On Mon, Oct 31, 2016 at 2:57 PM Ilari Liusvaara <[email protected]> wrote:
> On Mon, Oct 31, 2016 at 09:29:19PM +0000, Nick Sullivan wrote: > > <https://tools.ietf.org/html/ > > < > https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00> > > draft-sullivan-tls-exported-authenticator-00> > > < > https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00> > > > > I just posted a new Internet-Draft called "Exported Authenticators in > TLS" > > in the TLS working group. > > > > The intent of this draft is to enable participants in a TLS connection to > > prove ownership of additional certificates. This differs from previous > > proposals (https://tools.ietf.org/html/draft > > -sullivan-tls-post-handshake-auth-00) in that these proofs are not sent > as > > part of the TLS connection, but instead exported so that they can be sent > > out of band (as part of an application layer message, for example). > > > > This proposal should enable a radical simplification of the Secondary > > Certificate Authentication in HTTP/2 proposal ( > > > https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs-01 > ), > > and should generally be a useful tool for binding a certificate ownership > > proof to a TLS connection. > > This looks A LOT saner than the current post-handshake stuff in TLS 1.3 > draft. Looks implementable even. > > One comment about API: There should be a method to query the TLS library > capabilities with CertificateVerify algorithm verification. > > The result could e.g. be list of algorithm numbers (e.g. 0403, 0503, > 0603, 0804, 0805, 0806, 0807, 0808). > Good idea. > > Also one bit unclear thing: Is RSA-PKCS1#v1.5 allowed if negotiated > TLS version is 1.2? > I'd say yes, since it's the only RSA signature type supported in TLS 1.2. It's not allowed in TLS 1.3. > > > -Ilari >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
