[TLS] Publication has been requested for draft-ietf-tls-exported-authenticator-13
Sean Turner has requested publication of draft-ietf-tls-exported-authenticator-13 as Proposed Standard on behalf of the TLS working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Closing WGLC (was Re: 3rd WGLC for draft-ietf-tls-exported-authenticators)
Great! This document is now ready to progress to the AD. spt > On Jun 26, 2020, at 20:00, Nick Sullivan wrote: > > TLSWG and Chairs, > > I've submitted draft -13 with the appropriate changes. > > Best, > Nick > > On Tue, Jun 16, 2020 at 10:23 AM Sean Turner wrote: > Hi! > > This message closes out the 3rd WGLC for > draft-ietf-tls-exported-authenticators. I have created GH issues for the two > issues raised during WGLC: > https://github.com/tlswg/tls-exported-authenticator/issues/62 > https://github.com/tlswg/tls-exported-authenticator/issues/63 > Once addressed, and assuming the changes are not large, we will progress this > draft towards our AD. > > I will put the draft in Waiting for WG Chair Go-Ahead / Revised I-D needed > awaiting resolution of the two issues. > > spt (for the chairs) > > > On Jun 5, 2020, at 07:29, Watson Ladd wrote: > > > > On Thu, Jun 4, 2020 at 9:48 PM Sean Turner wrote: > >> > >> Another reminder ... > >> > >>> On May 22, 2020, at 09:23, Sean Turner wrote: > >>> > >>> This is the 3rd WGLC for "Exported Authenticators in TLS" draft available > >>> at > >>> https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. > >>> The secdir review during IETF LC raised some issues and as a result there > >>> have been a couple of new versions. Please respond to the list with any > >>> comments by 2359 UTC on 8 June 2020. > > > > I've implemented earlier drafts. I do have a concern with the > > validate API as presented in the draft: it treats empty authenticators > > as valid, and then returns the identity as a certificate chain that > > must be validated by the application. Similar APIs have lead to easily > > foreseeable pwnage. Instead I would recommend the validate API carry > > out X509 validation against a trust store or validation function and > > treat the empty authenticator as invalid. That way someone has to > > think before not checking the certificate returned. > > > > Sincerely, > > Watson Ladd > > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] I-D Action: draft-ietf-tls-external-psk-guidance-00.txt
Just a reminder to please have a look at this draft. spt > On Jun 19, 2020, at 23:39, Sean Turner wrote: > > Thanks to Chris for uploading the WG version of the draft. > > If you have some time over the next couple of weeks please take the time to > review this draft. The intent is to issue a WGLC after IETF 108 barring any > discontent prior that. > > spt > >> On Jun 17, 2020, at 23:28, internet-dra...@ietf.org wrote: >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Transport Layer Security WG of the IETF. >> >> Title : Guidance for External PSK Usage in TLS >> Authors : Russ Housley >> Jonathan Hoyland >> Mohit Sethi >> Christopher A. Wood >> Filename: draft-ietf-tls-external-psk-guidance-00.txt >> Pages : 12 >> Date: 2020-06-17 >> >> Abstract: >> This document provides usage guidance for external Pre-Shared Keys >> (PSKs) in TLS. It lists TLS security properties provided by PSKs >> under certain assumptions and demonstrates how violations of these >> assumptions lead to attacks. This document also discusses PSK use >> cases, provisioning processes, and TLS stack implementation support >> in the context of these assumptions. It provides advice for >> applications in various use cases to help meet these assumptions. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-guidance/ >> >> There are also htmlized versions available at: >> https://tools.ietf.org/html/draft-ietf-tls-external-psk-guidance-00 >> https://datatracker.ietf.org/doc/html/draft-ietf-tls-external-psk-guidance-00 >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> >> ___ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] tls - Requested session has been scheduled for IETF 108
Dear Joseph Salowey, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. tls Session 1 (1:40 requested) Tuesday, 28 July 2020, Session III 1410-1550 Room Name: Room 6 size: 6 - iCalendar: https://datatracker.ietf.org/meeting/108/sessions/tls.ics Request Information: - Working Group Name: Transport Layer Security Area Name: Security Area Session Requester: Joseph Salowey Number of Sessions: 1 Length of Session(s): 100 Minutes Number of Attendees: 120 Conflicts to Avoid: Chair Conflict: pearg git mls emu Technology Overlap: cfrg dprive dnsop lake Key Participant Conflict: quic httpbis taps secdispatch saag People who must be present: Eric Rescorla Rich Salz Sean Turner Joseph A. Salowey Yoav Nir Benjamin Kaduk Christopher A. Wood Nick Sullivan Resources Requested: Special Requests: - ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] 2nd WGLC for Delegated Credentials for TLS
On Thu, Jul 2, 2020 at 10:21 AM Jonathan Hoyland wrote: > Hi All, > > For those interested, I've been working on a formal analysis of DCs the > results of which should appear online in the next few days. > I'll post to the list when it's up. > > Great! Thanks. > In summary I managed to prove a server only version of DCs secure (i.e. > does not violate any of the properties in Appendix E.1) under the Dolev-Yao > model without resumption, and work on a more general result is ongoing. > > Regards, > > Jonathan > > On Mon, 29 Jun 2020 at 16:59, Joseph Salowey wrote: > >> This is the second working group last call for Delegated Credentials for >> TLS. The latest draft can be found here: >> https://tools.ietf.org/html/draft-ietf-tls-subcerts-09. There have been >> 2 revisions since the last review. Draft 8 contains changes that were not >> committed in time for draft 7 and draft 9 contains revisions from the >> previous WGLC. Links to the Diffs between the draft 9 and draft 7 can be >> found at the end of this message. Please focus your review on the changes >> between draft 7 and draft 9. Please send your comments to the list by July >> 13, 2020. >> >> Thanks, >> >> Sean and Joe >> >> [Inline Diff] >> https://tools.ietf.org/rfcdiff?difftype=--hwdiff=draft-ietf-tls-subcerts-09.txt=draft-ietf-tls-subcerts-07.txt >> [Side-by-side Diff] >> https://tools.ietf.org/rfcdiff?url2=draft-ietf-tls-subcerts-09.txt=draft-ietf-tls-subcerts-07.txt >> >> ___ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Daniel Migault Ericsson ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] 2nd WGLC for Delegated Credentials for TLS
Hi All, For those interested, I've been working on a formal analysis of DCs the results of which should appear online in the next few days. I'll post to the list when it's up. In summary I managed to prove a server only version of DCs secure (i.e. does not violate any of the properties in Appendix E.1) under the Dolev-Yao model without resumption, and work on a more general result is ongoing. Regards, Jonathan On Mon, 29 Jun 2020 at 16:59, Joseph Salowey wrote: > This is the second working group last call for Delegated Credentials for > TLS. The latest draft can be found here: > https://tools.ietf.org/html/draft-ietf-tls-subcerts-09. There have been > 2 revisions since the last review. Draft 8 contains changes that were not > committed in time for draft 7 and draft 9 contains revisions from the > previous WGLC. Links to the Diffs between the draft 9 and draft 7 can be > found at the end of this message. Please focus your review on the changes > between draft 7 and draft 9. Please send your comments to the list by July > 13, 2020. > > Thanks, > > Sean and Joe > > [Inline Diff] > https://tools.ietf.org/rfcdiff?difftype=--hwdiff=draft-ietf-tls-subcerts-09.txt=draft-ietf-tls-subcerts-07.txt > [Side-by-side Diff] > https://tools.ietf.org/rfcdiff?url2=draft-ietf-tls-subcerts-09.txt=draft-ietf-tls-subcerts-07.txt > > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Proposed change in TLS-Flags
Hi Yoav, > If that’s something the group wants, we can add it, but it’s not generally a > good thing for a protocol to have two ways of expressing the same thing. I saw it more as a "compression" mechanism for those cases where an extension doesn't carry additional content. Ciao Hannes Yoav > On 1 Jul 2020, at 19:00, Hannes Tschofenig wrote: > > One question: Wouldn’t you want to register a flag for "Post-Handshake Client > Authentication" in this document? > > Ciao > Hannes > > > From: TLS On Behalf Of Hannes Tschofenig > Sent: Wednesday, July 1, 2020 5:55 PM > To: Yoav Nir ; > Subject: Re: [TLS] Proposed change in TLS-Flags > > Yoav, > > I looked at the draft and the PR. I am fine with the proposed changes. > This is a short and useful draft. > > Ciao > Hannes > > From: TLS On Behalf Of Yoav Nir > Sent: Monday, June 29, 2020 11:34 PM > To: > Subject: [TLS] Proposed change in TLS-Flags > > Hi > > I’ve just submitted the following PR: > > https://github.com/tlswg/tls-flags/pull/4 > > Three changes: > • It is no longer allowed to send an empty flags extension. If you don’t > support any flags, don’t send the extension. > • The server is no longer allowed to respond with flag types that the client > didn’t indicate support for first. > • I’ve split the extension description section into a format section and a > rules section > > Please comment. Barring any objections, I’ll merge the PR just before the > submission deadline. > > Yoav > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
