[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Comments on TLS identity protection

To: martin.rex@xxxxxxx
Subject: Re: [TLS] Comments on TLS identity protection
From: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 19 Dec 2006 13:04:07 -0800
Cc: tls@xxxxxxxx
In-reply-to: <200612192100.WAA22456@xxxxxxxxxxxxxxxxxxx> (Martin Rex's message of "Tue, 19 Dec 2006 22:00:29 +0100 (MET)")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <200612192100.WAA22456@xxxxxxxxxxxxxxxxxxx>
Reply-to: EKR <ekr@xxxxxxxxxxxxxxxxxxxx>
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)

Martin Rex <martin.rex@xxxxxxx> writes:

> Eric Rescorla wrote:
>> 
>> The good news is that TLS has a very simple mechanism for achieving
>> this: do an ordinary TLS handshake without client authentication
>> and then do an immediate re-handshake with client auth. As the 
>> authors observe, this is slower (two sets of crypto computations
>> and 4 RTTs) than a specialized identity protection mode. However,
>> it is available now and as far as I can tell is rarely done.
>> I don't find the argument that there is a large demand for this
>> feature if it were only 50% faster particularly persuasive.
>> Rather, this seems like a premature optimization.
>
> It is not as rare as you might think.  It is actually the
> default in Microsoft's IIS with some configurations that
> IIS only requests SSL client authentication after
> having seen the request (URL).  It might be a side-effect
> of NOT requiring SSL client authentication on the root/home
> page of the webserver and only for certain areas/paths.

Good point. 

However, as you say in most cases the request for client auth
is contingent upon seeing the request and so a rehandshake is
required here in any case. A one-pass protocol wouldn't work
here.

-Ekr



_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Comments on TLS identity protection
  - From: Martin Rex

References:
- Re: [TLS] Comments on TLS identity protection
  - From: Martin Rex

Prev by Date: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
Next by Date: Re: Ephemeral RSA (was Re: [TLS] Any advice regarding frequency
Previous by thread: Re: [TLS] Comments on TLS identity protection
Next by thread: Re: [TLS] Comments on TLS identity protection
Index(es):
- Date
- Thread