[TLS] Query for consensus on an "experimental/private-use" extension identifier
Kyle Hamilton <aerowolf@gmail.com> Thu, 17 December 2009 21:36 UTC
Return-Path: <aerowolf@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3EA133A68F7 for <tls@core3.amsl.com>; Thu, 17 Dec 2009 13:36:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.283
X-Spam-Level:
X-Spam-Status: No, score=-2.283 tagged_above=-999 required=5 tests=[AWL=-0.284, BAYES_00=-2.599, J_CHICKENPOX_15=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WVw+SUHK4IRC for <tls@core3.amsl.com>; Thu, 17 Dec 2009 13:36:11 -0800 (PST)
Received: from mail-px0-f171.google.com (mail-px0-f171.google.com [209.85.216.171]) by core3.amsl.com (Postfix) with ESMTP id 8687A3A67E4 for <tls@ietf.org>; Thu, 17 Dec 2009 13:36:11 -0800 (PST)
Received: by pxi1 with SMTP id 1so1753863pxi.29 for <tls@ietf.org>; Thu, 17 Dec 2009 13:35:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=WPZW6p+DnH40k39AfWYSWHC2Oy+JSUa1NpjNfbrApiA=; b=i2hDXVnmozIngyeJ5kJI9U+70iDfyCeJBH2lBGvjsn9owWryYwANwZIS+/ZwryGdc3 yekg/dvL+wdQYiE1fpSWfEgR5z7u2kkKGAH1q8uU258e1V99Pnl8stcQZAAjzwcEM5WF +bGAmhzD2yoEgl+XpM6L2Y77OT4oK2mbMGfLw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=sdGq/+huA9b+2PwO4Cp0Qh9G8zYO1w1CubJ/v43a7jyXMzouDiAyvUKE2ag8mHjvKa +1VIM7vToBYVohPWUfoLM35bJDsxewekRs2E4nINkFtk0NrhjCGhnYCQ96lA3uRaq8cn 319vOL5mpAc9/a2bokpioYpjKZJXeSctfOLZA=
MIME-Version: 1.0
Received: by 10.142.55.14 with SMTP id d14mr1994249wfa.45.1261085754647; Thu, 17 Dec 2009 13:35:54 -0800 (PST)
Date: Thu, 17 Dec 2009 13:35:54 -0800
Message-ID: <6b9359640912171335s76c04cc7o9434986d236c334b@mail.gmail.com>
From: Kyle Hamilton <aerowolf@gmail.com>
To: tls@ietf.org
Content-Type: text/plain; charset="UTF-8"
Subject: [TLS] Query for consensus on an "experimental/private-use" extension identifier
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2009 21:36:12 -0000
I would like to attempt to initiate the "IETF Consensus" process for assigning a single "experimental/private-use" extension identifier. I can submit an I-D to describe how I feel this could be interoperable and multiplexable, so that the "private-use" mechanism can be used between compliant implementations without fear of trampling over each other. (I've got a design where multiple extensions are necessary to transfer information about authentication requirements and authorization capabilities, while blinding them to the client unless the client has a trust anchor that can un-blind them). Would there be interest in this beyond just me? My current experiment is an attempt to reduce the amount of information leakage produced by the "allowed CA names" field, by sending salted hashes of each of either the CA names or trust anchor AKIDs that the peer is willing to accept as authenticators, shashed (shash = s(alted )hash) such that an attacker would need to have the same trust anchor in its repository to identify exactly which CAs it knows about that can and will be accepted by the peer. I would like to suggest 34 as the new extension ID for this, since according to IANA it's the highest unassigned possible value (35 is used for SessionTicket). What is the procedure to attempt to initiate this kind of IETF consensus, necessary to be able to experiment without fear of smashing someone else's experiments? (As I said, I'll draw up an I-D to more concretely define the semantics of such an extension, including the ability to interleave multiple types of extensions under the same extension identifier.) -Kyle H
- [TLS] Query for consensus on an "experimental/pri… Kyle Hamilton
- Re: [TLS] Query for consensus on an "experimental… Pasi.Eronen
- Re: [TLS] Query for consensus on an "experimental… Kyle Hamilton