Re: [TLS] TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 certificates

[William Whyte <wwhyte@onboardsecurity.com>]

Hi Wang,

The 1609.2 certificate format consists of both explicit and implicit
certificates. The explicit certificates are in 1609.2 format, not in X.509
format.

Cheers,

William

On Mon, Aug 27, 2018 at 4:43 AM, Wang Haiguang <
wang.haiguang.shieldlab@huawei.com> wrote:

> Hi, Mounira
>
> Thanks for the clarification. That means both explicit and implicit
> certificates will be supported.
>
> Regards.
>
> Haiguang
>
> -----Original Message-----
> From: Mounira Msahli [mailto:mounira.msahli@telecom-paristech.fr]
> Sent: Monday, August 27, 2018 4:32 PM
> To: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
> Cc: Ilari Liusvaara <ilariliusvaara@welho.com>; tls <tls@ietf.org>
> Subject: Re: TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2
> certificates
>
> Hi Wang,
>
> The purpose of the draft is to extend TLS 1.3 to support IEEE 1609.2/ETSI
> TS 103 097 certificates for authentication in addition to X.509 certificate
> and raw public keys.
>
> Kind Regards
> Mounira
>
>
>
> ----- Mail original -----
> De: "Wang Haiguang" <wang.haiguang.shieldlab@huawei.com>
> À: "Mounira Msahli" <mounira.msahli@telecom-paristech.fr>, "Ilari
> Liusvaara" <ilariliusvaara@welho.com>
> Cc: "tls" <tls@ietf.org>
> Envoyé: Lundi 27 Août 2018 03:44:28
> Objet: RE: TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2
> certificates
>
> Hi, Mounira
>
> Just for clarification.
>
> If I am not wrong, there are two types of certificates supported by
> 1609.2. One is the legacy X.509 certificate, the other is the implicit
> certificate.
>
> So for you draft submitted, you plan support both types of certificates or
> just one of them, i.e. the X.509 certificate.
>
> Best regards.
>
> Haiguang
>
> -----Original Message-----
> From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Mounira Msahli
> Sent: Saturday, August 25, 2018 1:45 AM
> To: Ilari Liusvaara <ilariliusvaara@welho.com>
> Cc: tls <tls@ietf.org>
> Subject: Re: [TLS] TLS 1.3 Authentication using ETSI TS 103 097 and IEEE
> 1609.2 certificates
>
>
> Thank you Ilari,
>
>
> In response to your comments below:
>
> - I did not see requirements where to place the end-entity certificate
> anywhere. I think most TLS code outright assumes that the end-entity
> certificate is the first one.
>
> >>> We will add it.
>
> - More generally, I did not see it specified how the certificate chain is
> laid out to the individual certficate fields (it is fairly obvious, but
> should still be specified).
> >>> We will specify it.
>
> - The examples could have multiple certificate types in ClientHello to
> more clearly show what is actually going on.
> >>> We will add examples with multiple certificate types in Client Hello
>
> - You should also specify use in TLS 1.2 in the same draft (or say that
> is prohibited). This is so one only needs one reference for the
> codepoint allocation.
>
> >>> It is not prohibited, for TLS 1.2 the extension is already specified:
> [ https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 ]
> [ https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 |
> https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 ]
> We will update the draft
>
> - I found the document quite hard to read due to various editorial
> issues.
> >> We will update the draft
>
>
> Kind Regards
> Mounira
>
> ----- Mail original -----
> De: "Ilari Liusvaara" <ilariliusvaara@welho.com>
> À: "Mounira Msahli" <mounira.msahli@telecom-paristech.fr>
> Cc: "tls" <tls@ietf.org>
> Envoyé: Vendredi 24 Août 2018 17:50:38
> Objet: Re: [TLS] TLS 1.3 Authentication using ETSI TS 103 097 and IEEE
> 1609.2 certificates
>
> On Fri, Aug 24, 2018 at 04:09:43PM +0200, Mounira Msahli wrote:
> > Hi all,
> >
> >
> > The draft: TLS 1.3 Authentication using IEEE 1609.2/ETSI TS 103097
> certificates is updated in accordance with TLS 1.3:
> https://tools.ietf.org/html/draft-tls-certieee1609-01
> >
> > This document describes the use of certificates specified by the
> Institute of Electrical and Electronics Engineers IEEE1609.2 and the
> European Telecommunications Standards
> >
> > Institute ETSI TS 103097. These standards are defined in order to secure
> communications in vehicular environments.
> >
> > This extension is very useful and has become a pressing need for
> (Vehicle-To-Internet(V2Internet), Vehicle-To-Cloud(V2Cloud),...).
> >
> > We are soliciting feedback from the WG on the draft.
>
> Some quick comments:
>
> - I did not see requirements where to place the end-entity certificate
> anywhere. I think most TLS code outright assumes that the end-entity
> certificate is the first one.
> - More generally, I did not see it specified how the certificate chain
> is laid out to the individual certficate fields (it is fairly
> obvious, but should still be specified).
> - The examples could have multiple certificate types in ClientHello to
> more clearly show what is actually going on.
> - You should also specify use in TLS 1.2 in the same draft (or say that
> is prohibited). This is so one only needs one reference for the
> codepoint allocation.
> - I found the document quite hard to read due to various editorial
> issues.
>
>
> -Ilari
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>



-- 


PLEASE UPDATE YOUR ADDRESS BOOKS WITH MY NEW ADDRESS:
wwhyte@onboardsecurity.com