Re: [TLS] A new draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)" has been updated
Russ Housley <housley@vigilsec.com> Thu, 27 December 2018 14:58 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41AB512426A for <tls@ietfa.amsl.com>; Thu, 27 Dec 2018 06:58:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xaTDQwbFGpgu for <tls@ietfa.amsl.com>; Thu, 27 Dec 2018 06:58:29 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E395128D09 for <tls@ietf.org>; Thu, 27 Dec 2018 06:58:29 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 0D8533005C6 for <tls@ietf.org>; Thu, 27 Dec 2018 09:58:27 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id qYtXe6Ge0SO9 for <tls@ietf.org>; Thu, 27 Dec 2018 09:58:25 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-108-45-137-105.washdc.fios.verizon.net [108.45.137.105]) by mail.smeinc.net (Postfix) with ESMTPSA id ABB183001CB; Thu, 27 Dec 2018 09:58:25 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <0AE05CBFB1A6A0468C8581DAE58A31309E229AD4@SINEML521-MBX.china.huawei.com>
Date: Thu, 27 Dec 2018 09:58:26 -0500
Cc: IETF TLS <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <5987BF5A-0BE7-49E0-82BA-EFA233D7FA91@vigilsec.com>
References: <0AE05CBFB1A6A0468C8581DAE58A31309E229AD4@SINEML521-MBX.china.huawei.com>
To: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/atobJrpG6xf7ERc0O3R7FmD9jc0>
Subject: Re: [TLS] A new draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)" has been updated
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Dec 2018 14:58:32 -0000
Haiguang: Like Ilari, I am a bit confused about the specification for TLS 1.2 but not TLS 1.3. It seems that the pros and cons of an identity-based approach are the same in bot environments. When I quickly went through the document, I did not understand client authentication. I guess I can figure it out for server-to-server mutual authentication, where both servers are identified by domain names. What is the form of the identity in other cases? Russ > On Dec 26, 2018, at 4:00 AM, Wang Haiguang <wang.haiguang.shieldlab@huawei.com> wrote: > > Hello, everyone > > We have just updated the internet draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)". > > In this draft, we propose to use the Identity as raw public key, which further simplifies authentication and identity management of large scale IoT devices. > > The updating are mainly in the IANA consideration part. > > We have some IANA related issues that need expert from this group to help: > 1) TLS protocol require OID to identify an signature algorithm used in authentication and key exchange. > However, the identity-based signature algorithm (ECCSI) specified by IETF in RFC 6507 does not have an OID yet. > We have written to IANA for consideration but do not get it yet. > 2) TLS cipher suites and a few TLS registries need to be updated also, by adding in the relative names for ECCSI: > * TLS cipher suites > * TLS TLS KeyExchangeAlgorithm Registry > * TLS ClientCertificateType Registry > * TLS SignatureAlgorithm Registry > > Although the draft is still personal draft , some telecom customer want to use TLS+ECCSI in their network for IoT > device authentication. Therefore, is it possible for IANA to assign value for above TLS registries and OID for ECCSI since ECCSI is specified by IETF? > > Please give us some suggestion on the OID and TLS registries updating issues. > > Below is the link to our recently uploaded draft. > https://www.ietf.org/internet-drafts/draft-wang-tls-raw-public-key-with-ibc-03.txt > > > Best regards. > > Haiguang >
- [TLS] A new draft for "Using Identity as Raw Publ… Wang Haiguang
- Re: [TLS] A new draft for "Using Identity as Raw … Ilari Liusvaara
- Re: [TLS] A new draft for "Using Identity as Raw … Wang Haiguang
- Re: [TLS] A new draft for "Using Identity as Raw … Russ Housley
- Re: [TLS] A new draft for "Using Identity as Raw … Wang Haiguang
- Re: [TLS] A new draft for "Using Identity as Raw … Ilari Liusvaara
- Re: [TLS] A new draft for "Using Identity as Raw … Wang Haiguang