Re: [TLS] Need for S->C signaling

To: "Michael D'Errico" <mike-list at pobox.com>
Subject: Re: [TLS] Need for S->C signaling
From: Yoav Nir <ynir at checkpoint.com>
Date: Fri, 20 Nov 2009 22:17:46 +0200
Accept-language: en-US
Acceptlanguage: en-US
Cc: "tls at ietf.org list" <tls at ietf.org>
Delivered-to: tls at core3.amsl.com
In-reply-to: <4B06F7ED.3000601 at pobox.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <200911201921.nAKJLfcs020068 at fs4113.wdf.sap.corp> <4B06F7ED.3000601 at pobox.com>
Thread-index: AcpqHomVHVCmNJ1XTXey3Ygi5ZW1Jw==
Thread-topic: [TLS] Need for S->C signaling

On Nov 20, 2009, at 10:11 PM, Michael D'Errico wrote:

> I agree that something along these lines might be an improvement.
> I found it difficult to explain how the upper bit of version is
> set, but is not really a version change.
> 
> But messing with gmt_unix_time might cause trouble since it's
> possible that _something_ out there might rely on it (for what
> I have no idea).

How about: If the client has its clock set way into the future, you don't want to send it a certificate that is already expired.
That works even better the other way. If the client does have its clock set to the past, you can send it an expired certificate.
Peter Gutmann says that many implementations randomize this value for exactly that reason.
That is an important data point, because since such implementations are out there (and presumably working), it's safe to assume that we CAN mess with this field.

>  So since the bottom few bytes of the random
> have no restriction whatsoever, putting the actual cipher suite
> there would not break anything.
> 
> I'm not convinced that we need a field of flags, though, since
> we have TLS extensions.  We should point out in our spec. that
> this solution is a HUGE compromise in the quest for backward
> compatibility, and that future fixes MAY require extensions.
> "You've been warned", etc.
> 
> Mike
>

References:
- Re: [TLS] Need for S->C signaling
  - From: Martin Rex
- Re: [TLS] Need for S->C signaling
  - From: Michael D'Errico

Prev by Date: Re: [TLS] Need for S->C signaling
Next by Date: Re: [TLS] Need for S->C signaling
Previous by thread: Re: [TLS] Need for S->C signaling
Next by thread: [TLS] merging recent ideas into one new proposal
Index(es):
- Date
- Thread

Re: [TLS] Need for S->C signaling

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.