Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
Michael D'Errico <mike-list@pobox.com> Sat, 21 November 2009 05:58 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D2CBF3A67B3 for <tls@core3.amsl.com>; Fri, 20 Nov 2009 21:58:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.492
X-Spam-Level:
X-Spam-Status: No, score=-2.492 tagged_above=-999 required=5 tests=[AWL=0.107, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfF+x4xTUHly for <tls@core3.amsl.com>; Fri, 20 Nov 2009 21:58:34 -0800 (PST)
Received: from sasl.smtp.pobox.com (a-pb-sasl-sd.pobox.com [64.74.157.62]) by core3.amsl.com (Postfix) with ESMTP id B592E3A67A5 for <tls@ietf.org>; Fri, 20 Nov 2009 21:58:33 -0800 (PST)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 6D6C6A0561 for <tls@ietf.org>; Sat, 21 Nov 2009 00:58:30 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=YUxY6DYS+spy Ct7PSEV3IExDZn8=; b=EBNROv3UnqhhWhSqFB/XHRBPKLIhv9T73CmCV7aHQKpH nUM8HLC8qF70GeQqFuhU55uV1Ri4lBR0iqIi8J3j7BTcj0SD82v39YGOHNfquyMM IJ1h4lEAvgZ5arAochyBb/9J6LI4AEVVJsuuVqlFm3/QhZ89niAf1nbLq+UnCdE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=VCF6rN Yc4vPYsWvzk2aisyBH+nITamLu0CJyN1HcHM3J51FSsn1BkCi/fGMgbXX9/ILxzc qXnANW0ZXsCG+WiIP6Oq2e+ujFePRukWF/0txkJy72ybykbiwlQQ95IHLm92TgMb TEzHAQjo5E4dKOSpdA1/+jazq9oEhlvFYtNAA=
Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 6A2F3A0560 for <tls@ietf.org>; Sat, 21 Nov 2009 00:58:30 -0500 (EST)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id F207FA055F for <tls@ietf.org>; Sat, 21 Nov 2009 00:58:26 -0500 (EST)
Message-ID: <4B0781D9.9070102@pobox.com>
Date: Fri, 20 Nov 2009 21:59:53 -0800
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: tls@ietf.org
References: <AC1CFD94F59A264488DC2BEC3E890DE5092192D6@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE5092192D6@xmb-sjc-225.amer.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: E4F1EC3C-D662-11DE-ADD0-EF34BBB5EC2E-38729857!a-pb-sasl-sd.pobox.com
Subject: Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Nov 2009 05:58:35 -0000
I support a different approach, which I documented in this message: http://www.ietf.org/mail-archive/web/tls/current/msg04556.html It is the same as what Martin plans to issue an an Internet-Draft. I would be fine with modifying it slightly at the suggestion of Dr. Stephen Henson to have the server return the "magic" cipher suite in the ClientHello and to put the real cipher suite in the random. This would avoid difficulties in trying to explain how the version is modified, but not really modified. I'm just as upset about needing such a hack as everyone else, but the installed base has largely ignored extensions, so we can't responsibly force them on everyone. Plus, see how the RI extension is critically flawed anyway: http://www.ietf.org/mail-archive/web/tls/current/msg04582.html Mike Joseph Salowey (jsalowey) wrote: > We have had a lot of good discussion on this list, but I think we need > to start converging on a solution. As I said in a previous message, I've > asked Eric to serve as editor for the WG draft and he has posted > draft-ietf-tls-renegotiation-00 as a starting point. I realize that > there are a number of people who aren't happy with aspects of the draft, > or indeed with the draft as a whole, but I'd like to get the sense for > the feelings of the group as a whole. If we have rough consensus that > this is a workable approach, we can try to nail down the remaining > issues and move forward. > > To try to keep this concrete, please respond with answers to this > question: > > Support for the draft: > - I support this draft > - I support this draft with the following modification > - I would support an entirely different proposal (please identify it; be > specific) > > If you are proposing a modification, in addition to providing a > description and rationale for a modification to the document it is > helpful to provide sample text of the modification. Also, please > indicate whether you would only support the draft with your modification > or whether you can live with it unmodified. > > Thanks, > > Joe
- [TLS] Consensus Call for draft-ietf-tls-renegotia… Joseph Salowey (jsalowey)
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Nicolas Williams
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Robert Relyea
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Stefan Santesson
- [TLS] Another critical problem with RI Michael D'Errico
- Re: [TLS] Another critical problem with RI Michael D'Errico
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Robert Dugal
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Wan-Teh Chang
- Re: [TLS] Another critical problem with RI Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Nasko Oskov
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… David-Sarah Hopwood
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Michael D'Errico
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Stephen Farrell
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Florian Weimer
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Michael D'Errico
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Dr Stephen Henson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Ben Laurie
- Re: [TLS] Another critical problem with RI Stefan Santesson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Yoav Nir
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Nelson B Bolyard
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… peter.robinson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Peter Gutmann
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Simon Josefsson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Yngve Nysaeter Pettersen
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Pasi.Eronen
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Pasi.Eronen
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Stephen Farrell
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Michael D'Errico
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Stefan Santesson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Stefan Santesson
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Peter Gutmann
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… David-Sarah Hopwood
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Nikos Mavrogiannopoulos
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Bodo Moeller
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Geoffrey Keating
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Stefan Santesson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Ben Laurie
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Geoffrey Keating