[TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-00.txt
Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 11 October 2015 19:57 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C5311A8F4F for <tls@ietfa.amsl.com>; Sun, 11 Oct 2015 12:57:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.23
X-Spam-Level:
X-Spam-Status: No, score=-1.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F79LB5hLKSBc for <tls@ietfa.amsl.com>; Sun, 11 Oct 2015 12:57:46 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0D6B1A8F40 for <tls@ietf.org>; Sun, 11 Oct 2015 12:57:45 -0700 (PDT)
Received: by wicgb1 with SMTP id gb1so126512551wic.1 for <tls@ietf.org>; Sun, 11 Oct 2015 12:57:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:from:to:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=21LOX3TbOFZ2Kjm5zEs+EUhVp2+wzeNMhoHgb6storA=; b=AqId9nmdgxaaw6iUPfhArzfek0ziT6om+QEJWrzrWCVJztA0+HZg/GI958XwR88x2u vwoTOgwpN/ivD2zQcV4Up1Fb2ZarvAeqZWNX/Me/m9hiXTFPk721JP23qbjkVgcPRvgk W/ymp/AgKOx4ddeEWl6Yo9i6BOG320wTc0nj++pvSRm5rwts+EMzz0jJldQ9Rtu2wgOO ndToimSVPPCPl985NMKUdpFBwMHW7qxO78uUIMm7Z2bwqA5n4VnElxKWSXKVhUt1uFGm 6cXPgDL/aeLLu8oPxskWU6hFu6UfNf/brtzpm3Nsjx11DxqGfT9BfFVSB50BtepS/GzW g5QA==
X-Received: by 10.180.10.101 with SMTP id h5mr9963842wib.22.1444593464405; Sun, 11 Oct 2015 12:57:44 -0700 (PDT)
Received: from [10.0.0.5] (bzq-79-178-5-101.red.bezeqint.net. [79.178.5.101]) by smtp.googlemail.com with ESMTPSA id eo5sm7977344wib.17.2015.10.11.12.57.42 for <tls@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Oct 2015 12:57:43 -0700 (PDT)
References: <20151011193517.30413.36864.idtracker@ietfa.amsl.com>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
X-Forwarded-Message-Id: <20151011193517.30413.36864.idtracker@ietfa.amsl.com>
Message-ID: <561ABF32.20008@gmail.com>
Date: Sun, 11 Oct 2015 22:57:38 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <20151011193517.30413.36864.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/sETQU0-I9A9vhXOgRVJuOfhs4l4>
Subject: [TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Oct 2015 19:57:47 -0000
We have a standard for certificate pinning (RFC 7469), but it is rather hard to use and as a result is rarely deployed. This draft proposes a lightweight alternative that allows TLS clients to authenticate the server they're connecting to, even if a rogue CA can generate fake certificates for that server. The draft is currently TLS 1.3-only, and is based on the previous draft of 1.3 so some minor details may have changed. Comments are of course most welcome. Thanks, Yaron -------- Forwarded Message -------- Subject: New Version Notification for draft-sheffer-tls-pinning-ticket-00.txt Date: Sun, 11 Oct 2015 12:35:17 -0700 From: internet-drafts@ietf.org To: Yaron Sheffer <yaronf.ietf@gmail.com> A new version of I-D, draft-sheffer-tls-pinning-ticket-00.txt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-sheffer-tls-pinning-ticket Revision: 00 Title: TLS Server Identity Pinning with Tickets Document date: 2015-10-11 Group: Individual Submission Pages: 14 URL: https://www.ietf.org/internet-drafts/draft-sheffer-tls-pinning-ticket-00.txt Status: https://datatracker.ietf.org/doc/draft-sheffer-tls-pinning-ticket/ Htmlized: https://tools.ietf.org/html/draft-sheffer-tls-pinning-ticket-00 Abstract: Fake public-key certificates are an ongoing problem for users of TLS. Several solutions have been proposed, but none is currently in wide use. This document proposes to extend TLS with opaque tickets, similar to those being used for TLS session resumption, as a way to pin the server's identity. That is, to ensure the client that it is connecting to the right server even in the presence of corrupt certificate authorities and fake certificates. The main advantage of this solution is that no manual management actions are required. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [TLS] Fwd: New Version Notification for draft-she… Yaron Sheffer
- Re: [TLS] Fwd: New Version Notification for draft… Dave Garrett
- Re: [TLS] Fwd: New Version Notification for draft… Daniel Kahn Gillmor
- Re: [TLS] Fwd: New Version Notification for draft… Yaron Sheffer
- Re: [TLS] Fwd: New Version Notification for draft… Yaron Sheffer
- Re: [TLS] Fwd: New Version Notification for draft… Daniel Kahn Gillmor