[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] TLS document status update

To: Nelson B Bolyard <nelson@xxxxxxxxxxx>
Subject: Re: [TLS] TLS document status update
From: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 29 Apr 2008 08:26:18 -0700
Cc: tls@xxxxxxxx
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <48173B41.5000401@xxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <1696498986EFEC4D9153717DA325CB727BC503@xxxxxxxxxxxxxxxxxxxxxx> <48173B41.5000401@xxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Tue, 29 Apr 2008 08:14:09 -0700,
Nelson B Bolyard wrote:
> 
> Pasi.Eronen@xxxxxxxxx wrote, On 2008-04-29 05:18:
> > Here's a short status update on TLS WG documents:
> 
> > draft-ietf-tls-rfc4366-bis
> >    
> >    The only technical issue is whether (and how) to mandate
> >    including the hash in certificate_url message. Everyone except
> >    Nelson has supported making the hash mandatory.
> > 
> >    If I understand Nelson's view correctly, he considers the
> >    original use case for omitting the hash (CA automatically posts
> >    renewed certificates at certain URL, and the client does not
> >    necessarily have a copy of the latest cert) more important than
> >    the (rather theoretical) attacks that omitting the hash might
> >    have. Nelson, would this be a fair summary of your objection?  
> 
> Yes.  The client doesn't necessarily have ANY copy of its own cert.
> The proposed requirement that the client MUST include a hash of the
> cert it does not have presents a new problem for such implementations.

Given that the client is about to ask the server to download a copy,
I don't really see why there's a problem with the client getting
a copy first and sending the hash over.


> White-listing of hosts from which the server is willing to fetch those
> client cert URLs effectively solves the other problems without
> necessitating any mandatory hashes.

No, it doen't solve the substitution attack.

-Ekr
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] TLS document status update
  - From: Mike

References:
- [TLS] TLS document status update
  - From: Pasi.Eronen
- Re: [TLS] TLS document status update
  - From: Nelson B Bolyard

Prev by Date: Re: [TLS] TLS document status update
Next by Date: [TLS] I-D Action:draft-ietf-tls-ecc-new-mac-06.txt
Previous by thread: Re: [TLS] TLS document status update
Next by thread: Re: [TLS] TLS document status update
Index(es):
- Date
- Thread