Re: [TLS] Comments on draft-rescorla-tls-renegotiate.txt

To: tls at ietf.org
Subject: Re: [TLS] Comments on draft-rescorla-tls-renegotiate.txt
From: David-Sarah Hopwood <david-sarah at jacaranda.org>
Date: Sat, 07 Nov 2009 06:35:19 +0000
Delivered-to: tls at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type; bh=gCM5pqLkxihTFHBoriQp6p8Clr4xYXyMPdAyy4u+YJQ=; b=MEnzSh1BkNlmxebRp8N3MBbzNpaZvJtlXgiRa+UFIL/b+Ly15LhlHTuZ4Q6hkpX7R8 gqwo8bOwh3VBEacB4xmRi+HEF5v1+1pJweLm4QQP5JV8RZgJ7i4XwANL07E41dxM05gr PrSvDHuY222CtByNb/Tr1Zvx1VRh6mmfwNnL8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; b=RmeXesryy+a2OhX0PY2PxgIodKBAzFkguqKPgmNen1Mb2sgmPhnj5m4lKOqlZiaoO9 P86NXMdOZIjxm2zqOhLxjfof9DGkDPkwPy5d8FElkSLmuwlhAg9PuAoCt1Yw4mGY/PW3 S5XspdjyB+OubJ7fNHvhS8mt7uGP+EARCkRn4=
In-reply-to: <4AF5112E.2070809 at jacaranda.org>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <4AF5112E.2070809 at jacaranda.org>
Sender: David-Sarah Hopwood <djhopwood at googlemail.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666

David-Sarah Hopwood wrote:
> Comments on
> https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
> 
> Overall I think this draft is a good solution to the identified security
> problem.
> 
> The draft defines an extension that affects renegotiation, which might
> be perceived to conflict with RFC 3546 section 2.3:

Ah, I should have been referencing RFC 4366 section 3 -- but the
wording is almost the same:

   Note also that all the extensions defined in this section are
   relevant only when a session is initiated.  When a client includes
   one or more of the defined extension types in an extended client
   hello while requesting session resumption:

   -  If the resumption request is denied, the use of the extensions is
      negotiated as normal.

   -  If, on the other hand, the older session is resumed, then the
      server MUST ignore the extensions and send a server hello
      containing none of the extension types.  In this case, the
      functionality of these extensions negotiated during the original
      session initiation is applied to the resumed session.

and the same comments apply.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: [TLS] Comments on draft-rescorla-tls-renegotiate.txt
  - From: Martin Rex

References:
- [TLS] Comments on draft-rescorla-tls-renegotiate.txt
  - From: David-Sarah Hopwood

Prev by Date: [TLS] Comments on draft-rescorla-tls-renegotiate.txt
Next by Date: Re: [TLS] TLS or HTTP issue?
Previous by thread: [TLS] Comments on draft-rescorla-tls-renegotiate.txt
Next by thread: Re: [TLS] Comments on draft-rescorla-tls-renegotiate.txt
Index(es):
- Date
- Thread

Re: [TLS] Comments on draft-rescorla-tls-renegotiate.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.