ietf-nntp TLS cipher renegotation to NULL cipher

Jeffrey M. Vinocur jeff at litech.org
Sat Jan 4 18:33:24 PST 2003 

There is a new issue raised below that I'd like people to discuss.

It is of particular interest to people who want TLS protection only on the
authentication step, and to client authors who may be more in touch with
their users than I am.

(Note, by the way, that I don't know all that much about TLS, so if I say 
anything that doesn't make sense, please correct me.)


On Sat, 4 Jan 2003, Ken Murchison wrote:

> FYI, I spent some time hacking the TLS renegotiation after
> authentication stuff into the Cyrus NNTP server and test client, and it
> _is_  possible using OpenSSL.  Its pretty straight forward adding this
> to the server, 

Slick.  I have no objections to seeing the DSS draft resurrected in the
future if people find that the prefer it, but I think given the above, we
don't need to block on DSS for AUTHINFO SASL to proceed.


>                but the client needs to be made aware of renegotiations
> (checking error code of SSL_read()) and must provide the NULL ciphers. 

Does anyone feel we should have verbiage discussing the possibility of
renegotiations in the STARTTLS draft?  For example, a warning to check for 
the above, or a suggestion/requirement that clients have a configuration 
option to request renegotiation to NULL.

How do people see this renegotation being used?  I'm wondering in 
particular if I need to add something else at the NNTP level; what happens 
if a server admin wants to allow users to protect their entire connection, 
but wants most of them to drop to the NULL cipher after authentication?

Here's what makes the most sense to me at the moment, not having really 
thought it through very much:

    - client authors will provide the NULL cipher

    - client software will be configurable as to whether to use encryption
      only for authentication or all the time (implemented by attempting
      renegotiation to NULL after authentication is complete, and again
      back to a real cipher before beginning any subsequent 
      authentication steps)

    - client software will support renegotiation initiated by the server

Does that make sense?  Should I replace "will" with SHOULD or MUST in any 
of the above?  What should be the default configuration (I'd say 
only-for-authentication)?




P.S.  Ken, thanks for pursuing this.  I think renegotation is important to
      pin down one way or another.

-- 
Jeffrey M. Vinocur
jeff at litech.org

More information about the ietf-nntp mailing list