Re: [TLS] matching identity, by default
Marsh Ray <marsh@extendedsubset.com> Thu, 03 December 2009 13:54 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B3C093A6A61 for <tls@core3.amsl.com>; Thu, 3 Dec 2009 05:54:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.508
X-Spam-Level:
X-Spam-Status: No, score=-2.508 tagged_above=-999 required=5 tests=[AWL=0.091, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9xmPFlRo6gNO for <tls@core3.amsl.com>; Thu, 3 Dec 2009 05:54:14 -0800 (PST)
Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id D6E9B3A684A for <tls@ietf.org>; Thu, 3 Dec 2009 05:54:14 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1NGC8E-000OgO-7f; Thu, 03 Dec 2009 13:54:06 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 7183B603C; Thu, 3 Dec 2009 13:54:03 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1/Ht0YZpNDIqVJh++Qx5SQ7v8WADwiwGJo=
Message-ID: <4B17C2F9.9010802@extendedsubset.com>
Date: Thu, 03 Dec 2009 07:54:01 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Bodo Moeller <bmoeller@acm.org>
References: <C2329F9D-F5EF-4E8B-9EE8-ED246D7B7287@manger.com.au> <BF782069-544A-4842-B8C8-A9472C9794BB@acm.org>
In-Reply-To: <BF782069-544A-4842-B8C8-A9472C9794BB@acm.org>
X-Enigmail-Version: 0.96.0
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "tls@ietf.org Working Group" <tls@ietf.org>, James Manger <james@manger.com.au>
Subject: Re: [TLS] matching identity, by default
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2009 13:54:15 -0000
Bodo Moeller wrote: > TLS has never meant to allow a new > client or server application entity to enter the conversation when a > renegotiation handshake takes place I disagree. The person(s) who added renegotiation clearly wanted to enable multiple "application entities" to run on the same port 443. These may be communicated over the same pool of active socket connections, as Nelson Bolyard of NSS (hier of the Netscape legacy implementation, twice removed) has described. Whether or not that was a wise design, or whether it was implemented perfectly is certainly debatable. We can all agree that certain implications of this design were under-documented. > Here's a new proposal: > > "[..] TLS implementations MUST NOT use a change of Certificate > information to indicate that subsequent application data will be in the > responsibility of a different client or server application entity. I don't support such wording. If someone wants to write a TLS application layer protocol that way, there's no good reason for the spec to prohibit it at this stage in the game. > That > is, if a new or changed Certificate message appears in a renegotiation > handshake and is successfully verified, it is understood that this is a > change in identification information only and not a change in identity." It might not even be a swap-out change, it could be additive or have other app-defined semantics. For example, a client or server application could renegotiate ten times and provide ten different certificates, then renegotiate to ephemeral Diffie-Hellman. The application protocol may be defined to treat subsequent data as being authenticated to any or all of the ten certificated identities. Another point is that TLS doesn't have to run over TCP. Imagine you need a way to securely convey authenticated data over a bare synchronous or asynchronous link (e.g. RS-232). TLS would be a natural choice, but if you restrict arbitrary certificate changes, you won't be able to use it continuously. You'll have to drop out of TLS altogether and start a new handshake, thus introducing unnecessary encryption and authentication gaps. - Marsh
- Re: [TLS] matching identity, by default Stephen Farrell
- [TLS] matching identity, by default James Manger
- Re: [TLS] matching identity, by default Bodo Moeller
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Bodo Moeller
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Bill Frantz
- Re: [TLS] matching identity, by default Nelson B Bolyard
- Re: [TLS] matching identity, by default James Manger
- Re: [TLS] matching identity, by default David-Sarah Hopwood
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Michael Gray
- Re: [TLS] matching identity, by default Martin Rex
- Re: [TLS] matching identity, by default Martin Rex
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Martin Rex
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default James Manger
- Re: [TLS] matching identity, by default Marsh Ray
- Re: [TLS] matching identity, by default Bill Frantz
- Re: [TLS] matching identity, by default Kyle Hamilton
- Re: [TLS] matching identity, by default Kyle Hamilton
- Re: [TLS] matching identity, by default Martin Rex
- Re: [TLS] matching identity, by default Bodo Moeller