[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Next steps for Client Certificate URL

To: Nelson B Bolyard <nelson@xxxxxxxxxxx>
Subject: Re: [TLS] Next steps for Client Certificate URL
From: Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
Date: Sat, 29 Mar 2008 19:48:50 +0200
Cc: tls@xxxxxxxx
Delivered-to: tls@xxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:sender; bh=9KZjFKhJDx1tE/43QSL9PwoJwGWDfHds+e++r/PgRqU=; b=bIuqSCOeZ9XBT9s7IX7o1UuOrULgJdTp1t1bRrkYHszaFaoiQ1WZFkeH/jPMZL825L4rH6scDnoj3g1Jk0bKadnmDzpulNyjZlFIHWdkKXXycGXxwZg6S7RWqXCtaQfdM4hWEbwjRXijs66om3F4KEbm5+NeaoXVZZDhwzZ/vYY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:sender; b=aMOiG9KKDjlUMsO7fIfR1wrhEw3laVHDhUh+SIe2RKPGdEHlPAw/tR4ZFVUa5Af2UOUfjDCSAMR1LFHXF94YUnwBlHeMwjxpvWuafz6aeBWKu4Ob8Rqa7UYpRkY7s3I1aTF3se5xxhdgUVdhT2sxS0GQMZhFnuQMaA7xw5jKke0=
In-reply-to: <47EE5E96.2000200@xxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <1696498986EFEC4D9153717DA325CB7238EA05@xxxxxxxxxxxxxxxxxxxxxx> <47ED54D2.5040000@xxxxxxxxxxx> <47EE16B8.3010900@xxxxxxxxxx> <47EE5E96.2000200@xxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx
User-agent: Thunderbird 2.0.0.6 (X11/20071022)

Nelson B Bolyard wrote:

>>>> Given this, would everyone be OK with updating the existing
>>>> client_certificate_url extension so that including the hash is
>>>> mandatory (client MUST send, server MUST NOT accept without hash)?
>>>> This behavior would be independent of the negotiated TLS version.
>>> I'm trying to understand the attack against which this hash is going
>>> to protect, that is not already adequately protected without it.
>>> Can someone outline that attack here?
>> Usually even if you do not have an attack at hand, it might be good to 
>> prove that a modification to a security protocol makes it no less 
>> secure. By adding the hash (and considering it ideal) it is not hard to 
>> prove that the modified scheme is as strong as by sending the 
>> certificate itself.
> 
> Given two protocols of equivalent security, the one with less overhead is
> preferable in the marketplace.  If the best thing that can be said about
> the addition of the hash is that it makes the protocol no less secure,
> that is hardly a compelling reason to make it mandatory, as Pasi proposed.

At least for me it is not obvious that the two protocols have equivalent 
security (but I cannot really say I have thoroughly studied them).


regards,
Nikos
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] Next steps for Client Certificate URL
  - From: Pasi.Eronen
- Re: [TLS] Next steps for Client Certificate URL
  - From: Nelson B Bolyard
- Re: [TLS] Next steps for Client Certificate URL
  - From: Nikos Mavrogiannopoulos
- Re: [TLS] Next steps for Client Certificate URL
  - From: Nelson B Bolyard

Prev by Date: Re: [TLS] Security today
Previous by thread: Re: [TLS] Next steps for Client Certificate URL
Next by thread: Re: [TLS] Next steps for Client Certificate URL
Index(es):
- Date
- Thread