Re: [TLS] Proposal for hybrid solution using most of the ideas

To: "mrex at sap.com" <mrex at sap.com>
Subject: Re: [TLS] Proposal for hybrid solution using most of the ideas
From: Nasko Oskov <noskov at microsoft.com>
Date: Fri, 20 Nov 2009 16:21:11 +0000
Accept-language: en-US
Cc: "tls at ietf.org" <tls at ietf.org>
Deferred-delivery: Fri, 20 Nov 2009 16:22:00 +0000
Delivered-to: tls at core3.amsl.com
In-reply-to: <200911200129.nAK1T5fB003288 at fs4113.wdf.sap.corp>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <B197003731D4874CA41DE7B446BBA3E829CD41C9 at TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> from "Nasko Oskov" at Nov 20, 9 00:20:58 am <200911200129.nAK1T5fB003288 at fs4113.wdf.sap.corp>
Thread-index: AQHKaYDYSzUmjMY3F0i7YWorO/+ELpE/J4lQ
Thread-topic: [TLS] Proposal for hybrid solution using most of the ideas

Martin Rex wrote:
>
>I'm getting slightly beaten up for "modifying the handshake message hash
>algorithm" because it is a change of the protocol and next I getting
>slightly beaten up for conveying this protocol change in through the
>ProtocolVersion server_version field.
>
>You are now proposing to put something in a list of certificates that is
>not a certificate, in a handshake message that is not sent in some of the
>handshakes to modify the message hash computation.

As far as I understand the purpose of this mailing list, it is meant to be
place for people to propose ideas and discuss them. I have proposed an idea,
it is being discussed. There are pros and cons to it. Now let's try to
either agree or disagree whether it is viable solution and move on, since we
have a problem to solve.

>Inserting the Finished messages as the first data before ClientHello into
>the handshake message hash seems problematic, because:
>
>  -    it doesn't work for scenarios where the client wants to use
>       renegotiation for client identity protection and sends the
>       next ClientHello piggy-backed on the ClientFinished message
>       of the initial handshake.

In this case it might indeed be a bit more work to implement it.

>  -    it is much more difficult for vendors/suppliers to offer
>       a backwards interop for renegotiation for whatever reason,

Backwards interop is equivalent to any other solution out there. Server will
only signal back to clients that have informed the server they are patched.
This is true for RI and your proposal for using the version number. I don't
understand why you believe it will be more difficult and there is no
specific reason you are citing. I would appreciate if you are as
constructive as in your previous point.

>if the finished messages are inserted directly following the ServerHello
>handshake messages, then these two problems don't exist.
>
>I'm going back to work on my I-D now.

Great! I'd be glad to read it.

Nasko

References:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Nasko Oskov
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Martin Rex

Prev by Date: Re: [TLS] simplistic renego protection
Next by Date: [TLS] Updated test server
Previous by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Index(es):
- Date
- Thread

Re: [TLS] Proposal for hybrid solution using most of the ideas

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.