After some discussion on Github leading up to IETF 100, we discovered a few drawbacks of the current draft that can be addressed by the following change: https://github.com/tlswg/tls-exported-authenticator/pull/9
The change introduces the concept of an *authenticator request,* which is based on the CertificateRequest message in TLS. This change is motivated by the following goals: - Provide a way to bind authenticators to requests - Move the certificate and extension selection logic from the application into the TLS library, where code and logic can be reused A consequence of this change is that it no longer allows "spontaneous" client authentication, which did not have a compelling use case to begin with. Nick On Tue, Oct 31, 2017 at 5:46 AM <[email protected]> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Transport Layer Security WG of the IETF. > > Title : Exported Authenticators in TLS > Author : Nick Sullivan > Filename : draft-ietf-tls-exported-authenticator-04.txt > Pages : 7 > Date : 2017-10-30 > > Abstract: > This document describes a mechanism in Transport Layer Security (TLS) > to provide an exportable proof of ownership of a certificate that can > be transmitted out of band and verified by the other party. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tls-exported-authenticator-04 > > https://datatracker.ietf.org/doc/html/draft-ietf-tls-exported-authenticator-04 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-exported-authenticator-04 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
