Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt

To: Russ Housley <housley at vigilsec.com>
Subject: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Mon, 26 Oct 2009 13:51:43 -0500
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <20091026184210.546069A472C at odin.smetech.net>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <p0624087dc6efe84bcc54 at [10.20.30.163]> <87bpkkd4tv.fsf at mocca.josefsson.org> <808FD6E27AD4884E94820BC333B2DB774E7F2F0022 at NOK-EUMSG-01.mgdnok.nokia.com> <20091026184210.546069A472C at odin.smetech.net>
User-agent: Mutt/1.5.7i

On Mon, Oct 26, 2009 at 02:41:43PM -0400, Russ Housley wrote:
> Pasi:
> >I'd like to re-iterate my earlier concern about the original
> >draft-rescorla-tls-opaque-prf-input draft: this defines a basically
> >general-purpose extension mechanism to TLS.
> >
> >We already have a well-defined extension mechanism for TLS (TLS
> >extensions), which would allow people to do exactly the sorts of
> >things envisioned in Section 1.1. Its only "drawback" is that it
> >requires going through the IETF process to obtain the IANA allocation,
> >and thus publicly documenting what you're doing.
> 
> I do not think this is a fair characterization.  TLS extensions 
> cannot provide additional PRF inputs.  To my eyes, that is the 
> fundamental difference here.

Well, one could imagine a plethora of extensions each of which says that
you must modify the PRF computation in such and such ways.  But that
gets ugly very quickly.

IMO we need this draft, and IMO it's properly seen as the TLS equivalent
of the GSS-API channel bindings input to GSS_Init/Accept_sec_context():

    An additional PRF input is an octet string that is checked for
    equality in an integrity protected manner that adds no round-trips
    nor half round-trips.  If the equality comparison fails then
    authentication fails.

Whether that facility is used for bonafide channel binding or, more
likely, to provide integrity protection for application data sent out of
band from TLS, is not important.  What's important is: a) that those
semantics are desirable, b) that client and server applications can
agree on what they'll use as additional PRF inputs (e.g., it may be
desirable to support multiple additional inputs, each tagged with a type
specifier).

Nico
--

References:
- [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
  - From: Paul Hoffman
- Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
  - From: Simon Josefsson
- Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
  - From: Pasi.Eronen
- Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
  - From: Russ Housley

Prev by Date: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Next by Date: [TLS] IETF-76 TLS draft agenda
Previous by thread: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Next by thread: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Index(es):
- Date
- Thread

Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.