AW: AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:draft-linn-otp-tls-00.txt]

"Tschofenig, Hannes" <hannes.tschofenig@siemens.com> Mon, 19 June 2006 12:30 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FsIu3-0003My-6g; Mon, 19 Jun 2006 08:30:51 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FsIu2-0003Mt-FO for tls@ietf.org; Mon, 19 Jun 2006 08:30:50 -0400
Received: from gecko.sbs.de ([194.138.37.40]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FsIu0-0002gJ-SF for tls@ietf.org; Mon, 19 Jun 2006 08:30:50 -0400
Received: from mail1.sbs.de (localhost [127.0.0.1]) by gecko.sbs.de (8.12.6/8.12.6) with ESMTP id k5JCUl6i006138; Mon, 19 Jun 2006 14:30:47 +0200
Received: from fthw9xpa.ww002.siemens.net (fthw9xpa.ww002.siemens.net [157.163.133.222]) by mail1.sbs.de (8.12.6/8.12.6) with ESMTP id k5JCUkab025600; Mon, 19 Jun 2006 14:30:46 +0200
Received: from MCHP7IEA.ww002.siemens.net ([139.25.131.145]) by fthw9xpa.ww002.siemens.net with Microsoft SMTPSVC(6.0.3790.1830); Mon, 19 Jun 2006 14:30:46 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: AW: AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:draft-linn-otp-tls-00.txt]
Date: Mon, 19 Jun 2006 14:30:41 +0200
Message-ID: <A5D2BD54850CCA4AA3B93227205D8A30614F55@MCHP7IEA.ww002.siemens.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:draft-linn-otp-tls-00.txt]
Thread-Index: AcaTmqG/0gWISbKXSP69UXlSKZ15cAAAMcCw
From: "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
To: <magnus@rsasecurity.com>
X-OriginalArrivalTime: 19 Jun 2006 12:30:46.0519 (UTC) FILETIME=[308A5070:01C6939C]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f49c97ce49302a02285a2d36a99eef8c
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Hi Magnus, 

> Hello Hannes,
> 
> Yes, the cited I-D would, if implemented, enable another 
> method of using 
> OTPs within TLS - one could do EAP-POTP within the 
> EAP-Message etc. RADIUS 
> attributes, encapsulated in the IA phase of TLS-IA.

Actually, the draft is already implemented. See 
http://www.gnu.org/software/gnutls/

> 
> It seems, however, to complicate deployments quite a lot to 
> introduce a 
> requirement for EAP as well as elements of RADIUS and 
> Diameter just to 
> support OTPs in TLS now that TLS-PSK exists. And, contrary to what is 
> stated in the TLS-IA I-D, TLS-PSK does allow use of a server 
> certificate 
> in conjunction with PSKs. We therefore feel that the draft 
> provides some 
> advantages over the alternative of using EAP-POTP within TLS-IA

One of the comments we received (from Pasi) was that we should focus only on the usage of EAP rather than provide a more generic container. That seems to be fine with me and I am going to soon make these changes to the draft. The extension will then be a lot simpler. 

I hope it could then better fit your needs. 

Ciao
Hannes

.
> 
> -- Magnus
> 
> On Wed, 14 Jun 2006, Tschofenig, Hannes wrote:
> 
> > Since OTP is available via EAP methods it is also possible to use 
> > 
> http://www.tschofenig.com/drafts/draft-funk-tls-inner-applicat
> ion-extension-02.txt
> >
> > This would avoid putting every single EAP method inside the TLS 
> > handshake.
> >
> > Ciao
> > Hannes
> >
> >> -----Urspr√ľngliche Nachricht-----
> >> Von: Linn, John [mailto:jlinn@rsasecurity.com]
> >> Gesendet: Mittwoch, 14. Juni 2006 13:17
> >> An: tls@ietf.org
> >> Cc: Nyström, Magnus
> >> Betreff: [TLS] OTP-TLS I-D [Was: FW: I-D
> >> ACTION:draft-linn-otp-tls-00.txt]
> >>
> >> This recent I-D constitutes a profile layered on TLS-PSK,
> >> intended to authenticate TLS connections with the general
> >> class of One-Time Password (OTP) methods.  We'd like to
> >> invite review and comment in the TLS WG.
> >>
> >> --jl
> >>
> >> -----Original Message-----
> >> From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]
> >> Sent: Wednesday, June 07, 2006 3:50 PM
> >> To: i-d-announce@ietf.org
> >> Subject: I-D ACTION:draft-linn-otp-tls-00.txt
> >>
> >> A New Internet-Draft is available from the on-line
> >> Internet-Drafts directories.
> >>
> >>
> >> 	Title		: OTP Methods for TLS
> >> 	Author(s)	: J. Linn, M. Nystroem
> >> 	Filename	: draft-linn-otp-tls-00.txt
> >> 	Pages		: 21
> >> 	Date		: 2006-6-7
> >>
> >> This document describes means for applying One-Time Password (OTP)
> >> methods to authenticate Transport Layer Security sessions, 
> operating
> >> in conjunction with Pre-Shared Key (PSK) ciphersuites 
> defined for use
> >> with TLS.
> >>
> >>
> >> A URL for this Internet-Draft is:
> >> http://www.ietf.org/internet-drafts/draft-linn-otp-tls-00.txt
> >>
> >> To remove yourself from the I-D Announcement list, send a 
> message to
> >> i-d-announce-request@ietf.org with the word unsubscribe in
> >> the body of the message.
> >> You can also visit
> >> https://www1.ietf.org/mailman/listinfo/I-D-announce
> >> to change your subscription settings.
> >>
> >>
> >> Internet-Drafts are also available by anonymous FTP. Login
> >> with the username
> >> "anonymous" and a password of your e-mail address. After 
> logging in,
> >> type "cd internet-drafts" and then
> >> 	"get draft-linn-otp-tls-00.txt".
> >>
> >> A list of Internet-Drafts directories can be found in
> >> http://www.ietf.org/shadow.html
> >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> >>
> >>
> >> Internet-Drafts can also be obtained by e-mail.
> >>
> >> Send a message to:
> >> 	mailserv@ietf.org.
> >> In the body type:
> >> 	"FILE /internet-drafts/draft-linn-otp-tls-00.txt".
> >>
> >> NOTE:	The mail server at ietf.org can return the document in
> >> 	MIME-encoded form by using the "mpack" utility.  To use this
> >> 	feature, insert the command "ENCODING mime" before the "FILE"
> >> 	command.  To decode the response(s), you will need "munpack" or
> >> 	a MIME-compliant mail reader.  Different MIME-compliant
> >> mail readers
> >> 	exhibit different behavior, especially when dealing with
> >> 	"multipart" MIME messages (i.e. documents which have been split
> >> 	up into multiple messages), so check your local documentation on
> >> 	how to manipulate these messages.
> >>
> >>
> >> Below is the data which will enable a MIME compliant mail reader
> >> implementation to automatically retrieve the ASCII version of the
> >> Internet-Draft.
> >>
> >
> 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls