Re: [TLS] Cached Info extension - Draft 01
Stefan Santesson <stefan@aaa-sec.com> Wed, 01 July 2009 01:12 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1235D3A65A6 for <tls@core3.amsl.com>; Tue, 30 Jun 2009 18:12:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.173
X-Spam-Level:
X-Spam-Status: No, score=-1.173 tagged_above=-999 required=5 tests=[AWL=-0.320, BAYES_00=-2.599, HELO_EQ_SE=0.35, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wqV3Jsmemd9b for <tls@core3.amsl.com>; Tue, 30 Jun 2009 18:12:15 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.112]) by core3.amsl.com (Postfix) with ESMTP id B88723A67ED for <tls@ietf.org>; Tue, 30 Jun 2009 18:12:13 -0700 (PDT)
Received: (qmail 5991 invoked from network); 1 Jul 2009 01:12:41 -0000
Received: from s34.loopia.se (HELO s57.loopia.se) ([194.9.94.70]) (envelope-sender <stefan@aaa-sec.com>) by s87.loopia.se (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <tls@ietf.org>; 1 Jul 2009 01:12:41 -0000
Received: (qmail 14937 invoked from network); 1 Jul 2009 01:12:31 -0000
Received: from 213-64-142-21-no153.business.telia.com (HELO [192.168.0.17]) (stefan@fiddler.nu@[213.64.142.21]) (envelope-sender <stefan@aaa-sec.com>) by s57.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <martin.rex@sap.com>; 1 Jul 2009 01:12:31 -0000
User-Agent: Microsoft-Entourage/12.19.0.090515
Date: Wed, 01 Jul 2009 03:12:30 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: martin.rex@sap.com, Simon Josefsson <simon@josefsson.org>
Message-ID: <C670849E.2E64%stefan@aaa-sec.com>
Thread-Topic: [TLS] Cached Info extension - Draft 01
Thread-Index: Acn56QE54G0UsQ8f7kiQ72gV5jTKjQ==
In-Reply-To: <200906241241.n5OCfS8g011647@fs4113.wdf.sap.corp>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Cc: tls@ietf.org
Subject: Re: [TLS] Cached Info extension - Draft 01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2009 01:12:16 -0000
I might be missing something, but I'm not sure I get the problem. One difficulty I have is that I don't see, and never have seen, the reason to provide different levels of hash algorithms for a usage that does not require a strong hash. But even if the client decides to do this, the server can pick any of the hashes as the return value. That hash is long and random enough to work as a perfectly unambiguous identifier of a successfully replaced cached object, and is long and random enough to reduce the chance of accidental collisions of any kind to totally negligible probabilities. Maybe we should sit down in Stockholm and come up with a solution that hopefully makes everyone happy. /Stefan On 09-06-24 2:41 PM, "Martin Rex" <Martin.Rex@sap.com> wrote: > Simon Josefsson wrote: >> >> Stefan Santesson <stefan@aaa-sec.com> writes: >> >>> It was not my intention to kill off this discussion with this new draft. >>> >>> I¹m wandering whether the silence is a sign of agreement, vacation or just a >>> giving up that the author will ever listen to reasonable arguments... >> >> I still prefer Martin's proposal to add framing, but could live with >> your approach. >> >> A mild problem that I don't think is fully covered yet is the complexity >> in transition to new hashes -- clients will forever need to send SHA-1 >> hashes to the server, it seems, to ensure interoperability? Or should >> the document contain some text that explains that servers should pick >> the "preferred" hash it supports, and that clients should cache that >> choice for future use? Additional text would then be needed to explain >> that if clients try the new hash later on, and it doesn't work, it >> should revert back to SHA-1 in case the server software was changed to >> not support the other hash. This aspects doesn't feel completely baked >> yet to me. > > > How about extending the ClientHello and ServerHello extension > with a pure negotiation of the supported Hash algorithms? > > So that in the first request, when the client does not have any cached > data (and no hash values to propose), only the hash algorithm is > "negotiated", plus the data elements for which the server supports > caching in principle? > > This way, the client can learn which hash algorithm the server > supports before filling his cache, and the client can also abstain > from caching for servers that do not support the extension at all > and abstain from caching particular handshake data, for which the > server does not support caching. > > > -Martin
- [TLS] Cached Info extension - Draft 01 Stefan Santesson
- Re: [TLS] Cached Info extension - Draft 01 Stefan Santesson
- Re: [TLS] Cached Info extension - Draft 01 Simon Josefsson
- Re: [TLS] Cached Info extension - Draft 01 Martin Rex
- Re: [TLS] Cached Info extension - Draft 01 Stefan Santesson
- Re: [TLS] Cached Info extension - Draft 01 Florian Weimer
- Re: [TLS] Cached Info extension - Draft 01 Martin Rex
- Re: [TLS] Cached Info extension - Draft 01 Stefan Santesson
- Re: [TLS] Cached Info extension - Draft 01 Martin Rex
- Re: [TLS] Cached Info extension - Draft 01 Stefan Santesson
- Re: [TLS] Cached Info extension - Draft 01 Martin Rex