Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
Nikos Mavrogiannopoulos <nmav@redhat.com> Fri, 04 May 2018 09:01 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BE24127871 for <tls@ietfa.amsl.com>; Fri, 4 May 2018 02:01:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUlC1guc5zJ6 for <tls@ietfa.amsl.com>; Fri, 4 May 2018 02:00:59 -0700 (PDT)
Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60793126CD6 for <tls@ietf.org>; Fri, 4 May 2018 02:00:59 -0700 (PDT)
Received: by mail-wm0-f44.google.com with SMTP id j4so2892479wme.1 for <tls@ietf.org>; Fri, 04 May 2018 02:00:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=scajO9oVWaD/o88dntRijUEjgw0uRHKK1NRu8cL95Cc=; b=i2uFE7GyrslbLlyfPIWvwKMe5CflHkXvnPOn58KXk+AZYhtkXszrNINZ4gQ0Dpm+Pi qJnjZapktF5siwaSxjCwJ3XRlqp9CCv3G+tbT/tIEZvlmziEX8qC5ah6dPP4oqqqILs+ a8Yy3ra2nvMI2ziVq37r2UgyUfRsM4PlrEbhMLc/5HQkWd4m+FtGoIXLZFMBjSnq/u7O yHldWQPxiu+Y8RmBOPvE3ah54R4sI3p6SMZgPqWiNFs6Z2LAvWWmt8ZTtNpXSsU6SkX+ GK4LxZFvMwa3GttsgdkpOXqWbW+dPqsgVHB0lYBriHdWzg3YrX8rf6RzPzCbgia8RztG quZw==
X-Gm-Message-State: ALQs6tDAqvq4+DzvyrCDmmoUFxbX/SWhM3pslAXH2iljc74VZq/lIiJq 8TQZAzAIqnbgkmsSdITXl6CBIQ6q7nM=
X-Google-Smtp-Source: AB8JxZo9ndW5MdfDMGejGkxoMWbPzaf4SveFRROHG5Ei88809JmzmyA3rjhqy2pEyIcmuub9O/ZP7g==
X-Received: by 10.28.50.135 with SMTP id y129mr9883164wmy.22.1525424457497; Fri, 04 May 2018 02:00:57 -0700 (PDT)
Received: from dhcp-10-40-1-102.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id 42-v6sm27417500wrx.24.2018.05.04.02.00.56 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 04 May 2018 02:00:56 -0700 (PDT)
Message-ID: <1525424456.3094.14.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Sean Turner <sean@sn3rd.com>, TLS WG <tls@ietf.org>
Date: Fri, 04 May 2018 11:00:56 +0200
In-Reply-To: <4E347898-C787-468C-8514-30564D059378@sn3rd.com>
References: <4E347898-C787-468C-8514-30564D059378@sn3rd.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.6 (3.26.6-1.fc27)
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/45j9tjxgkJs3YtFDQJ4PRd0TPxQ>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 09:01:01 -0000
On Thu, 2018-04-19 at 16:32 -0400, Sean Turner wrote: > All, > > This is the working group last call for the "Exported Authenticators > in TLS" draft available at https://datatracker.ietf.org/doc/draft-iet > f-tls-exported-authenticator/. Please review the document and send > your comments to the list by 2359 UTC on 4 April 2018. I have not checked the mechanism, but I have few questions based on the description in the introduction. "Post-handshake authentication is defined in TLS 1.3, but it has the disadvantage of requiring additional state to be stored in the TLS state machine and it composes poorly with multiplexed connection protocols like HTTP/2. It is also only available for client authentication. This mechanism is intended to be used as part of a replacement for post-handshake authentication in applications." * Was this proposed to be included in TLS 1.3 as post-handshake authentication mechanism instead? * What are the actual problems that post-handshake authentication has with HTTP/2? regards, Nikos
- [TLS] WGLC for draft-ietf-tls-exported-authentica… Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nikos Mavrogiannopoulos
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Tim Hollebeek
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Jonathan Hoyland
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Mike Bishop
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan