[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Comments on TLS identity protection

To: "Kyle Hamilton" <aerowolf@xxxxxxxxx>
Subject: Re: [TLS] Comments on TLS identity protection
From: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 19 Dec 2006 14:44:39 -0800
Cc: tls@xxxxxxxx
In-reply-to: <6b9359640612191441w3ec5bdecqfe902ca18e29c19b@xxxxxxxxxxxxxx> (Kyle Hamilton's message of "Tue, 19 Dec 2006 15:41:57 -0700")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <86vek7pph4.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <200612192115.WAA22812@xxxxxxxxxxxxxxxxxxx> <6b9359640612191441w3ec5bdecqfe902ca18e29c19b@xxxxxxxxxxxxxx>
Reply-to: EKR <ekr@xxxxxxxxxxxxxxxxxxxx>
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)

"Kyle Hamilton" <aerowolf@xxxxxxxxx> writes:
> On every renegotiation, does the server have to reauthenticate itself
> (present its certificate again)?  Or can the credential on the client
> side be cached to avoid that duplication?

I don't think I understand the question.

1. You do a regular handshake with no client auth.
2. The server initiates a rehandshake with client auth. This has
   to be a full handshake with a new key exchange.

Any future resumptions of the second session can be done out
of cache.

-Ekr

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Comments on TLS identity protection
  - From: Martin Rex

References:
- Re: [TLS] Comments on TLS identity protection
  - From: Eric Rescorla
- Re: [TLS] Comments on TLS identity protection
  - From: Martin Rex
- Re: [TLS] Comments on TLS identity protection
  - From: Kyle Hamilton

Prev by Date: Re: [TLS] Comments on TLS identity protection
Next by Date: Re: [TLS] Comments on TLS identity protection
Previous by thread: Re: [TLS] Comments on TLS identity protection
Next by thread: Re: [TLS] Comments on TLS identity protection
Index(es):
- Date
- Thread