Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert

Michael D'Errico <mike-list@pobox.com> Mon, 14 June 2010 17:31 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 00B363A68CC for <tls@core3.amsl.com>; Mon, 14 Jun 2010 10:31:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.991
X-Spam-Level:
X-Spam-Status: No, score=-0.991 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mudyd-R+In39 for <tls@core3.amsl.com>; Mon, 14 Jun 2010 10:31:28 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by core3.amsl.com (Postfix) with ESMTP id D7A7B3A68BE for <tls@ietf.org>; Mon, 14 Jun 2010 10:31:27 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id EB84EBC3D3; Mon, 14 Jun 2010 13:31:30 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=CKaaEr9F/Gk4 c6/R7AU3DfrZ4qk=; b=uKPocMXFdrk1CmeCemOKl7NSov+Ddffe/5BrsGfN6PC0 aLWOM/j6CT8AiITTUD0D1WgkIL5nFbgXBayXcougEZufRm94KHF7rN9CaDLh4TbV XUUjqXL3jhJ7sxwmvDIWouREnKCRyRqZFKGl44hwKv5Mr7/JAUouX3pFFsg54L8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=FT7i+9 3XkKNwDq+rFzfbsyKBq47rOTREWedxuytluifDgUQe0G659LdtkB8CiQQB0rGCuB oZhynd86YcU77Op7bCGLE7VZ4tC49kVaV3gnytfJqlA3Tntzl0zCamG94we6Ogai E98KZ+kIrhx0k9xQIzrLVhV6/XO+9sd55hei4=
Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id C9119BC3D2; Mon, 14 Jun 2010 13:31:29 -0400 (EDT)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 49269BC3D1; Mon, 14 Jun 2010 13:31:28 -0400 (EDT)
Message-ID: <4C16676F.1050100@pobox.com>
Date: Mon, 14 Jun 2010 10:31:27 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
References: <201006141402.o5EE2IIi026247@fs4113.wdf.sap.corp> <4C164C84.4000502@pobox.com> <4C165D00.4010601@gnutls.org>
In-Reply-To: <4C165D00.4010601@gnutls.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: AAE19064-77DA-11DF-B22B-9056EE7EF46B-38729857!a-pb-sasl-quonix.pobox.com
Cc: tls@ietf.org
Subject: Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2010 17:31:30 -0000

Nikos Mavrogiannopoulos wrote:
> 
> However layers should be clear in the protocol descriptions to allow for
> replacing layers transparently. TLS does not need DNS to work, nor
> TCP/IP. If the new internet runs on BBP/CD, TLS will still work.

I know that TLS does not depend on DNS or TCP/IP.  My code has no idea
about either of them; it just processes strings.  My objection was to
Martin's belief that SNI is somehow not a part of TLS because it is
"just" an extension.  He implied that if TLS code uses the SNI for
anything other than to pass it to the application, it must be broken.
That is just his opinion, and when I release my code he will have the
freedom to not use it.

This thread is now off topic, so I won't say anything more about it.

Mike

P.S. where can I find the spec for BBP/CD?  :-)