Re: [TLS] Proposal for hybrid solution using most of the ideas

To: Nasko Oskov <noskov at microsoft.com>
Subject: Re: [TLS] Proposal for hybrid solution using most of the ideas
From: Stephen Farrell <stephen.farrell at cs.tcd.ie>
Date: Thu, 19 Nov 2009 16:30:53 +0000
Cc: "tls at ietf.org" <tls at ietf.org>
Delivered-to: tls at core3.amsl.com
In-reply-to: <B197003731D4874CA41DE7B446BBA3E829CD2934 at TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <4B04F92A.8050903 at extendedsubset.com> <C72ABBEB.6712%stefan at aaa-sec.com> <B197003731D4874CA41DE7B446BBA3E829CD2934 at TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com>
User-agent: Thunderbird 2.0.0.23 (X11/20090812)

Nasko Oskov wrote:
>> Which leaves us with S->C signaling. Here I'm not sure we have exhausted all options.
> 
> Yes, we might be missing something else. The reason I picked the Certificate
> message is that it is dynamic size by default, so we don't have to alter
> existing data, just append.

Sorry, I'm not clear on what's being proposed here. Is it:

a) embed a new flag of some sort in a CA-issued X.509 cert
b) add an additional server-generated self-signed cert containing
   a new flag of some sort
c) something else?

I think (a) would be a bad idea. Not sure about (b) either, but
at least it wouldn't bring a whole new bunch of parties to the
table (CA product vendors and service providers) when something
quick is what's needed.

Stephen.

Follow-Ups:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Nasko Oskov

References:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Marsh Ray
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Stefan Santesson
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Nasko Oskov

Prev by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by Date: [TLS] Justification for "Ugly Dirty Hack"
Previous by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Index(es):
- Date
- Thread

Re: [TLS] Proposal for hybrid solution using most of the ideas

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.