Re: [TLS] A new draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)" has been updated
Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Mon, 21 January 2019 08:16 UTC
Return-Path: <wang.haiguang.shieldlab@huawei.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BCF3130FA5 for <tls@ietfa.amsl.com>; Mon, 21 Jan 2019 00:16:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BnO-HNsxg-YC for <tls@ietfa.amsl.com>; Mon, 21 Jan 2019 00:16:57 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92BA9130F2D for <tls@ietf.org>; Mon, 21 Jan 2019 00:16:57 -0800 (PST)
Received: from lhreml701-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id C90B5696073E9A79B534 for <tls@ietf.org>; Mon, 21 Jan 2019 08:16:54 +0000 (GMT)
Received: from SINEML702-CAH.china.huawei.com (10.223.161.52) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 21 Jan 2019 08:16:54 +0000
Received: from SINEML521-MBX.china.huawei.com ([169.254.1.100]) by SINEML702-CAH.china.huawei.com ([169.254.255.221]) with mapi id 14.03.0415.000; Mon, 21 Jan 2019 16:16:41 +0800
From: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] A new draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)" has been updated
Thread-Index: AdSc+ToMK5SgJR+fTtWsM2NRX2mmLP//3EsA/90z5YCARR/BgP/5YrHw
Date: Mon, 21 Jan 2019 08:16:39 +0000
Message-ID: <0AE05CBFB1A6A0468C8581DAE58A31309E2650B4@SINEML521-MBX.china.huawei.com>
References: <0AE05CBFB1A6A0468C8581DAE58A31309E229AD4@SINEML521-MBX.china.huawei.com> <20181226145106.GA6893@LK-Perkele-VII> <0AE05CBFB1A6A0468C8581DAE58A31309E25155E@SINEML521-MBX.china.huawei.com> <20190117110319.GA23896@LK-Perkele-VII>
In-Reply-To: <20190117110319.GA23896@LK-Perkele-VII>
Accept-Language: en-SG, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.215.37.176]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YOi5un9o27eycn4dqhrZ3oaGrVM>
Subject: Re: [TLS] A new draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)" has been updated
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 08:16:59 -0000
Dear Ilari, Russ and all In previous comments received from the mailing list, experts suggest us to base our TLS-IBC draft on TLS 1.3 instead of TLS 1.2. We do think it is excellent suggestion. Therefore, recently, we have revised our internet draft "Using Identity as Raw Public Key in Transport Layer Security (TLS)" accordingly and now it is based on TLS 1.3. Beside that, an OID has been assigned by the IANA recently for the ECCSI signature algorithm, and therefore, the OID table has been updated also. Please help to review our revised draft and let us know your comments on it. Below is the link to the new draft: https://www.ietf.org/id/draft-wang-tls-raw-public-key-with-ibc-07.txt Best regards. Haiguang -----Original Message----- From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] Sent: Thursday, January 17, 2019 7:03 PM To: Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Cc: tls@ietf.org Subject: Re: [TLS] A new draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)" has been updated On Thu, Jan 17, 2019 at 10:21:43AM +0000, Wang Haiguang wrote: > Dear Ilari > > Sorry for the late reply. > > We are now trying to move the TLS-IBC to TLS 1.3 and will upload a newer version soon. > > In your previous email, you said that with TLS 1.3, the client_certificate_type is unnessary. > In fact client_certificate_type and server_certificate_type are > defined in RFC 7250 and used in client/server hello to indicate the preference of client/server one certificate. > > Client/server can use it to indicate whether they want to use > RawPublicKey or X.509 in authentication. So if we do not use client_certificate_type, how the client indicate its preference on RawPublicKey. Ugh, just noticed that the terminology is pretty confusing... There are three similarly named things: - Registry called ClientCertificateType (only used by TLS 1.2, these values go into one field in CertificateRequest message) - extension called client_certificate_type (used by TLS 1.2&1.3) - Registry called certificate types (values used by client_certificate_type come from here). -Ilari
- [TLS] A new draft for "Using Identity as Raw Publ… Wang Haiguang
- Re: [TLS] A new draft for "Using Identity as Raw … Ilari Liusvaara
- Re: [TLS] A new draft for "Using Identity as Raw … Wang Haiguang
- Re: [TLS] A new draft for "Using Identity as Raw … Russ Housley
- Re: [TLS] A new draft for "Using Identity as Raw … Wang Haiguang
- Re: [TLS] A new draft for "Using Identity as Raw … Ilari Liusvaara
- Re: [TLS] A new draft for "Using Identity as Raw … Wang Haiguang