[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] TLS Cached Information Extension - version 11
From: Hannes Tschofenig <hannes.tschofenig () gmx ! net>
Date: 2012-07-13 9:40:38
Message-ID: 7E329BCB-EFA1-423B-8F20-F6EA382D2901 () gmx ! net
[Download RAW message or body]
Hi Rob,
me again.
>
> 2. Currently, cached-info only allows a TLS Client to indicate to the TLS Server a \
> list of static Objects that it _doesn't_ want to receive (because it already has \
> them). i.e. "Don't send me any Objects of Type X, Y or Z that match Digests A, B or \
> C".
> How about extending this so that the TLS Client can indicate types of Object that \
> it _does_ want to receive? i.e. "Do send me any Objects of Type X, Y and Z that you \
> have, excluding any that match Digests A, B or C".
I am open for feedback from the group on this issue. I have not heard anyone asking \
for it so far.
>
> This added functionality could meet the needs of several other TLS extensions that \
> are being proposed, for example...
> - Multiple OCSP Responses [2].
> - Audit proofs for Google's Certificate Transparency proposal [3].
> - TACK rules for Convergence [4].
>
> Or, is it your explicit intention to restrict cached-info so that it only supports \
> the "standard" TLS handshake objects (e.g. Certificate, Trusted CAs list). (I can \
> see that such a restriction could help to ensure that client-side code can be \
> implemented entirely within the network layer rather than bleeding into the \
> application layer).
There is no intention to restrict the functionality to certain extensions.
I do, however, believe that new documents should add a description to their document \
how this document could be used in combination with the TLS cached information \
extension.
I don't think it makes sense to add text about, for example, \
draft-pettersen-tls-ext-multiple-ocsp when that work is still in progress.
Ciao
Hannes
[2] http://tools.ietf.org/html/draft-pettersen-tls-ext-multiple-ocsp
[3] http://www.links.org/file/CertificateAuthorityTransparencyandAuditability.pdf
[4] https://github.com/moxie0/Convergence/wiki/TACK
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic