AW: AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:draft-linn-otp-tls-00.txt]
"Tschofenig, Hannes" <hannes.tschofenig@siemens.com> Mon, 19 June 2006 12:30 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FsIu3-0003My-6g; Mon, 19 Jun 2006 08:30:51 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FsIu2-0003Mt-FO for tls@ietf.org; Mon, 19 Jun 2006 08:30:50 -0400
Received: from gecko.sbs.de ([194.138.37.40]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FsIu0-0002gJ-SF for tls@ietf.org; Mon, 19 Jun 2006 08:30:50 -0400
Received: from mail1.sbs.de (localhost [127.0.0.1]) by gecko.sbs.de (8.12.6/8.12.6) with ESMTP id k5JCUl6i006138; Mon, 19 Jun 2006 14:30:47 +0200
Received: from fthw9xpa.ww002.siemens.net (fthw9xpa.ww002.siemens.net [157.163.133.222]) by mail1.sbs.de (8.12.6/8.12.6) with ESMTP id k5JCUkab025600; Mon, 19 Jun 2006 14:30:46 +0200
Received: from MCHP7IEA.ww002.siemens.net ([139.25.131.145]) by fthw9xpa.ww002.siemens.net with Microsoft SMTPSVC(6.0.3790.1830); Mon, 19 Jun 2006 14:30:46 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: AW: AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:draft-linn-otp-tls-00.txt]
Date: Mon, 19 Jun 2006 14:30:41 +0200
Message-ID: <A5D2BD54850CCA4AA3B93227205D8A30614F55@MCHP7IEA.ww002.siemens.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:draft-linn-otp-tls-00.txt]
Thread-Index: AcaTmqG/0gWISbKXSP69UXlSKZ15cAAAMcCw
From: "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
To: magnus@rsasecurity.com
X-OriginalArrivalTime: 19 Jun 2006 12:30:46.0519 (UTC) FILETIME=[308A5070:01C6939C]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f49c97ce49302a02285a2d36a99eef8c
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Hi Magnus, > Hello Hannes, > > Yes, the cited I-D would, if implemented, enable another > method of using > OTPs within TLS - one could do EAP-POTP within the > EAP-Message etc. RADIUS > attributes, encapsulated in the IA phase of TLS-IA. Actually, the draft is already implemented. See http://www.gnu.org/software/gnutls/ > > It seems, however, to complicate deployments quite a lot to > introduce a > requirement for EAP as well as elements of RADIUS and > Diameter just to > support OTPs in TLS now that TLS-PSK exists. And, contrary to what is > stated in the TLS-IA I-D, TLS-PSK does allow use of a server > certificate > in conjunction with PSKs. We therefore feel that the draft > provides some > advantages over the alternative of using EAP-POTP within TLS-IA One of the comments we received (from Pasi) was that we should focus only on the usage of EAP rather than provide a more generic container. That seems to be fine with me and I am going to soon make these changes to the draft. The extension will then be a lot simpler. I hope it could then better fit your needs. Ciao Hannes . > > -- Magnus > > On Wed, 14 Jun 2006, Tschofenig, Hannes wrote: > > > Since OTP is available via EAP methods it is also possible to use > > > http://www.tschofenig.com/drafts/draft-funk-tls-inner-applicat > ion-extension-02.txt > > > > This would avoid putting every single EAP method inside the TLS > > handshake. > > > > Ciao > > Hannes > > > >> -----Ursprüngliche Nachricht----- > >> Von: Linn, John [mailto:jlinn@rsasecurity.com] > >> Gesendet: Mittwoch, 14. Juni 2006 13:17 > >> An: tls@ietf.org > >> Cc: Nyström, Magnus > >> Betreff: [TLS] OTP-TLS I-D [Was: FW: I-D > >> ACTION:draft-linn-otp-tls-00.txt] > >> > >> This recent I-D constitutes a profile layered on TLS-PSK, > >> intended to authenticate TLS connections with the general > >> class of One-Time Password (OTP) methods. We'd like to > >> invite review and comment in the TLS WG. > >> > >> --jl > >> > >> -----Original Message----- > >> From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org] > >> Sent: Wednesday, June 07, 2006 3:50 PM > >> To: i-d-announce@ietf.org > >> Subject: I-D ACTION:draft-linn-otp-tls-00.txt > >> > >> A New Internet-Draft is available from the on-line > >> Internet-Drafts directories. > >> > >> > >> Title : OTP Methods for TLS > >> Author(s) : J. Linn, M. Nystroem > >> Filename : draft-linn-otp-tls-00.txt > >> Pages : 21 > >> Date : 2006-6-7 > >> > >> This document describes means for applying One-Time Password (OTP) > >> methods to authenticate Transport Layer Security sessions, > operating > >> in conjunction with Pre-Shared Key (PSK) ciphersuites > defined for use > >> with TLS. > >> > >> > >> A URL for this Internet-Draft is: > >> http://www.ietf.org/internet-drafts/draft-linn-otp-tls-00.txt > >> > >> To remove yourself from the I-D Announcement list, send a > message to > >> i-d-announce-request@ietf.org with the word unsubscribe in > >> the body of the message. > >> You can also visit > >> https://www1.ietf.org/mailman/listinfo/I-D-announce > >> to change your subscription settings. > >> > >> > >> Internet-Drafts are also available by anonymous FTP. Login > >> with the username > >> "anonymous" and a password of your e-mail address. After > logging in, > >> type "cd internet-drafts" and then > >> "get draft-linn-otp-tls-00.txt". > >> > >> A list of Internet-Drafts directories can be found in > >> http://www.ietf.org/shadow.html > >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > >> > >> > >> Internet-Drafts can also be obtained by e-mail. > >> > >> Send a message to: > >> mailserv@ietf.org. > >> In the body type: > >> "FILE /internet-drafts/draft-linn-otp-tls-00.txt". > >> > >> NOTE: The mail server at ietf.org can return the document in > >> MIME-encoded form by using the "mpack" utility. To use this > >> feature, insert the command "ENCODING mime" before the "FILE" > >> command. To decode the response(s), you will need "munpack" or > >> a MIME-compliant mail reader. Different MIME-compliant > >> mail readers > >> exhibit different behavior, especially when dealing with > >> "multipart" MIME messages (i.e. documents which have been split > >> up into multiple messages), so check your local documentation on > >> how to manipulate these messages. > >> > >> > >> Below is the data which will enable a MIME compliant mail reader > >> implementation to automatically retrieve the ASCII version of the > >> Internet-Draft. > >> > > > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- AW: AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:dr… Tschofenig, Hannes