On Fri, Mar 05, 2021 at 05:01:04PM +0000, John Mattsson wrote: > On Friday, 5 March 2021 at 15:02, Fries, Steffen wrote: > > I've got a question regarding application of TLS 1.3 to protect long > > lasting connections. Specifically on the trigger to perform a > > revocation check for the utilized certificates in the handshake.
You can perform OCSP or CRL checks on the RPs at any time. You don't need a protocol trigger for it. You can use a timer. The issue is that the EE certificate (or intermediates in the chain perhaps) could expire or be replaced before the connection ends, and then you might want the EE to present a new certificate and, if for a new key, then also a proof of possession. One could use session renegotiation back when it existed, but it does not now. > > Hence the question if there is a feature in TLS 1.3, which would > > provide the functionality to invoke a mutual certificate based > > authentication. While renegotiation will never be re-added, there is post-handshake authentication (RFC 8446, section 4.6.2), and while that is currently about authenticating the _client_ to the server, it should be trivial to extend the protocol to support re-authenticating the server to the client as well. Authenticating the client to the server and vice-versa would be independent, at least when using certificates, though not so much when using PSK. Each relying party would send a CertificateRequest message on a timer based on local configuration of certificate freshness policy and/or the peer's certificate's expiration time, or whatever you like. Nico -- _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
