IETF Logo Mail Archive

[TLS] draft-sullivan-tls-exported-authenticator-01

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 21 April 2017 08:44 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CD19129B04 for <tls@ietfa.amsl.com>; Fri, 21 Apr 2017 01:44:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdnlZPwne1vV for <tls@ietfa.amsl.com>; Fri, 21 Apr 2017 01:44:09 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF0181294F4 for <tls@ietf.org>; Fri, 21 Apr 2017 01:44:08 -0700 (PDT)
Received: from [192.168.91.191] ([195.149.223.176]) by mail.gmx.com (mrgmx101 [212.227.17.168]) with ESMTPSA (Nemesis) id 0Lg5kl-1cD5On2sjD-00pbyN for <tls@ietf.org>; Fri, 21 Apr 2017 10:44:06 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
To: "<tls@ietf.org>" <tls@ietf.org>
Message-ID: <55e7544b-808a-5e0e-f66e-3a6f4a79e218@gmx.net>
Date: Fri, 21 Apr 2017 10:44:01 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="XVMu7eUnrqmNboOfEhghlF9eHPgFTRovJ"
X-Provags-ID: V03:K0:A1efaMeJYFHL7+Eac1caiTLEYkOfJEvCvSm6YSroUnotIPXo6Rd JJz70GD9GCU9Sbr73wxLPpeukBCEmyaUr/od87JAANPblDV9U5whrlikpnt23er/15Ug183 VfCm8lW3BVn41C9E9cU566PnYcFOidNLxPVsPTHToW9cJyOSrQX5nXmbcxwsbFNarBkjQyV O14D/N1+QZcnQwnPipBGw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:+ZtPi4iE2TI=:MPpZ5caBuw+7njoFTB1+rP xqXtricK5dMac5+7bdFAn5QyjQiVsiGoz0ieK2eLAj+cPRFLoiUHIKiYLCRAX3V/EOH2HVPxO qjIIlaq0HtifS/CI0zozfSB2cRNQuAXyCh7da7i7yEE2cwBCfj6NGVNdtk2e8HYmXi7nfiafr qhXZpWTZAMtqafbVAlMoMfVkbRrTTwU8y69dnvQ+1S8YPurLbgc3+3VBbPEZMJdVwMOw1yl1M NitIIi8ZvvWN0oK8IjU/zTL63GerDM92MUOZuulG2UPpzb/IH3bBVtiKv/nTejyjAkuYv5PsR HoqLXl3DwaY1LVnFwtHoRgVz5K5ffwFsloE0uSvexz4y9POkuyEvnEOxjoJrkgtk6C9oAjJNf 1eW8tK011Fk5h16wQ422ZXOPdO/5oVh+2xytgY+vNfQQzNFCGR9rtIM5sDo09du38FkQ1+WUw qAZsNM+g9XV9oyqO1IKa4uN8jUUqmnnqskNmzCkPta4jWcq823Tw3Mohk0IDUd8WrgVGjQj24 6TEZwe7nLyvfKamFLQh8RCyGsGtEi/QxfnDQ5XGKlKy4VcWxMLtTl0XhYemo5nhVwv2WYyxDx FeASsxbiYsshaoCIG4vp8wHJowmf8fNcS23OtseDxrZW36FvGGPasikqYJkkwYB4OuHXhE98a 0TrA19K6w6mqgQhHSmB/mJjNwzoRrfftGxkNJ44Cc9sNUzzhgmZQocv749G54epW6qON8JLD7 SZkguM2GCdShrTpuqAWJwDbqOZQFw2yrQHZxbGVbopVkVF6Lv8gCx/AT+uU=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RPb6GQUkdZbPDgCk6FnzJz2LR-s>
Subject: [TLS] draft-sullivan-tls-exported-authenticator-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 08:44:11 -0000

I have read draft-sullivan-tls-exported-authenticator-01 and have a few
questions. I haven't followed this work previously but have been
wondering whether this functionality would be useful for "me".

The described functionality sounds like post-handshake authentication
from TLS 1.3 (although it does not use that term throughout the
document). I would have thought that this functionality is a replacement
to the TLS 1.2 renegotiation but then there is also the TLS 1.3 content
in there which raises the question about how this relates to the
post-handshake authentication functionality.

What does the following sentence mean and what is the use case for it?

"
  This proof of authentication can
   be exported and transmitted out of band from one party to be
   validated by the other party.
"

Who are the parties?

Ciao
Hannes

v2.23.0 | Report a Bug | By Email