Re: [TLS] TLSrenego - current summary of semantics and possibilities

To: <mrex at sap.com>, Michael D'Errico <mike-list at pobox.com>
Subject: Re: [TLS] TLSrenego - current summary of semantics and possibilities
From: Steve Dispensa <dispensa at phonefactor.com>
Date: Tue, 10 Nov 2009 13:37:27 -0600
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <200911101928.nAAJSGjI020038 at fs4113.wdf.sap.corp>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Thread-index: AcpiPTvXuQF4GNyNjEOph1qMO6f3fA==
Thread-topic: [TLS] TLSrenego - current summary of semantics and possibilities
User-agent: Microsoft-Entourage/12.20.0.090605

On 11/10/09 1:28 PM, "Martin Rex" <mrex at sap.com> wrote:
>   - if a TLS client (any protocol version, including SSLv3) performs
>     renegotiation (i.e. sends a ClientHello over an established
>     TLS session with a ciphersuite other than TLS_NULL_WITH_NULL_NULL),
>     then it SHOULD always and unconditionally use the TLS extension
>     Renegotiation_Info containing the verify_data of the client.finished
>     handshake message from the active TLS session,
>     The TLS client should do that even when it did not send the
>     TLS extension Renegotiation_Info with and empty extension data
>     in the initial TLS handshake on a connection!
> 
>     Lacking application level re-connect provisions for forward-incompatible
>     SSL/TLS servers, a TLS client might not want to sent the TLS extension
>     in the initial ClientHello of a connection.

This was discussed a bit at the Sept. 29 meeting. I had originally suggested
that the extension need not be present during initial negotiations at all,
but it was pointed out that network management systems might want to
inventory patched clients and servers.

> Overloading ("abusing") the semantics of other regular elements
> of an SSL/TLS handshake that have a lesser likelihood to upset
> legacy servers.

This is an interesting potential solution to the network monitoring problem,
if nothing else. 

 -Steve

Follow-Ups:
- Re: [TLS] TLSrenego - current summary of semantics and possibilities
  - From: Yair Elharrar
- Re: [TLS] TLSrenego - current summary of semantics and possibilities
  - From: Nicolas Williams

References:
- [TLS] TLSrenego - current summary of semantics and possibilities
  - From: Martin Rex

Prev by Date: [TLS] TLSrenego - current summary of semantics and possibilities
Next by Date: Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
Previous by thread: [TLS] TLSrenego - current summary of semantics and possibilities
Next by thread: Re: [TLS] TLSrenego - current summary of semantics and possibilities
Index(es):
- Date
- Thread

Re: [TLS] TLSrenego - current summary of semantics and possibilities

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.