RE: [TLS] Comments on TLS identity protection

[<Pasi.Eronen@xxxxxxxxx>]

badra wrote:
> Pasi.Eronen@xxxxxxxxx a écrit :
> > If the extra computations occur only in very rare situations, 
> > it's perfectly reasonable not to care about it 
> 
> I disagree. Anybody can connect to your server at any time and 
> doing uncompleted double handshake. It is not a rare situation.

Do you have any data to back that claim? The fact that anybody can
connect at any time does not automatically imply that lots of people
are connecting all the time! 

(And in particular, lots of people without client certificates 
connecting all the time to servers that always require client
authentication, and without malicious intent to DoS the server.)

> > (at least sufficiently to spend the $$$ for designing, 
> > implementing,  testing, deploying, etc. a new mechanism).
> 
> How much :). The proposed changes are minimal.

To get widespread deployment, several TLS implementations would 
have to be updated, e.g. Microsoft Schannel, OpenSSL, Mozilla NSS, 
JSSE, GnuTLS, etc. Getting any change, no matter how "minimal", 
to them is not easy.

> > I think deployment-wise, double handshake has the advantage 
> > that it's already specified and implemented.
> 
> Any link to test the implementation, please?

Pick your favorite TLS implementation! There are at least
couple of dozen of them (though probably not all of them
support renegotiation). 

Some of my favourites (which seem to support renegotiation)
are http://www.openssl.org/ and http://www.gnutls.org/ -- but no 
doubt there are other ones that are equally good.

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls