Re: [TLS] I-D Action: draft-ietf-tls-exported-authenticator-04.txt
Nick Sullivan <nicholas.sullivan@gmail.com> Wed, 15 November 2017 12:25 UTC
Return-Path: <nicholas.sullivan@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC9A127775; Wed, 15 Nov 2017 04:25:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pdketfcDNNLn; Wed, 15 Nov 2017 04:25:28 -0800 (PST)
Received: from mail-wr0-x236.google.com (mail-wr0-x236.google.com [IPv6:2a00:1450:400c:c0c::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFDD8124D68; Wed, 15 Nov 2017 04:25:27 -0800 (PST)
Received: by mail-wr0-x236.google.com with SMTP id o88so20283707wrb.6; Wed, 15 Nov 2017 04:25:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0VwzI7bJ9hHc7Oq45wGIuexsYDeMbLnFc3zfYpOoi5Q=; b=HG8jr0kEBC9vgE2lG9OuC1wppKcfyD2lTBP8wGwIhZJpGmK4S9V7gMRKd3YeCAeLHI k5wPeRFoa09BYzv8pNNGaDtNdAOyGxy2i3mHRfhkQ/wZfc4dWQS6Dt1bKVuszvsUHaIk kiULYfEAcYbj7RTHdWdEfzM7UspFMLk4d29/FHJj3w4GAcRLl4gZViINk8/VLvo78nVn aTe2Q62e8ZmKHxql8Lm50WeUJTiaGHC/gw6xJUzGHWqML9ZbMD1ShMlq66SZtwkfd5j0 8ZjBkYqc+fj6Jfrw6lj+7d25VKnNnfJKjVm59AlTnGevOGU2kbZc8RFOxmyzTbBa6l5/ 9hyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0VwzI7bJ9hHc7Oq45wGIuexsYDeMbLnFc3zfYpOoi5Q=; b=Rdq7e0/L4kJr2WiNgjXYaM7sgFlbpJRnDca+xbKYeACJ7B8Yy6yBA0ONFcwcm3F6KZ KwOsxpXgn3VpXFbXUwzufrDNnK4cZrqHjFpKOrNrnpIw8sp07CNvXuOwD0TBLTKDgT3c V4kTP+f0Z7F5BjbfuDV/zR99ZiUzZhqakMwOhWtTpa092AAVOfhpywe7Exc0rw7fUFT5 QeY07t/NsCiQ1GK0yWGiSKnAmAS38Hbn1V0+Hqc9N0SP4XSCIsEkZdPvOm918msn2poY ZDDXcAnUPaKI+ypvuKIZoS9qT1VLZELy3z38OubWWe6Lko1PubTc1yE8z9uZxzmwgROV aSEQ==
X-Gm-Message-State: AJaThX6JpCHnAL2Acbu6RzjKOHjGGfo288cuBHvMuKoO+KS+MbyOBzez aGXrUKqtMwx53x3PQE2QgOnNireCw5GGyDL8JPA=
X-Google-Smtp-Source: AGs4zMZ/hMP/oJFLGvfgpAWvTO7+Vb8nBhxiYJ+WEtXjqOqematjTLBy/883Adj7kLGsPiFxcZf3NdSHgVMWLcSBtKE=
X-Received: by 10.223.169.135 with SMTP id b7mr12364945wrd.171.1510748725638; Wed, 15 Nov 2017 04:25:25 -0800 (PST)
MIME-Version: 1.0
References: <150939987158.7857.14302357156892186600@ietfa.amsl.com>
In-Reply-To: <150939987158.7857.14302357156892186600@ietfa.amsl.com>
From: Nick Sullivan <nicholas.sullivan@gmail.com>
Date: Wed, 15 Nov 2017 12:25:14 +0000
Message-ID: <CAOjisRzFxv-emTStETDi1LSJQxohP0-89=Jjaa_rH9H=703O4Q@mail.gmail.com>
To: internet-drafts@ietf.org
Cc: i-d-announce@ietf.org, tls@ietf.org
Content-Type: multipart/alternative; boundary="001a113c180622f9dd055e049909"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DZ_VfIRbyfG51ordw2UZ7z1Rgnk>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-exported-authenticator-04.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 12:25:30 -0000
After some discussion on Github leading up to IETF 100, we discovered a few drawbacks of the current draft that can be addressed by the following change: https://github.com/tlswg/tls-exported-authenticator/pull/9 The change introduces the concept of an *authenticator request,* which is based on the CertificateRequest message in TLS. This change is motivated by the following goals: - Provide a way to bind authenticators to requests - Move the certificate and extension selection logic from the application into the TLS library, where code and logic can be reused A consequence of this change is that it no longer allows "spontaneous" client authentication, which did not have a compelling use case to begin with. Nick On Tue, Oct 31, 2017 at 5:46 AM <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Transport Layer Security WG of the IETF. > > Title : Exported Authenticators in TLS > Author : Nick Sullivan > Filename : draft-ietf-tls-exported-authenticator-04.txt > Pages : 7 > Date : 2017-10-30 > > Abstract: > This document describes a mechanism in Transport Layer Security (TLS) > to provide an exportable proof of ownership of a certificate that can > be transmitted out of band and verified by the other party. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tls-exported-authenticator-04 > > https://datatracker.ietf.org/doc/html/draft-ietf-tls-exported-authenticator-04 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-exported-authenticator-04 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] I-D Action: draft-ietf-tls-exported-authent… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-exported-aut… Nick Sullivan