen@nokia.com, tls@ietf.org, sasl@ietf.org
Subject: Re: [TLS] [CHANNEL-BINDING] [sasl] Updates to
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2010 21:23:06 -0000

Martin Rex <mrex@sap.com> writes:

> When it is the client app that retrieves the ChannelBindings information
> from the TLS implementation and feeds it into gss_init_sec_context(),
> then the channel binding information should be sticky to the
> TLS connection handle (which represents the communication channel
> as seen by the application).

I believe the Microsoft implementation of the 'tls-unique' channel
binding leads to different cb after each TLS handshake.  So the cb is
not sticky.  I guess the question is if there is any problem (*) in
making the Microsoft approach the official definition.

/Simon

(*) Aside changing an already published definition.

v2.23.0 | Report a Bug | By Email