Re: [TLS] Proposal for hybrid solution using most of the ideas

To: tls at ietf.org
Subject: Re: [TLS] Proposal for hybrid solution using most of the ideas
From: Dr Stephen Henson <lists at drh-consultancy.demon.co.uk>
Date: Thu, 19 Nov 2009 18:05:43 +0000
Delivered-to: tls at core3.amsl.com
In-reply-to: <200911191749.nAJHn2IT001762 at fs4113.wdf.sap.corp>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <200911191749.nAJHn2IT001762 at fs4113.wdf.sap.corp>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Martin Rex wrote:
> 
> 
>> Yes, we might be missing something else. The reason I picked the Certificate
>> message is that it is dynamic size by default, so we don't have to alter
>> existing data, just append.
> 
> To me that feels very wrong to use the Certificate message.
> I'm convinced that it should go into the ServerHello.  I'm not
> questioning that ServerHello is the correct place for all of the
> cryptographic parameters _and_ the TLS extensions.
> 

Well in terms of implementation and overhead I'd prefer that the client knows as
soon as possible which method to use. The need to maintain two hash contexts (or
cache some potentially long handshake messages) and always throwing one away is
IMHO not trivial.

Steve.
-- 
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson at drh-consultancy.co.uk, PGP key: via homepage.

Follow-Ups:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Martin Rex
- [TLS] The Hardware Angle
  - From: Michael D'Errico

References:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Martin Rex

Prev by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Previous by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by thread: [TLS] The Hardware Angle
Index(es):
- Date
- Thread

Re: [TLS] Proposal for hybrid solution using most of the ideas

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.