Re: [TLS] Proposal for hybrid solution using most of the ideas

To: Michael D'Errico <mike-list at pobox.com>, "tls at ietf.org" <tls at ietf.org>
Subject: Re: [TLS] Proposal for hybrid solution using most of the ideas
From: Nasko Oskov <noskov at microsoft.com>
Date: Thu, 19 Nov 2009 01:23:41 +0000
Accept-language: en-US
Deferred-delivery: Thu, 19 Nov 2009 01:24:00 +0000
Delivered-to: tls at core3.amsl.com
In-reply-to: <4B048E3B.2010506 at pobox.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <B197003731D4874CA41DE7B446BBA3E829CCF34B at TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <4B048E3B.2010506 at pobox.com>
Thread-index: AQHKaK1f55bCmklGbkWuNva/5lDAuJE8nDxw
Thread-topic: [TLS] Proposal for hybrid solution using most of the ideas

Michael D'Errico wrote:
>
>So you want to have two solutions, one for TLS 1.0+ and another for SSLv3?  
>I'm not sure why we need two when any solution that works for SSL will also work for TLS.

I do not believe the solutions that mess up with the actual protocol are
something that should be encouraged in the TLS protocol. Hence I propose at
least the running hash behavior is the same, but signaling is different. TLS
has extensions and they are perfectly designed for this purpose. I don't see
a reason not to use them. Servers that cannot handle properly extensions will 
fall back to using SSLv3.

>Also the Certificate message is optional, so it would cause trouble for some cipher suites.

Fair point.

>And even more importantly, there is only ServerHello sent when you resume an old session!

Session resumption is already secure since it uses existing crypto state as
part of the negotiation. There are no problems in that case.

Nasko

Follow-Ups:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Martin Rex
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Michael D'Errico

References:
- [TLS] Proposal for hybrid solution using most of the ideas
  - From: Nasko Oskov
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Michael D'Errico

Prev by Date: Re: [TLS] TLS Protocol Version
Next by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Previous by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Index(es):
- Date
- Thread

Re: [TLS] Proposal for hybrid solution using most of the ideas

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.