Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05
Dear Joe, Bernard and all,
Section 2.7 describes a way to securely send the client certificate. It
assumes that the client permits renegotiation after the first server
authentication. However, this requires more cryptographic computations
since both entities will encrypt the second TLS session packets and it
augments significantly the number of rounds trips over the wireless link,
which is not always widely available. Moreover, this sensitivity increases
a DoS attack's effectiveness against the authentication server, especially
in the case where the client is not configured to renegotiate a second TLS
session. It is IMHO useful to negotiate identity protection asap.
Hajjeh and I recently submitted a document to add identity protection to
TLS. This solution does not suffer from interoperability issues related to
TLS Extensions, TLS 1.0 and TLS 1.1 implementations. I would like that
EAP-TLS reconsider this document for identity protection implementations.
The document is available for your review and comments at
http://www.ietf.org/internet-drafts/draft-hajjeh-tls-identity-protection-00.txt
Best regards,
Badra
> This is a working group last call for draft-simon-emu-rfc2716bis-05.
>
> Please send you comments to the emu list by December 29, 2006.
>
> The document can be accessed here:
> http://www.ietf.org/internet-drafts/draft-simon-emu-rfc2716bis-05.txt.
>
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> https://www1.ietf.org/mailman/listinfo/emu
>
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
