Re: [TLS] I-D on TLS authentication with VC

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 05 April 2024 12:14 UTC

Message-ID: <f183ba4b-6876-4cfc-bb66-4b6894e43fd8@cs.tcd.ie>
Date: Fri, 05 Apr 2024 13:14:05 +0100
User-Agent: Mozilla Thunderbird
To: Achim Kraus <achimkraus@gmx.net>, Andrea Vesco <andrea.vesco@linksfoundation.com>, "tls@ietf.org" <tls@ietf.org>
References: <F515427B-EE5A-4514-9787-8BB3F95FC380@linksfoundation.com> <7d194dc8-65b0-4df5-9ef0-410a38af9e1e@cs.tcd.ie> <70c9b9ff-14fa-4b2f-8d90-2b1a0f1ebf15@gmx.net>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <70c9b9ff-14fa-4b2f-8d90-2b1a0f1ebf15@gmx.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------UQeHGHnrWBw1erzTdDbYupcc"
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AS8PR02MB6997:EE_
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: IM5IrpE6IWMTmB3KX5TPVff+qUGIOs3TpV58X9FGVXpSv1zdqqDhhN265L89FI5Vvt/TuHVgvFDwzptcHHtZ1Nr9xTBlXRAI0aOg0P058/htDKx4kAZ6OLqApxZCG7mwDU1somcvdstxJZE4zBFZoc9AVqr2DjQN2No5sP4ppRU7UWnKsY/41y3gztuoLL6dUse8yFQ/c2NX+QDqDbMWMYeGAGQZPqPWZWZwIPqi2sAUuqLfgt7EK0tBSSR/eD0CyxC6E10oNoa02qC7OTG03AsMJRt1Nci+OZuOPVtusptWI+7nXMcIeQEYsJwnM2R/0RUhhle0D9W61VZATblcEzgh9PnPZTXKfbj+UK88NR5n//q2ord8fyC875jzazBnU0X6PU644EqYct7PXtWM6/mgQ5FuiKzU+RZoBc/pQ1AHrNuohMxGFfx1eGGyG77KZEHOMAPU7YAoygX+BCzj3Sxav4V4122YYYmh1UxXSkAmBvi5/9a5UIkJVyp5h06LOGvuBw40dOwMZRInaBgMNRuIaQINOmedgom0o9ydyG8OsQdZU0cRnquCW55cLcDcmog8LHUbq0b945H3iA9QeNOQiurVkb2+e1P/XLaS4u8yaK8V2MeCSBPRPqNY0ATpxgOHAXBHm4t7to/un12XvSgk72RwhlL2Y0IcbXXQImM=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(366007)(1800799015); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 4nhCQYr8ov2PU4BhucPiLXWz7wZ651ftc0ctOoNN6FRzcxfKrB+BPU0/ph0cyR4+4/7lawL1nXwZt9MqbMnwkcDRIQIvVfQY84s5ZHz2P0Ny+X/ZhtzbV972byKZ+A47fxo/OvmjxlldqxfAR2qrNy5LacrH13/0XHnCOIo7ENF8M1hJnwenyYThTJVdMeMuYcVL9Ef7Vl3dCQR8WyguBjeYdAb17Oon1Uu7rnyZAoCu18S705/PRn6y04gd0lvPjBLzOFV/39YaaP0f/JYWOtgKtI3eREZRFe+8oxSf1rQNTe9RQ+1gXroGcznvOf+ohyIJPWRCwfmlFjlWfj5UedI4nMuDCdagC0DnKHPGM7xddJpEOLK6smFQvChwyRTBiQisZloqskaXNHPOL++8EeiklZlLVXuEM/VZTnOV39esIs636q/L/htYko+4860TBZLUCRvl3w5GRFUBK0BcIqgKBTL0HXqD2xYS5uyD1a0paGCoNmCoG3tvQ573jylARks5PlGMe+EI8RonM3dFC56C4R0U2n1XfrYsnRWZXFWij5rXWdNjPff9Uszf7EAb9wbw80pbdPch0+/8eSBG30BGsRPWnEP0PuhJyXwK8O5vXtaldHFyWj4bn9YZVFNFgvM4MKyLXNMLPtzCfHtj5ByPBX13eWTkpUpmKwQmrJnw6LgeA8BtyNlrfiyso4/R7Qk64DA6p6niEQ/QtlJw9Qr796V1dSrG0o7Xs3NEtfQhiNG38MxbE8WbrqmpDfzFCiiSdJ+MDAgqH7TILhdCEDZdcc9wx4VBwQuoj7+qT//pnj6ce+6HdoqSHEjzmLkk0nl1T4XNesFiCocjd1qTqE6zyGv/kVZVoYgc2fLziX/DdUFoEB6zPKQnO6LNXulFkibBE2SOBgVk2j7W5Yj1ENmyIlKXij7LW6kSvIr15E/XH8n4NLauSu1/MEysNPvQZrmM9Mgnm8ytruZeN4E7DRjjlGz5xejGsUzV4aROtAqc8TWbbnt7isDphJV+z0qX4ZuW1so33MgKhi3hI1NLH9LXa8eaGOGfT2x+H+/RCJcmtHQ4nkQmjNbZRnXSwzJO0ZZBiWy2J0aWfmMb+Y58/XYi7GMh5P80P4/53jaschQPVrDm74oI7R70QHhkuCOdKWZdWkAcPVlJ9rq7FkZU4W4nrnx596AD+okRdB82rgCwOO3LxWQenH0X2b8vFGwnQBbX0RlnAjwfciRBRThi9Z4sjwj6K7KaliR4UFK26mKejxNMSGE1+GIMpDlL0kJPMSVs9v58KgTv8LLft0cHRSPnpOoWMebfi7no/l++lkyKl5RKaGVKddIXQq2n21XO0ipy5wlKa/1Lx7End2lVVpfoxDmZ5DLX5LcBaSKhxiNyghsFRLvRwKe10WyLlBGOjO7U8uqfs7duyYQTUoQlkjNNJZBOHGrmxpTGGWsWzrUMhhLX04S2fL+JqEs5fewul+5E/sUUto6RzNtH4NtBhcjOkrn6Cd08v3ocZWT4RB5yZUm+mgf+be3OvlFaxwEm3yEZ3ECf9xXoJXicmYk/D6IY89XCyAGa3OQI1uQby1UeFtIUSUK5qw91nrT0TAt1
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: d8244409-ace3-4f02-5e62-08dc5569e426
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Apr 2024 12:14:07.0038 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: xl7VokHbpFV5uofccACgXdWenjVsjqcUOtJiQZcJCpTDeWF8Uv+IcFk4iDKnZbSh
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR02MB6997
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UcRS-BEvNea50KJn7yg0H0gQfPc>
Subject: Re: [TLS] I-D on TLS authentication with VC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2024 12:14:15 -0000

Hiya,

On 05/04/2024 12:54, Achim Kraus wrote:
> Hi,
> 
>> On that basis, I'd consider this a bad idea that
>> ought not be pursued, and certainly not by the TLS
>> WG.
> 
> for me this sounds more like an argument for a
> 
> "recommended (for general use-cases) n".

I'd go further - ISTM an argument for a re-design
that just doesn't have the privacy problem. (And
maybe come back to the TLS WG after that's done.)

> Or does the TLS group focus on Web only and I missed that?

My mail made no reference to the web. The problem,
if it exists, would apply to all uses of TLS that
enabled this mechanism.

Cheers,
S.

> 
> best regards
> Achim
>

Attachment: OpenPGP_0xE4D8E9F997A833DD.asc
Attachment: OpenPGP_signature.asc

[TLS] I-D on TLS authentication with VC Andrea Vesco
Re: [TLS] I-D on TLS authentication with VC hannes.tschofenig
Re: [TLS] I-D on TLS authentication with VC Achim Kraus
Re: [TLS] I-D on TLS authentication with VC Andrea Vesco
Re: [TLS] I-D on TLS authentication with VC Achim Kraus
Re: [TLS] I-D on TLS authentication with VC Stephen Farrell
Re: [TLS] I-D on TLS authentication with VC Achim Kraus
Re: [TLS] I-D on TLS authentication with VC Hannes Tschofenig
Re: [TLS] I-D on TLS authentication with VC Stephen Farrell
Re: [TLS] I-D on TLS authentication with VC Andrea Vesco

Re: [TLS] I-D on TLS authentication with VC

Attachment: OpenPGP_0xE4D8E9F997A833DD.asc

Attachment: OpenPGP_signature.asc