Re: [TLS] Negotiation in draft-santesson-tls-gssapi

To: Martin Rex <Martin.Rex at sap.com>
Subject: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Thu, 19 Jul 2007 23:51:41 -0500
Cc: tls at ietf.org
In-reply-to: <200707200020.l6K0KTdL000752@fs4113.wdf.sap.corp>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <200707192354.l6JNsPkJ029220@fs4113.wdf.sap.corp> <200707200020.l6K0KTdL000752@fs4113.wdf.sap.corp>
User-agent: Mutt/1.5.7i

On Fri, Jul 20, 2007 at 02:20:29AM +0200, Martin Rex wrote:
> A while back we had a discussion about changing the TLS PRF.
> Then it was suggested that it should be OK if both parties have
> to keep all SSL handshake messages around in order to compute
> the finished messages.
> 
> I don't think this would be a good idea if there is no size limit
> on the size of the entire SSL/TLS handshake.  Do we really want
> to have the entire GSS-API token exchange WITHIN the TLS handshake?

Well, we could have the Finished message construction modified so as to
substitute a hash of each GSS context token in place of that token.

> The decision of a TLS server to abort a handshake because of an
> excessively large Hello extension itself might be easier than
> to tell from which size on a huge optimistic context token for an
> (potentially unsupported) gssapi mechanism in the SPNEGO token
> should be considered an offense or attack deserving a FATAL SSL alert...

I don't think we want to have the initial context token go in the client
Hello message, even if it turns out that we could.  I'm willing to eat
that round-trip (even though I might be -- I haven't decided :) --
concerned about additional round-trips in the GSS-fails case).

Nico
-- 

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Negotiation in draft-santesson-tls-gssapi
  - From: Martin Rex
- Re: [TLS] Negotiation in draft-santesson-tls-gssapi
  - From: Martin Rex

Prev by Date: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
Next by Date: Re: [TLS] encrypting GSS data: draft-santesson-tls-gssapi-03.txt
Previous by thread: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
Next by thread: Re: [TLS] Negotiation in draft-santesson-tls-gssapi
Index(es):
- Date
- Thread

Re: [TLS] Negotiation in draft-santesson-tls-gssapi

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.