Re: [TLS] I-D on TLS authentication with VC
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 05 April 2024 11:16 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2455C14F714 for <tls@ietfa.amsl.com>; Fri, 5 Apr 2024 04:16:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Level:
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c8AB8AAWCnWI for <tls@ietfa.amsl.com>; Fri, 5 Apr 2024 04:16:01 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2072d.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04028C14F70D for <tls@ietf.org>; Fri, 5 Apr 2024 04:16:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=negHz5QF2DAXy2yTLiVZI6Mfv+pcxfagGGT7tw5g+GNZzycOG0y+mvS4YJhkqbTi7LzhZ9g0WvZ2EvEu2aPde8O4MFkqzDqstlHBD4kBH6FLfoyX3C3h2VP4AX0SpDKMFGgEziiss8+LBD/FkRWvgRk0mpuuUo/STMsDhZi2zaLqxog5O4otDWslvcu6DuzW8emXF3PW3Gx81Pdl5Usy7B1xwJlkhwqBZgLLUNzTwO9nutkSq3DaICuE9KLdbwbiAeT5PIDw8PNPHrO3zSg9aotB8TG+OEuIroFjQm0ZRPQMxf3AcEs5vC1n3GJtT3gxmahLhz/gJ5Xljm2Z7F+1cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LI2CNizRKGCn5p7DfNLL5nRgimJ2XHz5IIzkHMPqddI=; b=gsHsOSDpNIgRVM2P9qD+FH2snySHEf+nnkkZaGmxnEBhDXfjOj14GzBhebahJyR/9jFroabGD6SltpO6GxoP5bu5jnh9BOXFmxDhPvZ5YDDA2zHSbk7f9ZAcING7R4I/jGO32uUmfgOcPxFlo51IiFWhIftDFOMO0xICrqZpi9viHqf+9RLc3WJNemJm4g/n65XDvhUaGCiKVzbFM1qF09SHXrC0diOfBBtXHgtsJq4VUwrM67aRXe+EvaCJ95Su02lg3KDuRrWkSsNejAtDE68tgijYNV+Yif+HmdjXZmRB2UtluZfSc7BlDoOHgVLNjAYZTTpkmJn+hvDCXFH6LQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LI2CNizRKGCn5p7DfNLL5nRgimJ2XHz5IIzkHMPqddI=; b=LX7vHNEa8GJz55dBhZ7DSVic83Y3gpHEWVuUqezgnwaSD0FEwJVwmFIPg70lk80HhiKe9sd7I7IwHi8wo2tf1ww4KMFLoAH5nK4GA6Xigaj/R/MKp9VYJtecXPo2tEwy+rqWXj40yotb0z1pG/VDRRtcTjnx4X4d83Iq1valvWdfFVzClTCAOrsy71SR4ZSLM2VKhlUfT9itAz14IgYCHVUa/O09rgjObaPP1pRq/XEoEyngWo/rRV26x4hjENWXZ7TEz4y4KS47AKwvpNdQFwZY5Vhv1Hhk7oggWpJ8mDchH4xDjfw2kEkg+QoioTRmxhGebRhLBhzG67fNRWmpjw==
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB5PR02MB10261.eurprd02.prod.outlook.com (2603:10a6:10:4a7::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.28; Fri, 5 Apr 2024 11:15:55 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9%7]) with mapi id 15.20.7409.042; Fri, 5 Apr 2024 11:15:55 +0000
Message-ID: <7d194dc8-65b0-4df5-9ef0-410a38af9e1e@cs.tcd.ie>
Date: Fri, 05 Apr 2024 12:15:52 +0100
User-Agent: Mozilla Thunderbird
To: Andrea Vesco <andrea.vesco@linksfoundation.com>, "tls@ietf.org" <tls@ietf.org>
References: <F515427B-EE5A-4514-9787-8BB3F95FC380@linksfoundation.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <F515427B-EE5A-4514-9787-8BB3F95FC380@linksfoundation.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------b0eM0GFM4Ov0seUALcNlJQvj"
X-ClientProxiedBy: DB7PR03CA0084.eurprd03.prod.outlook.com (2603:10a6:10:72::25) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|DB5PR02MB10261:EE_
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 6dCv+JstWQqEEOwfhkLgnu/Nw2Y1A6NdLUZaXVqjyjjkLchuzlm9W3znunayVkIZX55hgQOA2AsiJHglhCvFegFQrphlwBCQKGUuVrVDNq+iGztbmCWsoF6JhC9fMDxgue+bpSEpW+NIzEF8El4A6lseq7QDTJCfKKoE2jObU0thd50sZg77J69co4juN2JDk+J0aN49pH3SdCOnsRMS1mVsosxIa2s0cb8AVm5LHMg54hlSZyIpAP/ZCfDRtJLpNfAI8hEgrxNW4biNlXpVC/wqyvIRjqILwiFbNEYBSEBqCqGqQQjRb/UZgfRULfmpJkWA5SE0mI0sqnOdiPGE06xxlUWukmO2+aQeTUMxwlzD2T7QkQ6eDIwqv5Ae1ekFGieZ6AYHJgOQtmxxrYPuVKvTVvJESTjVbKNdDRHuze4CPW+TfTCrmLSZjFG3Y5gUVw0pNzu23LGubfKfWgJCPPfrh/i0uHlpkH7rrVlu4iKJ7FAQtO2cAhLjBd65Y+SQQ4yZWIffKFex8SeINrMZQpbRJVdXbQaiyIrsDA2R0aNxK1rJYAUjbo6sPgzqJLlSlQKebrZOIGvXVvgxCIFamMl0GlF0T1xdEgcsqNneYjk=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: tpaLMwzyJzz130hZ1kOXQhv1AY1VmDfFxA7T1A7IkiaKkW/kmynqRV5z+TRlxAYIfWx8qqTd0h0Hg7+D9ie5PHjCmWtdvTu5FJDnGoCCQ3Q1x8fKkcFnsyACCv7r2tF9hi0t+F1waMbijVVC5EGMbaFbHq9gUmNbQhIFhFaEepyLnGcgEUfjl8WCMR2Lc5BDtlKQwJMlS7GF/8FhPgS6KMq5qWDmEmJ6qPKa1PesVFEUe+HlssIYZ3iIYkgIsYh6nJ9EIjy0v+zqIhHZEW/sNi9C+LTpk1q5nyKWvSKr//PWzswjlV+uJzlOcKcDvf77VnkHd5jf/V8X7xydbpTZeuRIxvpQwQFXhwmLF0rxtz7+btQ+Ync/I20BW86O7F/g9138Y7HfwD2BsFGiMfPVe4xqrmVLkafflv27ogSW5JVepa2jziq47kN2qjvqkrPNin2BIZ8hQL9+6cDhcLiNfcZMM+vnuWc+TpvgCAQdAEiTApi5K7EHIgsSgA3V/VMIkAXrDWEt//GJ2lo2DDUY97s8lEaW+LyhRDfbiMciVH532GogoVpxGUmsIw+RNlDNSP+O35AX6s4yi1e1m/7uKtOSu80+grqM4HGkEtHPwn8Q9QkMdv033UU/j5TNIb1SlNy19aUp5dhGI8EtkGD14Fyc4UXhvzJdG/rQRwq63YBxkEpHfTdwjCz1leJ0N6fcDMu1re+t8Wk6XxT23mrqRTuZMwNLmfEbXbwFtC/85K+H3ZH1gd4WY7YPy970C4hw8A5Pc18wNlJBFxU6YcyVssiQca4d6fCczet2LN7VFE6ChNpQ1pQvY23UDnZDvvRUOQyOkfzl81Tvy94y6i+ikbX+V8RAtTOXJaakNyPFY85WT1RsjWCPNDzjmmBAxBg0q/SDj6mf9wolRpktN+9EHk/8D2hWaOUAZVYuhpQyLrjfsxPKd2zP681N4YxxJ2sysf0JhjVakHzyl/v5tYWF0zWSnfo5N4XivBhFTUTeCVYxNDps89oULEgkbhsJDQ88VvOjJakQ46/Xs5KghZDkDY5JdD4oPlk6B5wPJXfj+af3RPctO2JtydpA5dXefu8ZmVZNtptNvQCXJHbY9DvQoYIPlaW9JEnybz7ciMuFY2qlxSnupZuTT6WGWD06dEKERal3YA2dV66+DG9Mmw4Z2uh29zIBfsa+/J0PUsMHQr7vo3jh7dyEya3O0qntbnA9DL4LJdYig1yGWbZXKejmoso7Cy/UP03bBLMYiE3rJAo3mcHUJ1XHCKWtAdPePsG+WfnCim50k9v0SG00EN8K29dSk82/aA4kbTqE1apsxUcOSR72b3V/noutWzOEhpTr4cgZ34asvsuABob9bTjjdh6FJhNiRUOwQ7kg+vVu2/vOtzT/HtTLfrBkd15xGfAzGv9fiojeowNUW5Z1lzveY1r4QH5woFAfpZJL2bvY8lLqgVuM9SSvA4Gkdyn8YG2q3N9vPxK73ZBU1dTlcF3C4KdP2GB0B8Pux394nBnEUulB1ywjXQuwziXF7FNEU09Klf1UFdeK72PwenpN0Uk1939y3T7/S8RHjOkxsqowxJ4kmzSpoUgXYWerQWmhJjDE
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: b4c9720e-8b1f-4226-0b58-08dc5561c26d
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Apr 2024 11:15:54.9403 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: kJMjnx8ZMWbdXnJhYs8wZDXt50A4GL+fOH1kBZPSnLDbjEswxhLQ9A2tBMDX4z1I
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR02MB10261
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fQ-jinLBH7TVyrOS1JAEhsQCmf8>
Subject: Re: [TLS] I-D on TLS authentication with VC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2024 11:16:05 -0000
Hiya, On 04/04/2024 09:53, Andrea Vesco wrote: > I-D: https://datatracker.ietf.org/doc/draft-vesco-vcauthtls/ From figure 2 it looks as if use of this mechanism would have bad privacy properties as the DLT would end up knowing which clients accessed which servers at what times. That's v. similar to the problems caused by clients checking OCSP. On that basis, I'd consider this a bad idea that ought not be pursued, and certainly not by the TLS WG. Or, am I wrong about the privacy issue here? Thanks, S.
- [TLS] I-D on TLS authentication with VC Andrea Vesco
- Re: [TLS] I-D on TLS authentication with VC hannes.tschofenig
- Re: [TLS] I-D on TLS authentication with VC Achim Kraus
- Re: [TLS] I-D on TLS authentication with VC Andrea Vesco
- Re: [TLS] I-D on TLS authentication with VC Achim Kraus
- Re: [TLS] I-D on TLS authentication with VC Stephen Farrell
- Re: [TLS] I-D on TLS authentication with VC Achim Kraus
- Re: [TLS] I-D on TLS authentication with VC Hannes Tschofenig
- Re: [TLS] I-D on TLS authentication with VC Stephen Farrell
- Re: [TLS] I-D on TLS authentication with VC Andrea Vesco