Re: IETF Last Call: draft-salowey-tls-ticket-06.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > I'm not sure I understand this, Bernard. The client doesn't need
> > to know anything about the ticket format or get to decide
> > anything about the mac. It's just the server talking to itself. 

In WLAN environments, the client has no way to restrict ticket submission 
to a given server.  Rather, clients assume that any server associated with 
a given SSID is a potential ticket validator.  Unfortunately, SSIDs 
(unlike domain names) are not globally unique.  In fact, millions of APs 
ship every year with same default SSID.  As a result, it will be very 
common for clients to submit tickets to servers who did not create them 
and are using completely different formats, algorithms and even protocol 
versions. 

Since the recommended ticket format includes only the client identity and 
not the server identity, and does not include information on the 
algorithms or formats used in constructing the ticket, the document is in 
effect setting a up a large scale "fuzzing experiment" in which random 
bits are submitted by clients to servers in order to see how they will 
react.


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]