Re: [TLS] TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 certificates
Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Mon, 27 August 2018 08:43 UTC
Return-Path: <wang.haiguang.shieldlab@huawei.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31BB0130E80 for <tls@ietfa.amsl.com>; Mon, 27 Aug 2018 01:43:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FY9Bcy1P2FKQ for <tls@ietfa.amsl.com>; Mon, 27 Aug 2018 01:43:09 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1737128C65 for <tls@ietf.org>; Mon, 27 Aug 2018 01:43:08 -0700 (PDT)
Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 674821A48271 for <tls@ietf.org>; Mon, 27 Aug 2018 09:43:04 +0100 (IST)
Received: from SINEML705-CAH.china.huawei.com (10.223.161.55) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.399.0; Mon, 27 Aug 2018 09:43:05 +0100
Received: from SINEML521-MBS.china.huawei.com ([169.254.2.159]) by SINEML705-CAH.china.huawei.com ([10.223.161.55]) with mapi id 14.03.0399.000; Mon, 27 Aug 2018 16:43:03 +0800
From: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
To: tls <tls@ietf.org>
Thread-Topic: TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 certificates
Thread-Index: AQHUO9I4lhe0zAWxK0ehYga4eko23aTS1pDwYjJkqBb87uIUIA==
Date: Mon, 27 Aug 2018 08:43:02 +0000
Message-ID: <0AE05CBFB1A6A0468C8581DAE58A31309E0F6993@SINEML521-MBS.china.huawei.com>
References: <1231917830.3727154.1535119783361.JavaMail.zimbra@enst.fr> <20180824155038.GA2743@LK-Perkele-VII> <1417403886.3796035.1535132676840.JavaMail.zimbra@enst.fr> <0AE05CBFB1A6A0468C8581DAE58A31309E0F34A4@SINEML521-MBS.china.huawei.com> <1766398978.255182.1535358692070.JavaMail.zimbra@enst.fr>
In-Reply-To: <1766398978.255182.1535358692070.JavaMail.zimbra@enst.fr>
Accept-Language: en-SG, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.215.22.72]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/J4VVYF9hXdnByuKXXzGgHWvfK8Q>
Subject: Re: [TLS] TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 certificates
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Aug 2018 08:43:11 -0000
Hi, Mounira Thanks for the clarification. That means both explicit and implicit certificates will be supported. Regards. Haiguang -----Original Message----- From: Mounira Msahli [mailto:mounira.msahli@telecom-paristech.fr] Sent: Monday, August 27, 2018 4:32 PM To: Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Cc: Ilari Liusvaara <ilariliusvaara@welho.com>; tls <tls@ietf.org> Subject: Re: TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 certificates Hi Wang, The purpose of the draft is to extend TLS 1.3 to support IEEE 1609.2/ETSI TS 103 097 certificates for authentication in addition to X.509 certificate and raw public keys. Kind Regards Mounira ----- Mail original ----- De: "Wang Haiguang" <wang.haiguang.shieldlab@huawei.com> À: "Mounira Msahli" <mounira.msahli@telecom-paristech.fr>, "Ilari Liusvaara" <ilariliusvaara@welho.com> Cc: "tls" <tls@ietf.org> Envoyé: Lundi 27 Août 2018 03:44:28 Objet: RE: TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 certificates Hi, Mounira Just for clarification. If I am not wrong, there are two types of certificates supported by 1609.2. One is the legacy X.509 certificate, the other is the implicit certificate. So for you draft submitted, you plan support both types of certificates or just one of them, i.e. the X.509 certificate. Best regards. Haiguang -----Original Message----- From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Mounira Msahli Sent: Saturday, August 25, 2018 1:45 AM To: Ilari Liusvaara <ilariliusvaara@welho.com> Cc: tls <tls@ietf.org> Subject: Re: [TLS] TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 certificates Thank you Ilari, In response to your comments below: - I did not see requirements where to place the end-entity certificate anywhere. I think most TLS code outright assumes that the end-entity certificate is the first one. >>> We will add it. - More generally, I did not see it specified how the certificate chain is laid out to the individual certficate fields (it is fairly obvious, but should still be specified). >>> We will specify it. - The examples could have multiple certificate types in ClientHello to more clearly show what is actually going on. >>> We will add examples with multiple certificate types in Client Hello - You should also specify use in TLS 1.2 in the same draft (or say that is prohibited). This is so one only needs one reference for the codepoint allocation. >>> It is not prohibited, for TLS 1.2 the extension is already specified: [ https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 ] [ https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 | https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 ] We will update the draft - I found the document quite hard to read due to various editorial issues. >> We will update the draft Kind Regards Mounira ----- Mail original ----- De: "Ilari Liusvaara" <ilariliusvaara@welho.com> À: "Mounira Msahli" <mounira.msahli@telecom-paristech.fr> Cc: "tls" <tls@ietf.org> Envoyé: Vendredi 24 Août 2018 17:50:38 Objet: Re: [TLS] TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 certificates On Fri, Aug 24, 2018 at 04:09:43PM +0200, Mounira Msahli wrote: > Hi all, > > > The draft: TLS 1.3 Authentication using IEEE 1609.2/ETSI TS 103097 certificates is updated in accordance with TLS 1.3: https://tools.ietf.org/html/draft-tls-certieee1609-01 > > This document describes the use of certificates specified by the Institute of Electrical and Electronics Engineers IEEE1609.2 and the European Telecommunications Standards > > Institute ETSI TS 103097. These standards are defined in order to secure communications in vehicular environments. > > This extension is very useful and has become a pressing need for (Vehicle-To-Internet(V2Internet), Vehicle-To-Cloud(V2Cloud),...). > > We are soliciting feedback from the WG on the draft. Some quick comments: - I did not see requirements where to place the end-entity certificate anywhere. I think most TLS code outright assumes that the end-entity certificate is the first one. - More generally, I did not see it specified how the certificate chain is laid out to the individual certficate fields (it is fairly obvious, but should still be specified). - The examples could have multiple certificate types in ClientHello to more clearly show what is actually going on. - You should also specify use in TLS 1.2 in the same draft (or say that is prohibited). This is so one only needs one reference for the codepoint allocation. - I found the document quite hard to read due to various editorial issues. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.3 Authentication using ETSI TS 103 09… Mounira Msahli
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… William Whyte
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Ilari Liusvaara
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Mounira Msahli
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Mounira Msahli
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Wang Haiguang
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Mounira Msahli
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Wang Haiguang
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… William Whyte
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Hubert Kario
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Mounira Msahli
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Ilari Liusvaara
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Watson Ladd
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Mounira Msahli
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Mounira Msahli
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Hubert Kario
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Mounira Msahli
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Mounira Msahli
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Ilari Liusvaara
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Russ Housley
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… William Whyte
- Re: [TLS] TLS 1.3 Authentication using ETSI TS 10… Mounira Msahli
- [TLS] Updating the draft: TLS Authentication usin… Mounira Msahli
- [TLS] Updating the draft: TLS Authentication usin… Mounira Msahli