[TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-03.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 04 October 2016 10:19 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37225129799 for <tls@ietfa.amsl.com>; Tue, 4 Oct 2016 03:19:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yNuwp7SygpBM for <tls@ietfa.amsl.com>; Tue, 4 Oct 2016 03:19:13 -0700 (PDT)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60E3D129780 for <tls@ietf.org>; Tue, 4 Oct 2016 03:19:13 -0700 (PDT)
Received: by mail-wm0-x230.google.com with SMTP id k125so197930549wma.1 for <tls@ietf.org>; Tue, 04 Oct 2016 03:19:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=rhm+QSWevaCgFM34wln66tVXSP3wClReO0ZIr69p440=; b=vdTNBJCF9pemqmTwsl9JEo2bPQj5IB7/immAJJqmyZW5VVVy6J6Agdlrtm6z2Zjsk+ h3idXUs6Ua+WswxR1BzgCmxpsJEu3mrIeLTXnvmHSEXv1tG9cHPQrR0GC9RRic99RY4C uma8jYIotVTWN7Cs0Dx8PdXYya2ADjHXuYmAMD117O12U3iayUA/0ZDVEZ6nfUTBUg9x hvnPAxj5ElBxkqhIIM0sjQy+T0Ws0wfKfaHNx295OcQtD4q6fdpYr8BSHTtvIlPtbWPh mrXYvYDoJsZTWEDR8FC8/BWHnuIWBSiDp0rUIUYSqV1k0DprWgXHY3dJPxCC8L19jaSA qXow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=rhm+QSWevaCgFM34wln66tVXSP3wClReO0ZIr69p440=; b=bcB4fewe821o53dhyrWD9JwpH/WoZqBrmfcVCtQNkj01QnkOU/1l5+ER7bKxzhOk9P F2VUjwUokPz/FRlUhlYbfPhXkzxid0w/J2dFcTkLZTH3nL2/dLrDncj+oSw5xbPgB8l6 Q7QAszhXHYnjAFYX6UhFrucA3twmeA0opV4aD8h3KD5e/HsyV2N05lNoflS5D6wSEvhv cLFXe5IcgFLYkgbZwddOgUkdq35GxX7iE8vKpIcKumM/eJa24KXymTvxpARZ2+t0uLC7 oRMj8dzFF8PzwY9r0zifu8kTv46eUeyoqlNZqTIxPfo32v9QfdwBhi+COkL4ed72Ltsp /LGg==
X-Gm-Message-State: AA6/9Rnbj1jYYN1rjxDyUdR0cDVRhMDB6FrDXiSaSdoHpJ0dQjogeQ80+vhF/GFp+SQ6/A==
X-Received: by 10.28.47.87 with SMTP id v84mr13035357wmv.50.1475576351676; Tue, 04 Oct 2016 03:19:11 -0700 (PDT)
Received: from [10.0.0.10] (bzq-109-67-151-176.red.bezeqint.net. [109.67.151.176]) by smtp.gmail.com with ESMTPSA id rk14sm2759116wjb.6.2016.10.04.03.19.10 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Oct 2016 03:19:10 -0700 (PDT)
References: <147557521091.12876.13022923747840220361.idtracker@ietfa.amsl.com>
To: "tls@ietf.org" <tls@ietf.org>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
X-Forwarded-Message-Id: <147557521091.12876.13022923747840220361.idtracker@ietfa.amsl.com>
Message-ID: <d6fb6036-7b1a-6444-45fd-34b6b96cf2a4@gmail.com>
Date: Tue, 4 Oct 2016 13:19:09 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <147557521091.12876.13022923747840220361.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/JD-vSKobrPZ1-RNjTyZ-lBtwuMk>
Subject: [TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-03.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2016 10:19:15 -0000

Daniel and I just submitted a new version of this draft. Other than 
numerous editorial improvements and clarifications, the main changes are 
to the cryptographic operations, to bring them in-line with the latest 
version of TLS 1.3.

Thanks,
	Yaron

-------- Forwarded Message --------
Subject: New Version Notification for 
draft-sheffer-tls-pinning-ticket-03.txt
Date: Tue, 04 Oct 2016 03:00:10 -0700
From: internet-drafts@ietf.org
To: Yaron Sheffer <yaronf.ietf@gmail.com>om>, Daniel Migault 
<daniel.migault@ericsson.com>


A new version of I-D, draft-sheffer-tls-pinning-ticket-03.txt
has been successfully submitted by Yaron Sheffer and posted to the
IETF repository.

Name:		draft-sheffer-tls-pinning-ticket
Revision:	03
Title:		TLS Server Identity Pinning with Tickets
Document date:	2016-10-04
Group:		Individual Submission
Pages:		23
URL: 
https://www.ietf.org/internet-drafts/draft-sheffer-tls-pinning-ticket-03.txt
Status: 
https://datatracker.ietf.org/doc/draft-sheffer-tls-pinning-ticket/
Htmlized: 
https://tools.ietf.org/html/draft-sheffer-tls-pinning-ticket-03
Diff: 
https://www.ietf.org/rfcdiff?url2=draft-sheffer-tls-pinning-ticket-03

Abstract:
    Misissued public-key certificates can prevent TLS clients from
    appropriately authenticating the TLS server.  Several alternatives
    have been proposed to detect this situation and prevent a client from
    establishing a TLS session with a TLS end point authenticated with an
    illegitimate public-key certificate, but none is currently in wide
    use.

    This document proposes to extend TLS with opaque pinning tickets as a
    way to pin the server's identity.  During an initial TLS session, the
    server provides an original encrypted pinning ticket.  In subsequent
    TLS session establishment, upon receipt of the pinning ticket, the
    server proves its ability to decrypt the pinning ticket and thus the
    ownership if the pinning protection key.  The client can now safely
    conclude that the TLS session is established with the same TLS server
    as the original TLS session.  One of the important properties of this
    proposal is that no manual management actions are required.

 


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat