I-D Action: draft-bishop-httpbis-http2-additional-certs-05.txt
internet-drafts@ietf.org Mon, 30 October 2017 21:40 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9491F13FBB4 for <i-d-announce@ietf.org>; Mon, 30 Oct 2017 14:40:01 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-bishop-httpbis-http2-additional-certs-05.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 6.63.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150939960158.7740.1797681666265166125@ietfa.amsl.com>
Date: Mon, 30 Oct 2017 14:40:01 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/lpfhwkXdMyWX0exNmxqM_Ua_b9I>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2017 21:40:01 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Secondary Certificate Authentication in HTTP/2
Authors : Mike Bishop
Nick Sullivan
Martin Thomson
Filename : draft-bishop-httpbis-http2-additional-certs-05.txt
Pages : 21
Date : 2017-10-30
Abstract:
TLS provides fundamental mutual authentication services for HTTP,
supporting up to one server certificate and up to one client
certificate associated to the session to prove client and server
identities as necessary. This draft provides mechanisms for
providing additional such certificates at the HTTP layer when these
constraints are not sufficient.
Many HTTP servers host content from several origins. HTTP/2
[RFC7540] permits clients to reuse an existing HTTP connection to a
server provided that the secondary origin is also in the certificate
provided during the TLS [I-D.ietf-tls-tls13] handshake.
In many cases, servers will wish to maintain separate certificates
for different origins but still desire the benefits of a shared HTTP
connection. Similarly, servers may require clients to present
authentication, but have different requirements based on the content
the client is attempting to access.
This document describes how TLS exported authenticators
[I-D.ietf-tls-exported-authenticator] can be used to provide proof of
ownership of additional certificates to the HTTP layer to support
both scenarios.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-bishop-httpbis-http2-additional-certs/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs-05
https://datatracker.ietf.org/doc/html/draft-bishop-httpbis-http2-additional-certs-05
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-bishop-httpbis-http2-additional-certs-05
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- I-D Action: draft-bishop-httpbis-http2-additional… internet-drafts