[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Last call" on draft-altman-tls-channel-bindings-05.txt

To: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Subject: Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Thu, 20 Aug 2009 00:25:38 +0200
Cc: ietf-sasl@xxxxxxx, tls@xxxxxxxx
In-reply-to: <20090819212223.GN1043@xxxxxxx> (Nicolas Williams's message of "Wed, 19 Aug 2009 16:22:24 -0500")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <20090818213427.GU1043@xxxxxxx> <87ljlgbv2a.fsf@xxxxxxxxxxxxxxxxxxx> <20090819212223.GN1043@xxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:

> But I don't want to guess at what might happen in the future
> of digital signatures.

I agree, we could decide to not resolve this concern.

> Instead I'd rather either say either that tls-server-end-point CB is
> undefined if the cert's signature alg does not use a signature, or
> pick a hash function (e.g., SHA-512) to use in such cases.

If use of SHA-512 is hard-coded, we run into problem when it is phased
out.  Negotiation any other hash function will be tricky.  Alas, I'm not
sure leaving it undefined is any better: negotiating what hash function
to use in that situation seems equally tricky.

This is one reason where deriving channel binding data from the TLS
channel using tls-extractor appears more robust: it leaves negotiation
of the hash function to the TLS protocol.

/Simon

Follow-Ups:
- Re: [TLS] "Last call" on draft-altman-tls-channel-bindings-05.txt
  - From: Nicolas Williams

References:
- "Last call" on draft-altman-tls-channel-bindings-05.txt
  - From: Nicolas Williams
- Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
  - From: Simon Josefsson
- Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
  - From: Nicolas Williams

Prev by Date: Re: [TLS] "Last call" on draft-altman-tls-channel-bindings-05.txt
Next by Date: Re: [TLS] "Last call" on draft-altman-tls-channel-bindings-05.txt
Previous by thread: Re: [TLS] "Last call" on draft-altman-tls-channel-bindings-05.txt
Next by thread: Re: [TLS] "Last call" on draft-altman-tls-channel-bindings-05.txt
Index(es):
- Date
- Thread