Raised by Christian Dickmann on the mailing list:
Hi Robert,
see inline.
>> Section 5.7.1 says about MA re-use:
>> "If multiplexing does occur,
>> which is indicated by sending the Response over an existing
>> messaging
>> association, the following rules apply:
>>
>> o The re-used messaging association MUST NOT have weaker security
>> properties than would have been offered in the full Response
>> that
>> would have been sent without re-use."
>>
>>
>> And it also states: " For such a Response,
>> the security protocols listed in the Stack-Proposal MUST NOT depend
>> on the Query."
>>
>>
>
> ok so far (but read on...)
>
>
>> As a standard GIST nodes should at least support TCP and TLS over
>> TCP, the majority of all Responses will offer both.
>> Using the rule I quoted first means, that the Responder is not
>> allowed to decide to re-use a TCP-only MA, because it is always
>> weaker than the TLS over TCP profile.
>>
>
> the rule could be read that way, but that is not the intention.
> after all, if the node was prepared to offer TCP and TLS/TCP in
> the original response, it is presumably happy to use TCP (and
> so re-use would be possible).
>
> the actual problem is the ambiguity: the first rule could mean
> "weaker security properties than *all of the options that*
> would have been offered in the full Response"
> or
> "weaker security properties than *any of the options that*
> would have been offered in the full Response"
>
> and I think the valid approach is the first.
>
> what we are really trying to rule out is a case such as:
> - node has MA using only TCP (e.g. for NSLP foo)
> - node gets Query for NSLP bar, which absolutely requires TLS/TCP
> e.g. for message privacy
> - node would send a response listing *only* TLS/TCP for the MA
> - but re-uses the TCP one instead.
>
> so i suspect that this needs to be clarified.
>
OK, makes sense. And I agree, that this needs to be clarified in the text.
Christian
|
