Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))

To: Pasi.Eronen at nokia.com
Subject: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Wed, 4 Nov 2009 11:46:09 -0600
Cc: channel-binding at ietf.org, sasl at ietf.org, tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <808FD6E27AD4884E94820BC333B2DB774E7F7C562A at NOK-EUMSG-01.mgdnok.nokia.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <20091005162704.8C1B43A6873 at core3.amsl.com> <D3DC9D45B39CFC4CB312B2DD279B354C29BADFF7 at TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <20091030223647.GO1105 at Sun.COM> <808FD6E27AD4884E94820BC333B2DB774E7F7C562A at NOK-EUMSG-01.mgdnok.nokia.com>
User-agent: Mutt/1.5.7i

On Wed, Nov 04, 2009 at 03:28:35PM +0100, Pasi.Eronen at nokia.com wrote:
> Nicolas Williams wrote:
> > I'm not sure that we can make it any clearer.
> 
> In any case, I guess we agree that we're referring to the latest TLS
> handshake sent in clear (with TLS_NULL_WITH_NULL_NULL state)?

Yes (and before any ChangeCipherSpec messages).

> Could we somehow refer to this? Perhaps:
> 
>   Note: We define a new "TLS connection" to start when the client
>   sends an unencrypted (TLS_NULL_WITH_NULL_NULL cipher suite) Client
>   Hello message (which can lead to either a full handshake, or
>   resuming a session). Renegotiation (sending a Client Hello protected
>   under some other cipher suite) does not start a new "TLS connection".  
>   Note that this is separate from any notion of "connection", if any, 
>   in the underlying transport protocol (such as TCP or UDP).

I like that.

> (Is this consistent with what the existing implementations do?)

It's consistent with the description that had been registered.  I don't
have an implementation, so I can't say as to existing implementations.
Jeff and/or Larry should know.

Nico
--

References:
- [TLS] Last Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard
  - From: The IESG
- [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))
  - From: Nicolas Williams
- Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))
  - From: Pasi.Eronen

Prev by Date: [TLS] MITM attack on delayed TLS-client auth through renegotiation
Next by Date: Re: [TLS] [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard)
Previous by thread: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))
Next by thread: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))
Index(es):
- Date
- Thread

Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.