<https://tools.ietf.org/html/ <https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00> draft-sullivan-tls-exported-authenticator-00> <https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00>
I just posted a new Internet-Draft called "Exported Authenticators in TLS" in the TLS working group. The intent of this draft is to enable participants in a TLS connection to prove ownership of additional certificates. This differs from previous proposals (https://tools.ietf.org/html/draft -sullivan-tls-post-handshake-auth-00) in that these proofs are not sent as part of the TLS connection, but instead exported so that they can be sent out of band (as part of an application layer message, for example). This proposal should enable a radical simplification of the Secondary Certificate Authentication in HTTP/2 proposal ( https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs-01), and should generally be a useful tool for binding a certificate ownership proof to a TLS connection. Nick Sullivan
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
