I agree with Larry that the current definition of tls-unique is impossible to implement in TLS libraries in the way you'd typically want, i.e., a tls_get_tls_unique_cb() function. However, there IS a way that TLS libraries can support the current approach: add a callback interface to provide applications with the TLS Finished message, and let the application handle the complexities regarding connections vs session. That is what I decided to do in GnuTLS, a callback like this: typedef void (*gnutls_finished_callback_func) (gnutls_session_t session, const void *finished, size_t len); void gnutls_session_set_finished_function (gnutls_session_t session, gnutls_finished_callback_func func); Generally, I'm not happy with draft-altman-tls-channel-bindings so if this is an opportunity to consider alternatives I want to remind you of this work: http://josefsson.org/sasl-gs2/draft-josefsson-sasl-tls-cb-02.txt It makes sure to bind the channel binding uniquely to BOTH the current connection and the current session. The draft-altman-tls-channel-bindings-07 document only binds to the current TLS connection. So from this perspective, my work has the same issue, but it is different in other aspects. /Simon Larry Zhu <larry.zhu at microsoft.com> writes: > There is a design issue in tls-unique. For vendors who implement TLS in a separate library, the TLS library does not by itself control the transport therefore it would not know if there is a new connection, so that the current specification is not implementable for these vendors. > > It would be much easier to say the following instead: > > The client's TLS Finished message from the first handshake of the session (note: TLS session, not connection, so that the channel binding is specific to each TLS session regardless of whether session resumption is used). > > And the updated text does reflect what has been deployed for tls-unique. > > I would like to raise a red flag now. Needless to say that I will start a discussion with the responsible AD and the rest of the editors of this ID to fix this issue, and do so based on consensus. > > Pasi, please consider this issue blocking for now. > > Thanks, > > --Larry > > -----Original Message----- > From: tls-bounces at ietf.org [mailto:tls-bounces at ietf.org] On Behalf Of The IESG > Sent: Monday, October 05, 2009 9:27 AM > To: IETF-Announce > Cc: channel-binding at ietf.org; tls at ietf.org; sasl at ietf.org > Subject: [TLS] Last Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard > > The IESG has received a request from an individual submitter to consider > the following document: > > - 'Channel Bindings for TLS ' > <draft-altman-tls-channel-bindings-07.txt> as a Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf at ietf.org mailing lists by 2009-11-02. Exceptionally, > comments may be sent to iesg at ietf.org instead. In either case, please > retain the beginning of the Subject line to allow automated sorting. > > The file can be obtained via > http://www.ietf.org/internet-drafts/draft-altman-tls-channel-bindings-07.txt > > > IESG discussion can be tracked via > https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=15087&rfc_flag=0 > > _______________________________________________ > TLS mailing list > TLS at ietf.org > https://www.ietf.org/mailman/listinfo/tls
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.