Re: AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:draft-linn-otp-tls-00.txt]
Magnus Nyström <magnus@rsasecurity.com> Mon, 19 June 2006 12:19 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FsIjA-0006aZ-7W; Mon, 19 Jun 2006 08:19:36 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FsIj8-0006aU-U5 for tls@ietf.org; Mon, 19 Jun 2006 08:19:34 -0400
Received: from tholian.rsasecurity.com ([216.162.240.129]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FsIj8-00023a-Jk for tls@ietf.org; Mon, 19 Jun 2006 08:19:34 -0400
Received: from hyperion.rsasecurity.com by tholian.rsasecurity.com via smtpd (for stiedprmail1.ietf.org [156.154.16.150]) with ESMTP; Mon, 19 Jun 2006 08:18:36 -0400
Received: from sdtihq24.securid.com (sdtihq24.na.rsa.net [10.100.8.152]) by hyperion.na.rsa.net (MOS 3.7.4b-GA) with ESMTP id CPN14164; Mon, 19 Jun 2006 08:11:17 +0500 (GMT-5)
Received: from rsana-ex-hq1.NA.RSA.NET (rsana-ex-hq1.na.rsa.net [10.100.8.50]) by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id k5JC9PDU017773; Mon, 19 Jun 2006 08:09:25 -0400 (EDT)
Received: from rsana-ex-sm1.NA.RSA.NET ([10.80.211.17]) by rsana-ex-hq1.NA.RSA.NET with Microsoft SMTPSVC(6.0.3790.211); Mon, 19 Jun 2006 08:09:25 -0400
Received: from localhost ([10.129.13.11]) by rsana-ex-sm1.NA.RSA.NET with Microsoft SMTPSVC(6.0.3790.211); Mon, 19 Jun 2006 05:09:32 -0700
Date: Mon, 19 Jun 2006 14:09:47 +0200
From: Magnus Nyström <magnus@rsasecurity.com>
To: "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
Subject: Re: AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:draft-linn-otp-tls-00.txt]
In-Reply-To: <A5D2BD54850CCA4AA3B93227205D8A30614F03@MCHP7IEA.ww002.siemens.net>
Message-ID: <Pine.WNT.4.62.0606191355590.5356@CTO-LAPTOP.eu.rsa.net>
References: <A5D2BD54850CCA4AA3B93227205D8A30614F03@MCHP7IEA.ww002.siemens.net>
X-X-Sender: mnystrom@[10.80.211.17]
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="17534373-32636-1150718987=:5356"
X-OriginalArrivalTime: 19 Jun 2006 12:09:33.0024 (UTC) FILETIME=[397A6600:01C69399]
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 1676547e4f33b5e63227e9c02bd359e3
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: magnus@rsasecurity.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Hello Hannes, Yes, the cited I-D would, if implemented, enable another method of using OTPs within TLS - one could do EAP-POTP within the EAP-Message etc. RADIUS attributes, encapsulated in the IA phase of TLS-IA. It seems, however, to complicate deployments quite a lot to introduce a requirement for EAP as well as elements of RADIUS and Diameter just to support OTPs in TLS now that TLS-PSK exists. And, contrary to what is stated in the TLS-IA I-D, TLS-PSK does allow use of a server certificate in conjunction with PSKs. We therefore feel that the draft provides some advantages over the alternative of using EAP-POTP within TLS-IA. -- Magnus On Wed, 14 Jun 2006, Tschofenig, Hannes wrote: > Since OTP is available via EAP methods it is also possible to use > http://www.tschofenig.com/drafts/draft-funk-tls-inner-application-extension-02.txt > > This would avoid putting every single EAP method inside the TLS > handshake. > > Ciao > Hannes > >> -----Ursprüngliche Nachricht----- >> Von: Linn, John [mailto:jlinn@rsasecurity.com] >> Gesendet: Mittwoch, 14. Juni 2006 13:17 >> An: tls@ietf.org >> Cc: Nyström, Magnus >> Betreff: [TLS] OTP-TLS I-D [Was: FW: I-D >> ACTION:draft-linn-otp-tls-00.txt] >> >> This recent I-D constitutes a profile layered on TLS-PSK, >> intended to authenticate TLS connections with the general >> class of One-Time Password (OTP) methods. We'd like to >> invite review and comment in the TLS WG. >> >> --jl >> >> -----Original Message----- >> From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org] >> Sent: Wednesday, June 07, 2006 3:50 PM >> To: i-d-announce@ietf.org >> Subject: I-D ACTION:draft-linn-otp-tls-00.txt >> >> A New Internet-Draft is available from the on-line >> Internet-Drafts directories. >> >> >> Title : OTP Methods for TLS >> Author(s) : J. Linn, M. Nystroem >> Filename : draft-linn-otp-tls-00.txt >> Pages : 21 >> Date : 2006-6-7 >> >> This document describes means for applying One-Time Password (OTP) >> methods to authenticate Transport Layer Security sessions, operating >> in conjunction with Pre-Shared Key (PSK) ciphersuites defined for use >> with TLS. >> >> >> A URL for this Internet-Draft is: >> http://www.ietf.org/internet-drafts/draft-linn-otp-tls-00.txt >> >> To remove yourself from the I-D Announcement list, send a message to >> i-d-announce-request@ietf.org with the word unsubscribe in >> the body of the message. >> You can also visit >> https://www1.ietf.org/mailman/listinfo/I-D-announce >> to change your subscription settings. >> >> >> Internet-Drafts are also available by anonymous FTP. Login >> with the username >> "anonymous" and a password of your e-mail address. After logging in, >> type "cd internet-drafts" and then >> "get draft-linn-otp-tls-00.txt". >> >> A list of Internet-Drafts directories can be found in >> http://www.ietf.org/shadow.html >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt >> >> >> Internet-Drafts can also be obtained by e-mail. >> >> Send a message to: >> mailserv@ietf.org. >> In the body type: >> "FILE /internet-drafts/draft-linn-otp-tls-00.txt". >> >> NOTE: The mail server at ietf.org can return the document in >> MIME-encoded form by using the "mpack" utility. To use this >> feature, insert the command "ENCODING mime" before the "FILE" >> command. To decode the response(s), you will need "munpack" or >> a MIME-compliant mail reader. Different MIME-compliant >> mail readers >> exhibit different behavior, especially when dealing with >> "multipart" MIME messages (i.e. documents which have been split >> up into multiple messages), so check your local documentation on >> how to manipulate these messages. >> >> >> Below is the data which will enable a MIME compliant mail reader >> implementation to automatically retrieve the ASCII version of the >> Internet-Draft. >> >
_______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:draft-… Tschofenig, Hannes
- Re: AW: [TLS] OTP-TLS I-D [Was: FW: I-D ACTION:dr… Magnus Nyström