IETF Logo Mail Archive

[TLS] Unified Client Authentication

Watson Ladd <watsonbladd@gmail.com> Sun, 21 February 2016 19:33 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9726D1A8963 for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 11:33:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lDcsWbANs6cI for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 11:33:58 -0800 (PST)
Received: from mail-yw0-x229.google.com (mail-yw0-x229.google.com [IPv6:2607:f8b0:4002:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 404BC1A88C7 for <tls@ietf.org>; Sun, 21 Feb 2016 11:33:58 -0800 (PST)
Received: by mail-yw0-x229.google.com with SMTP id e63so103876192ywc.3 for <tls@ietf.org>; Sun, 21 Feb 2016 11:33:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=8ZEjEhc6BHxNMju4YEuDHnX1TVoz5nn2/lAdPTCdEDo=; b=sfJKKjyPIMevB2MSvIlKhzRu7kfnoMqRDPRjH/4DvsNGHwug9cd9N5lAeujn7OSlG4 YIFk8tAibs7z8S4ZYK98hv3F1XmMkMcyUIRxzRv9OCIxr+6ONt/tjXfH0jkooI0dV3M3 TkcDNXtUTh+X8hQCMSt0LZlQz13lhkcNaVq6XK/IZkijsnOZ6vXQDN2kJt21yu/i4h4D kI9byNe/3cMJwoz9eI6FRkFrACAVwLRA8HY5ZLk/6zUMEFQ1bTceNxMonnz5ZDZYJxVv vqlwXZB5R/W0MvLBUdzr7ZVyaEHx1L6kcKvR2r3VoZjstp7i3NvHxb2+JOUP0Dm+3e+a yFsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=8ZEjEhc6BHxNMju4YEuDHnX1TVoz5nn2/lAdPTCdEDo=; b=D/dp6CgTos8Lzo+sgB6lSaaXTbvgJdbh1ADhjjHl3vCOIm1GFkl4SCXjdkZBz0jX1r 04ZKc+zdsJufSe46+v3cSXgeuYEIiNonFVYV+obiSAR2ZAZ+w0F8TdOmZ7lLfSeMXhhD +OC3ihOhcMaZv4vrD2BRN/piGfklpRP4nECFlratn65oYV8RjLLQ5UjYr4GsfT2HQxdz sUl8VVD9Wj1UF9QfKXlDGE3Daxw5y4l0SOZWpn9cL0VDIPx9+R/cRacQQJuH7zR9ztJd zUyqb5eCVfShQ+zFUrwdC//pgZf71+2MdOuxsQ7bAvHEWGRmNiVlyA1uXDmXGZxoCMit x4/A==
X-Gm-Message-State: AG10YOQiLYAObeZiki125/ctkNRJuco2gq3EdJb+/X5TrACj5ZWpBCg7fa5JJ8YEeXJaXZjRcox9cWx2vPLB1w==
MIME-Version: 1.0
X-Received: by 10.129.45.2 with SMTP id t2mr12135916ywt.182.1456083237581; Sun, 21 Feb 2016 11:33:57 -0800 (PST)
Received: by 10.13.216.138 with HTTP; Sun, 21 Feb 2016 11:33:57 -0800 (PST)
Date: Sun, 21 Feb 2016 11:33:57 -0800
Message-ID: <CACsn0cnTw=LdzyS1zgaTdh=ttshQP+tAHY1iv7GmPc3+aeH+5Q@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/bnxyznlEdMRJhc2BcWItq-_qZpE>
Subject: [TLS] Unified Client Authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2016 19:33:59 -0000

Currently we client authenticate after handshake and during handshake.
Why not unify these by making all client authentication take place
after the handshake? This will simplify the state machine.

https://github.com/tlswg/tls13-spec/issues/421 talks about this in the
last sentence.

v2.23.0 | Report a Bug | By Email