IETF Logo Mail Archive

[TLS] trusted_ca_keys

Natasha Rooney <nrooney@gsma.com> Thu, 04 May 2017 13:26 UTC

Return-Path: <nrooney@gsma.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66E9D129406 for <tls@ietfa.amsl.com>; Thu, 4 May 2017 06:26:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.702
X-Spam-Level:
X-Spam-Status: No, score=-4.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gsmasso.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVUb55OgTqNS for <tls@ietfa.amsl.com>; Thu, 4 May 2017 06:26:13 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10050.outbound.protection.outlook.com [40.107.1.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79EBC128B4E for <tls@ietf.org>; Thu, 4 May 2017 06:26:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=GSMASSO.onmicrosoft.com; s=selector1-gsma-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=gSFFg3Iibkp2HeeFXPitT21gVGB6cjTpj7OE7Mn2UUA=; b=sTvU8lRlVsi5frSTWUPDPvrH6yGyTSVzFt/UBp2LA6Ljy0ZPDUD8ylxht1avj53EvT84haQmrr39Lbjgfl6ydviUtbdUPe3d+Yfz0ZK/fcKfUVdir4Uy/MCFTLWBPXI1x1wKrw2dHFyXdcLbe5ONIXqpBru7DWKH9vhr3QgcdEM=
Received: from AM2PR04MB0802.eurprd04.prod.outlook.com (10.160.56.28) by AM3PR04MB1362.eurprd04.prod.outlook.com (10.163.185.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.12; Thu, 4 May 2017 13:26:02 +0000
Received: from AM2PR04MB0802.eurprd04.prod.outlook.com ([fe80::c094:3686:6937:5c6a]) by AM2PR04MB0802.eurprd04.prod.outlook.com ([fe80::c094:3686:6937:5c6a%15]) with mapi id 15.01.1075.010; Thu, 4 May 2017 13:26:02 +0000
From: Natasha Rooney <nrooney@gsma.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: trusted_ca_keys
Thread-Index: AQHSwDDGEZlexoCE1UeM9rJfM1WBYQ==
Date: Thu, 04 May 2017 13:26:02 +0000
Message-ID: <E6DC2D6B-3F1A-497C-A1FA-35541495A57D@gsma.com>
References: <A9124993-22C2-4D1A-827D-C63925B762F2@gsma.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3273)
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=gsma.com;
x-originating-ip: [62.189.0.100]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM3PR04MB1362; 7:Bm4/A9cdSuCgzInY/P3YTv77KlyNA2xmJj3+ZRUQmDPPMKOqAS/DX56x39YshI8dv6wpkgrbbpZhY/9QVBwSW1le/VjUn2U238+oAyzULbhv4CJFbt3zT/WAllKRya96ghAKbws88pfnopYtthTW8VKEff4Z49vWS5xGoicryRxrzWfdG68B73LNK+i8iXqjFUAywWzLQ5asaqOACoY/kOUTxYjsQP5UeermaGVkib6Wv07gOO3McDWanCLhj4VJdxrjYr89dCqoavEpVsmtzoVc/S6ZJlEoT+ztqwAkIlrTugnC6RKbEIDC//5/9aZAp/usO1o2gQAWJ4B9hSs+MA==
x-ms-office365-filtering-correlation-id: 54f95a52-4a78-43e5-6571-08d492f11c5b
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:AM3PR04MB1362;
x-microsoft-antispam-prvs: <AM3PR04MB1362E055424CD84241795941C3EA0@AM3PR04MB1362.eurprd04.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(6041248)(20161123558100)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123555025)(20161123560025)(6072148); SRVR:AM3PR04MB1362; BCL:0; PCL:0; RULEID:; SRVR:AM3PR04MB1362;
x-forefront-prvs: 02973C87BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39410400002)(39400400002)(39450400003)(39850400002)(39840400002)(53754006)(3846002)(33656002)(6116002)(102836003)(50226002)(8936002)(53936002)(305945005)(99286003)(82746002)(5660300001)(1730700003)(7116003)(81166006)(5640700003)(8676002)(38730400002)(2501003)(110136004)(3280700002)(83716003)(5890100001)(6512007)(478600001)(86362001)(2906002)(5250100002)(36756003)(6436002)(76176999)(66066001)(50986999)(6486002)(25786009)(2351001)(6916009)(3660700001)(6506006)(189998001)(7736002)(2900100001)(57306001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR04MB1362; H:AM2PR04MB0802.eurprd04.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <CA418DEA9D18704A925D48CD324687A7@eurprd04.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: gsma.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2017 13:26:02.3975 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72a4ff82-fec3-469d-aafb-ac8276216699
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR04MB1362
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: AM2PR04MB0802.eurprd04.prod.outlook.com
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-TransportTrafficSubType:
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC: "Ajay S. Rambocus" <arambocus@gsma.com>
X-MS-Exchange-CrossPremises-originalclientipaddress: 62.189.0.100
X-MS-Exchange-CrossPremises-transporttraffictype: Email
X-MS-Exchange-CrossPremises-transporttrafficsubtype:
X-MS-Exchange-CrossPremises-avstamp-service: 1.0
X-MS-Exchange-CrossPremises-disclaimer-hash: 78ca8040c6722e32c2f5b0a45bf37e74b9409d645a53be96aa19958e0cee0f00
X-MS-Exchange-CrossPremises-antispam-scancontext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-OrganizationHeadersPreserved: AM3PR04MB1362.eurprd04.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1yuUTayoRccR_Yl7WLbKBG3NI_w>
Subject: [TLS] trusted_ca_keys
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 13:26:15 -0000

Hi all!

Apologies for the odd and potentially silly question. GSMA are working on future SIM specifications which use TLS and previously included the trusted_ca_keys to allow a client to inform a server which particular key(s) from a CA it is supporting. In TLS 1.3 the ‘trusted_ca_keys’ extension is no longer used. It does have the “certificate_authority” extension however, but it seems to only identify the CA organisation by its DistinguishedName. If the CA supports multiple keys – how can a client point a particular cert/key of that CA?*

Thanks and sorry for posting to the group!

Natasha

This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this email or call +44 207 356 0600 and highlight the error.

v2.23.0 | Report a Bug | By Email