Re: [TLS] Call for consensus: Removing 0-RTT client auth
Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 31 March 2016 12:17 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 187FC12D59C for <tls@ietfa.amsl.com>; Thu, 31 Mar 2016 05:17:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.841
X-Spam-Level:
X-Spam-Status: No, score=-1.841 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLoHB_3byNWJ for <tls@ietfa.amsl.com>; Thu, 31 Mar 2016 05:17:17 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1530212D15F for <tls@ietf.org>; Thu, 31 Mar 2016 05:17:16 -0700 (PDT)
Received: from [192.168.10.140] ([200.89.69.175]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0M0QAP-1ZrRVk1lXR-00ubpP; Thu, 31 Mar 2016 14:17:14 +0200
To: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <AABACDA8-6A12-4023-A971-1254CED4893F@sn3rd.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <56FD154D.1030300@gmx.net>
Date: Thu, 31 Mar 2016 14:17:17 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <AABACDA8-6A12-4023-A971-1254CED4893F@sn3rd.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="Ekqut6E5pNhPL0J2QMTqMqM9LVNO3jDr9"
X-Provags-ID: V03:K0:y3CCmswmwn1+phyDuI6cpLA8xQZY72qeaUwWXTuXJAFE0IKu9k0 2HvjAVZnW4G/lSJc1C+BHbVvRa9L7b7H1twM8ZIfJF7FnfuKBAaT5mKDtmNOFRXiRDgZ43P oiHqEqy3fjzn/GTNPwkyOMSybAZR5ELBTtaW25ghZCUPPWlRRAayVArhauLkmrvzvVfymFj +Hu1MwGZE7Y7jWVtf2qeg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:xal/R3hbGYs=:JhsgmvPsV9AuWUazt7Aoni i6IH1G+cbGB/YKTluLPgxkwV7H0kDMDYMYzePhzjmpXxWff/M/g4NvSxzVQBSR8SjvpTZiQbA rZmdjfXIH8gSRQnBu5XoX0b1ec1N0LmuEFkrr1J8jevB4DyBI5U3W2EbG5638xbrpbwc+1BR0 hK3fna7JEebuxPQKuBiW8J5PMOlSKGETKC6t3noym2EEIwkoDY79Q7QOjJbObhSQ43RGQ0uGL fJYaMfq0cV6kl/tP8qAK16dNilj3g2qRHq45X6w2H3Z8k1uoLfVqWE3JWZjNuSVIpAqH7Kfy0 qcXWRB6g/z4ppoR6NxcNzjfAsYF9WHPntUwHX0XIp1Sw5s/NxhgC9YPpU7LhgIM1+KznKjvfx hxEtEJfiP6px04txUH2+ul8oDKxjEYs5DE93iP6L49uRyNz5j+DU4p/+CHsd2DQG5Qij1yc+E 97drQdSRJXA/zOunLPJlaIrwWdTcmnpjYdHBogcuGjwq6LWn32jtTN65Jamgw4FjayVUkkhd1 BEiDI1dv+fR7quD5AqVvW49tSPHA/qmAPD2DGaFj9ufITqk8zVsd6zvgZ/WtYT++2Ibcp4igZ CWdqDtjys0gnq6ppla89bF68X78XKEQpVcbgt3/D0fJLOlHyzTyL9JZoPh4rW+jtlbWPVae4b 8lSRaJsPOTv6XCC54Qg4WfQr1zRnnmUQdXjLXqH32h3we5Em1OZkd67c9lnXPFtfAbm2LqT4w Qp37upJpfF4SCTVrdKOpdMMOHtj9dPFD+dZQ9YjcwHrx9R9aE8rq3mQOkEY=
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ICiWLiEsUQRgWIxz9XSoV3axMio>
Subject: Re: [TLS] Call for consensus: Removing 0-RTT client auth
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2016 12:17:19 -0000
Hi Sean, we at ARM would find it somewhat unfortunate to remove the client authentication feature from the 0-RTT exchange since this is one of the features that could speed up the exchange quite significantly and would make a big difference compared to TLS 1.2. For the IoT use cases we need client authentication; I understand that the situation may be somewhat different in the Web space. So, I am not happy with the proposed change! Ciao Hannes On 03/29/2016 02:59 PM, Sean Turner wrote: > All, > > To make sure we’ve got a clear way forward coming out of our BA > sessions, we need to make sure there’s consensus on a couple of > outstanding issues. So... > > It seems that there is a clear consensus not to support 0-RTT client > authentication in TLS 1.3 at this time. If you think 0-RTT client > authentication needs to be supported please indicate so now and > provide your rationale. > > J&S _______________________________________________ TLS mailing list > TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Call for consensus: Removing 0-RTT client a… Sean Turner
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Bill Cox
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Hannes Tschofenig
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Bill Cox
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Bill Cox
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Benjamin Kaduk
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Eric Rescorla
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Benjamin Kaduk
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Eric Rescorla
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Benjamin Kaduk
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Dan Harkins
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Subodh Iyengar
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Bill Cox
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Bill Cox
- Re: [TLS] Call for consensus: Removing 0-RTT clie… Joseph Salowey