Re: [TLS] Review of draft-santesson-tls-gssapi-00

To: "<Pasi.Eronen at nokia.com>" <Pasi.Eronen at nokia.com>
Subject: Re: [TLS] Review of draft-santesson-tls-gssapi-00
From: Yoav Nir <ynir at checkpoint.com>
Date: Wed, 21 Mar 2007 11:22:03 +0200
Cc: tls at ietf.org
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F2403E92709@esebe105.NOE.Nokia.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <A15AC0FBACD3464E95961F7C0BCD1FF01EEDF5A8@EA-EXMSG-C307.europe.corp.microsoft.com><200703081752.SAA13445@uw1048.wdf.sap.corp><A15AC0FBACD3464E95961F7C0BCD1FF01EEDF84A@EA-EXMSG-C307.europe.corp.microsoft.com><861wjyfnmp.fsf@delta.rtfm.com><A15AC0FBACD3464E95961F7C0BCD1FF01EEDF88A@EA-EXMSG-C307.europe.corp.microsoft.com><86fy8ee7g5.fsf@delta.rtfm.com> <A15AC0FBACD3464E95961F7C0BCD1FF01EEDFC6F@EA-EXMSG-C307.europe.corp.microsoft.com> <B356D8F434D20B40A8CEDAEC305A1F2403E92576@esebe105.NOE.Nokia.com> <A15AC0FBACD3464E95961F7C0BCD1FF01EF5FEA6@EA-EXMSG-C307.europe.corp.microsoft.com> <B356D8F434D20B40A8CEDAEC305A1F2403E92709@esebe105.NOE.Nokia.com>

On Mar 20, 2007, at 7:00 PM, <Pasi.Eronen at nokia.com> <Pasi.Eronen at nokia.com> wrote:

Stefan Santesson wrote:

The problem is that it is very hard to engage into a discussion
unless the objections are substantiated.


I can repeat one specific objection (made by several people already):
*all* current TLS key exchange mechanisms use exactly the same state
machine, i.e. the message exchange shown in Fig. 1 of RFC 2246, while
this proposal doesn't.


Agree so far.

This would be quite radical change to TLS. For example, the base
TLS spec assumes this state machine is always used, so either we
need to change it to accommodate GSS-API, or the GSS-API document
has to effectively overrule the base spec in many places.

(I also believe that implementation could be easier if the state
machine is not changed, but that's probably a secondary concern.)

<snip>

Structurally, the problem with your proposal that has been pointed
out to me is that many use of TLS requires authentication have to be
established before the finished message, or it will be useless. This
aspect needs to be analyzed to determined whether completing
authentication before the finished message is an absolute
requirement for a solution to be meaningful.


Could you explain why you think it will be useless?

We certainly have to complete the authentication (including GSS-API)
before we let application data through. In my proposal, that would
happen after the channel binding messages (not immediately after the
finished messages).

This would change the same state machine which you reference in RFC 2246. That figure makes it clear that application data immediately follows the Finished message. Inserting more handshake messages between the Finished message and the application data is just as big a change as is inserting them before the Finished message.

Both the GSSAPI draft and the TEE draft add handshake messages before the Finished message. To require further authentication or keying messages after the Finished message would alter the meaning of the Finished message. Maybe we should rename it to AlmostFinished.

I suggest that rather than conducting a straw poll about whether or not GSSAPI (or TEE) should become working group items, we first have one on whether external authentication should become a working group item. If the answer to that is yes, we can then discuss whether we should use the RADIUS namespace, EAP or GSSAPI.

Regards,

Yoav


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Pasi.Eronen
- [TLS] TLS state machine
  - From: Stefan Santesson

References:
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Martin Rex
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: EKR
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: EKR
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Pasi.Eronen
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Pasi.Eronen

Prev by Date: Re: [TLS] Review of draft-santesson-tls-gssapi-00
Next by Date: Re: [TLS] Re: AES-GCM drafts as WG items
Previous by thread: RE: [TLS] Review of draft-santesson-tls-gssapi-00
Next by thread: [TLS] TLS state machine
Index(es):
- Date
- Thread

Re: [TLS] Review of draft-santesson-tls-gssapi-00

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.