[TLS] Re: Last Call: (TLS Client Authentication via DANE TLSA records) to Proposed Standard

Mon, 26 Jan 2026 12:18:55 -0800 

On 26.01.26 21:07, Eric Rescorla wrote:
On Mon, Jan 26, 2026 at 11:55 AM Muhammad Usama Sardar <[email protected]> wrote: 

    On 26.01.26 19:36, Eric Rescorla wrote:


        Regardless, the argument cannot be "use the webpki because it
        offers better privacy features" because for
        players in this space, non-webpki authentication and
        authorization is more important than a privacy feature
        that defends only against passive attacks.


    I think you are perhaps misunderstanding my comment, because I'm
    not talking about the WebPKI at all in this discussion. I'm
    instead saying
    that the client should send the DNSSEC chain in a TLS extension
    rather than having the server query for it, thus avoiding revealing
    its identity on the wire. This is entirely isomorphic to the current
    identity structure.


    Do I understand correctly that you are proposing the DNSSEC chain
    to be put as an extension of client's Certificate message of TLS 1.3?

Yes.



Thanks a lot for clarification. I completely agree with you and now I am 
very confused why there is pushback on this proposal. Extensions of 
Certificate message are already supported in TLS 1.3 and has the 
advantage of encrypting it using client_write_key for initial handshake, 
thus preventing the privacy concerns. I haven't seen argument for why 
this proposal is problematic. Maybe I am missing something.


TLS 1.2 is frozen; the draft has to move to TLS 1.3 anyway.


I am also lost why this was mentioned as a charter discussion. In my 
reading of DANCE charter [0], your proposal is not at all prohibited. In 
fact, coordination with TLS WG was supposed to happen. In particular, 
charter says:



    > DANCE will define how DNS DANE records will represent client 
identities for TLS connections.



    > DANCE will coordinate with the TLS working group to define any 
TLS protocol updates required to support client authentication using DANE.



Unfortunately, the coordination has not happened, otherwise this would 
have been resolved much earlier.


-Usama

[0] https://datatracker.ietf.org/wg/dance/about/





Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]























					Reply via email to