[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Comments on TLS identity protection

To: martin.rex@xxxxxxx
Subject: Re: [TLS] Comments on TLS identity protection
From: Badra <mbadra@xxxxxxxxx>
Date: Wed, 20 Dec 2006 18:43:33 +0100
Cc: tls@xxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=HuqdApSj/4l3eGNEeYhr6BF7y2zvaeGUIHtGQ5McqDYyFrUZ2nLH16hh4cYQg7D/k0ukZrrlePlOJ+0KK8REPN5HHFmsFZpoNEWTuVFJ1qbqPaQtEmi67oXdQ5xflQcT3xfB/xR+ygWxZYTza31xZIU7teRv6DTWM4IWwiZh/0M=
In-reply-to: <200612201640.RAA18078@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <458959A2.8020309@xxxxxxxx> <200612201640.RAA18078@xxxxxxxxxxxxxxxxxxx>

On 12/20/06, Martin Rex <martin.rex@xxxxxxx> wrote:

badra wrote:
>
> > To get widespread deployment, several TLS implementations would
> > have to be updated, e.g. Microsoft Schannel, OpenSSL, Mozilla NSS,
> > JSSE, GnuTLS, etc. Getting any change, no matter how "minimal",
> > to them is not easy.
> >
>
> I don't see the point here. Any TLS feature will require updating TLS
> implementations.

The point is, that by using renegotiation (=double handshake)
to protect the client identity, no code changes are necessary,
this should already work with most of the installed base,
even with many/most pure SSLv3 client implementations.

I think we can stop argumanting on the (to be extended) code :)

Best regards,

Badra

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Comments on TLS identity protection
  - From: badra
- Re: [TLS] Comments on TLS identity protection
  - From: Martin Rex

Prev by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00 (resend)
Next by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00 (resend)
Previous by thread: Re: [TLS] Comments on TLS identity protection
Next by thread: RE: [TLS] Comments on TLS identity protection
Index(es):
- Date
- Thread