Re: [TLS] Unified Client Authentication
Eric Rescorla <ekr@rtfm.com> Sun, 21 February 2016 19:39 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 841111A90BD for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 11:39:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1yN5_OiLzEmC for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 11:39:39 -0800 (PST)
Received: from mail-yw0-x233.google.com (mail-yw0-x233.google.com [IPv6:2607:f8b0:4002:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52CEF1A90BA for <tls@ietf.org>; Sun, 21 Feb 2016 11:39:39 -0800 (PST)
Received: by mail-yw0-x233.google.com with SMTP id h129so104273314ywb.1 for <tls@ietf.org>; Sun, 21 Feb 2016 11:39:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=PmZPlr79JvXT2QN2X3oPhwoQXaukjb/qwg8+HqLXM/I=; b=PrdlYB0GX5OiUQzaTDzr4dudL8JQDmZuAYLRcQixdjweWO0EwPXwiuzwtksborPRQc tjHlKHC8bC1rcQQzRTfK7MMCBJLuiAtm990uc56sYuuiwAe7Mn84sDQL8vRjzSbgk1ah uLVfZII+cVMjm1YZV0KA553TLstr3i9hJSGFkNZBsITjWAXoESD+whQ36m5N3ZjH4YNC sepDeVCNesownFbt5qn7fDXLq3JE1P0WENPQw/L461OfQmrDuiu2JDknyWOMrv8wFt/s 02Y3SGgYC1b2n5QPYB0tglt6V9GmdOA/4y2KdtAHOJHbl3S/6oG9UCQTVMib7RHKbSQE IXGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=PmZPlr79JvXT2QN2X3oPhwoQXaukjb/qwg8+HqLXM/I=; b=O8XIgWstRNvq6FKZCCKI80GBvO4GdFewpLUdq9IYCmwb+jydcJSXeMHRfNniuUApKx eVDC/Sq8AbUevtB5a9WNEzz7fYVvmRLtklGFZF8eyeT7FsFZSDSFTaFuiKPxkWMqDMWv 0FnBYot3k8XbHmV9azE+sreVquGAUW+4+o9BswjMAGlnOgZVDP/wilN+E9FBkPStPmb0 NGH/ug2e49vfxFwQ1vPSyBDITAZ0akKl/s1ahlslBX5dsIsnntRFYUzaVwhqGmqpK9wM KZeJ9GQ1l/OQCfmf4jXsJXsHYb3EoX2W5Fo/Ic78FSnSeGsWEk6U82j3eGvohH++m3a2 cfCg==
X-Gm-Message-State: AG10YOTmo4+G6D10XKKb0eaY9QTFiCA4NXVI1m+rtjUbTxJDpHi9PAC/kZXr0TaElDtvVcKFsnI6luy+NW6LVg==
X-Received: by 10.129.38.135 with SMTP id m129mr11871584ywm.155.1456083578718; Sun, 21 Feb 2016 11:39:38 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.249.5 with HTTP; Sun, 21 Feb 2016 11:38:59 -0800 (PST)
In-Reply-To: <CACsn0cnTw=LdzyS1zgaTdh=ttshQP+tAHY1iv7GmPc3+aeH+5Q@mail.gmail.com>
References: <CACsn0cnTw=LdzyS1zgaTdh=ttshQP+tAHY1iv7GmPc3+aeH+5Q@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 21 Feb 2016 11:38:59 -0800
Message-ID: <CABcZeBOUkgXvtZhACoioqtcT5SWWQWck2_gjc1Q+Ku94F2QioQ@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="001a1141618c793b43052c4ce07a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/QOGijB5BHKbYiePVneuMCzNL62Q>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Unified Client Authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2016 19:39:40 -0000
This was discussed at the TLS interim and the argument against was that there was limited demand for the post-handshake mode and that people wanted to have a mode they were very comfortable with as the "main" thing. Of course, it may be time to revisit that decision. -Ekr On Sun, Feb 21, 2016 at 11:33 AM, Watson Ladd <watsonbladd@gmail.com> wrote: > Currently we client authenticate after handshake and during handshake. > Why not unify these by making all client authentication take place > after the handshake? This will simplify the state machine. > > https://github.com/tlswg/tls13-spec/issues/421 talks about this in the > last sentence. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Unified Client Authentication Watson Ladd
- Re: [TLS] Unified Client Authentication Eric Rescorla
- Re: [TLS] Unified Client Authentication Martin Thomson