Re: [TLS] [Fwd: {Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt]

"Blumenthal, Uri" <> Wed, 07 October 2009 15:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 22F083A6962 for <>; Wed, 7 Oct 2009 08:41:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.504
X-Spam-Status: No, score=-6.504 tagged_above=-999 required=5 tests=[AWL=0.094, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OjFi93vw2vCP for <>; Wed, 7 Oct 2009 08:41:25 -0700 (PDT)
Received: from (LLMAIL1.LL.MIT.EDU []) by (Postfix) with ESMTP id 465483A686C for <>; Wed, 7 Oct 2009 08:41:25 -0700 (PDT)
Received: (from smtp@localhost) by (8.12.10/8.8.8) id n97Fh18s000598; Wed, 7 Oct 2009 11:43:01 -0400 (EDT)
Received: from ), claiming to be "" via SMTP by llpost, id smtpdAAAxwaizM; Wed Oct 7 11:35:20 2009
Received: from ([ ]) by ([ ]) with mapi; Wed, 7 Oct 2009 11:35:20 -0400
From: "Blumenthal, Uri" <>
To: "''" <>, "''" <>
Date: Wed, 07 Oct 2009 11:34:48 -0400
Thread-Topic: [TLS] [Fwd: {Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt]
Thread-Index: AcpHYU9UFwobvWm7RraAZtAwfuyEdAAAndrQ
Message-ID: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [TLS] [Fwd: {Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt]
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Oct 2009 15:41:27 -0000

And the reason you want to do this instead of using valid X.509 certs is...?

----- Original Message -----
From: <>
To: <>
Sent: Wed Oct 07 11:16:52 2009
Subject: [TLS] [Fwd: {Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt]

Hi all,

after several experiments with TPMs as authentication devices in
EAP-TLS, we figured out, that the specific modifications in order to use
TPMs might be rather an extension to TLS than an EAP extension.
Therefore, we gave it a try and defined a new TLS extension in order to
use TPM certified keys directly with TLS. We are aware of the fact, that
there is a possibility to request new valid X.509 certificates for those
keys which allows to use them with standard TLS (and do not require a
new extension), but since we want to avoid that request (and we think
that this does not introduce any security issues), we propose this

We are always open for discussions, (critical) feedback, suggestions, ...

Carolin Latze

-------- Original Message --------
Subject: 	{Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt
Date: 	Wed, 7 Oct 2009 16:45:01 +0200
From: <>
Reply-To: <>
To: <>

A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : Transport Layer Security (TLS) Extensions for the Trusted Platform Module (TPM)
	Author(s)       : C. Latze, et al.
	Filename        : draft-latze-tls-tpm-extns-00.txt
	Pages           : 10
	Date            : 2009-10-07

Trusted Platform Modules (TPMs) become more and more widespread in
modern desktop and laptop computers and provide secure storage and
cryptographic functions.  As one nice feature of TPMs is that they
can be identified uniquely, they provide a good base for device
authentication in protocols like TLS.This document specifies a TLS
extension that allows to use TPM certified keys with TLS in order to
allow for a secure and comfortable device authentication in TLS.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the

Carolin Latze
PhD Student				ICT Engineer

Department of Computer Science		Swisscom Strategy and Innovation
Boulevard de Pérolles 90		Ostermundigenstrasse 93
CH-1700 Fribourg      			CH-3006 Bern
phone: +41 26 300 83 30			+41 79 72 965 27