W3C home > Mailing lists > Public > public-web-security@w3.org > June 2011

Re: Request for feedback: DOMCrypt API proposal

From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 2 Jun 2011 09:11:09 -0700
Message-ID: <BANLkTim6K8+6bwcsUV0M0de==kiU6=k3Jg@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: David Dahl <ddahl@mozilla.com>, public-web-security@w3.org, Nico Williams <nico@cryptonector.com>
I've done an implementation of a slightly earlier version of this in OpenSSL.

-ekr


On Thu, Jun 2, 2011 at 9:06 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
> I guess the RFC [1] - those are supposed to be good enough
> for implementers:-)
>
> If its not enough, feel free to ping me and I can try find
> someone who's written code.
>
> S.
>
> [1] http://tools.ietf.org/html//rfc5705
>
> On 02/06/11 16:57, David Dahl wrote:
>> Someone else also asked me about TLS key extraction, I will have to add that to my list of research to do. Can you point me to any further reading?
>>
>> Cheers,
>>
>> David
>>
>> ----- Original Message -----
>> From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
>> To: "Nico Williams" <nico@cryptonector.com>
>> Cc: "David Dahl" <ddahl@mozilla.com>, public-web-security@w3.org
>> Sent: Thursday, June 2, 2011 10:01:21 AM
>> Subject: Re: Request for feedback: DOMCrypt API proposal
>>
>>
>>
>> On 02/06/11 15:41, Nico Williams wrote:
>>> If people were to rely on TLS key extraction then we might as well
>>> kiss mutual authentication goodbye,
>>
>> Two things. First, I don't see that that follows and even if
>> it did it still would not necessarily be convincing. My idea
>> in pushing key extraction is to avoid loads of developers
>> re-inventing the TLS handshake (badly) at the application
>> layer. Secondly, mutual auth is a different (in practice)
>> hard problem that's also well worth trying to address.
>>
>>> but mutual authentication and
>>> channel binding had plenty of support at the workshop (though they are
>>> not mentioned in the report).
>>
>> If there's interest in that too, that's great, but these
>> things should not be seen as competing IMO.
>>
>> S.
>>
>>
>
>
Received on Friday, 3 June 2011 11:32:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:19 UTC