[TLS] draft-ietf-tls-exported-authenticator
Benjamin Kaduk <kaduk@mit.edu> Thu, 16 November 2017 03:13 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBFBA126E7A for <tls@ietfa.amsl.com>; Wed, 15 Nov 2017 19:13:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l7overk5Fb6S for <tls@ietfa.amsl.com>; Wed, 15 Nov 2017 19:13:37 -0800 (PST)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 437C512940E for <tls@ietf.org>; Wed, 15 Nov 2017 19:13:37 -0800 (PST)
X-AuditID: 12074424-e55ff70000001373-bc-5a0d025d7d40
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id A8.72.04979.E520D0A5; Wed, 15 Nov 2017 22:13:35 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id vAG3DV3W003568 for <tls@ietf.org>; Wed, 15 Nov 2017 22:13:32 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id vAG3DSt3005645 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <tls@ietf.org>; Wed, 15 Nov 2017 22:13:30 -0500
Date: Wed, 15 Nov 2017 21:13:28 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: tls@ietf.org
Message-ID: <20171116031327.GJ82825@kduck.kaduk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrLIsWRmVeSWpSXmKPExsUixG6nohvPxBtlMPGMssWn812MDoweS5b8 ZApgjOKySUnNySxLLdK3S+DKWLy+j7HgDXPFq+/2DYwTmLsYOTkkBEwkLv9ezdjFyMUhJLCY SWLVvK1MEM4RRokF6w4xQzgvmCRenuhjAWlhEVCVuHZsAxOIzSagItHQfRmoiINDREBAovml GEhYWEBPom/OGrASXqANK2fcZ4ewBSVOznwCNoZZQEvixr+XTCCtzALSEsv/cYCERQWUJfb2 HWKfwMg7C0nHLCQdsxA6FjAyr2KUTcmt0s1NzMwpTk3WLU5OzMtLLdI118vNLNFLTSndxAgO IxeVHYzdPd6HGAU4GJV4eC/E80QJsSaWFVfmHmKU5GBSEuV1/s0dJcSXlJ9SmZFYnBFfVJqT WnyIUYKDWUmEN3IhUDlvSmJlVWpRPkxKmoNFSZx3W9CuSCGB9MSS1OzU1ILUIpisDAeHkgSv KiNvlJBgUWp6akVaZk4JQpqJgxNkOA/Q8C4GoBre4oLE3OLMdIj8KUZjjhsPr/9h4ng283UD sxBLXn5eqpQ4rzbIOAGQ0ozSPLhpoFQgkb2/5hWjONBzwrz6IFU8wDQCN+8V0ComoFU2N7hB VpUkIqSkGhh5HgiH2p/UjEx6EDH5Dt/sRtW5FnNZjz2/oWjZ/Mpo9Ua5tWqXEpYUnl76wmRb ROmt7pmP2sM7uUueJMiYzZ+7OcGIqbnuf5FKnI39xNms3EufMpybbD6XMdQ+in+CLfOf63uN Zs3xtGOrvik2bcFFmSVRcu8K5+1fN+VF61rB+zsuTFxpURigxFKckWioxVxUnAgAUSkiz+AC AAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-JhL2n8lbEalzVfnwQ9IF_0druE>
Subject: [TLS] draft-ietf-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 03:13:39 -0000
In the exported authenticators draft we claim that "The application layer protocol used to send the authenticator SHOULD use TLS as its underlying transport." This is of course natural -- why would you be using TLS authenticators if you were not using TLS -- but it seems that we would also benefit from saying what properties are actually *required* of the channel used to transport the authenticator. (Confidentiality? Binding to the key material of the TLS connection?) -Ben
- [TLS] draft-ietf-tls-exported-authenticator Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-exported-authenticator Nick Sullivan