[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Comments on TLS identity protection

To: martin.rex@xxxxxxx
Subject: Re: [TLS] Comments on TLS identity protection
From: "Kyle Hamilton" <aerowolf@xxxxxxxxx>
Date: Tue, 19 Dec 2006 15:41:57 -0700
Cc: tls@xxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=KxwXq1JQOUzxaJcwII/0jlJxHu+oJNYgPlC2+8E7IRouPT/5VU3nUCkFZsRZqjZa1wAlbxPlL7uxRs/XatARihhiUbUsbJdq09d11w2p/VJLUsXtckaeedbMor6j47w8PCVi5m5XsmtvixBUtw8X/flFaFtLB9VkDwsUp9oEpX4=
In-reply-to: <200612192115.WAA22812@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <86vek7pph4.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <200612192115.WAA22812@xxxxxxxxxxxxxxxxxxx>

On every renegotiation, does the server have to reauthenticate itself
(present its certificate again)?  Or can the credential on the client
side be cached to avoid that duplication?

-Kyle H

On 12/19/06, Martin Rex <martin.rex@xxxxxxx> wrote:

Eric Rescorla wrote:
>
> Good point.
>
> However, as you say in most cases the request for client auth
> is contingent upon seeing the request and so a rehandshake is
> required here in any case. A one-pass protocol wouldn't work
> here.

Correct.

I had the same thought but completely failed to point this out.

In the not uncommon case with IIS renegotiating after having
evaluated the HTTP(S)-request, the one-pass protocol can not
be used.

-Martin

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls



--

-Kyle H

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Comments on TLS identity protection
  - From: Eric Rescorla

References:
- Re: [TLS] Comments on TLS identity protection
  - From: Eric Rescorla
- Re: [TLS] Comments on TLS identity protection
  - From: Martin Rex

Prev by Date: Re: [TLS] Comments on TLS identity protection
Next by Date: Re: [TLS] Comments on TLS identity protection
Previous by thread: Re: [TLS] Comments on TLS identity protection
Next by thread: Re: [TLS] Comments on TLS identity protection
Index(es):
- Date
- Thread