[TLS] Fwd: New Version Notification for draft-hoyland-tls-layered-exported-authenticator-00.txt
Jonathan Hoyland <jonathan.hoyland@gmail.com> Tue, 26 June 2018 13:13 UTC
Return-Path: <jonathan.hoyland@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AE3B130DEA for <tls@ietfa.amsl.com>; Tue, 26 Jun 2018 06:13:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RPIxBKV40d8z for <tls@ietfa.amsl.com>; Tue, 26 Jun 2018 06:13:04 -0700 (PDT)
Received: from mail-ua0-x231.google.com (mail-ua0-x231.google.com [IPv6:2607:f8b0:400c:c08::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6286130DDC for <tls@ietf.org>; Tue, 26 Jun 2018 06:13:03 -0700 (PDT)
Received: by mail-ua0-x231.google.com with SMTP id r18-v6so4880646ual.13 for <tls@ietf.org>; Tue, 26 Jun 2018 06:13:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=oIX/3p4kpmS//K+pIRAaAHQLhGOpnOP3VSNbYTErW4s=; b=RkUe3Rv+dSJLk9fiEHxLZmYH8KUzrIde8/FcJazUobxohZZtdXhwHpSbfG5N5rZbTz 0k9hrdEWhiraYr/vO6qXdu7dtrBqoMPx7sPY2qNHg8auF9JmWLkKh+BZkryyf+tcyO76 zfMb+ve3CVh1sNM8hhCYF+75WoP4docd56gl3tB4HOnI6XcgpVJJefgF4jI+mvmYbjHd C7eNFxmDs9N3OiQkivNB5ETMkvXq/P2V3MiKM1ARA0gXFgmv2BTc0ccZ2WQcsm+y274o +RXISBuVE41zB3DKqgb1RRnt1ZZPhCgnatIef4XFHYbJCP/dDtkNED4zz0VJ/42ynnDR NomA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=oIX/3p4kpmS//K+pIRAaAHQLhGOpnOP3VSNbYTErW4s=; b=YwbxXw9FblUGj7UaaxbXmRuZZJW/AWTIQRtbfKUxrjwTk2dHY3qsYGvkvmVcOnu9pJ c/oxuoYkx42vQNh84mkT014uX+g7fpUek/DNDnWTM0qw53anw8iUoxs3peIAVCpN9AFk vY8raX+ZUtjFYd7Id+26lkTKufO/wYELhdFjJDgj7sv39AHdN836dl0PBWRbq0g4GVM6 45hXxjI3WDAZerlyH6zSQKGkBsrTjcWJhvv/XvjZWgYmgRQ3txToHADekWU8UVHIfUO5 xsxMIxdafCuSrN7kPNNoTxDU8DYEJ3X/1sR7JQW51tKCaZsVg7olyllA8rmo5GF0dgIz iA1w==
X-Gm-Message-State: APt69E0n5QPxlkiKAPHm8BHuucNbigOmlhdz1adjz4+2ubGq7enuEIzx BCmRAbYK8NHGMAtzGevDZZgo1+UmLej/Pf0tvDBylg==
X-Google-Smtp-Source: AAOMgpcoffCzwOHCvaXcfTX+PgOqHgIZjUlCh96pfrV6By5wG8t3K3839p2bQP5LgN60Q/M4TGyEzhPZSr0s8SPUgCM=
X-Received: by 2002:ab0:7024:: with SMTP id u4-v6mr914782ual.133.1530018782516; Tue, 26 Jun 2018 06:13:02 -0700 (PDT)
MIME-Version: 1.0
References: <152993630059.6328.10244287867966594513.idtracker@ietfa.amsl.com>
In-Reply-To: <152993630059.6328.10244287867966594513.idtracker@ietfa.amsl.com>
From: Jonathan Hoyland <jonathan.hoyland@gmail.com>
Date: Tue, 26 Jun 2018 14:12:50 +0100
Message-ID: <CACykbs0EY_xsO7w9c=i7r9fxz2MzRGrSEu7gNS0xQT0Gy4CNAQ@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000081bce056f8b429d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/flC-wzlxwK9zlglrVlDI_51Kr1U>
Subject: [TLS] Fwd: New Version Notification for draft-hoyland-tls-layered-exported-authenticator-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jun 2018 13:13:11 -0000
Hi everyone, The draft below details an extension for Exported Authenticators (EAs) that allows multiple EAs sent in the same TLS session to be linked into an authentication chain using backward references. This gives a form of joint authentication between EAs. This means that not only does an EA provide authentication of the certificate it contains, an EA using this extension also authenticates all previous EAs in its chain. In short, if the last EA in the chain is authentic then all the EAs in that chain are authentic. (Or alternatively, if any EA in a chain is authentic, then all prior EAs are authentic.) This could be used for things like securely updating pinned keys. If this mechanism were in use it would require an attacker who was trying to maliciously update the pinned key to compromise both the pinned certificate's LTK and acquire an improperly issued certificate from the PKI. This would require compromising two separate administrative domains. Other use cases and a description of the mechanism appear in the draft. I'd really appreciate any feedback on the design, use cases, and the draft in general. Thanks, Jonathan Hoyland ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Mon, 25 Jun 2018 at 15:18 Subject: New Version Notification for draft-hoyland-tls-layered-exported-authenticator-00.txt To: Jonathan Hoyland <jonathan.hoyland@gmail.com> A new version of I-D, draft-hoyland-tls-layered-exported-authenticator-00.txt has been successfully submitted by Jonathan Hoyland and posted to the IETF repository. Name: draft-hoyland-tls-layered-exported-authenticator Revision: 00 Title: Layered Exported Authenticators in TLS Document date: 2018-06-25 Group: Individual Submission Pages: 5 URL: https://www.ietf.org/internet-drafts/draft-hoyland-tls-layered-exported-authenticator-00.txt Status: https://datatracker.ietf.org/doc/draft-hoyland-tls-layered-exported-authenticator/ Htmlized: https://tools.ietf.org/html/draft-hoyland-tls-layered-exported-authenticator-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-hoyland-tls-layered-exported-authenticator Abstract: This document describes an extension that allows for Exported Authenticators (EAs) to authenticate each other. The extension includes a reference to a previous EA. An EA containing this extension constitues an attestation of the authenticity of the referenced EA. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [TLS] Fwd: New Version Notification for draft-hoy… Jonathan Hoyland