[TLS] I-D on TLS authentication with VC

Andrea Vesco <andrea.vesco@linksfoundation.com> Thu, 04 April 2024 08:53 UTC

From: Andrea Vesco <andrea.vesco@linksfoundation.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: I-D on TLS authentication with VC
Thread-Index: AQHahm2P+aVw5CVAbU+Se6suZ/Y3/A==
Date: Thu, 04 Apr 2024 08:53:27 +0000
Message-ID: <F515427B-EE5A-4514-9787-8BB3F95FC380@linksfoundation.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: uF3R3eKUbbVKFzAcU7ZCccDqnEEc3pd4gv0fImWvrbWWcHXBO91sRZzBSSF3z91E/L1U7UZPm0NTpKiRJjsl4i6bt1A0v2gKfiNK/09oA9zO1nNIqtT/lM7S7mbvxkjSN4CaJAFOSjIejq9ONlGVhwE8P/cW/wtLOHLmmK+eJTQDWK7yNXZTpr3RS/vVsurIEf19OZbnCB/9U/DWoUbzUTudq2ogc1xKQSoKP76w4xknXiJCBvSccwI8ExOG2/5v9JOp0h2/E20J5rcjEL2Gocx/TvlTj+C158p3MagaYZNAZlkD+cfRV7m2Ef2hji1wZfKFXpi6RvYaC61KEkWrsh2DRLv4eThTsfj2MuRn39AY2Py9yXnSMlLcfurJpR+dafsMGOFEO4+KevpZ2MURBUop50Yet5JL1ViFmR2wg7SBx/RjjOfQ1IWg8s2Au2eFmcSmPmH5DzcZ8vRp5e3JRR3UmfG6gGYr7HJXpmMo9Spzq3fvu9q+Xll2jtJjpGks+X40TpkgYG6YAu5kc4gbe0TIY5ZwyOKSJEraQf6I5vLiOYtZhdJQP6NuKIfTGV8Rj1El59nkBBvFDGYczVrlMoSrbDNWXMVh8onGXf6YOrbQgg1IXtOe9TyOM9ANSN2ZW6wjvzXSdPcy64CIXWerCyYJ23C5zLxMWhgyg8IX6RCuXAsvN+vq06w8DmsGlV/xjJnEGfFfwflPWHy3Qud6TNyX6avRCJXrpz57+RWO5Cw7Cu4q/zeh6dt0zvcdrOBZ+hBqFEmrSjsKu7He9LRRF/WP8P7YuyM1TdA/Voe89B9nNhqRbIt6g5HO5QjnM9ivkO5n9LKlaQiuRjIqVIREnX3eCyowoBgjYjz8FfA2W/ZlNL+0lqqJIrPzWuEfvSX++kP3+z9PalCXA69VQZ/SKImJ1DSRhS0eT7pUjpYyNR6onLsZt89LN6rw9PyN1qbbooPt52MKLvzNSllJWfBv4pbt9Y0BJtayAfh3q565XrnC0b6HZeLBz8622jQqE+z8s+gOTfZEQldZ/NPiXXvm1dWf+3xAPUimByHoKivlCFimlU8vpYv0ynglZt5r6EKoGeN3422bRiITxALBvhcGVlAFSj7qc2II9rhzUB7JLSmVJPkcIWJNk8O6V7C7mXUt1Sb4wvBRJbV5YKclLy70g9GOjT5xqXRr0SeLUQi2lVYlGEPuz3F81t+TLncmr1UuhbDMG3QEYm7QOIVquJ8gJn320UJEj/qg4bF2y/TkW7yd03p7xa2f7pl79e5lYmZxS4P/g5xIYzIFLtw+0sae17uHNYx0Fxw5L/HOrf/f0NlnH9HaVaruwgpyWWev3OxwcqgO67XQE5x9ECJhhpIANYWlPprs97LClsiAAiWirhRYKZNiTuHp0Tv7kfKVp//sUoMzO3noRBiGqgo9z21IMR1ZrXnAabELtepZrssH3gAKxhwYHzfZlu11LD8qGkGChgZZeaj6TsvGb8m6h2PdlozCaBNEaHO4Ca9pGKU1UiBRSuIxtQlJ227aN7InR6nFZX8UGsiiJu9/Obif/zhq+KTLfycvuYBo3qOkO4wqcGl3pMuOLDfzJs0TziuCbYCdc6cTHmmDsELpIv+2UWxCn74LwouOiFE0o+i8SWjB9uA=
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1E1A5D9B2937BF4A88815F159F9EA4D4@EURP195.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: linksfoundation.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9P195MB1130.EURP195.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6c651940-8845-4b79-d38e-08dc5484b1b0
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2024 08:53:27.2880 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46a5eda7-5583-400d-805d-330f6efe08bd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2ysP+IrNcRdZYAnKe5jRNR6DccRnq7HdMAZk9bZWaIKsEE5PPpTS4XGRl+yK5m41UWEhCXqX9MUwle5cUp2RgLHZ+HDc/VNjE+fdcFw1Ropa0t3/0oHK/LK91a8CTWQp
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P195MB1172
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/McseJJgvrUmX9S5neAuXvRKq0rs>
Subject: [TLS] I-D on TLS authentication with VC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 08:53:35 -0000

L. Perugini and I have written an I-D on the use of Verifiable Credentials [1][2] as an additional authentication mode in TLS.  We presented the I-D to the ALLDISPATCH WG during IETF119 and the outcome was to explore the potential interest of the TLS WG. The I-D proposes to add (i) a new Certificate Type called VC in addition to X509 and RawPublicKey to the existing client_certificate_type and server_certificate_type extensions and (ii) a new extension called did_methods to carry the list of DID Methods supported by the endpoint to resolve the peer's DID during the validation of the Verifiable Credential. The I-D focuses on the IoT use case.

We are aware of the current discussion in the working group about new code points and would like to know your opinion in the case of this I-D and to explore the possible interest. Thank you in advance for your feedback.

I-D: https://datatracker.ietf.org/doc/draft-vesco-vcauthtls/ 
Code:
 - Provider https://github.com/Cybersecurity-LINKS/openssl-ssi-provider
 - OpenSSL https://github.com/Cybersecurity-LINKS/openssl

[1] https://www.w3.org/TR/vc-data-model-2.0/
[2] https://www.w3.org/TR/did-core/

[TLS] I-D on TLS authentication with VC Andrea Vesco
Re: [TLS] I-D on TLS authentication with VC hannes.tschofenig
Re: [TLS] I-D on TLS authentication with VC Achim Kraus
Re: [TLS] I-D on TLS authentication with VC Andrea Vesco
Re: [TLS] I-D on TLS authentication with VC Achim Kraus
Re: [TLS] I-D on TLS authentication with VC Stephen Farrell
Re: [TLS] I-D on TLS authentication with VC Achim Kraus
Re: [TLS] I-D on TLS authentication with VC Hannes Tschofenig
Re: [TLS] I-D on TLS authentication with VC Stephen Farrell
Re: [TLS] I-D on TLS authentication with VC Andrea Vesco