[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TLS] Last Call for comments on modifications to section 7.4.1.4 of draft-ietf-tls-rfc4346-bis

To: <tls@xxxxxxxx>
Subject: [TLS] Last Call for comments on modifications to section 7.4.1.4 of draft-ietf-tls-rfc4346-bis
From: "Joseph Salowey (jsalowey)" <jsalowey@xxxxxxxxx>
Date: Thu, 15 May 2008 09:54:17 -0700
Authentication-results: sj-dkim-2; header.From=jsalowey@xxxxxxxxx; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Delivered-to: tls@xxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=2733; t=1210870409; x=1211734409; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@xxxxxxxxx; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey@ci sco.com> |Subject:=20Last=20Call=20for=20comments=20on=20modificatio ns=20to=20section=207.4.1.4=20of=20draft-ietf-tls-rfc4346-bi s |Sender:=20; bh=hVaTugr7q3zAgfCTNrFxVkEMjx64MkXaCjRdPKbyVrE=; b=Fzhc4Lx1JlGmVIfYerimzQFMHurQeBuLtQq+dF4s4BTxZ2VXh7JQQTZVFo 7K1RH1fP60tj832jE88/HrT2Yif99NOEyYz+30uHQcDj3r14lTTQeTGISUeB 3Xv0SCwfcF;
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces@xxxxxxxx
Thread-index: Aci2rFA6a1rTfdxuSeWkhpV3PlIjsw==
Thread-topic: Last Call for comments on modifications to section 7.4.1.4 of draft-ietf-tls-rfc4346-bis

This is a last call for comments on modifications to section 7.4.1.4 of
draft-ietf-tls-rfc4346-bis-10
(http://tools.ietf.org/html/draft-ietf-tls-rfc4346-bis-10), which is
currently in the RFC editor queue.  The modifications are in response to
issues raised on the list with regard to missing text on hello
extensions and session resumption (see
http://www.ietf.org/mail-archive/web/tls/current/msg02645.html).  The
modifications are attached below.  

The last call will last for one week so please send your comments to the
list by May 22, 2008.  

Thanks,

Joe


In 7.4.1.4, after "as described in Section 12" and before "There are
subtle":

   An extension type MUST NOT appear in the ServerHello unless the
   same extension type appeared in the corresponding ClientHello.  If
   a client receives an extension type in ServerHello that it did not
   request in the associated ClientHello, it MUST abort the handshake
   with an unsupported_extension fatal alert.

   Nonetheless, "server-oriented" extensions may be provided in the
   future within this framework.  Such an extension (say, of type x)
   would require the client to first send an extension of type x in
   ClientHello with empty extension_data to indicate that it supports
   the extension type.  In this case, the client is offering the
   capability to understand the extension type, and the server is
   taking the client up on its offer.

   When multiple extensions of different types are present in the
   ClientHello or ServerHello messages, the extensions MAY appear in
   any order. There MUST NOT be more than one extension of the same
   type.

   Finally, note that extensions can be sent both when starting a new
   session and when requesting session resumption.  Indeed, a client
   that requests session resumption does not in general know whether
   the server will accept this request, and therefore it SHOULD send
   the same extensions as it would send if it were not attempting
   resumption.	

   In general, the specification of each extension type needs to
   describe the effect of the extension both during full handshake and
   session resumption. Most current TLS extensions are relevant only
   when a session is initiated: when an older session is resumed, the
   server does not process these extensions in Client Hello, and does
   not include them in Server Hello. However, some extensions may
   specify different behavior during session resumption.


Also, we should add to end of Section 7.4.1.4.1:

   When performing session resumption, this extension is not included
   in Server Hello, and the server ignores the extension in Client
   Hello (if present).
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

Prev by Date: Re: [TLS] Extensions and session resumption
Previous by thread: Exotic asian women bares all
Index(es):
- Date
- Thread