Re: [TLS] draft-sullivan-tls-exported-authenticator-01
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 24 April 2017 15:42 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C36CF131708 for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 08:42:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.901
X-Spam-Level:
X-Spam-Status: No, score=-4.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sUWGhYg8ib-2 for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 08:42:14 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 688751316B1 for <tls@ietf.org>; Mon, 24 Apr 2017 08:42:13 -0700 (PDT)
Received: from [192.168.91.191] ([195.149.223.176]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0M9ra4-1crhmM0ZJ2-00B0zL; Mon, 24 Apr 2017 17:42:10 +0200
To: Ilari Liusvaara <ilariliusvaara@welho.com>
References: <55e7544b-808a-5e0e-f66e-3a6f4a79e218@gmx.net> <20170421105213.GB20822@LK-Perkele-V2.elisa-laajakaista.fi>
Cc: "<tls@ietf.org>" <tls@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <b7862e95-85ee-047f-dfae-f1b59792e2c7@gmx.net>
Date: Mon, 24 Apr 2017 17:42:08 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170421105213.GB20822@LK-Perkele-V2.elisa-laajakaista.fi>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="mQxpMe1PDAiDiBgS2tOAV8pMbwIJSPMSO"
X-Provags-ID: V03:K0:WLCqfdMndwyp0e8+bX0zSJX0ZZ9ZuHxCBobXXPeQzHwjcOPqGOI 1OzABOWMgLLoaVLa2ZpRy4uzlkTbuTI5+/f/AE/fBGalteah+F+VHQCXa9PoQ8AiSRRxplQ m83B275fND2CH9dN2C9ftQuT/e5kbICw2HzeKYRFWdMYs6ascRl6ehHEkczbRIu0uW+ucdA 0osUJ9rP1jTbKOpmzxbfA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:EX0ULoG3TMA=:kJXVPEOszzJqeBx58TBu3i dh1bcgMGFi49UF1gLgntLX1f62ePDCL8uosNlBL5lWhbY8/CZwBKBrGB3uxtL5NnR0sFK6SuB i+IDwku9N+79PooKaage/LoY9m881dxI9P6cogBQ9WbiYGnTqfkbOVSwJe1Ed0GAjnGK5w5C+ ESHSou1TTJpTNjCp4joRGJD8h8WnupGQ8Dh8SZO9NdrRuxxRRznXT01wWfbHGwOyAWcF8gtJm jdRiu+/44EiX475DrHNfD6BfAIf9q3/YpijqqCPhye6u+HMd+eHojoac4VpDZBMzQrMYU9dfC Wkz3OQffnoCoueLUMZP9572RX0ciM6P38igJUY1PtbTC8llMr1sl3VUb+z4ex5jixxdz3iXit bacb7OgUA6sOweGxQep2qZ9P/pvL8pQhi3459IoNFeEPIqPjtLiRV0OWJ48FVDzWfDuFRzXEr Q6An3mLdf/WEEwBRLInYq/hqx74GXXkg2SZ0fd+WOgpFbqafF5F1ZFQGeTr5uJULLRRCdRN+f c+Ko1ZAEVN32Ffp097IPYjLfy1vmkFIBxsGIoY54/NLvBXICx94tQxGfWPDeibyiNKkDVUNpy sPI54VeSSjuT8X5w2k1cZD1LYrmzY7QSwVd8dGd0chfTQsWBMio9+ccLwWFAhXC6MJCQNncvx dVv9vOUqYjxYdVcVF1oUTmHFoVn99yncDZP79iYgX0Zy3XvGj8uPlZr+g9k37hFpxgcZNWs69 0pvxYvV8K03iV8vFLp83wwVyo6oHZh306TzGtbo+vLxRjd2XTX9ySD+k8Bk=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xeGBoS54X1NHdQ6bgdyf4phgmfY>
Subject: Re: [TLS] draft-sullivan-tls-exported-authenticator-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2017 15:42:16 -0000
Hi Ilari, thanks for your feedback. Remarks inline: On 04/21/2017 12:52 PM, Ilari Liusvaara wrote: > On Fri, Apr 21, 2017 at 10:44:01AM +0200, Hannes Tschofenig wrote: >> I have read draft-sullivan-tls-exported-authenticator-01 and have a few >> questions. I haven't followed this work previously but have been >> wondering whether this functionality would be useful for "me". >> >> The described functionality sounds like post-handshake authentication >> from TLS 1.3 (although it does not use that term throughout the >> document). I would have thought that this functionality is a replacement >> to the TLS 1.2 renegotiation but then there is also the TLS 1.3 content >> in there which raises the question about how this relates to the >> post-handshake authentication functionality. > > There are two things that can't be accomplished with PHA: > > - Authenticating the server for more identities. > - Transmitting application context with the certificate. > > TLS 1.2 renegotiation also is incapable of either of those. In what situations would I want those features? The draft is rather brief on the motivational side. > >> What does the following sentence mean and what is the use case for it? >> >> " >> This proof of authentication can >> be exported and transmitted out of band from one party to be >> validated by the other party. >> " >> Who are the parties? > > Most probably TLS client and server. Maybe the draft should say that. Ciao Hannes > > > -Ilari >
- Re: [TLS] draft-sullivan-tls-exported-authenticat… Ilari Liusvaara
- [TLS] draft-sullivan-tls-exported-authenticator-01 Hannes Tschofenig
- Re: [TLS] draft-sullivan-tls-exported-authenticat… Ilari Liusvaara
- Re: [TLS] draft-sullivan-tls-exported-authenticat… Watson Ladd
- Re: [TLS] draft-sullivan-tls-exported-authenticat… Hannes Tschofenig