Extensions to TLS - PowerPoint PPT Presentation

About This Presentation
Title:

Extensions to TLS

Description:

August 2001. Slide 1. Extensions to TLS. Simon Blake-Wilson. Certicom. David Hopwood ... Clarified session resumption - extensions ignored during session resumption ... – PowerPoint PPT presentation

Number of Views:17
Avg rating:3.0/5.0
Slides: 8
Provided by: simonbla
Category:
Tags: tls | blake | dns | domain | extensions | list | name

less

Transcript and Presenter's Notes

Title: Extensions to TLS


1
Extensions to TLS
  • Simon Blake-Wilson
  • Certicom
  • David Hopwood
  • Independent Consultant
  • Jan Mikkelsen
  • Transactionware
  • Magnus Nystrom
  • RSA Security
  • Tim Wright
  • Vodafone

2
Content
  • Updates from wireless extensions
  • Issues raised
  • The way forward?

3
DNS name extension
  • New to the draft
  • Allows a single machine to host multiple
    servers
  • Client tells server DNS name of server being
    contacted
  • Server may use info to help produce response

4
Other Extensions
  • Clarified session resumption - extensions ignored
    during session resumption
  • Short session IDs - removed
  • Client cert urls - client supplies a list, one
    url one cert
  • Client cert urls - both cert hash and url
    supplied
  • Truncated MACs - restricted to HMAC with MD5 and
    SHA-1
  • Trusted root indication - cert hash option added

5
New Error Alerts
  • Be careful when new error alerts get sent!
  • Unsupported extension
  • Bad extension order
  • Unrecognized domain
  • Certificate unobtainable
  • Bad OCSP response

6
Issues
  • How serious is certificate unobtainable alert?
  • Do we need to require client driven extensions?
  • How/where do DNS names get canonicalized?
  • Generalize OCSP status request?
  • Tie extensions with TLS version rev?

7
The Way Forward?
  • Update based on comments and known issues
  • WG last call?
Write a Comment
User Comments (0)
About PowerShow.com