[TLS] Fwd: New Version Notification for draft-hoyland-tls-layered-exported-authenticator-00.txt
Jonathan Hoyland <jonathan.hoyland@gmail.com> Tue, 26 June 2018 13:13 UTC
Return-Path: <jonathan.hoyland@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 3AE3B130DEA
for <tls@ietfa.amsl.com>; Tue, 26 Jun 2018 06:13:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id RPIxBKV40d8z for <tls@ietfa.amsl.com>;
Tue, 26 Jun 2018 06:13:04 -0700 (PDT)
Received: from mail-ua0-x231.google.com (mail-ua0-x231.google.com
[IPv6:2607:f8b0:400c:c08::231])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C6286130DDC
for <tls@ietf.org>; Tue, 26 Jun 2018 06:13:03 -0700 (PDT)
Received: by mail-ua0-x231.google.com with SMTP id r18-v6so4880646ual.13
for <tls@ietf.org>; Tue, 26 Jun 2018 06:13:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=oIX/3p4kpmS//K+pIRAaAHQLhGOpnOP3VSNbYTErW4s=;
b=RkUe3Rv+dSJLk9fiEHxLZmYH8KUzrIde8/FcJazUobxohZZtdXhwHpSbfG5N5rZbTz
0k9hrdEWhiraYr/vO6qXdu7dtrBqoMPx7sPY2qNHg8auF9JmWLkKh+BZkryyf+tcyO76
zfMb+ve3CVh1sNM8hhCYF+75WoP4docd56gl3tB4HOnI6XcgpVJJefgF4jI+mvmYbjHd
C7eNFxmDs9N3OiQkivNB5ETMkvXq/P2V3MiKM1ARA0gXFgmv2BTc0ccZ2WQcsm+y274o
+RXISBuVE41zB3DKqgb1RRnt1ZZPhCgnatIef4XFHYbJCP/dDtkNED4zz0VJ/42ynnDR
NomA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=oIX/3p4kpmS//K+pIRAaAHQLhGOpnOP3VSNbYTErW4s=;
b=YwbxXw9FblUGj7UaaxbXmRuZZJW/AWTIQRtbfKUxrjwTk2dHY3qsYGvkvmVcOnu9pJ
c/oxuoYkx42vQNh84mkT014uX+g7fpUek/DNDnWTM0qw53anw8iUoxs3peIAVCpN9AFk
vY8raX+ZUtjFYd7Id+26lkTKufO/wYELhdFjJDgj7sv39AHdN836dl0PBWRbq0g4GVM6
45hXxjI3WDAZerlyH6zSQKGkBsrTjcWJhvv/XvjZWgYmgRQ3txToHADekWU8UVHIfUO5
xsxMIxdafCuSrN7kPNNoTxDU8DYEJ3X/1sR7JQW51tKCaZsVg7olyllA8rmo5GF0dgIz
iA1w==
X-Gm-Message-State: APt69E0n5QPxlkiKAPHm8BHuucNbigOmlhdz1adjz4+2ubGq7enuEIzx
BCmRAbYK8NHGMAtzGevDZZgo1+UmLej/Pf0tvDBylg==
X-Google-Smtp-Source: AAOMgpcoffCzwOHCvaXcfTX+PgOqHgIZjUlCh96pfrV6By5wG8t3K3839p2bQP5LgN60Q/M4TGyEzhPZSr0s8SPUgCM=
X-Received: by 2002:ab0:7024:: with SMTP id u4-v6mr914782ual.133.1530018782516;
Tue, 26 Jun 2018 06:13:02 -0700 (PDT)
MIME-Version: 1.0
References: <152993630059.6328.10244287867966594513.idtracker@ietfa.amsl.com>
In-Reply-To: <152993630059.6328.10244287867966594513.idtracker@ietfa.amsl.com>
From: Jonathan Hoyland <jonathan.hoyland@gmail.com>
Date: Tue, 26 Jun 2018 14:12:50 +0100
Message-ID: <CACykbs0EY_xsO7w9c=i7r9fxz2MzRGrSEu7gNS0xQT0Gy4CNAQ@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000081bce056f8b429d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/flC-wzlxwK9zlglrVlDI_51Kr1U>
Subject: [TLS] Fwd: New Version Notification for
draft-hoyland-tls-layered-exported-authenticator-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jun 2018 13:13:11 -0000
Hi everyone, The draft below details an extension for Exported Authenticators (EAs) that allows multiple EAs sent in the same TLS session to be linked into an authentication chain using backward references. This gives a form of joint authentication between EAs. This means that not only does an EA provide authentication of the certificate it contains, an EA using this extension also authenticates all previous EAs in its chain. In short, if the last EA in the chain is authentic then all the EAs in that chain are authentic. (Or alternatively, if any EA in a chain is authentic, then all prior EAs are authentic.) This could be used for things like securely updating pinned keys. If this mechanism were in use it would require an attacker who was trying to maliciously update the pinned key to compromise both the pinned certificate's LTK and acquire an improperly issued certificate from the PKI. This would require compromising two separate administrative domains. Other use cases and a description of the mechanism appear in the draft. I'd really appreciate any feedback on the design, use cases, and the draft in general. Thanks, Jonathan Hoyland ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Mon, 25 Jun 2018 at 15:18 Subject: New Version Notification for draft-hoyland-tls-layered-exported-authenticator-00.txt To: Jonathan Hoyland <jonathan.hoyland@gmail.com> A new version of I-D, draft-hoyland-tls-layered-exported-authenticator-00.txt has been successfully submitted by Jonathan Hoyland and posted to the IETF repository. Name: draft-hoyland-tls-layered-exported-authenticator Revision: 00 Title: Layered Exported Authenticators in TLS Document date: 2018-06-25 Group: Individual Submission Pages: 5 URL: https://www.ietf.org/internet-drafts/draft-hoyland-tls-layered-exported-authenticator-00.txt Status: https://datatracker.ietf.org/doc/draft-hoyland-tls-layered-exported-authenticator/ Htmlized: https://tools.ietf.org/html/draft-hoyland-tls-layered-exported-authenticator-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-hoyland-tls-layered-exported-authenticator Abstract: This document describes an extension that allows for Exported Authenticators (EAs) to authenticate each other. The extension includes a reference to a previous EA. An EA containing this extension constitues an attestation of the authenticity of the referenced EA. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [TLS] Fwd: New Version Notification for draft-hoy… Jonathan Hoyland