Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt

To: Simon Josefsson <simon at josefsson.org>
Subject: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Tue, 6 Oct 2009 18:40:43 -0500
Cc: Paul Hoffman <paul.hoffman at vpnc.org>, tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <87bpkkd4tv.fsf at mocca.josefsson.org>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <p0624087dc6efe84bcc54 at [10.20.30.163]> <87bpkkd4tv.fsf at mocca.josefsson.org>
User-agent: Mutt/1.5.7i

On Tue, Oct 06, 2009 at 03:34:04PM +0200, Simon Josefsson wrote:
> If these use-cases are intended to be realistic use-cases of the
> extension (which doesn't seem clear to me), I believe the document needs
> more work: it should suggest a structure of the PRF data so that servers
> will understand what type of data the client sent.  Compare for example
> how RFC 5077 suggests a format.  The document could even go further and
> mandate a particular format, which would make the use-cases more likely
> to interoperate, such as:

This is effectively a channel binding input to TLS.  Uses of a channel
binding input are not limited to channel binding (which is not likely to
be useful to TLS, even though channel binding to IPsec would clearly be
feasible).

For example, in SCRAM/GS2 we use GSS-API channel binding in the
construction of a SASL mechanism to protect cleartext sent outside the
GSS-API mechanism's tokens.  A secure audit protocol in OpenSolaris uses
GSS-API channel bindings to protect early application protocol version
negotiation.  And so on.

I think this is likely to be particularly useful to StartTLS-type
applications, as a way of integrity-protecting early application
protocol version negotiation.  I suspect this extension will also be
particularly useful to DTLS applications, for similar reasons.

Nico
--

References:
- [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
  - From: Paul Hoffman
- Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
  - From: Simon Josefsson

Prev by Date: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Next by Date: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Previous by thread: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Next by thread: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Index(es):
- Date
- Thread

Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.