Re: [TLS] Proposal for hybrid solution using most of the ideas

To: Steve Dispensa <dispensa at phonefactor.com>, David-Sarah Hopwood <david-sarah at jacaranda.org>, "tls at ietf.org" <tls at ietf.org>
Subject: Re: [TLS] Proposal for hybrid solution using most of the ideas
From: Stefan Santesson <stefan at aaa-sec.com>
Date: Thu, 19 Nov 2009 08:49:01 +0100
Delivered-to: tls at core3.amsl.com
In-reply-to: <C72A33ED.25989%dispensa at phonefactor.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Thread-index: Acpo2U/UpdwvHKAZtUO+MWoBpdMUTAAE3IsT
Thread-topic: [TLS] Proposal for hybrid solution using most of the ideas
User-agent: Microsoft-Entourage/12.23.0.091001

I think the important point of this thread is that there are strong
arguments for providing a solution for SSLv3, not using extensions.

What I don't understand is the rationale for providing two solutions, when
one solution could work for all cases.

Finally, I don't like the certificate signaling solutions for reasons
mentioned. It may also disturb the efficiency of information caching
according to the cached info draft (even though that might be a minor
concern).

/Stefan

On 09-11-19 6:29 AM, "Steve Dispensa" <dispensa at phonefactor.com> wrote:

> 
> Now with all that said, I still think the right solution is to use the
> extension in TLS, since it's architecturally pretty clean; lots of related
> arguments have been made by others along these lines already. I just think
> that it's not going to work for SSLv3, and something must be done for SSLv3,
> or it must be turned off completely in clients.

Follow-Ups:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Marsh Ray

References:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Steve Dispensa

Prev by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Previous by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Index(es):
- Date
- Thread

Re: [TLS] Proposal for hybrid solution using most of the ideas

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.