IETF Logo Mail Archive

Re: FW: New Version Notification for draft-bishop-httpbis-http2-additional-certs-05.txt

Patrick McManus <mcmanus@ducksong.com> Tue, 31 October 2017 11:30 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E15B813AB2B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 31 Oct 2017 04:30:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.399
X-Spam-Level:
X-Spam-Status: No, score=-6.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sendgrid.me
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oox2u6eT_AUs for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 31 Oct 2017 04:30:21 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D09841394F2 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 31 Oct 2017 04:30:21 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1e9UeH-0000JM-32 for ietf-http-wg-dist@listhub.w3.org; Tue, 31 Oct 2017 11:24:01 +0000
Resent-Date: Tue, 31 Oct 2017 11:24:01 +0000
Resent-Message-Id: <E1e9UeH-0000JM-32@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <bounces+1568871-208f-ietf-http-wg=w3.org@sendgrid.net>) id 1e9UeA-0000HZ-VQ for ietf-http-wg@listhub.w3.org; Tue, 31 Oct 2017 11:23:54 +0000
Received: from o1.7nn.fshared.sendgrid.net ([167.89.55.65]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <bounces+1568871-208f-ietf-http-wg=w3.org@sendgrid.net>) id 1e9Ue2-0001kd-CC for ietf-http-wg@w3.org; Tue, 31 Oct 2017 11:23:54 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sendgrid.me; h=mime-version:in-reply-to:references:from:subject:to:cc:content-type; s=smtpapi; bh=Y8ArGN2fv1RJ50vgXvZNGgYXAhc=; b=jOQm83Z5Kv4Q3cwzYH MDObiQ9bTKngbn4Tvjnlj4Ieo87fypV6HlSGSrLDGGWY0v7RITVIp2NoALi3cXR1 JmxA5MkQleRZ0AQNOkJptTRgb9to1YOGpb7cemTbSCpbtYVIgrP6LD1Iil30X5gn HQ3PClkfYY+N7JOdJ585sEbSc=
Received: by filter0002p3iad2.sendgrid.net with SMTP id filter0002p3iad2-13981-59F85D2D-6 2017-10-31 11:23:25.366400416 +0000 UTC
Received: from mail-lf0-f46.google.com (mail-lf0-f46.google.com [209.85.215.46]) by ismtpd0002p1lon1.sendgrid.net (SG) with ESMTP id KFkyn-EMT8aOVgslt27Yiw for <ietf-http-wg@w3.org>; Tue, 31 Oct 2017 11:23:24.730 +0000 (UTC)
Received: by mail-lf0-f46.google.com with SMTP id 90so18561491lfs.13 for <ietf-http-wg@w3.org>; Tue, 31 Oct 2017 04:23:24 -0700 (PDT)
X-Gm-Message-State: AMCzsaVdTj6bY0EhATBqBMDyho7erTYqGlO21sL/MIJ8GWzOKb7Sic3f 5eRk8I7uNlUteBbqOTr2CHaOxN+Hcs/rfcKjuzY=
X-Google-Smtp-Source: ABhQp+TXYm1MKrPDcT+WKvFRQ37EyID7yR0Sr1ZUtIpGiGuFnSjZmmD80gArhAwss47QK/1KmX3BD8r3hrz7S0mxG+k=
X-Received: by 10.25.84.134 with SMTP id b6mr631473lfl.168.1509449003795; Tue, 31 Oct 2017 04:23:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.21.22 with HTTP; Tue, 31 Oct 2017 04:23:22 -0700 (PDT)
In-Reply-To: <MWHPR08MB347212B6F2F9DDD092728354DA5E0@MWHPR08MB3472.namprd08.prod.outlook.com>
References: <150939960176.7740.5723475746682417243.idtracker@ietfa.amsl.com> <MWHPR08MB347212B6F2F9DDD092728354DA5E0@MWHPR08MB3472.namprd08.prod.outlook.com>
From: Patrick McManus <mcmanus@ducksong.com>
Date: Tue, 31 Oct 2017 11:23:25 +0000
X-Gmail-Original-Message-ID: <CAOdDvNoAKsz91=24PJak8rooWn9ubxvsWgGXK+ufvJ6yaCZWqw@mail.gmail.com>
Message-ID: <CAOdDvNoAKsz91=24PJak8rooWn9ubxvsWgGXK+ufvJ6yaCZWqw@mail.gmail.com>
To: Mike Bishop <mbishop@evequefou.be>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="94eb2c1cdec0ad8bbd055cd5fb70"
X-SG-EID: YLWet4rakcOTMHWvPPwWbcsiUJbN1FCn0PHYd/Uujh73DLj8AA2m8dW7ngZj+JKYdcCBfrlVNK99k7 tvIBYAHWorgrGVesFWKf0/AXfYTR5DoGf30WsXAOI26IcvIObySC8LvK8NaBRnFXhmNk+8XDHV/yEZ r/WWWPC0mY4q5CdiMO6c2rmFerdRmMPg7443Eohr5RiWaBbxOr2QTz07xWnjrS7yMjynaSACdBVLmT A=
Received-SPF: pass client-ip=167.89.55.65; envelope-from=bounces+1568871-208f-ietf-http-wg=w3.org@sendgrid.net; helo=o1.7nn.fshared.sendgrid.net
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: AWL=-0.690, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1e9Ue2-0001kd-CC ff0365807fc9c8a821f12e5ec6be64e6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: FW: New Version Notification for draft-bishop-httpbis-http2-additional-certs-05.txt
Archived-At: <http://www.w3.org/mid/CAOdDvNoAKsz91=24PJak8rooWn9ubxvsWgGXK+ufvJ6yaCZWqw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34652
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks Mike, Nick, Martin!

On Mon, Oct 30, 2017 at 8:14 PM, Mike Bishop <mbishop@evequefou.be> wrote:

> In preparation for Singapore, we've updated the Additional Certs draft to
> track changes in TLS 1.3 and the Exported Authenticators TLS draft.
> There's been substantial interest here, and we'll be discussing the draft
> during the WG meeting.
>
> -----Original Message-----
> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> Sent: Monday, October 30, 2017 2:40 PM
> To: Martin Thomson <martin.thomson@gmail.com>; Mike Bishop <
> mbishop@evequefou.be>; Nick Sullivan <nick@cloudflare.com>
> Subject: New Version Notification for draft-bishop-httpbis-http2-
> additional-certs-05.txt
>
>
> A new version of I-D, draft-bishop-httpbis-http2-additional-certs-05.txt
> has been successfully submitted by Mike Bishop and posted to the IETF
> repository.
>
> Name:           draft-bishop-httpbis-http2-additional-certs
> Revision:       05
> Title:          Secondary Certificate Authentication in HTTP/2
> Document date:  2017-10-30
> Group:          Individual Submission
> Pages:          21
> URL:            https://www.ietf.org/internet-drafts/draft-bishop-httpbis-
> http2-additional-certs-05.txt
> Status:         https://datatracker.ietf.org/doc/draft-bishop-httpbis-
> http2-additional-certs/
> Htmlized:       https://tools.ietf.org/html/draft-bishop-httpbis-http2-
> additional-certs-05
> Htmlized:       https://datatracker.ietf.org/
> doc/html/draft-bishop-httpbis-http2-additional-certs-05
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-bishop-httpbis-
> http2-additional-certs-05
>
> Abstract:
>   TLS provides fundamental mutual authentication services for HTTP,
>   supporting up to one server certificate and up to one client
>   certificate associated to the session to prove client and server
>   identities as necessary.  This draft provides mechanisms for
>   providing additional such certificates at the HTTP layer when these
>   constraints are not sufficient.
>
>   Many HTTP servers host content from several origins.  HTTP/2
>   [RFC7540] permits clients to reuse an existing HTTP connection to a
>   server provided that the secondary origin is also in the certificate
>   provided during the TLS [I-D.ietf-tls-tls13] handshake.
>
>   In many cases, servers will wish to maintain separate certificates
>   for different origins but still desire the benefits of a shared HTTP
>   connection.  Similarly, servers may require clients to present
>   authentication, but have different requirements based on the content
>   the client is attempting to access.
>
>   This document describes how TLS exported authenticators
>   [I-D.ietf-tls-exported-authenticator] can be used to provide proof of
>   ownership of additional certificates to the HTTP layer to support
>   both scenarios.
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at
> tools.ietf.org.
>
> The IETF Secretariat
>
>
>

v2.23.0 | Report a Bug | By Email