Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt

Michael D'Errico <mike-list@pobox.com> Sat, 21 November 2009 05:58 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D2CBF3A67B3 for <tls@core3.amsl.com>; Fri, 20 Nov 2009 21:58:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.492
X-Spam-Level:
X-Spam-Status: No, score=-2.492 tagged_above=-999 required=5 tests=[AWL=0.107, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfF+x4xTUHly for <tls@core3.amsl.com>; Fri, 20 Nov 2009 21:58:34 -0800 (PST)
Received: from sasl.smtp.pobox.com (a-pb-sasl-sd.pobox.com [64.74.157.62]) by core3.amsl.com (Postfix) with ESMTP id B592E3A67A5 for <tls@ietf.org>; Fri, 20 Nov 2009 21:58:33 -0800 (PST)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 6D6C6A0561 for <tls@ietf.org>; Sat, 21 Nov 2009 00:58:30 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=YUxY6DYS+spy Ct7PSEV3IExDZn8=; b=EBNROv3UnqhhWhSqFB/XHRBPKLIhv9T73CmCV7aHQKpH nUM8HLC8qF70GeQqFuhU55uV1Ri4lBR0iqIi8J3j7BTcj0SD82v39YGOHNfquyMM IJ1h4lEAvgZ5arAochyBb/9J6LI4AEVVJsuuVqlFm3/QhZ89niAf1nbLq+UnCdE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=VCF6rN Yc4vPYsWvzk2aisyBH+nITamLu0CJyN1HcHM3J51FSsn1BkCi/fGMgbXX9/ILxzc qXnANW0ZXsCG+WiIP6Oq2e+ujFePRukWF/0txkJy72ybykbiwlQQ95IHLm92TgMb TEzHAQjo5E4dKOSpdA1/+jazq9oEhlvFYtNAA=
Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 6A2F3A0560 for <tls@ietf.org>; Sat, 21 Nov 2009 00:58:30 -0500 (EST)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id F207FA055F for <tls@ietf.org>; Sat, 21 Nov 2009 00:58:26 -0500 (EST)
Message-ID: <4B0781D9.9070102@pobox.com>
Date: Fri, 20 Nov 2009 21:59:53 -0800
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: tls@ietf.org
References: <AC1CFD94F59A264488DC2BEC3E890DE5092192D6@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE5092192D6@xmb-sjc-225.amer.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: E4F1EC3C-D662-11DE-ADD0-EF34BBB5EC2E-38729857!a-pb-sasl-sd.pobox.com
Subject: Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Nov 2009 05:58:35 -0000

I support a different approach, which I documented in this message:

   http://www.ietf.org/mail-archive/web/tls/current/msg04556.html

It is the same as what Martin plans to issue an an Internet-Draft.

I would be fine with modifying it slightly at the suggestion of Dr.
Stephen Henson to have the server return the "magic" cipher suite
in the ClientHello and to put the real cipher suite in the random.
This would avoid difficulties in trying to explain how the version
is modified, but not really modified.

I'm just as upset about needing such a hack as everyone else, but
the installed base has largely ignored extensions, so we can't
responsibly force them on everyone.

Plus, see how the RI extension is critically flawed anyway:

   http://www.ietf.org/mail-archive/web/tls/current/msg04582.html

Mike



Joseph Salowey (jsalowey) wrote:
> We have had a lot of good discussion on this list, but I think we need
> to start converging on a solution. As I said in a previous message, I've
> asked Eric to serve as editor for the WG draft and he has posted
> draft-ietf-tls-renegotiation-00 as a starting point.  I realize that
> there are a number of people who aren't happy with aspects of the draft,
> or indeed with the draft as a whole, but I'd like to get the sense for
> the feelings of the group as a whole. If we have rough consensus that
> this is a workable approach, we can try to nail down the remaining
> issues and move forward.
> 
> To try to keep this concrete, please respond with answers to this
> question:
> 
> Support for the draft:
> - I support this draft
> - I support this draft with the following modification
> - I would support an entirely different proposal (please identify it; be
> specific) 
> 
> If you are proposing a modification, in addition to providing a
> description and rationale for a modification to the document it is
> helpful to provide sample text of the modification. Also, please
> indicate whether you would only support the draft with your modification
> or whether you can live with it unmodified.  
> 
> Thanks,
> 
> Joe