[dane] DANE Client Authentication draft updated
Shumon Huque <shuque@gmail.com> Tue, 12 January 2016 15:15 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 973091B2A9A for <dane@ietfa.amsl.com>; Tue, 12 Jan 2016 07:15:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x2B2xfy0yYba for <dane@ietfa.amsl.com>; Tue, 12 Jan 2016 07:15:37 -0800 (PST)
Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93BB51B2A9D for <dane@ietf.org>; Tue, 12 Jan 2016 07:15:37 -0800 (PST)
Received: by mail-qg0-x22e.google.com with SMTP id e32so341695754qgf.3 for <dane@ietf.org>; Tue, 12 Jan 2016 07:15:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=w4bFP/AXYpOGY2YXgWcohbEoAK1Z6wsoDQUgsGCqJDA=; b=yo7M4nMLYwCqC6b06v9yULX7F4v7ET++cpJb7gyS8ndv0tHXAjH/FRC/QQpydkouXW l1EUOg8Tp2zSD7Sl7x5GXX1jC9HSNY3TEis/UGZT0KzfFQR7viUSc9Qjk+lQbCY8rPVR AVD7gWixmoEp2SbouRKgFv1zlLTyqPUc7QGDux+WVOrtkvDbtoNwaPn97V3NUT3p9Edh lEuHSsipcjb0H4WFjwteuYluQzDkoffyG70rkkbgRSMFZNg/0T0ePrM1El5GmnD7NaP2 ORV4wPli2Vl1otRCpx/tHdudybFJynnUglp1nTkQLbXYhqX36lIedInBu+qt528Qh/oF CjYw==
MIME-Version: 1.0
X-Received: by 10.141.3.9 with SMTP id f9mr179624118qhd.98.1452611736778; Tue, 12 Jan 2016 07:15:36 -0800 (PST)
Received: by 10.140.102.9 with HTTP; Tue, 12 Jan 2016 07:15:36 -0800 (PST)
Date: Tue, 12 Jan 2016 10:15:36 -0500
Message-ID: <CAHPuVdXb3HJfxayJbAqjYu4aYrHaJgeSrAVJ1GcnL863-6g7-Q@mail.gmail.com>
From: Shumon Huque <shuque@gmail.com>
To: "<dane@ietf.org>" <dane@ietf.org>
Content-Type: multipart/alternative; boundary="001a1139b9c49141ed0529248604"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/utMPR61wpEnhMCCCbKpUcdJJgvI>
Subject: [dane] DANE Client Authentication draft updated
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 15:15:39 -0000
Hi folks, We've updated the DANE Client Certificates draft, and also posted a new draft describing a TLS extension to convey a DANE client identity to a TLS server. Reviews/feedback/questions appreciated. TLS Extension for DANE Client Identity: https://tools.ietf.org/html/draft-huque-tls-dane-clientid-00 Describes a new (D)TLS extension to convey a DANE client identity. This enables the use of raw public key client authentication with DANE. It also helps client certificate authentication work better and more efficiently. (We'll post this to the TLS working group also.) TLS Client Authentication via DANE TLSA Records: https://tools.ietf.org/html/draft-huque-dane-client-cert-02 This is an update of the DANE client certificates draft we introduced just before IETF93. It is now renamed to "TLS Client Authentication" because it deals with more than just client certificates, treating raw public key auth on par with the former throughout (rather than mostly as a footnote in the earlier version). It references the TLS extension draft and updates the expected protocol behavior accordingly. There are also updated references to documents that have now become RFCs (notably 7671 - DANE Updates and Ops guidance). -- Shumon Huque
- [dane] DANE Client Authentication draft updated Shumon Huque
- Re: [dane] DANE Client Authentication draft updat… James Cloos
- Re: [dane] DANE Client Authentication draft updat… Shumon Huque
- Re: [dane] DANE Client Authentication draft updat… Viktor Dukhovni
- Re: [dane] DANE Client Authentication draft updat… John Levine
- Re: [dane] DANE Client Authentication draft updat… Shumon Huque
- Re: [dane] DANE Client Authentication draft updat… Shumon Huque
- Re: [dane] DANE Client Authentication draft updat… Kim Alvefur
- Re: [dane] DANE Client Authentication draft updat… Shumon Huque
- Re: [dane] namespace management, DANE Client Auth… John R Levine
- Re: [dane] namespace management, DANE Client Auth… Viktor Dukhovni
- Re: [dane] namespace management, DANE Client Auth… Shumon Huque
- Re: [dane] namespace management, DANE Client Auth… John Levine
- Re: [dane] namespace management, DANE Client Auth… John Levine
- Re: [dane] namespace management, DANE Client Auth… Viktor Dukhovni
- Re: [dane] DANE Client Authentication draft updat… John Levine
- Re: [dane] namespace management, DANE Client Auth… Viktor Dukhovni
- Re: [dane] namespace management, DANE Client Auth… John Levine
- Re: [dane] namespace management, DANE Client Auth… Viktor Dukhovni
- Re: [dane] namespace management, DANE Client Auth… Wiley, Glen
- Re: [dane] namespace management, DANE Client Auth… John Levine
- Re: [dane] namespace management, DANE Client Auth… Viktor Dukhovni
- Re: [dane] namespace management, DANE Client Auth… John Levine
- Re: [dane] namespace management, DANE Client Auth… Viktor Dukhovni
- Re: [dane] namespace management, DANE Client Auth… John Levine
- Re: [dane] namespace management, DANE Client Auth… Viktor Dukhovni
- Re: [dane] namespace management, DANE Client Auth… John Levine
- Re: [dane] namespace management, DANE Client Auth… Sandoche Balakrichenan
- Re: [dane] namespace management, DANE Client Auth… Viktor Dukhovni
- Re: [dane] namespace management, DANE Client Auth… Shumon Huque