Re: [quicwg/base-drafts] Why must we not use post-handshake client auth? (#2294)
Martin Thomson <notifications@github.com> Sun, 06 January 2019 22:26 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 661B313103B for <quic-issues@ietfa.amsl.com>; Sun, 6 Jan 2019 14:26:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.063
X-Spam-Level:
X-Spam-Status: No, score=-8.063 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PsZtO45RrLzC for <quic-issues@ietfa.amsl.com>; Sun, 6 Jan 2019 14:26:51 -0800 (PST)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E85A2131032 for <quic-issues@ietf.org>; Sun, 6 Jan 2019 14:26:50 -0800 (PST)
Date: Sun, 06 Jan 2019 14:26:50 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1546813610; bh=PtqeAQMsvDGreYsKquhnxYvP3PSJ//CwDL30KjxmJ+w=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=sZ+Q/R5fdJvd8r5pMdc0AKKxcIadngi90eKyd5iyQM4dwGdX07OBsomVkf1fifK9F f7Ub0y2FiS+qovDWXh1Fzyh7sAAHGHlmv2TZKRc5AbmAm0GvFP4nPGDSQFKcAZcMD6 bAWrFYR0hBSZXkGsLT02pE0LpnJPwBffCgXei954=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abd30dbe4414a03b3ce855e4774e586f0c0aea1f8d92cf00000001184a42aa92a169ce179b352f@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2294/451780927@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2294@github.com>
References: <quicwg/base-drafts/issues/2294@github.com>
Subject: Re: [quicwg/base-drafts] Why must we not use post-handshake client auth? (#2294)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c3280aa1d9f3_6d163f8a544d45b851933"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/OFbajeyCynLZBiUpagYW7qGA1L4>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jan 2019 22:26:53 -0000
The reason is a little complicated, and [the only citation we have]((https://httpwg.org/http-extensions/draft-ietf-httpbis-http2-secondary-certs.html#http2) is neither mature enough to cite, nor direct enough to really answer the question properly. The problem here is mostly being able to attribute the authentication with activity at the application layer, which is hard in a highly asynchronous, concurrent protocol. Add a sprinkling of confused deputy. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2294#issuecomment-451780927
- [quicwg/base-drafts] Why must we not use post-han… David Schinazi
- Re: [quicwg/base-drafts] Why must we not use post… Martin Thomson
- Re: [quicwg/base-drafts] Why must we not use post… Martin Thomson
- Re: [quicwg/base-drafts] Why must we not use post… Martin Thomson
- Re: [quicwg/base-drafts] Why must we not use post… David Schinazi