Re: [TLS] [CHANNEL-BINDING] Unrelated (Re: RESOLVED (Re: [sasl] lasgt call comments (st Call:)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] [CHANNEL-BINDING] Unrelated (Re: RESOLVED (Re: [sasl] lasgt call comments (st Call:)

To: mrex at sap.com
Subject: Re: [TLS] [CHANNEL-BINDING] Unrelated (Re: RESOLVED (Re: [sasl] lasgt call comments (st Call:)
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Tue, 3 Nov 2009 17:59:30 -0600
Cc: channel-binding at ietf.org, tls at ietf.org, sasl at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <200911040001.nA401rVh002365 at fs4113.wdf.sap.corp>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <20091103222045.GI1105 at Sun.COM> <200911040001.nA401rVh002365 at fs4113.wdf.sap.corp>
User-agent: Mutt/1.5.7i

On Wed, Nov 04, 2009 at 01:01:53AM +0100, Martin Rex wrote:
> Nicolas Williams wrote:
> > Why is that a problem?  The request will have named a document, but if
> > you're using confidentiality protection then so what?  The client knows
> > the document name, and so does the server.  Authorization _correctly_
> > happens when the access request is made.  That the necessary user
> > authentication step is delayed until authorization is needed doesn't
> > strike me as a problem -- it's a feature.
> 
> You are barking up the wrong tree.
> 
> The flaw in Microsoft IIS is, that it's server-side session cache is
> somehow broken.  Once it has forced the client through a renegotiate,
> it should memorize what the client sent as response to the
> CertificateRequest message (either a client cert or the indication
> that it doesn't have one or doesn't want to send one).

Ah, sure, that sounds like a bug.

Nico
--

References:
- [TLS] Unrelated (Re: [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:)
  - From: Nicolas Williams
- Re: [TLS] Unrelated (Re: [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:)
  - From: Martin Rex

Prev by Date: Re: [TLS] Unrelated (Re: [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:)
Next by Date: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
Previous by thread: Re: [TLS] Unrelated (Re: [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:)
Next by thread: Re: [TLS] [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:
Index(es):
- Date
- Thread

Re: [TLS] [CHANNEL-BINDING] Unrelated (Re: RESOLVED (Re: [sasl] lasgt call comments (st Call:)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.