Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt

To: david-sarah at jacaranda.org (David-Sarah Hopwood)
Subject: Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
From: Martin Rex <mrex at sap.com>
Date: Sat, 21 Nov 2009 06:24:01 +0100 (MET)
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <4B076D70.4080809 at jacaranda.org> from "David-Sarah Hopwood" at Nov 21, 9 04:32:48 am
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: mrex at sap.com

David-Sarah Hopwood wrote:
> 
> Nasko Oskov wrote:
> > I support the TLS extension approach for TLS1.0 and above with the
> > modification that we add the magic cipher suite in the client hello.
> > This will allow a TLS ClientHello with the extension to be used
> > against SSLv3 only server (assuming server properly ignores extensions).
> 
> The RI approach can be used with an extension-tolerant SSLv3-only server
> even without the "magic ciphersuite".

The RI-approach will not completely prevent connectivity with
an SSLv3-only but extension-tolerant server.

It can, however, _not_ provide any protection either.

In order to get secure renegotiation with an SSLv3-only server
using TLS extension RI, that SSLv3-only server will have to add generic
TLS extension support.

And when that SSLv3-only server does not implement renegotiation,
it will still need to add generic TLS extensions support in order
to assure an updated client using TLS extension RI that it means no harm.

-Martin

References:
- Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
  - From: David-Sarah Hopwood

Prev by Date: Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
Next by Date: Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
Previous by thread: Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
Next by thread: Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
Index(es):
- Date
- Thread

Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.