Re: [TLS] TLS renegotiation issue

To: ekr at rtfm.com (Eric Rescorla)
Subject: Re: [TLS] TLS renegotiation issue
From: Martin Rex <mrex at sap.com>
Date: Thu, 5 Nov 2009 19:48:26 +0100 (MET)
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <d3aa5d00911051016p7a0cc508q2090b86de30a50d5 at mail.gmail.com> from "Eric Rescorla" at Nov 5, 9 10:16:11 am
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: mrex at sap.com

Eric Rescorla wrote:
> 
> I now have a draft extension up 

Thanks Eric.

  Page 5:

  The contents of this extension are specified as follows.
   [...]
  The above rules apply even when TLS resumption is used.

I read this as meaning that the client and server should add
two elements client.verify_data and server.verify_data
to their SecurityParameters for the connection state suggested
by RFC5246 6.1. and update this data on EVERY TLS handshake,
even TLS session resume.

  4.1  Client Considerations

I can understand what it says, but I _really_ dislike it.

The root of the problem is servers that perform (or at least allow)
TLS renegotiations and make flawed assumptions about what a
successful TLS renegotiation means for the data previously received.

What you're essentially asking for, is that a client should no longer
talk TLS to _any_ Server that doesn't support the new extension.
Not even to the good ones that neither offer nor support renegotiation.

This is discriminating against servers that have been playing safe!

Essentially we are going to hold TLS clients and the installed
base of good Servers responsible for the broken Servers out there.
That feels very wrong.

-Martin

PS:

>
> https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

That URL results in a cert warning in my Firefox browser.
Following the Client considerations, I feel much safer
removing the "s" in "https" in the URL than trying to add
an exception for the servers certificate...  ;-)

Follow-Ups:
- Re: [TLS] TLS renegotiation issue
  - From: Eric Rescorla

References:
- Re: [TLS] TLS renegotiation issue
  - From: Eric Rescorla

Prev by Date: Re: [TLS] TLS renegotiation issue
Next by Date: Re: [TLS] TLS renegotiation issue
Previous by thread: Re: [TLS] TLS renegotiation issue
Next by thread: Re: [TLS] TLS renegotiation issue
Index(es):
- Date
- Thread

Re: [TLS] TLS renegotiation issue

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.