Re: [Acme] key agility?
Anders Rundgren <anders.rundgren.net@gmail.com> Fri, 19 December 2014 06:02 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28D981A9172 for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 22:02:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZzgCSl2vfZ3U for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 22:02:57 -0800 (PST)
Received: from mail-wg0-x231.google.com (mail-wg0-x231.google.com [IPv6:2a00:1450:400c:c00::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F9AC1A9163 for <acme@ietf.org>; Thu, 18 Dec 2014 22:02:57 -0800 (PST)
Received: by mail-wg0-f49.google.com with SMTP id n12so411573wgh.36 for <acme@ietf.org>; Thu, 18 Dec 2014 22:02:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=GJnzpidKugLICG837EixzNum70wr4zj9J1A+Fh3vQ5g=; b=WgagS1ByoVYRQ89RZUHQNE7kRBq9yVNYRYIrLAB+MJPqbhmoGi0pRkyUaG3OQ649ni cWr7pAPBViEcGO788etqsmDnLiI7PRg+5Mh5l7QlVWjd547JNkT/cfJ/ckoGbWNE11lq FRxnL8/H8exKDdLAxo5BmomgzXB6BORd3IZrz+7AGdJOO4xKkWo33Eg1DRMV+athCvqU AW88VqvAi+o0odOpu3MXm+skj5wx8+GgaCFessL1JbDEnu77ygbYTwdNgez5CHNO87Fq bBUpFCHv5KUjnxc/ppgAurhMmx8nUZcFmQHf0lVIW3CSr/WC74V2jS9YygHFeCrZlgl+ DZNQ==
X-Received: by 10.180.98.162 with SMTP id ej2mr2397200wib.39.1418968976146; Thu, 18 Dec 2014 22:02:56 -0800 (PST)
Received: from [192.168.1.79] (52.16.14.81.rev.sfr.net. [81.14.16.52]) by mx.google.com with ESMTPSA id gl5sm4579498wib.0.2014.12.18.22.02.55 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 18 Dec 2014 22:02:55 -0800 (PST)
Message-ID: <5493BF87.6050107@gmail.com>
Date: Fri, 19 Dec 2014 07:02:47 +0100
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Phillip Hallam-Baker <phill@hallambaker.com>
References: <54933EC2.3010104@gmail.com> <CAMm+Lwi-SeaKfHxXxmG8vsbMK09uvZxs_-y9vQW82U9VB0hGiw@mail.gmail.com> <5493B2F8.30308@gmail.com> <5493BF2F.3010607@fifthhorseman.net>
In-Reply-To: <5493BF2F.3010607@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/a7t5GwLnZrUI8du-z9eJmrUc0J8
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] key agility?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Dec 2014 06:02:59 -0000
On 2014-12-19 07:01, Daniel Kahn Gillmor wrote: > On 12/19/2014 12:09 AM, Anders Rundgren wrote: >> On 2014-12-19 00:41, Phillip Hallam-Baker wrote: >>> On Thu, Dec 18, 2014 at 3:53 PM, Anders Rundgren >>> <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> >>> wrote: >>> >>> With a multi-step protocol some kind of key agility should be >>> possible to support. >>> The client could for example start with telling its >>> preferences/capabilities. >>> >>> Anders >>> >>> >>> I do not know what you mean here. >>> >> >> The ability to negotiate client key algorithm. > > I think Anders is hinting at something like the following: > > * some TLS servers today have both RSA and ECDSA keys, and will offer a > different cert depending on the capabilities offered by their clients. > > * this capacity (to support both key algorithms at once) is an > important one to be able to do a transition when dealing with a > heterogenous network. > > * acme should be able to support offering multiple certificates (with > different key algorithms) to a single client which requests them. > > Anders, is that what you're talking about? Indeed, pardon for being so unclear :-( Anders > > --dkg >
- [Acme] key agility? Anders Rundgren
- Re: [Acme] key agility? Phillip Hallam-Baker
- Re: [Acme] key agility? Daniel Kahn Gillmor
- Re: [Acme] key agility? Anders Rundgren
- Re: [Acme] key agility? Anders Rundgren
- Re: [Acme] key agility? Phillip Hallam-Baker
- Re: [Acme] key agility? Richard Barnes