- From: Eric Rescorla <ekr@rtfm.com>
- Date: Thu, 2 Jun 2011 09:11:09 -0700
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: David Dahl <ddahl@mozilla.com>, public-web-security@w3.org, Nico Williams <nico@cryptonector.com>
I've done an implementation of a slightly earlier version of this in OpenSSL. -ekr On Thu, Jun 2, 2011 at 9:06 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > I guess the RFC [1] - those are supposed to be good enough > for implementers:-) > > If its not enough, feel free to ping me and I can try find > someone who's written code. > > S. > > [1] http://tools.ietf.org/html//rfc5705 > > On 02/06/11 16:57, David Dahl wrote: >> Someone else also asked me about TLS key extraction, I will have to add that to my list of research to do. Can you point me to any further reading? >> >> Cheers, >> >> David >> >> ----- Original Message ----- >> From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie> >> To: "Nico Williams" <nico@cryptonector.com> >> Cc: "David Dahl" <ddahl@mozilla.com>, public-web-security@w3.org >> Sent: Thursday, June 2, 2011 10:01:21 AM >> Subject: Re: Request for feedback: DOMCrypt API proposal >> >> >> >> On 02/06/11 15:41, Nico Williams wrote: >>> If people were to rely on TLS key extraction then we might as well >>> kiss mutual authentication goodbye, >> >> Two things. First, I don't see that that follows and even if >> it did it still would not necessarily be convincing. My idea >> in pushing key extraction is to avoid loads of developers >> re-inventing the TLS handshake (badly) at the application >> layer. Secondly, mutual auth is a different (in practice) >> hard problem that's also well worth trying to address. >> >>> but mutual authentication and >>> channel binding had plenty of support at the workshop (though they are >>> not mentioned in the report). >> >> If there's interest in that too, that's great, but these >> things should not be seen as competing IMO. >> >> S. >> >> > >
Received on Friday, 3 June 2011 11:32:34 UTC