FW: New Version Notification for draft-bishop-httpbis-http2-additional-certs-05.txt
Mike Bishop <mbishop@evequefou.be> Tue, 31 October 2017 07:38 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3602F13FAFC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 31 Oct 2017 00:38:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J7iYpwD2aS1B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 31 Oct 2017 00:38:53 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EE6113F5CD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 31 Oct 2017 00:38:53 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1e9R17-00020I-9q for ietf-http-wg-dist@listhub.w3.org; Tue, 31 Oct 2017 07:31:21 +0000
Resent-Message-Id: <E1e9R17-00020I-9q@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <ylafon@w3.org>) id 1e9R12-0001zV-C7 for ietf-http-wg@listhub.w3.org; Tue, 31 Oct 2017 07:31:16 +0000
Received: from raoul.w3.org ([128.30.52.128]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <ylafon@w3.org>) id 1e9R11-0004q6-BJ for ietf-http-wg@w3.org; Tue, 31 Oct 2017 07:31:16 +0000
Received: from platy.fdn.fr ([80.67.176.7] helo=[192.168.1.37]) by raoul.w3.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ylafon@w3.org>) id 1e9R11-000540-0P for ietf-http-wg@w3.org; Tue, 31 Oct 2017 07:31:15 +0000
Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.7\))
Content-Type: text/plain; charset="us-ascii"
From: Mike Bishop <mbishop@evequefou.be>
Resent-From: Yves Lafon <ylafon@w3.org>
In-Reply-To: <150939960176.7740.5723475746682417243.idtracker@ietfa.amsl.com>
Date: Tue, 31 Oct 2017 00:14:07 +0000
Content-Transfer-Encoding: quoted-printable
Resent-Date: Tue, 31 Oct 2017 08:31:13 +0100
Message-Id: <MWHPR08MB347212B6F2F9DDD092728354DA5E0@MWHPR08MB3472.namprd08.prod.outlook.com>
Resent-To: ietf-http-wg@w3.org
References: <150939960176.7740.5723475746682417243.idtracker@ietfa.amsl.com>
X-Name-Md5: efe3dad792d606410c9cc49cedaffc94
To: HTTP Working Group <ietf-http-wg@w3.org>
X-Mailer: Apple Mail (2.3445.1.7)
X-W3C-Hub-Spam-Status: No, score=-2.4
X-W3C-Hub-Spam-Report: ALL_TRUSTED=-1, BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RP_MATCHES_RCVD=-0.001, W3C_NW=0.5
X-W3C-Scan-Sig: titan.w3.org 1e9R11-0004q6-BJ 8e06657fb5bf116c09340c4c3aa7a33b
X-Original-To: ietf-http-wg@w3.org
Subject: FW: New Version Notification for draft-bishop-httpbis-http2-additional-certs-05.txt
Archived-At: <http://www.w3.org/mid/MWHPR08MB347212B6F2F9DDD092728354DA5E0@MWHPR08MB3472.namprd08.prod.outlook.com>
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34648
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
In preparation for Singapore, we've updated the Additional Certs draft to track changes in TLS 1.3 and the Exported Authenticators TLS draft. There's been substantial interest here, and we'll be discussing the draft during the WG meeting. -----Original Message----- From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] Sent: Monday, October 30, 2017 2:40 PM To: Martin Thomson <martin.thomson@gmail.com>; Mike Bishop <mbishop@evequefou.be>; Nick Sullivan <nick@cloudflare.com> Subject: New Version Notification for draft-bishop-httpbis-http2-additional-certs-05.txt A new version of I-D, draft-bishop-httpbis-http2-additional-certs-05.txt has been successfully submitted by Mike Bishop and posted to the IETF repository. Name: draft-bishop-httpbis-http2-additional-certs Revision: 05 Title: Secondary Certificate Authentication in HTTP/2 Document date: 2017-10-30 Group: Individual Submission Pages: 21 URL: https://www.ietf.org/internet-drafts/draft-bishop-httpbis-http2-additional-certs-05.txt Status: https://datatracker.ietf.org/doc/draft-bishop-httpbis-http2-additional-certs/ Htmlized: https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs-05 Htmlized: https://datatracker.ietf.org/doc/html/draft-bishop-httpbis-http2-additional-certs-05 Diff: https://www.ietf.org/rfcdiff?url2=draft-bishop-httpbis-http2-additional-certs-05 Abstract: TLS provides fundamental mutual authentication services for HTTP, supporting up to one server certificate and up to one client certificate associated to the session to prove client and server identities as necessary. This draft provides mechanisms for providing additional such certificates at the HTTP layer when these constraints are not sufficient. Many HTTP servers host content from several origins. HTTP/2 [RFC7540] permits clients to reuse an existing HTTP connection to a server provided that the secondary origin is also in the certificate provided during the TLS [I-D.ietf-tls-tls13] handshake. In many cases, servers will wish to maintain separate certificates for different origins but still desire the benefits of a shared HTTP connection. Similarly, servers may require clients to present authentication, but have different requirements based on the content the client is attempting to access. This document describes how TLS exported authenticators [I-D.ietf-tls-exported-authenticator] can be used to provide proof of ownership of additional certificates to the HTTP layer to support both scenarios. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- FW: New Version Notification for draft-bishop-htt… Mike Bishop
- Re: FW: New Version Notification for draft-bishop… Patrick McManus
- Re: FW: New Version Notification for draft-bishop… Kazuho Oku
- Re: FW: New Version Notification for draft-bishop… Nick Sullivan
- Re: FW: New Version Notification for draft-bishop… Ilari Liusvaara
- Re: FW: New Version Notification for draft-bishop… Ilari Liusvaara
- RE: FW: New Version Notification for draft-bishop… Mike Bishop
- Re: FW: New Version Notification for draft-bishop… Kazuho Oku
- RE: FW: New Version Notification for draft-bishop… Mike Bishop
- Re: FW: New Version Notification for draft-bishop… Kazuho Oku
- RE: FW: New Version Notification for draft-bishop… Mike Bishop
- RE: FW: New Version Notification for draft-bishop… Mike Bishop