[TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-02.txt
Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 08 July 2016 13:52 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08D1E12D736 for <tls@ietfa.amsl.com>; Fri, 8 Jul 2016 06:52:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p0Av-nVwPQQ9 for <tls@ietfa.amsl.com>; Fri, 8 Jul 2016 06:51:58 -0700 (PDT)
Received: from mail-pa0-x244.google.com (mail-pa0-x244.google.com [IPv6:2607:f8b0:400e:c03::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E6B312D73B for <tls@ietf.org>; Fri, 8 Jul 2016 06:51:42 -0700 (PDT)
Received: by mail-pa0-x244.google.com with SMTP id ib6so6992826pad.3 for <tls@ietf.org>; Fri, 08 Jul 2016 06:51:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=DbxoEpmPEE+wHwRPwefhP7oK9hJA4ISL5cDm6znnLBM=; b=Q7qxLJRWBR4UHKoHMYsIHYCaCYK4NeD6eiyJqQ/ib4Q2Awf0g4aAoDY1czvJ60hZrv lzWDR1ajZK8my1Bf6VJ/mYhzL1LDhg+XkCEQWKk7sxkxAFx8D/l2ZVcEg/7Jfsp6eNDY 88967VQ7T0/FpQ+bP9pnbj5J+DSVG1jHmKETUvCPqWMTZZai6IIrD+pubkpRgeGCmC1z yO3Ce63VT+QS++ffCr/9iXhGleuf7bZYcl/FDBmqoZW75U5qHLLXMn2vDJVOE7FbExTo xAP9YE8X8et8qlT+Y0ZInvK/r32RVRomJvCEDKMz4/mSbr4JyqVtn034pO0qXVF2gMCC iWHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=DbxoEpmPEE+wHwRPwefhP7oK9hJA4ISL5cDm6znnLBM=; b=A51L7gGBtt4KunzmDOCREcdrsDcZLF+TAfr0Jjmn+C+jXHQZ8LTsBYbQdifytfvzeE TgMzy0J61f5sAN9o7iTL9+nzJMeQBo7dx23PFGMOY51UmB+woq6TPw4KEib2KiRG7OqA Q/E+UZiXJyXImV8CIcO9RoOKXlMqbWFRxjCPiitb5WCzk43YxjH0CrGG29uT2Nys7rz8 espy6vWyXX8kz6n//DC0mq+UN0ax5MM5u6ig8I0hQBlfhpCSMn5fN5gjNc0TZbzpXgzS BCN6SC6EcEzC9oKtY3gb0NkLSzozYDJkjeROJZaePfsEWZQ7natbY6BOepQfbgeNKgLb 6vYQ==
X-Gm-Message-State: ALyK8tIf5gFaoCES0sMCUnqt16p8rSDdor3/DMd/bxorrvEDHeROEQjSUPZhwiOZINij4A==
X-Received: by 10.66.189.104 with SMTP id gh8mr10090909pac.125.1467985901881; Fri, 08 Jul 2016 06:51:41 -0700 (PDT)
Received: from [10.250.252.18] ([116.212.180.68]) by smtp.gmail.com with ESMTPSA id 4sm5315215pav.33.2016.07.08.06.51.39 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Jul 2016 06:51:40 -0700 (PDT)
References: <20160708134225.32116.37754.idtracker@ietfa.amsl.com>
To: "tls@ietf.org" <tls@ietf.org>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
X-Forwarded-Message-Id: <20160708134225.32116.37754.idtracker@ietfa.amsl.com>
Message-ID: <577FAFE9.7080904@gmail.com>
Date: Fri, 08 Jul 2016 19:21:37 +0530
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <20160708134225.32116.37754.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qTjZqZ9izFcM9w3Dm2nhTHYhYyQ>
Subject: [TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 13:52:01 -0000
Hi everyone, This draft extends TLS 1.3 to provide pinning of the TLS server using a stateless ticket. This is similar to public-key pinning but not quite, and our goal was to overcome the deployment issues that prevent widespread deployment of HPKP. Version -02 of the draft incorporates learnings from my proof-of-concept implementation at https://github.com/yaronf/mint. Thanks to the authors on the Mint TLS 1.3 implementation from which my code was forked. Best, Yaron -------- Forwarded Message -------- Subject: New Version Notification for draft-sheffer-tls-pinning-ticket-02.txt Date: Fri, 08 Jul 2016 06:42:25 -0700 From: internet-drafts@ietf.org To: Yaron Sheffer <yaronf.ietf@gmail.com> A new version of I-D, draft-sheffer-tls-pinning-ticket-02.txt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-sheffer-tls-pinning-ticket Revision: 02 Title: TLS Server Identity Pinning with Tickets Document date: 2016-07-08 Group: Individual Submission Pages: 18 URL: https://www.ietf.org/internet-drafts/draft-sheffer-tls-pinning-ticket-02.txt Status: https://datatracker.ietf.org/doc/draft-sheffer-tls-pinning-ticket/ Htmlized: https://tools.ietf.org/html/draft-sheffer-tls-pinning-ticket-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-sheffer-tls-pinning-ticket-02 Abstract: Fake public-key certificates are an ongoing problem for users of TLS. Several solutions have been proposed, but none is currently in wide use. This document proposes to extend TLS with opaque tickets, similar to those being used for TLS session resumption, as a way to pin the server's identity. That is, to ensure the client that it is connecting to the right server even in the presence of corrupt certificate authorities and fake certificates. The main advantage of this solution is that no manual management actions are required. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [TLS] Fwd: New Version Notification for draft-she… Yaron Sheffer