[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TLS] Comments on TLS identity protection

To: <badra@xxxxxxxx>
Subject: RE: [TLS] Comments on TLS identity protection
From: <Pasi.Eronen@xxxxxxxxx>
Date: Wed, 20 Dec 2006 13:49:41 +0200
Cc: tls@xxxxxxxx
In-reply-to: <45891B1D.9060500@xxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Thread-index: AcckKBu+aVdOB6KTTReRMVhUIaOAUgABFpwg
Thread-topic: [TLS] Comments on TLS identity protection

badra wrote:

> Other reasons are included in my last mail for why double 
> handshake isn't good enough, optimization is one of them.

I don't think any of the "reasons" lead to the conclusion that 
"double handshake isn't good enough"; let me explain why:

> In the case where the client has no certificate and the server isn't
> configured to accept connexions from unauthenticated clients, we
> can't stop the TLS negotiation early. So the server is overloaded
> for nothing: the first handshake is already done and the sever
> doesn't receive a certificate from the client. In the ciphersuites
> approach, the server and the client can detect such configuration
> early during the hello phase.

And why would anyone care about this? (Note that your proposal doesn't
help against intentional denial-of-service attacks either, only
accidental misconfiguration.)

> - With double handshake, the "privacy" and "no privacy" cannot be
> implemented together. I mean TLS servers aren't so smart to do that
> without external configuration and that the client cannot set or
> negotiate "privacy" with a given server.

See draft-simon-emu-rfc2716bis Section 2.7 for how a "smart" TLS
server can support both clients that support privacy and those that
don't. 

> - Configuration cost.

What configuration? A TLS server that supports both privacy and no
privacy doesn't need any configuration options to do so (it does
need the code to do double handshake, but new code would be required
for your proposal as well). A TLS client might concievably have 
configuration option "require privacy", but this applies to your 
proposal as well.

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Comments on TLS identity protection
  - From: badra

References:
- Re: [TLS] Comments on TLS identity protection
  - From: badra

Prev by Date: Re: [TLS] Comments on TLS identity protection
Next by Date: Re: [TLS] GSS-API extension draft available
Previous by thread: Re: [TLS] Comments on TLS identity protection
Next by thread: Re: [TLS] Comments on TLS identity protection
Index(es):
- Date
- Thread