[TLS] draft-sullivan-tls-exported-authenticator-00

Nick Sullivan <nicholas.sullivan@gmail.com> Mon, 31 October 2016 21:29 UTC

Return-Path: <nicholas.sullivan@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 288AF129B34 for <tls@ietfa.amsl.com>; Mon, 31 Oct 2016 14:29:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lS3A-0bJxMq8 for <tls@ietfa.amsl.com>; Mon, 31 Oct 2016 14:29:53 -0700 (PDT)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8E81129B16 for <TLS@ietf.org>; Mon, 31 Oct 2016 14:29:30 -0700 (PDT)
Received: by mail-yw0-x231.google.com with SMTP id t125so17314481ywc.1 for <TLS@ietf.org>; Mon, 31 Oct 2016 14:29:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=kAxYnvQKnQBaVpAkZolPy4HZjxkZdlAVagX264jSW7Y=; b=eFSjtJ83tBtEPLDozbCSrBYCx7JUoTH/vf1EWoRzYzbV4pFwMWSSnG0Sej5+gKoRLh 2ojjymZcmQQvUJZFaZ5O+nuc7uk2X+U7D7B5ceRB99tpALYhciFXLVk6GPEn4G8PDqya 7FOTGM0TuXCYDPGuGdB4laeVJVgtTj4IFO3736YcjYW1jDC/A421ZkFKv1xba7e1Svzk NVOI7rbFGijobYN+40e1smj1utp8o7ychCoB/yZWV/+Bp9ifkW8NLMux6nEXU4ehzVoG eTQGKg3fw+feK+pA4LPhgZ+PzwFEjFa15EEa6R/vSx0eCsceTNQ7gBJtnxHuKqMPT/ra z1NQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=kAxYnvQKnQBaVpAkZolPy4HZjxkZdlAVagX264jSW7Y=; b=TWFykiKJbb7U0M1wVlApZhu+pDKHrjcKVJHWfAha7sitzcjv0SFz9lPzwBAf/Im0nz Z7UbGyIF3EG+54sC92vcVf9qhKoEXp5qP8mJ2xmNW4vTjOByHroZkyCpiUeMVS9Ynt6f TAS0eFiawLQ7R+SiFJEe9gdYvN4E/vrz29dAf+kJ+rPH/KZHDDXRED16Ss7r8xhGc5CR s5Uq/HBmdUBGBdawP5YcTcDGJGZ0mZqpd7Z+YMIX35nbUYsZ2Z4iUXaWtPl8sMe2uHtq 2kweD52QKddfXo+4wezi0bjT+vETXXy2RIyQM5L79ABI6zjxyEvqSQRiq0HyiwY5nEfR b06g==
X-Gm-Message-State: ABUngvcU7puvDUBKmU3cWYXxMSjCs81/gvJfp115LBFR6y7jJWGU3kzQ73/yA/prSaio9jJ6oiFpZCSF9l/OQA==
X-Received: by 10.36.22.85 with SMTP id a82mr9761947ita.69.1477949369909; Mon, 31 Oct 2016 14:29:29 -0700 (PDT)
MIME-Version: 1.0
From: Nick Sullivan <nicholas.sullivan@gmail.com>
Date: Mon, 31 Oct 2016 21:29:19 +0000
Message-ID: <CAOjisRyWyON1FXghU09GTJYmvKpjgztFr_9wL=U6yV0-9DkcgA@mail.gmail.com>
To: "tls@ietf.org" <TLS@ietf.org>
Content-Type: multipart/alternative; boundary=001a11452daa30867e05402fe7df
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/b4vQw8gWjrLeLFuAcXtKzzLFBvM>
Subject: [TLS] draft-sullivan-tls-exported-authenticator-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 21:29:55 -0000

<https://tools.ietf.org/html/
<https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00>
draft-sullivan-tls-exported-authenticator-00>
<https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00>

I just posted a new Internet-Draft called "Exported Authenticators in TLS"
in the TLS working group.

The intent of this draft is to enable participants in a TLS connection to
prove ownership of additional certificates. This differs from previous
proposals (https://tools.ietf.org/html/draft
-sullivan-tls-post-handshake-auth-00) in that these proofs are not sent as
part of the TLS connection, but instead exported so that they can be sent
out of band (as part of an application layer message, for example).

This proposal should enable a radical simplification of the Secondary
Certificate Authentication in HTTP/2 proposal (
https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs-01),
and should generally be a useful tool for binding a certificate ownership
proof to a TLS connection.

Nick Sullivan