IETF Logo Mail Archive

[TLS] Call for consensus: Removing 0-RTT client auth

Sean Turner <sean@sn3rd.com> Tue, 29 March 2016 12:59 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63D5A12D7C4 for <tls@ietfa.amsl.com>; Tue, 29 Mar 2016 05:59:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uKrY-rSI_U77 for <tls@ietfa.amsl.com>; Tue, 29 Mar 2016 05:59:28 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCCCE12D7C1 for <tls@ietf.org>; Tue, 29 Mar 2016 05:59:27 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id s5so5379743qkd.0 for <tls@ietf.org>; Tue, 29 Mar 2016 05:59:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:subject:message-id:date:to :mime-version; bh=7i1YMq9CK9wHZAOti+ZjOatXgXgkxDo9BIG6XUZ+J88=; b=jbeC7kKgKrsKMJwDTpZlWNiG3P4z74d1cba9NObVl0HVhueKhxjG+3MAoEzKrwdHGu xXl7I7/6FQmFWm830GPMZ/xECwyeu7SjkkY5tLNIy9rN9jRG2FVHIjm2H1RpEXADRvqY 1ggNWpjhEF8mpC73qYeGqjFqlUh7JQt7SoZUQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:subject :message-id:date:to:mime-version; bh=7i1YMq9CK9wHZAOti+ZjOatXgXgkxDo9BIG6XUZ+J88=; b=k/INn7qtmGn2KRTRTxdZlZIDJym/3pIoSfrWsRMFzm+1PtTDcDZ9dZCmG9usO2C6Qy 2+V4Zyv9GuTbzW4ZACGygTSBbXe/3OIMTiFqFkDOXrxqxZoO2rBRfsrDJrva5eFL3oUu DfNUU7ph6bTed8YTdg+6KyR/N7El04Oo33dHkkMdmDu4oH98GZodN3R5nlzRgQxCNlVQ VL/uvfxLllvl9gZnkmibXFkvlSw/X7vNvUWPGf/NEJbApPfWrrcbZ5z9IDXtxnYc/MSf g6bk/ieQsvHI1hYEh7IEsiUqwOjw4dqt27QzYvcetVTx0d3ZR3fQtcb3CkVqNUa9qurU Q0pQ==
X-Gm-Message-State: AD7BkJK54nHAL1iyvq8yONUyft3rdX0bHL4eBPtwO9t0alpZlJIZjIgjZ7WKe2HaD8IlXQ==
X-Received: by 10.55.78.11 with SMTP id c11mr2412639qkb.89.1459256366891; Tue, 29 Mar 2016 05:59:26 -0700 (PDT)
Received: from [172.16.0.112] ([96.231.217.211]) by smtp.gmail.com with ESMTPSA id b6sm14018328qkh.12.2016.03.29.05.59.25 for <tls@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Tue, 29 Mar 2016 05:59:26 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <AABACDA8-6A12-4023-A971-1254CED4893F@sn3rd.com>
Date: Tue, 29 Mar 2016 08:59:24 -0400
To: "<tls@ietf.org>" <tls@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/x-TmyaMnV_ftOstBIpVk5x5zRk8>
Subject: [TLS] Call for consensus: Removing 0-RTT client auth
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2016 12:59:29 -0000

All,

To make sure we’ve got a clear way forward coming out of our BA sessions, we need to make sure there’s consensus on a couple of outstanding issues.  So...

It seems that there is a clear consensus not to support 0-RTT client authentication in TLS 1.3 at this time.  If you think 0-RTT client authentication needs to be supported please indicate so now and provide your rationale.

J&S

v2.23.0 | Report a Bug | By Email