Re: [TLS] I-D Action: draft-ietf-tls-exported-authenticator-00.txt (internet-drafts@ietf.org)
Balaji Rajendran <balajirajendran@gmail.com> Mon, 22 May 2017 17:47 UTC
Return-Path: <balajirajendran@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E233B12EB36 for <tls@ietfa.amsl.com>; Mon, 22 May 2017 10:47:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l8umUeaXRjS9 for <tls@ietfa.amsl.com>; Mon, 22 May 2017 10:47:03 -0700 (PDT)
Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84DF6127077 for <tls@ietf.org>; Mon, 22 May 2017 10:47:03 -0700 (PDT)
Received: by mail-it0-x233.google.com with SMTP id g126so2049420ith.0 for <tls@ietf.org>; Mon, 22 May 2017 10:47:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=uwCuF4jKR75txpFEvip3D266YUYbUPigYzMU8saGoGk=; b=YF7Zq0RPxVv4UOkB7HXUgmMGpLL6B5b4sso3SVYIjSMjn5NRxKEHTAaVcxWaAip0xO k9/9sVbUvA1U3r+tM31UqYnZSXT9WvREhBPvLPttHUTZ0ZVtSPP6xwERE46SnQW7whqR IyWlkhMIx9nlWVtmRgGU4+vVGk90w6QS+/3Ds7bYPN+qRu/VOSnYNK8VxU22n6tc9PZX rUkelYPbQWJ/+pBUMDmO1LnNGPD+sTrjo8pDT4GG1qhtXflj4iFxOAJgU5YYHdH7PaQQ u27ZcqfXn1u6+DkIyaizkmOeyYRuPbrLUJR0jwPR+8XLB5ikkuWZFEc5e8/528hypd+2 Pf6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=uwCuF4jKR75txpFEvip3D266YUYbUPigYzMU8saGoGk=; b=mmJSd+LhgtZRUfDATwuNIS4Vn69Cun12Fm8xDdaKseWU+UplnhGgiRsYIA0hNyw5ag c1/SqiEfLq5Fim1ijJe9KYasYdIGbQMSWt3Yp4Xs7ZTIj5lEfvaITvOCp+4LHaQMvOob kXfrv90nw20JcpWKHLYt5g3JYy7xGJtdFekXy5h/bSHP3+ovaEPoj8VMd+YMCcpEOajY LjmJah56q2PYONcAfZkq8rXOfMOlf5l8EXU2KIrkyppMr/qB/b+aaTmBMChwV7AfD6BC aj91dFLGqY7UtF8fT9p0oarndQbitYLq0IHYw3RLtTw68cNuP/h2SjvmC6JXbbU/Xf2B AT0Q==
X-Gm-Message-State: AODbwcByMmnSxEe/5o6RDGeJeyUVrYTeK4JgNP2bKjascGu671YypPjF 8NNl9Xzp8UPCRuomei4/1Ii176mPsw==
X-Received: by 10.36.190.133 with SMTP id i127mr41642252itf.41.1495475222766; Mon, 22 May 2017 10:47:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.135.92 with HTTP; Mon, 22 May 2017 10:47:02 -0700 (PDT)
In-Reply-To: <CABkgnnUrp84sWCe+iXYFM9PvGN3uKDu5wdQ_aLZMuwJb6aYgqg@mail.gmail.com>
References: <CAPZZOThk9GL1T2N06cwkAA4edFp9YmubM20Rn0nu8u-Jp_pObw@mail.gmail.com> <CABkgnnUrp84sWCe+iXYFM9PvGN3uKDu5wdQ_aLZMuwJb6aYgqg@mail.gmail.com>
From: Balaji Rajendran <balajirajendran@gmail.com>
Date: Mon, 22 May 2017 23:17:02 +0530
Message-ID: <CABVRomhk7DEvAqPmSa8vzvxf-128+VhoSFpYH6r6Q41BRdtViQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Sankalp Bagaria <sankalp.nitt@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c19d4e46c6a4c0550207513"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WfqUD1LKck0wuwdRPw40GbLfGkw>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-exported-authenticator-00.txt (internet-drafts@ietf.org)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 17:47:06 -0000
Hi, While trying to obtain an authenticator, the private key used for signing the certificate is demanded. Is it safe to do such operations or is it the public key associated with the Certificate? -- Balaji R On Mon, May 22, 2017 at 11:30 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > This defines a tool, in the same way that RFC 5705 does. See > https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs > for a use of that tool. > > On 22 May 2017 at 15:52, Sankalp Bagaria <sankalp.nitt@gmail.com> wrote: > > Hi, > > > > I have a couple of questions: > > 1) How will the out-of-band request for certificate be sent by the > server/ > > client ? > > What format will be used ? (Only Reply's format is given in draft) > > 2a) If certificate verification is unsuccessful, will the existing > > connection also be > > dropped or will it be continued ? > > 2b) If certificate verification is successful, how will the state of the > > connection > > change ? Will there be a re-direction to new entity ? If yes, how will > that > > be > > achieved ? > > > > Regards, > > Sankalp Bagaria. > > > >> > >> > >> ------------------------------ > >> > >> Message: 3 > >> Date: Thu, 18 May 2017 14:04:38 -0700 > >> From: internet-drafts@ietf.org > >> To: <i-d-announce@ietf.org> > >> Cc: tls@ietf.org > >> Subject: [TLS] I-D Action: > >> draft-ietf-tls-exported-authenticator-00.txt > >> Message-ID: <149514147857.6720.16783609697509356369@ietfa.amsl.com> > >> Content-Type: text/plain; charset="utf-8" > >> > >> > >> A New Internet-Draft is available from the on-line Internet-Drafts > >> directories. > >> This draft is a work item of the Transport Layer Security of the IETF. > >> > >> Title : Exported Authenticators in TLS > >> Author : Nick Sullivan > >> Filename : draft-ietf-tls-exported-authenticator-00.txt > >> Pages : 6 > >> Date : 2017-05-18 > >> > >> Abstract: > >> This document describes a mechanism in Transport Layer Security (TLS) > >> to provide an exportable proof of ownership of a certificate that can > >> be transmitted out of band and verified by the other party. > >> > >> > >> The IETF datatracker status page for this draft is: > >> https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/ > >> > >> There are also htmlized versions available at: > >> https://tools.ietf.org/html/draft-ietf-tls-exported-authenticator-00 > >> > >> https://datatracker.ietf.org/doc/html/draft-ietf-tls- > exported-authenticator-00 > >> > >> > >> Please note that it may take a couple of minutes from the time of > >> submission > >> until the htmlized version and diff are available at tools.ietf.org. > >> > >> Internet-Drafts are also available by anonymous FTP at: > >> ftp://ftp.ietf.org/internet-drafts/ > >> > >> > >> > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > >
- Re: [TLS] I-D Action: draft-ietf-tls-exported-aut… Sankalp Bagaria
- Re: [TLS] I-D Action: draft-ietf-tls-exported-aut… Martin Thomson
- Re: [TLS] I-D Action: draft-ietf-tls-exported-aut… Balaji Rajendran
- Re: [TLS] I-D Action: draft-ietf-tls-exported-aut… Ilari Liusvaara