Re: [TLS] PR #624: Remove Supplemental Auth from TLS 1.3

Yuhong Bao <YuhongBao_386@hotmail.com> Thu, 06 October 2016 21:10 UTC

Return-Path: <YuhongBao_386@hotmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2931B129431 for <tls@ietfa.amsl.com>; Thu, 6 Oct 2016 14:10:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.446
X-Spam-Level:
X-Spam-Status: No, score=-5.446 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IKPNoHu0gGSf for <tls@ietfa.amsl.com>; Thu, 6 Oct 2016 14:10:33 -0700 (PDT)
Received: from BLU004-OMC4S4.hotmail.com (blu004-omc4s4.hotmail.com [65.55.111.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA819129465 for <tls@ietf.org>; Thu, 6 Oct 2016 14:10:33 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com ([65.55.111.135]) by BLU004-OMC4S4.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Thu, 6 Oct 2016 14:10:32 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4FxhJbscFrskLojTGb46XRZw9TzQb1T9HKw3QSzatQ0=; b=SSGlcG2kFxxQLLakRo3nICah6a30+VTt15JVcRf7P2x7LQfdj2KgrnqGezE6MBidFHpkF03jCdAljKGboUzbUcb30IWEL/e4x/0JQlxqZHdjHcUNpuQRyDZjpTgCMF+VvuTcet3tuJi+ptltZ6EbWHL0Ze/rRzne7Voh2aKv9R9RhfR9sUbpIcqcJKiVx+qpRNkrwACxDkje+OLjMNNXPMCJ25oOgkIwAWZn5ueB4Fp9DCSB0ET25Yd4U1iaWN4OCfteLofCAC551fypd+j4NvZXfbJxZpPJe7zzt1tft//Si7lAwHs/2QNzX6LumFiMwr+8e41jmtHrhc7pqvl0hg==
Received: from CY1NAM02FT009.eop-nam02.prod.protection.outlook.com (10.152.74.59) by CY1NAM02HT205.eop-nam02.prod.protection.outlook.com (10.152.75.238) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5; Thu, 6 Oct 2016 21:10:31 +0000
Received: from CO1PR07MB283.namprd07.prod.outlook.com (10.152.74.55) by CY1NAM02FT009.mail.protection.outlook.com (10.152.75.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5 via Frontend Transport; Thu, 6 Oct 2016 21:10:31 +0000
Received: from CO1PR07MB283.namprd07.prod.outlook.com ([169.254.11.14]) by CO1PR07MB283.namprd07.prod.outlook.com ([169.254.11.14]) with mapi id 15.01.0649.024; Thu, 6 Oct 2016 21:10:30 +0000
From: Yuhong Bao <YuhongBao_386@hotmail.com>
To: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] PR #624: Remove Supplemental Auth from TLS 1.3
Thread-Index: AQHSBh0I/ZOBS3l64kyjGQoXY6cUOqBta+MAgC6ikoCAABFQ4g==
Date: Thu, 6 Oct 2016 21:10:30 +0000
Message-ID: <CO1PR07MB2837765F8C72641CD28058EC3C70@CO1PR07MB283.namprd07.prod.outlook.com>
References: <CABcZeBOfbb+p-BvqRhDJgVQLj_nSk-_Wud6sUnfWgA-QLYMhGg@mail.gmail.com> <413E07D2-9B31-421B-A481-C720B163C56E@vigilsec.com>, <28214A3F-2F5F-4234-B7F3-147D44183FAD@sn3rd.com>
In-Reply-To: <28214A3F-2F5F-4234-B7F3-147D44183FAD@sn3rd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: sn3rd.com; dkim=none (message not signed) header.d=none;sn3rd.com; dmarc=none action=none header.from=hotmail.com;
x-tmn: [0vo+wK+v3sMCoKWVgmfZmGLIDrJEeEP8]
x-eopattributedmessage: 0
x-microsoft-exchange-diagnostics: 1; CY1NAM02HT205; 6:LMVyTLPr4B2598+FnRHfGzuoeH+4ikT+klxUkFrivVIBG5rdv/G6XynwIv7UG8ce3NNqbrmgOBFCqCya686yS5iJtnyFZIHjF5AtAOMtMviS/G6NMmOvEDtubTcYY8CrvtE7paqPdNdgL2/HpCQFK2uaXIlGidPGQ74F2VTt+X0UaH80UzlZLh1XJfg5VK32vOJo9WFQqHmf9RT/e5EpDL+sBS1NlczRzpzScQX/tcQf3YmqW91XItkC3off7irgyhQALWcx9E+rqcUadtmDRRTDerXfTs7pXl8luqkv/CU=; 5:6L79m0+1hRmXY0pKdYSL2ky7mp4Ur6OwbTTkAybUtdniPoV12TkZo/et5qb1YOlppCFLVzjHBriSMO+JUdZa5IYZzdKVzEx3BVl9hjMN4NFQU3ltVj7V+g9TWBFuNWKKQK0y5naktX2QGWtpG5BBWQ==; 24:xWzvwOx2An9ngJZ+7O9uSNfK4x1cFo1qyLqURXKXiNsefzzdk/tVB7WrGkf5Z4THEWTtj/DpsvdNllLKmmcid1hTQQ8qjfR4os52lJCuJYo=; 7:6zukh+M6iV098OMApMocbOxGG31RU0amynvyhYfzpj/8iKZA/JQ1xIkfWvJQaj5ptLW+TMo3XvO2gmE9NelgnGo5b1wdUq32iUTDdoKX0aec6w87Mh7rfLh+cZyVVy/D008wVSZOqNpZkO6lmejCk/eIZ3vBRP11L8FK8hfPk58NWW+FF/akz7OcwK1RhgQ/N0jDVZ2O5k7JCsFuE7dLwSs3hRZiHMsf0D0mQB7bm5H8tO+to7duYdTSu5nFnMR0Q7jE51RstWTkv+q4td0nyMsZ1K62ss2qkeJ0fQT6NFv1DxLMgKblCV4vFDx7rI2x
x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(10019020)(98900003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1NAM02HT205; H:CO1PR07MB283.namprd07.prod.outlook.com; FPR:; SPF:None; LANG:en;
x-ms-office365-filtering-correlation-id: 71b6bdd6-897a-41c3-6902-08d3ee2d3433
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(1601124038)(1603103081)(1601125047); SRVR:CY1NAM02HT205;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015012)(82015046); SRVR:CY1NAM02HT205; BCL:0; PCL:0; RULEID:; SRVR:CY1NAM02HT205;
x-forefront-prvs: 00872B689F
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CO1PR07MB2837765F8C72641CD28058EC3C70CO1PR07MB283namprd_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2016 21:10:30.5265 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1NAM02HT205
X-OriginalArrivalTime: 06 Oct 2016 21:10:32.0767 (UTC) FILETIME=[13059CF0:01D22016]
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Bd5P8VXF-rbnHbC-6uiDSl56tWs>
Subject: Re: [TLS] PR #624: Remove Supplemental Auth from TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 21:10:37 -0000

Yea, I think they were controversial due to a patent by RedPhone.

________________________________
From: TLS <tls-bounces@ietf.org> on behalf of Sean Turner <sean@sn3rd.com>
Sent: Thursday, October 06, 2016 1:08:03 PM
To: <tls@ietf.org>
Subject: Re: [TLS] PR #624: Remove Supplemental Auth from TLS 1.3

All,

It’s time to put this one to bed.  ekr’s going to put back user_mapping for Andrei/MS, but we’re going to ban/orphan the client_authz and server_authz extensions.  If it turns out that there’s some need to later unban/unorphan them, then somebody can write a draft that specifies how they’re used with TLS1.3.

spt

> On Sep 06, 2016, at 23:58, Russ Housley <housley@vigilsec.com> wrote:
>
> I agree that client_authz and server_authz have not enjoyed much implementation.
>
> Russ
>
>
> On Sep 3, 2016, at 3:54 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>
>> https://github.com/tlswg/tls13-spec/pull/624
>>
>> We currently have code points assigned for
>>
>>  user_mapping [RFC4681]
>>  client_authz [RFC5878]
>>  server_authz [RFC5878]
>>
>> These aren't well-specified for use in TLS 1.3 and my sense is that they
>> are barely used. Any objections to just banning them? If not, I'll merge this
>> PR end of next week.
>>
>> -Ekr
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls