Re: [TLS] TLS or HTTP issue?

To: Martin Rex <mrex at sap.com>
Subject: Re: [TLS] TLS or HTTP issue?
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Sun, 8 Nov 2009 20:45:05 -0600
Cc: ekr at rtfm.com, tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <200911061713.nA6HDi2n021935 at fs4113.wdf.sap.corp>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <4AF444EE.9070401 at manchester.ac.uk> <200911061713.nA6HDi2n021935 at fs4113.wdf.sap.corp>
User-agent: Mutt/1.5.7i

On Fri, Nov 06, 2009 at 06:13:44PM +0100, Martin Rex wrote:
> From the original design, and in the two quoted paragraphs above,
> it appears that SSL and its successor TLS was intended to be
> _very_ transparent, and the spec contains guidance for
> security-relevant signaling to the application only for
> the initial TLS handshake on a connection (full initial handshake,
> and session resume), but _NOT_ for the session renegotiation.
> 
> Therefore, I think, we do have a real shortcoming of the
> SSL/TLS protocol, and we really should scramble to fix it.
> 
> That includes improving on the guidance for the signaling
> and semantics of a TLS session renegotiate of the TLS
> protocol stack to the application -- in a fashion so that
> it can be folded back into rfc5246bis.

"Signaling" --- sounds like an... API!

Nico
--

References:
- Re: [TLS] TLS or HTTP issue?
  - From: Bruno Harbulot
- Re: [TLS] TLS or HTTP issue?
  - From: Martin Rex

Prev by Date: Re: [TLS] Implementing https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-rene got iate.txt
Next by Date: Re: [TLS] TLS renegotiation issue
Previous by thread: Re: [TLS] TLS or HTTP issue?
Next by thread: Re: [TLS] TLS or HTTP issue?
Index(es):
- Date
- Thread

Re: [TLS] TLS or HTTP issue?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.