[TLS] [Fwd: Re: [Fwd: {Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt]]

Carolin Latze <carolin.latze@unifr.ch> Thu, 08 October 2009 08:02 UTC

Return-Path: <carolin.latze@unifr.ch>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BA09928C233 for <tls@core3.amsl.com>; Thu, 8 Oct 2009 01:02:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.993
X-Spam-Level:
X-Spam-Status: No, score=-5.993 tagged_above=-999 required=5 tests=[AWL=-0.145, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_OBFU_ALL=0.751]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TwH9+dQsG-mR for <tls@core3.amsl.com>; Thu, 8 Oct 2009 01:02:20 -0700 (PDT)
Received: from sr-svx-320.unifr.ch (sr-svx-320.unifr.ch [134.21.214.75]) by core3.amsl.com (Postfix) with ESMTP id 5F9E128C228 for <tls@ietf.org>; Thu, 8 Oct 2009 01:02:20 -0700 (PDT)
Received: from diufpc272.unifr.ch ([134.21.72.156]) by sr-svx-320.unifr.ch stage1 with esmtp with id 1MvnyY-0000g7-QJ for <tls@ietf.org> from <carolin.latze@unifr.ch>; Thu, 08 Oct 2009 10:03:50 +0200
Message-ID: <4ACD9CAB.7040605@unifr.ch>
Date: Thu, 08 Oct 2009 10:02:51 +0200
From: Carolin Latze <carolin.latze@unifr.ch>
User-Agent: Thunderbird 2.0.0.23 (X11/20090916)
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Subject: [TLS] [Fwd: Re: [Fwd: {Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt]]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2009 08:02:21 -0000

sorry, forgot to include the list...

-------- Original Message --------
Subject: 	Re: [TLS] [Fwd: {Virus?} I-D
Action:draft-latze-tls-tpm-extns-00.txt]
Date: 	Thu, 8 Oct 2009 10:02:09 +0200
From: 	Carolin Latze <carolin.latze@unifr.ch>
To: 	Blumenthal, Uri <uri@ll.mit.edu>
References:
<90E934FC4BBC1946B3C27E673B4DB0E4A7E75F6BBC@LLE2K7-BE01.mitll.ad.local>



They are still valid X.509... the only difference is that they are
self-signed and not CA-signed. And the reason to use self-signed
certificates is that you don't need to send another certificate request
without loosing security since the self-signed certificates are bound to
identity certificates that are signed by a CA.

Blumenthal, Uri wrote:
> And the reason you want to do this instead of using valid X.509 certs is...?
>
>
> ----- Original Message -----
> From: tls-bounces@ietf.org <tls-bounces@ietf.org>
> To: tls@ietf.org <tls@ietf.org>
> Sent: Wed Oct 07 11:16:52 2009
> Subject: [TLS] [Fwd: {Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt]
>
> Hi all,
>
> after several experiments with TPMs as authentication devices in
> EAP-TLS, we figured out, that the specific modifications in order to use
> TPMs might be rather an extension to TLS than an EAP extension.
> Therefore, we gave it a try and defined a new TLS extension in order to
> use TPM certified keys directly with TLS. We are aware of the fact, that
> there is a possibility to request new valid X.509 certificates for those
> keys which allows to use them with standard TLS (and do not require a
> new extension), but since we want to avoid that request (and we think
> that this does not introduce any security issues), we propose this
> extension.
>
> We are always open for discussions, (critical) feedback, suggestions, ...
>
> Regards
> Carolin Latze
>
>
> -------- Original Message --------
> Subject: 	{Virus?} I-D Action:draft-latze-tls-tpm-extns-00.txt
> Date: 	Wed, 7 Oct 2009 16:45:01 +0200
> From: 	Internet-Drafts@ietf.org <Internet-Drafts@ietf.org>
> Reply-To: 	internet-drafts@ietf.org <internet-drafts@ietf.org>
> To: 	i-d-announce@ietf.org <i-d-announce@ietf.org>
>
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>
> 	Title           : Transport Layer Security (TLS) Extensions for the Trusted Platform Module (TPM)
> 	Author(s)       : C. Latze, et al.
> 	Filename        : draft-latze-tls-tpm-extns-00.txt
> 	Pages           : 10
> 	Date            : 2009-10-07
>
> Trusted Platform Modules (TPMs) become more and more widespread in
> modern desktop and laptop computers and provide secure storage and
> cryptographic functions.  As one nice feature of TPMs is that they
> can be identified uniquely, they provide a good base for device
> authentication in protocols like TLS.This document specifies a TLS
> extension that allows to use TPM certified keys with TLS in order to
> allow for a secure and comfortable device authentication in TLS.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-latze-tls-tpm-extns-00.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
>
>
>
>   

-- 
Carolin Latze
PhD Student				ICT Engineer

Department of Computer Science		Swisscom Strategy and Innovation
Boulevard de Pérolles 90		Ostermundigenstrasse 93
CH-1700 Fribourg      			CH-3006 Bern
	
phone: +41 26 300 83 30			+41 79 72 965 27
homepage: http://diuf.unifr.ch/people/latzec





-- 
Carolin Latze
PhD Student				ICT Engineer

Department of Computer Science		Swisscom Strategy and Innovation
Boulevard de Pérolles 90		Ostermundigenstrasse 93
CH-1700 Fribourg      			CH-3006 Bern
	
phone: +41 26 300 83 30			+41 79 72 965 27
homepage: http://diuf.unifr.ch/people/latzec