<https://tools.ietf.org/html/draft-sullivan-tls-post-handshake-auth-00>
We discussed on this list a proposal to allow secondary certificate authentication in HTTP/2 (https://tools.ietf.org/html/draft-bishop-httpbis- http2-additional-certs). In that discussion, some questions were raised around whether or not certificate authentication should be handled in the HTTP/2 layer or at the TLS layer. This draft is our attempt to create a more complete mechanism for post-handshake authentication in TLS 1.3 that supports standard use cases like in-browser client certificate authentication as well as new use cases like secondary certificate authentication in HTTP/2. This draft takes the post-handshake client authentication mechanism from TLS 1.3 (Section 4.4.2.) and generalizes it to allow four types of post-handshake authentication: * solicited client authentication * spontaneous client authentication * solicited server authentication * spontaneous server authentication Support for these modes is negotiated in a new TLS extension. As written, this draft is complementary to the current TLS 1.3 draft, however, it makes use of modified versions of the Certificate and CertificateRequest structures instead of those from TLS 1.3. If the working group agrees that a separate draft is a reasonable approach for post-handshake authentication, it may make sense to merge the structure changes from this draft into the TLS 1.3 specification and remove post-handshake authentication from TLS 1.3. Doing so would likely make both TLS 1.3 and this draft smaller, simpler to analyze, and easier to implement. This draft comes with the caveat that the new post-handshake flows still need formal a security proof. Nick Sullivan
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
