[dane] DANE Client Authentication draft updated

Shumon Huque <shuque@gmail.com> Tue, 12 January 2016 15:15 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 973091B2A9A for <dane@ietfa.amsl.com>; Tue, 12 Jan 2016 07:15:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x2B2xfy0yYba for <dane@ietfa.amsl.com>; Tue, 12 Jan 2016 07:15:37 -0800 (PST)
Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93BB51B2A9D for <dane@ietf.org>; Tue, 12 Jan 2016 07:15:37 -0800 (PST)
Received: by mail-qg0-x22e.google.com with SMTP id e32so341695754qgf.3 for <dane@ietf.org>; Tue, 12 Jan 2016 07:15:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=w4bFP/AXYpOGY2YXgWcohbEoAK1Z6wsoDQUgsGCqJDA=; b=yo7M4nMLYwCqC6b06v9yULX7F4v7ET++cpJb7gyS8ndv0tHXAjH/FRC/QQpydkouXW l1EUOg8Tp2zSD7Sl7x5GXX1jC9HSNY3TEis/UGZT0KzfFQR7viUSc9Qjk+lQbCY8rPVR AVD7gWixmoEp2SbouRKgFv1zlLTyqPUc7QGDux+WVOrtkvDbtoNwaPn97V3NUT3p9Edh lEuHSsipcjb0H4WFjwteuYluQzDkoffyG70rkkbgRSMFZNg/0T0ePrM1El5GmnD7NaP2 ORV4wPli2Vl1otRCpx/tHdudybFJynnUglp1nTkQLbXYhqX36lIedInBu+qt528Qh/oF CjYw==
MIME-Version: 1.0
X-Received: by 10.141.3.9 with SMTP id f9mr179624118qhd.98.1452611736778; Tue, 12 Jan 2016 07:15:36 -0800 (PST)
Received: by 10.140.102.9 with HTTP; Tue, 12 Jan 2016 07:15:36 -0800 (PST)
Date: Tue, 12 Jan 2016 10:15:36 -0500
Message-ID: <CAHPuVdXb3HJfxayJbAqjYu4aYrHaJgeSrAVJ1GcnL863-6g7-Q@mail.gmail.com>
From: Shumon Huque <shuque@gmail.com>
To: "<dane@ietf.org>" <dane@ietf.org>
Content-Type: multipart/alternative; boundary=001a1139b9c49141ed0529248604
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/utMPR61wpEnhMCCCbKpUcdJJgvI>
Subject: [dane] DANE Client Authentication draft updated
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 15:15:39 -0000

Hi folks,

We've updated the DANE Client Certificates draft, and also posted a
new draft describing a TLS extension to convey a DANE client identity
to a TLS server.

Reviews/feedback/questions appreciated.

TLS Extension for DANE Client Identity:
https://tools.ietf.org/html/draft-huque-tls-dane-clientid-00

  Describes a new (D)TLS extension to convey a DANE client
  identity. This enables the use of raw public key client
  authentication with DANE. It also helps client certificate
  authentication work better and more efficiently.

  (We'll post this to the TLS working group also.)

TLS Client Authentication via DANE TLSA Records:
https://tools.ietf.org/html/draft-huque-dane-client-cert-02

  This is an update of the DANE client certificates draft
  we introduced just before IETF93. It is now renamed to
  "TLS Client Authentication" because it deals with more
  than just client certificates, treating raw public key
  auth on par with the former throughout (rather than mostly
  as a footnote in the earlier version). It references the
  TLS extension draft and updates the expected protocol behavior
  accordingly. There are also updated references to documents
  that have now become RFCs (notably 7671 - DANE Updates and
  Ops guidance).

--
Shumon Huque