[TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-03.txt
Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 04 October 2016 10:19 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37225129799 for <tls@ietfa.amsl.com>; Tue, 4 Oct 2016 03:19:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yNuwp7SygpBM for <tls@ietfa.amsl.com>; Tue, 4 Oct 2016 03:19:13 -0700 (PDT)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60E3D129780 for <tls@ietf.org>; Tue, 4 Oct 2016 03:19:13 -0700 (PDT)
Received: by mail-wm0-x230.google.com with SMTP id k125so197930549wma.1 for <tls@ietf.org>; Tue, 04 Oct 2016 03:19:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=rhm+QSWevaCgFM34wln66tVXSP3wClReO0ZIr69p440=; b=vdTNBJCF9pemqmTwsl9JEo2bPQj5IB7/immAJJqmyZW5VVVy6J6Agdlrtm6z2Zjsk+ h3idXUs6Ua+WswxR1BzgCmxpsJEu3mrIeLTXnvmHSEXv1tG9cHPQrR0GC9RRic99RY4C uma8jYIotVTWN7Cs0Dx8PdXYya2ADjHXuYmAMD117O12U3iayUA/0ZDVEZ6nfUTBUg9x hvnPAxj5ElBxkqhIIM0sjQy+T0Ws0wfKfaHNx295OcQtD4q6fdpYr8BSHTtvIlPtbWPh mrXYvYDoJsZTWEDR8FC8/BWHnuIWBSiDp0rUIUYSqV1k0DprWgXHY3dJPxCC8L19jaSA qXow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=rhm+QSWevaCgFM34wln66tVXSP3wClReO0ZIr69p440=; b=bcB4fewe821o53dhyrWD9JwpH/WoZqBrmfcVCtQNkj01QnkOU/1l5+ER7bKxzhOk9P F2VUjwUokPz/FRlUhlYbfPhXkzxid0w/J2dFcTkLZTH3nL2/dLrDncj+oSw5xbPgB8l6 Q7QAszhXHYnjAFYX6UhFrucA3twmeA0opV4aD8h3KD5e/HsyV2N05lNoflS5D6wSEvhv cLFXe5IcgFLYkgbZwddOgUkdq35GxX7iE8vKpIcKumM/eJa24KXymTvxpARZ2+t0uLC7 oRMj8dzFF8PzwY9r0zifu8kTv46eUeyoqlNZqTIxPfo32v9QfdwBhi+COkL4ed72Ltsp /LGg==
X-Gm-Message-State: AA6/9Rnbj1jYYN1rjxDyUdR0cDVRhMDB6FrDXiSaSdoHpJ0dQjogeQ80+vhF/GFp+SQ6/A==
X-Received: by 10.28.47.87 with SMTP id v84mr13035357wmv.50.1475576351676; Tue, 04 Oct 2016 03:19:11 -0700 (PDT)
Received: from [10.0.0.10] (bzq-109-67-151-176.red.bezeqint.net. [109.67.151.176]) by smtp.gmail.com with ESMTPSA id rk14sm2759116wjb.6.2016.10.04.03.19.10 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Oct 2016 03:19:10 -0700 (PDT)
References: <147557521091.12876.13022923747840220361.idtracker@ietfa.amsl.com>
To: "tls@ietf.org" <tls@ietf.org>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
X-Forwarded-Message-Id: <147557521091.12876.13022923747840220361.idtracker@ietfa.amsl.com>
Message-ID: <d6fb6036-7b1a-6444-45fd-34b6b96cf2a4@gmail.com>
Date: Tue, 04 Oct 2016 13:19:09 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <147557521091.12876.13022923747840220361.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/JD-vSKobrPZ1-RNjTyZ-lBtwuMk>
Subject: [TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-03.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2016 10:19:15 -0000
Daniel and I just submitted a new version of this draft. Other than numerous editorial improvements and clarifications, the main changes are to the cryptographic operations, to bring them in-line with the latest version of TLS 1.3. Thanks, Yaron -------- Forwarded Message -------- Subject: New Version Notification for draft-sheffer-tls-pinning-ticket-03.txt Date: Tue, 04 Oct 2016 03:00:10 -0700 From: internet-drafts@ietf.org To: Yaron Sheffer <yaronf.ietf@gmail.com>, Daniel Migault <daniel.migault@ericsson.com> A new version of I-D, draft-sheffer-tls-pinning-ticket-03.txt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-sheffer-tls-pinning-ticket Revision: 03 Title: TLS Server Identity Pinning with Tickets Document date: 2016-10-04 Group: Individual Submission Pages: 23 URL: https://www.ietf.org/internet-drafts/draft-sheffer-tls-pinning-ticket-03.txt Status: https://datatracker.ietf.org/doc/draft-sheffer-tls-pinning-ticket/ Htmlized: https://tools.ietf.org/html/draft-sheffer-tls-pinning-ticket-03 Diff: https://www.ietf.org/rfcdiff?url2=draft-sheffer-tls-pinning-ticket-03 Abstract: Misissued public-key certificates can prevent TLS clients from appropriately authenticating the TLS server. Several alternatives have been proposed to detect this situation and prevent a client from establishing a TLS session with a TLS end point authenticated with an illegitimate public-key certificate, but none is currently in wide use. This document proposes to extend TLS with opaque pinning tickets as a way to pin the server's identity. During an initial TLS session, the server provides an original encrypted pinning ticket. In subsequent TLS session establishment, upon receipt of the pinning ticket, the server proves its ability to decrypt the pinning ticket and thus the ownership if the pinning protection key. The client can now safely conclude that the TLS session is established with the same TLS server as the original TLS session. One of the important properties of this proposal is that no manual management actions are required. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [TLS] Fwd: New Version Notification for draft-she… Yaron Sheffer