[TLS] A new draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)" has been updated

Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Wed, 26 December 2018 09:00 UTC

Return-Path: <wang.haiguang.shieldlab@huawei.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 73BB3130FA0 for <tls@ietfa.amsl.com>; Wed, 26 Dec 2018 01:00:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id xY7jgeIfXFH9 for <tls@ietfa.amsl.com>; Wed, 26 Dec 2018 01:00:20 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 774C6130DDA for <tls@ietf.org>; Wed, 26 Dec 2018 01:00:20 -0800 (PST)
Received: from LHREML711-CAH.china.huawei.com (unknown []) by Forcepoint Email with ESMTP id 1B66F6DAB4A63 for <tls@ietf.org>; Wed, 26 Dec 2018 09:00:16 +0000 (GMT)
Received: from SINEML701-CAH.china.huawei.com ( by LHREML711-CAH.china.huawei.com ( with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 26 Dec 2018 09:00:17 +0000
Received: from SINEML521-MBX.china.huawei.com ([]) by SINEML701-CAH.china.huawei.com ([]) with mapi id 14.03.0415.000; Wed, 26 Dec 2018 17:00:08 +0800
From: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: A new draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)" has been updated
Thread-Index: AdSc+ToMK5SgJR+fTtWsM2NRX2mmLA==
Date: Wed, 26 Dec 2018 09:00:08 +0000
Message-ID: <0AE05CBFB1A6A0468C8581DAE58A31309E229AD4@SINEML521-MBX.china.huawei.com>
Accept-Language: en-SG, en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YDlj1Z9DniUcSrySVgh3k8z35YI>
Subject: [TLS] A new draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)" has been updated
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Dec 2018 09:00:22 -0000

Hello, everyone

We have just updated the internet draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)". 

In this draft, we propose to use the Identity as raw public key, which further simplifies authentication and identity management of large scale IoT devices. 

The updating are mainly in the IANA consideration part. 

We have some IANA related issues that need expert from this group to help:
1) TLS protocol require OID to identify an signature algorithm used in authentication and key exchange. 
     However, the identity-based signature algorithm (ECCSI) specified by IETF in RFC 6507 does not have an OID yet. 
     We have written to IANA for consideration but do not get it yet. 
2) TLS cipher suites and a  few TLS registries need to be updated also, by adding in the relative names for ECCSI: 
     * TLS  cipher suites
     * TLS TLS KeyExchangeAlgorithm Registry
     * TLS ClientCertificateType Registry
     * TLS SignatureAlgorithm Registry

Although the draft is still personal draft , some telecom customer want to use TLS+ECCSI in their network for IoT 
device authentication. Therefore, is it possible for IANA to assign value for above TLS registries and OID for ECCSI since ECCSI is specified by IETF?

Please give us some suggestion on the OID and TLS registries updating issues.

Below is the link to our recently uploaded draft. 

Best regards.