Re: [TLS] TLS renegotiation issue

To: Eric Rescorla <ekr at rtfm.com>
Subject: Re: [TLS] TLS renegotiation issue
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Thu, 5 Nov 2009 21:21:46 -0600
Cc: "tls at ietf.org" <tls at ietf.org>
Delivered-to: tls at core3.amsl.com
In-reply-to: <20091105230343.GO1105 at Sun.COM>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <73843DF9-EFCB-4B8D-913E-FE2235E5BDD3 at rtfm.com> <d3aa5d00911051016p7a0cc508q2090b86de30a50d5 at mail.gmail.com> <20091105230343.GO1105 at Sun.COM>
User-agent: Mutt/1.5.7i

On Thu, Nov 05, 2009 at 05:03:44PM -0600, Nicolas Williams wrote:
> On Thu, Nov 05, 2009 at 10:16:11AM -0800, Eric Rescorla wrote:
> > I now have a draft extension up at:
> > 
> > https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
> > https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.xml
> > 
> > Comments welcome.
> 
> More comments:
> 
>  - Consider an implementation like Windows' SSPI-based implementation.
>    Or, for that matter, the old GGF (Global Grid Forum) GSS-API
>    interface to TLS.

I've thought about this some more.  I think now that what I considered a
layering violation earlier today actually isn't.  A security mechanism
that takes an input channel binding, removes the channel binding type
prefix then splits the remainder into two octet strings, with each
end-point sending one half, is actually conformant to RFC5056.

Therefore I have no further objections, and, for now, no further
comments.

Nico
--

References:
- [TLS] TLS renegotiation issue
  - From: Eric Rescorla
- Re: [TLS] TLS renegotiation issue
  - From: Eric Rescorla
- Re: [TLS] TLS renegotiation issue
  - From: Nicolas Williams

Prev by Date: Re: [TLS] TLS renegotiation issue
Next by Date: Re: [TLS] TLS or HTTP issue?
Previous by thread: Re: [TLS] TLS renegotiation issue
Next by thread: Re: [TLS] TLS renegotiation issue
Index(es):
- Date
- Thread

Re: [TLS] TLS renegotiation issue

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.