Martin Rex wrote: > Jeffrey Altman wrote: >> Martin Rex wrote: >>> Using the entropy from the GSS-API prf is fine. Completly ignoring >>> additional randomness that is available through the regular TLS >>> handshake looks somewhat strange to me. >>> >>> I would have expected that one would XOR a GSS-API supplied entropy >>> for the pre-master secret with a traditional TLS-generated entropy. >> In other words, you would prefer an anonymous-DH exchange in addition >> to the GSS-API PRF? > > Ooops, sorry -- I had only looked at the new draft, not rfc2712, > and was not aware that this completely removed the server certificate > from the TLS handshake. This might be a challenge for client-side UIs, > which may not be prepared to deal with server identities not based > on X.509 certs, i.e. plug'n'play this into a TLS mechanism probably > does not work. > > -Martin RFC 2712 is currently supported by both Java and OpenSSL. I do not expect the new protocol to have additional challenges from a UI perspective. Jeffrey Altman
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@xxxxxxxxxxxxxx https://www1.ietf.org/mailman/listinfo/tls