[TLS] [Fwd: Re: [Fwd: {Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt]]

[Carolin Latze <carolin.latze@unifr.ch>]

sorry, forgot to include the list...

-------- Original Message --------
Subject: 	Re: [TLS] [Fwd: {Virus?} I-D
Action:draft-latze-tls-tpm-extns-00.txt]
Date: 	Thu, 8 Oct 2009 10:02:09 +0200
From: 	Carolin Latze <carolin.latze@unifr.ch>
To: 	Blumenthal, Uri <uri@ll.mit.edu>
References:
<90E934FC4BBC1946B3C27E673B4DB0E4A7E75F6BBC@LLE2K7-BE01.mitll.ad.local>



They are still valid X.509... the only difference is that they are
self-signed and not CA-signed. And the reason to use self-signed
certificates is that you don't need to send another certificate request
without loosing security since the self-signed certificates are bound to
identity certificates that are signed by a CA.

Blumenthal, Uri wrote:
> And the reason you want to do this instead of using valid X.509 certs is...?
>
>
> ----- Original Message -----
> From: tls-bounces@ietf.org <tls-bounces@ietf.org>
> To: tls@ietf.org <tls@ietf.org>
> Sent: Wed Oct 07 11:16:52 2009
> Subject: [TLS] [Fwd: {Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt]
>
> Hi all,
>
> after several experiments with TPMs as authentication devices in
> EAP-TLS, we figured out, that the specific modifications in order to use
> TPMs might be rather an extension to TLS than an EAP extension.
> Therefore, we gave it a try and defined a new TLS extension in order to
> use TPM certified keys directly with TLS. We are aware of the fact, that
> there is a possibility to request new valid X.509 certificates for those
> keys which allows to use them with standard TLS (and do not require a
> new extension), but since we want to avoid that request (and we think
> that this does not introduce any security issues), we propose this
> extension.
>
> We are always open for discussions, (critical) feedback, suggestions, ...
>
> Regards
> Carolin Latze
>
>
> -------- Original Message --------
> Subject: 	{Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt
> Date: 	Wed, 7 Oct 2009 16:45:01 +0200
> From: 	Internet-Drafts@ietf.org <Internet-Drafts@ietf.org>
> Reply-To: 	internet-drafts@ietf.org <internet-drafts@ietf.org>
> To: 	i-d-announce@ietf.org <i-d-announce@ietf.org>
>
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>
> 	Title           : Transport Layer Security (TLS) Extensions for the Trusted Platform Module (TPM)
> 	Author(s)       : C. Latze, et al.
> 	Filename        : draft-latze-tls-tpm-extns-00.txt
> 	Pages           : 10
> 	Date            : 2009-10-07
>
> Trusted Platform Modules (TPMs) become more and more widespread in
> modern desktop and laptop computers and provide secure storage and
> cryptographic functions.  As one nice feature of TPMs is that they
> can be identified uniquely, they provide a good base for device
> authentication in protocols like TLS.This document specifies a TLS
> extension that allows to use TPM certified keys with TLS in order to
> allow for a secure and comfortable device authentication in TLS.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-latze-tls-tpm-extns-00.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
>
>
>
>   

-- 
Carolin Latze
PhD Student				ICT Engineer

Department of Computer Science		Swisscom Strategy and Innovation
Boulevard de Pérolles 90		Ostermundigenstrasse 93
CH-1700 Fribourg      			CH-3006 Bern
	
phone: +41 26 300 83 30			+41 79 72 965 27
homepage: http://diuf.unifr.ch/people/latzec





-- 
Carolin Latze
PhD Student				ICT Engineer

Department of Computer Science		Swisscom Strategy and Innovation
Boulevard de Pérolles 90		Ostermundigenstrasse 93
CH-1700 Fribourg      			CH-3006 Bern
	
phone: +41 26 300 83 30			+41 79 72 965 27
homepage: http://diuf.unifr.ch/people/latzec