Re: [Unbearable] I-D Action: draft-ietf-tokbind-tls13-0rtt-02.txt
Nick Harper <nharper@google.com> Wed, 28 June 2017 22:25 UTC
Return-Path: <nharper@google.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04391126CB6 for <unbearable@ietfa.amsl.com>; Wed, 28 Jun 2017 15:25:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1qr29oCdAKWA for <unbearable@ietfa.amsl.com>; Wed, 28 Jun 2017 15:25:47 -0700 (PDT)
Received: from mail-lf0-x22b.google.com (mail-lf0-x22b.google.com [IPv6:2a00:1450:4010:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB76A12EC82 for <unbearable@ietf.org>; Wed, 28 Jun 2017 15:25:35 -0700 (PDT)
Received: by mail-lf0-x22b.google.com with SMTP id h22so42883747lfk.3 for <unbearable@ietf.org>; Wed, 28 Jun 2017 15:25:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=5hAQsYCegJRdGDZHy1g+KdIumVOeqojsz1EsfOCcoyE=; b=AOWray2nL8fsZl7ZYOdN5hNdCIn5nFWXz0ckPaZttGBHLOBoJdSt68NASHuIFJZmvi Am5wArUuVRyUvnl3N+km44wqkmoeQN82HgUVwbWf4zBjxblwNTPS5HOVz/1l4DtT7GhU VtIEUaY+rnlHR7g7hywQoJWDW/67+67NaXOihsGyiOLgkOxIdBLbaXgSAiGWdrCqNh9C r+kntqELM3+NRd6aD6Er7wjRa2AWPn15IhbSWh18BTREZR8VfS6hz3ASV9MuUqHqV8Qb Rrnz4Xi/zUtZYBdymfnxWrq7HruKU2zjIKHAng+gQzhwGa5AYUaIwRD78TJ48OXiLmt+ 8tAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=5hAQsYCegJRdGDZHy1g+KdIumVOeqojsz1EsfOCcoyE=; b=JQMJh01XHNKc912HN5JLRcjxR96n7qhzExkCr73Xe/oRqQ43peQZvk3Ik6f+DzzrqD vR0XmOj/wr3JpvNBUd9XWfH0rgvw0/WRR2yIBALXrBEgt9Sycrtg9uvchwBlMcCyQQsy 2KsmCRrv7DIMt6a1hWKLtG/KMxTug4Olgvi5Arw8s5JsjnAGuPS7ebY3uPNTSU5ZrbC5 5btN0WsrbW6rCuR0gQYGDGezR9hJJaeSAAlgraC6WJjI1+ew294oE1Oamwvw7aJqBQlY icxhpM3qGQp2mKyXdSGXDm6O19zT4uHgSX1IuCah/xZGn7mUh4Ym2dnfszC05nRopXfP /CZA==
X-Gm-Message-State: AKS2vOyT1RKIM2aVZyhsyWyKskNKtmDdfAi/6hUuN8MChwsH7TYBdHcT PUiczhV2hrPAcOmvt86Z1sc/AuQaBhupjH8=
X-Received: by 10.46.14.17 with SMTP id 17mr3801436ljo.8.1498688733639; Wed, 28 Jun 2017 15:25:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.44.73 with HTTP; Wed, 28 Jun 2017 15:25:13 -0700 (PDT)
In-Reply-To: <149868793805.5443.4284920405751222901@ietfa.amsl.com>
References: <149868793805.5443.4284920405751222901@ietfa.amsl.com>
From: Nick Harper <nharper@google.com>
Date: Wed, 28 Jun 2017 15:25:13 -0700
Message-ID: <CACdeXiLqmdVpQryrPOBnUrbrk24Vap7QrASK-_vnwH91vwkZ3A@mail.gmail.com>
To: IETF Tokbind WG <unbearable@ietf.org>
Cc: tokbind-chairs@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/Hn60LTs5zzxvCgSuMR_H1wR_Hlk>
Subject: Re: [Unbearable] I-D Action: draft-ietf-tokbind-tls13-0rtt-02.txt
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jun 2017 22:25:50 -0000
Here's a summary of the changes since the last draft: - If TB is accepted in 0-RTT data, keep using the early exporter for the whole connection. There was some discussion on this in Chicago, with more on the mailing list. Chairs, can you confirm whether we reached consensus on the mailing list or whether we should take a hum in Prague? - 0-RTT TB cannot be used with externally provisioned PSKs or with a PSK-only key exchange mode - A new TLS extension is used for negotiating and indicating use of 0-RTT TB - The replay indication TLS extension has been removed - Some editorial and document structure changes On Wed, Jun 28, 2017 at 3:12 PM, <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Token Binding of the IETF. > > Title : Token Binding for 0-RTT TLS 1.3 Connections > Author : Nick Harper > Filename : draft-ietf-tokbind-tls13-0rtt-02.txt > Pages : 11 > Date : 2017-06-28 > > Abstract: > This document describes how Token Binding can be used in the 0-RTT > data of a TLS 1.3 connection. This involves a new TLS extension to > negotiate and indicate the use of Token Binding in 0-RTT data. A > TokenBindingMessage sent in 0-RTT data has different security > properties than one sent after the TLS handshake has finished, which > this document also describes. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tokbind-tls13-0rtt/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tokbind-tls13-0rtt-02 > https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-tls13-0rtt-02 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tokbind-tls13-0rtt-02 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Unbearable mailing list > Unbearable@ietf.org > https://www.ietf.org/mailman/listinfo/unbearable
- [Unbearable] I-D Action: draft-ietf-tokbind-tls13… internet-drafts
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-t… Nick Harper
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-t… Benjamin Kaduk
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-t… Leif Johansson
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-t… Nick Harper
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-t… John Bradley
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-t… Andrei Popov
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-t… Benjamin Kaduk
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-t… Nick Harper
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-t… Benjamin Kaduk