Hi, I asked a very similar question a couple of weeks ago. Good to know that other people have similar problems. https://mailarchive.ietf.org/arch/msg/tls/bo-_9gbNqNAlyzs2Opv16hLwt2k/
Cheers, John -----Original Message----- From: TLS <[email protected]> on behalf of "Fries, Steffen" <[email protected]> Date: Friday, 5 March 2021 at 15:02 To: "[email protected]" <[email protected]> Subject: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections Hello all I've got a question regarding application of TLS 1.3 to protect long lasting connections. Specifically on the trigger to perform a revocation check for the utilized certificates in the handshake. The background is that for the securing TCP based communication in power system automation we defined the application of TLS in IEC 62351-3. The document specifies how to use TLS v1.2 in this environment. As some of the connections are rather long lasting connections, the document defines the usage of TLS session renegotiation at least every 24 hours to update the session key material on one hand and to enforce the certificate verification from both sides (TLS is always used with mutual authentication) including the revocation check. The 24 hours were motivated by an expected CRL update once a day. As TLS 1.3 is available the consequent next step is the consideration also for power system automation. In TLS 1.3 session renegotiation is not available anymore. The session key update can easily be addressed by the post-handshake messages. For performing a certificate based authentication during the session I understood one could use the post-handshake authentication approach. But this seems to be available only for a client side authentication. Is there any option in TLS to also enforce a server side authentication during an ongoing session? Again, the reason for a certificate based authentication is to have a trigger for the revocation check of the certificates used in the initial handshake. If post-handshake certificate based authentication is not supported in TLS 1.3, it would require to have a separate mechanism/process that checks the revocation state of the certificates utilized in the initial handshake. Hence the question if there is a feature in TLS 1.3, which would provide the functionality to invoke a mutual certificate based authentication. Best regards Steffen -- Steffen Fries Siemens AG _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
