Re: [TLS] [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:

To: Nicolas Williams <Nicolas.Williams at sun.com>, mrex at sap.com
Subject: Re: [TLS] [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:
From: Jeffrey Hutzelman <jhutz at cmu.edu>
Date: Wed, 04 Nov 2009 13:14:41 -0500
Cc: channel-binding at ietf.org, tls at ietf.org, sasl at ietf.org, jhutz at cmu.edu
Delivered-to: tls at core3.amsl.com
In-reply-to: <11983_1257287730_nA3MZT4b001736_20091103222352.GJ1105 at Sun.COM>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <20091030223647.GO1105 at Sun.COM> <200911021459.nA2Exi67028763 at fs4113.wdf.sap.corp> <11983_1257287730_nA3MZT4b001736_20091103222352.GJ1105 at Sun.COM>

--On Tuesday, November 03, 2009 04:23:53 PM -0600 Nicolas Williams<Nicolas.Williams at sun.com> wrote:

It might be easier to _NOT_ key on the finished message, but on the
master secret instead.


Too late for that.

Not just too late, but also a bad idea. Previous discussions relating toFAST and anonymous PKINIT resulted in some investigation which, in turn,led to the somewhat surprising result that the TLS master secret does _not_name a unique channel, while the finished messages _do_.


-- Jeff

References:
- [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))
  - From: Nicolas Williams
- Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
  - From: Martin Rex

Prev by Date: Re: [TLS] [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard)
Next by Date: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))
Previous by thread: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
Next by thread: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
Index(es):
- Date
- Thread

Re: [TLS] [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.