IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Roelof duToit <r@nerd.ninja> Fri, 04 May 2018 15:21 UTC

Return-Path: <r@nerd.ninja>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1997612D86D for <tls@ietfa.amsl.com>; Fri, 4 May 2018 08:21:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nerd.ninja
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pqjBeS2R2gXP for <tls@ietfa.amsl.com>; Fri, 4 May 2018 08:21:10 -0700 (PDT)
Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com [135.84.80.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64D1F12D779 for <tls@ietf.org>; Fri, 4 May 2018 08:21:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1525447266; s=zoho; d=nerd.ninja; i=r@nerd.ninja; h=From:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:References:To:In-Reply-To:Message-Id; l=912; bh=L3whNgOfvNe1rO6heifOacKqGBhIgm/q3pEIDm1s6Tw=; b=DQiORG6KISKbGupKtuV5qjnPhyXTZth2FRmW1TJEMkv5Oa6MWjmJ+pzUuvCthgOZ rZreYsxTVPy3M3DpMI1SsxpK8KM/9+q9btxoeOjAFsmDRdhLpYraxFrIH+ohXUWPosO Yei4nwKmaoR930p6EJ/i08YsfvfK3QVuAtr+jab0=
Received: from [192.168.14.195] (66.37.54.70.nauticom.net [66.37.54.70]) by mx.zohomail.com with SMTPS id 1525447265985604.3622528056787; Fri, 4 May 2018 08:21:05 -0700 (PDT)
From: Roelof duToit <r@nerd.ninja>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Fri, 04 May 2018 11:20:55 -0400
References: <4E347898-C787-468C-8514-30564D059378@sn3rd.com>
To: TLS WG <tls@ietf.org>
In-Reply-To: <4E347898-C787-468C-8514-30564D059378@sn3rd.com>
Message-Id: <96B30D45-BAA9-4798-B222-F7890157A434@nerd.ninja>
X-Mailer: Apple Mail (2.3273)
X-ZohoMailClient: External
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/E9MGOIEWepGL0mAaBxislEAyAjw>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 15:21:12 -0000

How will this (and any mechanism built on top of RFC 5705 exported key material) interoperate with middleboxes?  This use of the mechanism is not negotiated on the TLS level, so there is no extension for the middlebox to strip that would warn the endpoints not to use exported authenticators.  Are application level proxies the only compatible middleboxes?

—Roelof


> On Apr 19, 2018, at 4:32 PM, Sean Turner <sean@sn3rd.com> wrote:
> 
> All,
> 
> This is the working group last call for the "Exported Authenticators in TLS" draft available at https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/.  Please review the document and send your comments to the list by 2359 UTC on 4 April 2018.
> 
> Thanks - J&S
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.30.2 | Report a Bug | By Email | System Status