Re: [TLS] TLS renegotiation issue

To: Marsh Ray <marsh at extendedsubset.com>
Subject: Re: [TLS] TLS renegotiation issue
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Thu, 5 Nov 2009 11:25:14 -0600
Cc: "tls at ietf.org" <tls at ietf.org>
Delivered-to: tls at core3.amsl.com
In-reply-to: <4AF30A0E.5030409 at extendedsubset.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <200911051711.nA5HBfOl028765 at fs4113.wdf.sap.corp> <4AF30A0E.5030409 at extendedsubset.com>
User-agent: Mutt/1.5.7i

On Thu, Nov 05, 2009 at 11:23:26AM -0600, Marsh Ray wrote:
> I expect that EKR will be posting some details soon.

We await with bated breath :)

> Martin Rex wrote:
> >
> > Technically there is no
> > limit on the number of renegotiations, so a simple pointer
> > only one TLS session into the past does not seem sufficient
> > for that purpose.
> 
> I agree, the concept of "first handshake on the socket" is a bit
> nebulous from the perspective of the TLS spec.

Only at first glance.  The "first handshake", or, rather, "outer-most
handshake" is really one that occurs with null cipher spec, that is, not
under the protection of another TLS connection.

> The approach our proposal took was to work off of the "most recent
> previous finished message" over the underlying transport.

I recommend "the client finished, in cleartext, from the outer-most
handshake", with "first handshake" as described above.

Better yet, though equivalently, I recommend "the tls-unique channel
bindings of the outer-most handshake".  (Or at least state the
equivalence, and add a reference to draft-altman-tls-channel-bindings
and RFC5056.)

Nico
--

References:
- Re: [TLS] TLS renegotiation issue
  - From: Martin Rex
- Re: [TLS] TLS renegotiation issue
  - From: Marsh Ray

Prev by Date: Re: [TLS] TLS renegotiation issue
Next by Date: Re: [TLS] TLS renegotiation issue
Previous by thread: Re: [TLS] TLS renegotiation issue
Next by thread: Re: [TLS] TLS renegotiation issue
Index(es):
- Date
- Thread

Re: [TLS] TLS renegotiation issue

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.