Re: [TLS] TLS renegotiation issue

To: Nicolas.Williams at sun.com (Nicolas Williams)
Subject: Re: [TLS] TLS renegotiation issue
From: Martin Rex <mrex at sap.com>
Date: Thu, 5 Nov 2009 19:16:02 +0100 (MET)
Cc: ekr at rtfm.com, tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <20091105175044.GG5124 at Sun.COM> from "Nicolas Williams" at Nov 5, 9 11:50:44 am
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: mrex at sap.com

Nicolas Williams wrote:
> 
> > The MITM can make sure they match.
>
> I should expand on this.
>  [helpful explanantion removed]

Blush -- you are correct.

The MITM can make the two previous sessions come out with the same
client.random and server.random.

So these are not a secure back pointer.

> 
> You can't use the client.random and server.random as channel bindings.

I'm trying to use terminology that is already in the TLS specs.
The generic term "channel bindings" is a little bit to fuzzy for
my taste, and the original use of channel bindings in GSS-API
is not cryptographically secure.

> 
> But the client's Finished message from the outer TLS connection works.

OK.

You win.  ;-)

-Martin

Follow-Ups:
- Re: [TLS] TLS renegotiation issue
  - From: Nicolas Williams
- Re: [TLS] TLS renegotiation issue
  - From: Nicolas Williams

References:
- Re: [TLS] TLS renegotiation issue
  - From: Nicolas Williams

Prev by Date: Re: [TLS] TLS renegotiation issue
Next by Date: Re: [TLS] TLS renegotiation issue
Previous by thread: Re: [TLS] TLS renegotiation issue
Next by thread: Re: [TLS] TLS renegotiation issue
Index(es):
- Date
- Thread

Re: [TLS] TLS renegotiation issue

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.