Re: [TLS] 1rtt thoughts
James Cloos <cloos@jhcloos.com> Tue, 15 July 2014 19:57 UTC
Return-Path: <cloos@jhcloos.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22D4C1A0086 for <tls@ietfa.amsl.com>; Tue, 15 Jul 2014 12:57:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.652
X-Spam-Level:
X-Spam-Status: No, score=-2.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9kjDiTlQpP_U for <tls@ietfa.amsl.com>; Tue, 15 Jul 2014 12:57:46 -0700 (PDT)
Received: from ore.jhcloos.com (ore.jhcloos.com [IPv6:2604:2880::b24d:a297]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53E551A0083 for <tls@ietf.org>; Tue, 15 Jul 2014 12:57:46 -0700 (PDT)
Received: by ore.jhcloos.com (Postfix, from userid 10) id 5C27E21BB3; Tue, 15 Jul 2014 19:57:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore14; t=1405454265; bh=Y4d26wF0YMy1ZX/+lxmg3IR2HxsmsZ2DuVMFfbSyOm8=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=F/QqRxz383czCRemIIW6DjVOO0f51vWSn65/aHsHtt4nu2/4UgZMDP/6ceGK+8TLU eWEU1f/uTRDq55BkSE1TtdviT0t+y1UMxKqgPq/4aQNqT6jlYip2v7j0XWZCkkVqQX aCoFTj7dbJaK498P/yBPD7R7h2k2NKqiuGR3c3Es=
Received: by carbon.jhcloos.org (Postfix, from userid 500) id 3CD5560028; Tue, 15 Jul 2014 19:51:39 +0000 (UTC)
From: James Cloos <cloos@jhcloos.com>
To: Michael StJohns <msj@nthpermutation.com>
In-Reply-To: <53C574EB.5040801@nthpermutation.com> (Michael StJohns's message of "Tue, 15 Jul 2014 14:37:31 -0400")
References: <53C41080.9050204@nthpermutation.com> <CAMfhd9VjAjdgkrYY-YXyqtgZ95gK=qHMgkv3Sv2uou7HLT2eyg@mail.gmail.com> <CABcZeBO0OcS6LCuLBN-qgo_M2jNr4EwE65tN4fmJ93qTuJyDFw@mail.gmail.com> <53C4385A.7030007@nthpermutation.com> <53C44A03.4070603@fifthhorseman.net> <53C574EB.5040801@nthpermutation.com>
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Copyright: Copyright 2014 James Cloos
OpenPGP: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc
OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
Date: Tue, 15 Jul 2014 15:51:39 -0400
Message-ID: <m37g3es8ms.fsf@carbon.jhcloos.org>
Lines: 24
MIME-Version: 1.0
Content-Type: text/plain
X-Hashcash: 1:30:140715:msj@nthpermutation.com::UoKkNnagd9/2ECUV:000000000000000000000000000000000000006o0ZU
X-Hashcash: 1:30:140715:tls@ietf.org::ifadsrPKbvJvFsfn:0000/XF0P
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/xP6vIakAx7OcCzkOazsC8psr_6o
Cc: tls@ietf.org
Subject: Re: [TLS] 1rtt thoughts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 19:57:48 -0000
>>>>> "MS" == Michael StJohns <msj@nthpermutation.com> writes: MS> I'm wondering if there isn't some application where interspersing MS> TLS with plaintext (or maybe multiple differently credentialed TLS MS> sessions) over the life of the TCP connection has any utility. There are several protocols where multiple credentials make sense. Among them are imap, pop, ftp and any of the tls-capable sql protocols. I'm sure there are several more I cannot think of just now. It may be uncommon to switch identities mid-stream, but not unknown. I doubt many currently use tls mutual auth in such a fashion, rather than application-level aaa, but they could. (Of the protocols I though of above, pgsql is the one where I've most often changed users in place and where cert auth is a viable option. That being said, I've never tested whether changing roles works with a connection which requires cert auth.) -JimC -- James Cloos <cloos@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
- [TLS] 1rtt thoughts Michael StJohns
- Re: [TLS] 1rtt thoughts Adam Langley
- Re: [TLS] 1rtt thoughts Eric Rescorla
- Re: [TLS] 1rtt thoughts Michael StJohns
- Re: [TLS] 1rtt thoughts Eric Rescorla
- Re: [TLS] 1rtt thoughts Daniel Kahn Gillmor
- Re: [TLS] 1rtt thoughts Michael StJohns
- Re: [TLS] 1rtt thoughts James Cloos