Re: [TLS] Summary of discussion regarding spontaneuous authentication
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 28 October 2014 09:55 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0052C1A1AE5 for <tls@ietfa.amsl.com>; Tue, 28 Oct 2014 02:55:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u1IzYPRPjHMm for <tls@ietfa.amsl.com>; Tue, 28 Oct 2014 02:55:13 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09A331A1AD7 for <tls@ietf.org>; Tue, 28 Oct 2014 02:55:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1414490113; x=1446026113; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=Sa7sAzSrLdia90aqXHDXaNKdcfKnKyYZ6+f7IMC1D4M=; b=O7AWW+A2M2ZEnwjaJM6om7uMqWvRHuMQHnowJaHetDHSq06yaQgEmE8d 3ElHw1/SjLg36kIds7UhWAhzTm0u3T5zyUJi8Rzw4eoNFGzNmcDsLxMNs BonD0f+sX8hSrwPvkFBBinRbcjbx2tEIp+8FJM7ZM0kuacXlvvgY0ikKe 4=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="286160515"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.112 - Outgoing - Outgoing
Received: from uxchange10-fe1.uoa.auckland.ac.nz ([130.216.4.112]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 28 Oct 2014 22:55:10 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.15]) by uxchange10-fe1.UoA.auckland.ac.nz ([130.216.4.112]) with mapi id 14.03.0174.001; Tue, 28 Oct 2014 22:55:10 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Summary of discussion regarding spontaneuous authentication
Thread-Index: Ac/ylUIT3mNYoSbWTeamZIOhdRBC4g==
Date: Tue, 28 Oct 2014 09:55:08 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9D9E37@uxcn10-5.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/ZbaeWcxxtfyjZJ9eKddLkKF-L8g
Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 09:55:17 -0000
Eric Rescorla <ekr@rtfm.com> writes: >If we make this change, we could still leave CertificateRequest in place, but >it could be empty, just indicating that the server wants some kind of client >auth and let the client decide. Just as a data point, I've always done it that way, the client provides whatever cert it has to get in and the server decides whether it'll allow access. I've never had any reports of problems so far. (Caveat: Given the almost nonexistent use of client certs the sample size there probably isn't very large). Peter.
- [TLS] Summary of discussion regarding spontaneuou… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Tom Ritter
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Watson Ladd
- Re: [TLS] Summary of discussion regarding spontan… Eric Rescorla
- Re: [TLS] Summary of discussion regarding spontan… Watson Ladd
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Martin Rex
- Re: [TLS] Summary of discussion regarding spontan… Salz, Rich
- Re: [TLS] Summary of discussion regarding spontan… Tom Ritter
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Andrei Popov
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Eric Rescorla
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Peter Gutmann
- Re: [TLS] Summary of discussion regarding spontan… Santosh Chokhani