Re: [TLS] Proposal for hybrid solution using most of the ideas

To: Marsh Ray <marsh at extendedsubset.com>, "tls at ietf.org" <tls at ietf.org>
Subject: Re: [TLS] Proposal for hybrid solution using most of the ideas
From: Stefan Santesson <stefan at aaa-sec.com>
Date: Thu, 19 Nov 2009 09:10:03 +0100
Delivered-to: tls at core3.amsl.com
In-reply-to: <4B04F92A.8050903 at extendedsubset.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Thread-index: Acpo77I4519e291ZjkaMOA59EksXQw==
Thread-topic: [TLS] Proposal for hybrid solution using most of the ideas
User-agent: Microsoft-Entourage/12.23.0.091001

On 09-11-19 8:52 AM, "Marsh Ray" <marsh at extendedsubset.com> wrote:

> Stefan Santesson wrote:
>> 
>> What I don't understand is the rationale for providing two solutions, when
>> one solution could work for all cases.
> 
> TLS can support a nice, clean, efficient solution going forward.
> 
> SSLv3 needs an ugly dirty hack, no way around it.
> 

I disagree.

I think we agree that an upgraded finished calculation is not a dirty hack.
This is what future versions of TLS will use by default.

Remains then the signaling C->S and S->C client.

The RI proposal also includes the use of a magic cipher suite, so that dirty
hack is in both proposals.

Which leaves us with S->C signaling. Here I'm not sure we have exhausted all
options.

One way to approach this (and bring the proposals together) would be to use
the same updated finished calculations in both approaches and just use the
RI extension for signaling. In such case we could simply reduce this
discussion to debate different ways to accomplish signaling for various
versions of the protocol.

/Stefan  

> - Marsh
> _______________________________________________
> TLS mailing list
> TLS at ietf.org
> https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Pasi.Eronen
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Nasko Oskov
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Yoav Nir

References:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Marsh Ray

Prev by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Previous by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Index(es):
- Date
- Thread

Re: [TLS] Proposal for hybrid solution using most of the ideas

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.