Re: [TLS] Proposal for hybrid solution using most of the ideas

To: lists at drh-consultancy.demon.co.uk (Dr Stephen Henson)
Subject: Re: [TLS] Proposal for hybrid solution using most of the ideas
From: Martin Rex <mrex at sap.com>
Date: Fri, 20 Nov 2009 06:01:07 +0100 (MET)
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <4B0588F7.7090107 at drh-consultancy.demon.co.uk> from "Dr Stephen Henson" at Nov 19, 9 06:05:43 pm
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: mrex at sap.com

Dr Stephen Henson wrote:
> 
> Martin Rex wrote:
> > 
> > 
> >> Yes, we might be missing something else. The reason I picked the Certificate
> >> message is that it is dynamic size by default, so we don't have to alter
> >> existing data, just append.
> > 
> > To me that feels very wrong to use the Certificate message.
> > I'm convinced that it should go into the ServerHello.  I'm not
> > questioning that ServerHello is the correct place for all of the
> > cryptographic parameters _and_ the TLS extensions.
> > 
> 
> Well in terms of implementation and overhead I'd prefer that the client
> knows as soon as possible which method to use. The need to maintain two
> hash contexts (or cache some potentially long handshake messages) and
> always throwing one away is IMHO not trivial.

This is why I favour the approach with adding the verify_data
of the finished messages directly after ServerHello,
because that is where the "negotiation"/signaling is completed
both peers can determine how to proceed,  no assumptions
necessary, no keeping multiple hashes around.

-Martin

Follow-Ups:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Thamilarasu Kandasamy (thamil)

References:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Dr Stephen Henson

Prev by Date: Re: [TLS] simplistic renego protection
Next by Date: Re: [TLS] simplistic renego protection
Previous by thread: Re: [TLS] The Hardware Angle
Next by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Index(es):
- Date
- Thread

Re: [TLS] Proposal for hybrid solution using most of the ideas

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.