Re: [TLS] Review of draft-santesson-tls-gssapi-00

To: Stefan Santesson <stefans at microsoft.com>
Subject: Re: [TLS] Review of draft-santesson-tls-gssapi-00
From: EKR <ekr at networkresonance.com>
Date: Fri, 09 Mar 2007 07:22:06 -0800
Cc: "tls at ietf.org" <tls at ietf.org>
In-reply-to: <A15AC0FBACD3464E95961F7C0BCD1FF01EEDF84A@EA-EXMSG-C307.europe.corp.microsoft.com> (Stefan Santesson's message of "Fri, 9 Mar 2007 14:30:51 +0000")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <A15AC0FBACD3464E95961F7C0BCD1FF01EEDF5A8@EA-EXMSG-C307.europe.corp.microsoft.com> <200703081752.SAA13445@uw1048.wdf.sap.corp> <A15AC0FBACD3464E95961F7C0BCD1FF01EEDF84A@EA-EXMSG-C307.europe.corp.microsoft.com>
Reply-to: EKR <ekr at networkresonance.com>
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.20 (berkeley-unix)

Stefan Santesson <stefans at microsoft.com> writes:
> If the TLS state machine still have control over the security level of the encryption key, would it still be a problem that several roundtrips is required for the GSS exchange?

Yes.

> If so, why is this a problem, except from an emotional purity perspective.

I'm not sure how to explain it any better than I have already. TLS
has a state machine with a given number of round trips. You're
proposing to change it into a state machine with an *arbitrary*
numbr of round trips determined not inside TLS but rather coupled
with the GSS state machine. That's a radical change and strikes
me as extremely hard to analyze.

-Ekr

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson

References:
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Martin Rex
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson

Prev by Date: [TLS] RE: Review of draft-santesson-tls-gssapi-00
Next by Date: Re: [TLS] Review of draft-santesson-tls-gssapi-00
Previous by thread: RE: [TLS] Review of draft-santesson-tls-gssapi-00
Next by thread: RE: [TLS] Review of draft-santesson-tls-gssapi-00
Index(es):
- Date
- Thread

Re: [TLS] Review of draft-santesson-tls-gssapi-00

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.