Re: [TLS] Cached Info extension - Draft 01

To: simon at josefsson.org (Simon Josefsson)
Subject: Re: [TLS] Cached Info extension - Draft 01
From: Martin Rex <Martin.Rex at sap.com>
Date: Wed, 24 Jun 2009 14:41:28 +0200 (MEST)
Cc: tls at ietf.org, Martin.Rex at sap.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <87ljnhn7ki.fsf at mocca.josefsson.org> from "Simon Josefsson" at Jun 24, 9 02:24:13 pm
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com

Simon Josefsson wrote:
> 
> Stefan Santesson <stefan at aaa-sec.com> writes:
> 
> > It was not my intention to kill off this discussion with this new draft.
> >
> > I¹m wandering whether the silence is a sign of agreement, vacation or just a
> > giving up that the author will ever listen to reasonable arguments...
> 
> I still prefer Martin's proposal to add framing, but could live with
> your approach.
> 
> A mild problem that I don't think is fully covered yet is the complexity
> in transition to new hashes -- clients will forever need to send SHA-1
> hashes to the server, it seems, to ensure interoperability?  Or should
> the document contain some text that explains that servers should pick
> the "preferred" hash it supports, and that clients should cache that
> choice for future use?  Additional text would then be needed to explain
> that if clients try the new hash later on, and it doesn't work, it
> should revert back to SHA-1 in case the server software was changed to
> not support the other hash.  This aspects doesn't feel completely baked
> yet to me.

How about extending the ClientHello and ServerHello extension
with a pure negotiation of the supported Hash algorithms?

So that in the first request, when the client does not have any cached
data (and no hash values to propose), only the hash algorithm is
"negotiated", plus the data elements for which the server supports
caching in principle?

This way, the client can learn which hash algorithm the server
supports before filling his cache, and the client can also abstain
from caching for servers that do not support the extension at all
and abstain from caching particular handshake data, for which the
server does not support caching.

-Martin

Follow-Ups:
- Re: [TLS] Cached Info extension - Draft 01
  - From: Stefan Santesson

References:
- Re: [TLS] Cached Info extension - Draft 01
  - From: Simon Josefsson

Prev by Date: Re: [TLS] Cached Info extension - Draft 01
Next by Date: [TLS] I-D ACTION:draft-ietf-tls-cached-info-01.txt
Previous by thread: Re: [TLS] Cached Info extension - Draft 01
Next by thread: Re: [TLS] Cached Info extension - Draft 01
Index(es):
- Date
- Thread

Re: [TLS] Cached Info extension - Draft 01

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.