Re: [TLS] Remove 0-RTT client auth
Martin Thomson <martin.thomson@gmail.com> Sun, 21 February 2016 20:05 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B8A31AC405 for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 12:05:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1YoykSg5JRo for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 12:05:03 -0800 (PST)
Received: from mail-ig0-x231.google.com (mail-ig0-x231.google.com [IPv6:2607:f8b0:4001:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9DD41AC402 for <tls@ietf.org>; Sun, 21 Feb 2016 12:05:03 -0800 (PST)
Received: by mail-ig0-x231.google.com with SMTP id y8so67652729igp.1 for <tls@ietf.org>; Sun, 21 Feb 2016 12:05:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=n7qKp5IEPQkCEKvZOXk0rqjBG7zRpd2mY2TZPrxOcIk=; b=kl961tZTnOhJwGVDyCqPu4Nt4kXoEY6W0IGD+5H1B+2UTddTc0ayJzI/ci/DwSWC68 beOFY7NFHVLKyrtk/HiwyjihfMfgi6SNyvX6bOw6jVx2tO30pTp0CCArsIICutsU83fV NT6aZo/uExAIupACloX6SBG09iYpP4uy/toEzZ96ZTYPMyxVA7j+P8H1wJgWEi5Ubdyg ZtTS4mDRudAb4ueAD4KYaItXJmudTX8OdyC5g7CLOYHkXxZLHT9xSq3VWNm3u/iC2Hdm 9XbtOBiTII3b08cHZBh81t0rcp7mGKFxZd48C1P+TSKcY93vJGrzy7bQSC6DuA+BeVHv GLwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=n7qKp5IEPQkCEKvZOXk0rqjBG7zRpd2mY2TZPrxOcIk=; b=C5YqGtanRvnXbZQpfr6O6pJuksQ1XPqTAFa/6e6er2nb9cPAMYVSzVYLUPAlsWxcuz MbYObY6hmb2LZhR4s4RA4lPhKY7MSYdN3d3Gcyxy0bfPX34rtrCV6wsvEhMEMEG/1S6v L2GE120QhlvhzGt5Q21h1qW8m629gWCzlI1HRVW6j138vSmxE5DCHaXvTMToaHgWR7hP 6CgERxM3YAXuf1MGzhNxovtrvEu20Qg0CNfoShf3i4YMdVCvO8jWfMdrvuW1gQNSv0Ri oN7l+8sHWIcsPJU9D2khGbpZDGD8DHdu4mEDP3GNBAyQYXst8J/eTlZzc+cEdCwPdJ0l D4sw==
X-Gm-Message-State: AG10YOR1EyTfbZ/OICVWdH+C7QH3Xq3pNz7L89rl0/GOrC5LUehCvhpXtC5vcnNk7CV9Bu8KBsOae+0A16ZZWw==
MIME-Version: 1.0
X-Received: by 10.50.6.104 with SMTP id z8mr7843122igz.58.1456085103268; Sun, 21 Feb 2016 12:05:03 -0800 (PST)
Received: by 10.36.53.79 with HTTP; Sun, 21 Feb 2016 12:05:03 -0800 (PST)
In-Reply-To: <CAMfhd9V3FBJNKAcZSvojtOXvsfPx5+JY7LWzNEw_45x2KAxq_A@mail.gmail.com>
References: <CABkgnnWy3anGeLZ2a=EH+O2f4PnScJPGdBdEOkA7EmE+jgZ1pg@mail.gmail.com> <CAMfhd9V3FBJNKAcZSvojtOXvsfPx5+JY7LWzNEw_45x2KAxq_A@mail.gmail.com>
Date: Sun, 21 Feb 2016 12:05:03 -0800
Message-ID: <CABkgnnUF0WocXF-+-gYsVPiuSXrCJCeuNj8s7FLrFYPD1Dk5SQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Adam Langley <agl@imperialviolet.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/zv1GOfvmEB963xBSJ6M4HSlqNNM>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Remove 0-RTT client auth
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2016 20:05:05 -0000
On 21 February 2016 at 12:01, Adam Langley <agl@imperialviolet.org> wrote: > The token-binding(*) folks care about authenticating 0-RTT requests, > although they are currently working at the application-layer[1] and so > would be recreating 0-RTT client authentication on top of TLS. (They > would thus have all the same issues, but we already knew that.) You can't run an exporter until the handshake is complete, so how were you imagining that this would work?
- [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Eric Rescorla
- Re: [TLS] Remove 0-RTT client auth Cedric Fournet
- Re: [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Eric Rescorla
- Re: [TLS] Remove 0-RTT client auth Adam Langley
- Re: [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Eric Rescorla
- Re: [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Andrei Popov
- Re: [TLS] Remove 0-RTT client auth Russ Housley
- Re: [TLS] Remove 0-RTT client auth Ilari Liusvaara
- Re: [TLS] Remove 0-RTT client auth Martin Thomson