Exported Authenticators in TLS
draft-ietf-tls-exported-authenticator-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2019-11-21 |
10 | Sean Turner | Tag Revised I-D Needed - Issue raised by WG set. |
2019-11-21 |
10 | Benjamin Kaduk | Moving back to the WG for resolution of issues raised by secdir review; may require defining new TLS message types and re-review. |
2019-11-21 |
10 | Benjamin Kaduk | Tag Point Raised - writeup needed cleared. |
2019-11-21 |
10 | Benjamin Kaduk | IETF WG state changed to WG Document from Submitted to IESG for Publication |
2019-11-21 |
10 | Benjamin Kaduk | IESG state changed to AD is watching::Point Raised - writeup needed from Waiting for Writeup::Point Raised - writeup needed |
2019-11-12 |
10 | Benjamin Kaduk | IESG state changed to Waiting for Writeup::Point Raised - writeup needed from Waiting for Writeup |
2019-11-04 |
10 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA - Not OK |
2019-11-04 |
10 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-10.txt |
2019-11-04 |
10 | (System) | New version approved |
2019-11-04 |
10 | (System) | Request for posting confirmation emailed to previous authors: Nick Sullivan <nick@cloudflare.com> |
2019-11-04 |
10 | Nick Sullivan | Uploaded new revision |
2019-11-04 |
09 | Sean Turner | Changed document URLs from: [] to: repository https://github.com/tlswg/tls-exported-authenticator |
2019-08-26 |
09 | Gunter Van de Velde | Assignment of request for Last Call review by OPSDIR to Jon Mitchell was marked no-response |
2019-07-16 |
09 | Yaron Sheffer | Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Yaron Sheffer. Sent review to list. |
2019-07-16 |
09 | (System) | IANA Review state changed to IANA - Not OK from IANA - Review Needed |
2019-07-16 |
09 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-tls-exported-authenticator-09. If any part of this review is inaccurate, please let us ... (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-tls-exported-authenticator-09. If any part of this review is inaccurate, please let us know. The IANA Functions Operator has a question about one of the actions requested in the IANA Considerations section of this document. The IANA Functions Operator understands that, upon approval of this document, there are two actions which we must complete. First, in the TLS ExtensionType Values registry on the Transport Layer Security (TLS) Extensions registry page located at: https://www.iana.org/assignments/tls-extensiontype-values/ in the existing registration for: Value: 0 Extension Name: server_name the entry for TLS 1.3 will be changed from: CH, EE to: CH, EE, CR As this document requests modifications to existing registrations in a Specification Required (see RFC 8126) registry, the IESG-designated experts for the TLS ExtensionType Values have asked that you send a review request to the <tls-reg-review@ietf.org> mailing list. Expert review will need to be completed before your document can be approved for publication as an RFC. Second, in the TLS Exporter Labels registry on the Transport Layer Security (TLS) Parameters registry page located at: https://www.iana.org/assignments/tls-parameters/ three new registrations are to be made as follows: Value: EXPORTER-server authenticator handshake context DTLS-OK: Recommended: Reference: [ RFC-to-be ] Note: Value: EXPORTER-client authenticator finished key DTLS-OK: Recommended: Reference: [ RFC-to-be ] Note: Value: EXPORTER-server authenticator finished key DTLS-OK: Recommended: Reference: [ RFC-to-be ] Note: IANA Question --> What should be the entries for DTLS-OK and Recommended for each of these three new registrations? As this also requests registrations in a Specification Required (see RFC 8126) registry, the IESG-designated experts for the TLS Exporter Labels have asked that you send a review request to the <tls-reg-review@ietf.org> mailing list. Expert review will need to be completed before your document can be approved for publication as an RFC. The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed. Thank you, Sabrina Tanamal Senior IANA Services Specialist |
2019-07-16 |
09 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2019-07-15 |
09 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Yaron Sheffer |
2019-07-15 |
09 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Yaron Sheffer |
2019-07-15 |
09 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Jon Mitchell |
2019-07-15 |
09 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Jon Mitchell |
2019-07-07 |
09 | Christer Holmberg | Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Christer Holmberg. Sent review to list. |
2019-07-03 |
09 | Jean Mahoney | Request for Last Call review by GENART is assigned to Christer Holmberg |
2019-07-03 |
09 | Jean Mahoney | Request for Last Call review by GENART is assigned to Christer Holmberg |
2019-07-02 |
09 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2019-07-02 |
09 | Cindy Morgan | The following Last Call announcement was sent out (ends 2019-07-16): From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> CC: draft-ietf-tls-exported-authenticator@ietf.org, christopherwood07@gmail.com, tls-chairs@ietf.org, Sean Turner <sean@sn3rd.com>, Christopher ... The following Last Call announcement was sent out (ends 2019-07-16): From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> CC: draft-ietf-tls-exported-authenticator@ietf.org, christopherwood07@gmail.com, tls-chairs@ietf.org, Sean Turner <sean@sn3rd.com>, Christopher Wood <christopherwood07@gmail.com>, tls@ietf.org, kaduk@mit.edu Reply-To: ietf@ietf.org Sender: <iesg-secretary@ietf.org> Subject: Last Call: <draft-ietf-tls-exported-authenticator-09.txt> (Exported Authenticators in TLS) to Proposed Standard The IESG has received a request from the Transport Layer Security WG (tls) to consider the following document: - 'Exported Authenticators in TLS' <draft-ietf-tls-exported-authenticator-09.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2019-07-16. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes a mechanism in Transport Layer Security (TLS) to provide an exportable proof of ownership of a certificate that can be transmitted out of band and verified by the peer. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/ballot/ No IPR declarations have been submitted directly on this I-D. |
2019-07-02 |
09 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2019-07-02 |
09 | Benjamin Kaduk | Last call was requested |
2019-07-02 |
09 | Benjamin Kaduk | Last call announcement was generated |
2019-07-02 |
09 | Benjamin Kaduk | Ballot approval text was generated |
2019-07-02 |
09 | Benjamin Kaduk | Ballot writeup was generated |
2019-07-02 |
09 | Benjamin Kaduk | IESG state changed to Last Call Requested from AD Evaluation |
2019-05-03 |
09 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-09.txt |
2019-05-03 |
09 | (System) | New version approved |
2019-05-03 |
09 | (System) | Request for posting confirmation emailed to previous authors: Nick Sullivan <nick@cloudflare.com> |
2019-05-03 |
09 | Nick Sullivan | Uploaded new revision |
2019-04-18 |
08 | Benjamin Kaduk | IESG state changed to AD Evaluation from Publication Requested |
2019-01-31 |
08 | Christopher Wood | Summary Christopher Wood is the DS. Ben Kaduk is the responsible AD. Exported Authenticators (EAs) provide a way for endpoints of a TLS connection to ... Summary Christopher Wood is the DS. Ben Kaduk is the responsible AD. Exported Authenticators (EAs) provide a way for endpoints of a TLS connection to prove ownership over multiple identities (certificates) outside of TLS. Endpoints can export authenticators to applications for transmission and verification. Mechanically, authenticators mirror certificate proofs in the TLS handshake, i.e., triggered by an authenticator (certificate) request, an endpoint can provide an authenticator response comprised of a certificate, signature, and enveloping MAC (Certificate, CertificateVerify, and Finished). Endpoints may encode requests and responses using standard TLS encoding rules for transmission at the application layer, e.g., within CERTIFICATE_REQUEST and CERTIFICATE HTTP/2 frames as specified in [1]. Authenticator MACs are computed using keys exported from the underlying TLS connection, which means that authenticators are only useful to endpoints party to that keying material. As an authentication mechanism, EAs provide an alternative to post-handshake client authentication in TLS 1.3 and renegotiation in TLS 1.2 (with the extended master secret extension). Moreover, unlike Token Binding, which is negotiated via an extension, there is little risk of endpoint non-interoperatbility due to non-compliant or extension-stripping middle boxes. EAs received formal security review from Cas Cremers and Jonathan Hoyland [2] (which in turn led to followup work in [3]). EAs guarantee compound authentication, i.e., proof of multiple separate identities, bound to a single TLS connection against an attacker without access to certificate private keys or TLS secrets. The intended status is Standards Track, given its use for HTTP/2 Secondary Certificates [1]. The document has received ample review from the WG members, as well as discussion in the httpbis working group with respect to its use in Secondary Certificates. Review and Consensus Nick presented the document several times to the WG. Over 50 emails were exchanged on the draft during its lifecycle in the WG. The group waited to move to WGLC until the security review [2] was complete. The document went through two WGLCs, with the first leading to non-trivial changes in the document before completion. (Some editorial, and some content changes that came out of the security review.) There were no objections or blocking issues during the second WGLC. Intellectual Property The DS confirmed with the author that any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. Other Considerations EAs have been implemented by at least two independent parties. To the best of our knowledge, no browser has yet implemented the mechanism yet. [1] https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-03 [2] https://datatracker.ietf.org/meeting/101/materials/slides-101-tls-sessa-exported-authenticators-security-analysis-00.pdf [3] https://tools.ietf.org/html/draft-hoyland-tls-layered-exported-authenticator-00 |
2019-01-31 |
08 | Christopher Wood | Responsible AD changed to Benjamin Kaduk |
2019-01-31 |
08 | Christopher Wood | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2019-01-31 |
08 | Christopher Wood | IESG state changed to Publication Requested from I-D Exists |
2019-01-31 |
08 | Christopher Wood | IESG process started in state Publication Requested |
2019-01-31 |
08 | Christopher Wood | Summary Christopher Wood is the DS. Ben Kaduk is the responsible AD. Exported Authenticators (EAs) provide a way for endpoints of a TLS connection to ... Summary Christopher Wood is the DS. Ben Kaduk is the responsible AD. Exported Authenticators (EAs) provide a way for endpoints of a TLS connection to prove ownership over multiple identities (certificates) outside of TLS. Endpoints can export authenticators to applications for transmission and verification. Mechanically, authenticators mirror certificate proofs in the TLS handshake, i.e., triggered by an authenticator (certificate) request, an endpoint can provide an authenticator response comprised of a certificate, signature, and enveloping MAC (Certificate, CertificateVerify, and Finished). Endpoints may encode requests and responses using standard TLS encoding rules for transmission at the application layer, e.g., within CERTIFICATE_REQUEST and CERTIFICATE HTTP/2 frames as specified in [1]. Authenticator MACs are computed using keys exported from the underlying TLS connection, which means that authenticators are only useful to endpoints party to that keying material. As an authentication mechanism, EAs provide an alternative to post-handshake client authentication in TLS 1.3 and renegotiation in TLS 1.2 (with the extended master secret extension). Moreover, unlike Token Binding, which is negotiated via an extension, there is little risk of endpoint non-interoperatbility due to non-compliant or extension-stripping middle boxes. EAs received formal security review from Cas Cremers and Jonathan Hoyland [2] (which in turn led to followup work in [3]). EAs guarantee compound authentication, i.e., proof of multiple separate identities, bound to a single TLS connection against an attacker without access to certificate private keys or TLS secrets. The intended status is Standards Track, given its use for HTTP/2 Secondary Certificates [1]. The document has received ample review from the WG members, as well as discussion in the httpbis working group with respect to its use in Secondary Certificates. Review and Consensus Nick presented the document several times to the WG. Over 50 emails were exchanged on the draft during its lifecycle in the WG. The group waited to move to WGLC until the security review [2] was complete. The document went through two WGLCs, with the first leading to non-trivial changes in the document before completion. (Some editorial, and some content changes that came out of the security review.) There were no objections or blocking issues during the second WGLC. Intellectual Property The DS confirmed with the author that any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. Other Considerations EAs have been implemented by at least two independent parties. To the best of our knowledge, no browser has yet implemented the mechanism yet. [1] https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-03 [2] https://datatracker.ietf.org/meeting/101/materials/slides-101-tls-sessa-exported-authenticators-security-analysis-00.pdf [3] https://tools.ietf.org/html/draft-hoyland-tls-layered-exported-authenticator-00 |
2019-01-24 |
08 | Christopher Wood | Summary Christopher Wood is the DS. Ben Kaduk is the responsible AD. Exported Authenticators (EAs) provide a way for endpoints of a TLS connection to ... Summary Christopher Wood is the DS. Ben Kaduk is the responsible AD. Exported Authenticators (EAs) provide a way for endpoints of a TLS connection to prove ownership over multiple identities (certificates) outside of TLS. Endpoints can export authenticators to applications for transmission and verification. Mechanically, authenticators mirror certificate proofs in the TLS handshake, i.e., triggered by an authenticator (certificate) request, an endpoint can provide an authenticator response comprised of a certificate, signature, and enveloping MAC (Certificate, CertificateVerify, and Finished). Endpoints may encode requests and responses using standard TLS encoding rules for transmission at the application layer, e.g., within CERTIFICATE_REQUEST and CERTIFICATE HTTP/2 frames as specified in [1]. Authenticator MACs are computed using keys exported from the underlying TLS connection, which means that authenticators are only useful to endpoints party to that keying material. As an authentication mechanism, EAs provide an alternative to post-handshake client authentication in TLS 1.3 and renegotiation in TLS 1.2 (with the extended master secret extension). Moreover, unlike Token Binding, which is negotiated via an extension, there is little risk of endpoint non-interoperatbility due to non-compliant or extension-stripping middle boxes. EAs received formal security review from Cas Cremers and Jonathan Hoyland [2] (which in turn led to followup work in [3]). EAs guarantee compound authentication, i.e., proof of multiple separate identities, bound to a single TLS connection against an attacker without access to certificate private keys or TLS secrets. The intended status is Standards Track, given its use for HTTP/2 Secondary Certificates [1]. The document has received ample review from the WG members, as well as discussion in the httpbis working group with respect to its use in Secondary Certificates. Review and Consensus Nick presented the document several times to the WG. Over 50 emails were exchanged on the draft during its lifecycle in the WG. The group waited to move to WGLC until the security review [2] was complete. The document went through two WGLCs, with the first leading to non-trivial changes in the document before completion. (Some editorial, and some content changes that came out of the security review.) There were no objections or blocking issues during the second WGLC. Intellectual Property The DS confirmed with the author that any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. Other Considerations EAs have been implemented by at least two independent parties. No browser has yet implemented the mechanism yet. [1] https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-03 [2] https://datatracker.ietf.org/meeting/101/materials/slides-101-tls-sessa-exported-authenticators-security-analysis-00.pdf [3] https://tools.ietf.org/html/draft-hoyland-tls-layered-exported-authenticator-00 |
2018-12-03 |
08 | Christopher Wood | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2018-11-16 |
08 | Christopher Wood | Notification list changed to Sean Turner <sean@sn3rd.com>, Christopher Wood <christopherwood07@gmail.com> from Sean Turner <sean@sn3rd.com> |
2018-11-16 |
08 | Christopher Wood | Document shepherd changed to Christopher A. Wood |
2018-11-06 |
08 | Christopher Wood | Tag Revised I-D Needed - Issue raised by WGLC cleared. |
2018-11-06 |
08 | Christopher Wood | IETF WG state changed to In WG Last Call from Waiting for WG Chair Go-Ahead |
2018-10-18 |
08 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-08.txt |
2018-10-18 |
08 | (System) | New version approved |
2018-10-18 |
08 | (System) | Request for posting confirmation emailed to previous authors: Nick Sullivan <nick@cloudflare.com> |
2018-10-18 |
08 | Nick Sullivan | Uploaded new revision |
2018-06-05 |
07 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-07.txt |
2018-06-05 |
07 | (System) | New version approved |
2018-06-05 |
07 | (System) | Request for posting confirmation emailed to previous authors: Nick Sullivan <nick@cloudflare.com> |
2018-06-05 |
07 | Nick Sullivan | Uploaded new revision |
2018-06-05 |
07 | Nick Sullivan | Uploaded new revision |
2018-05-29 |
06 | Sean Turner | Tag Revised I-D Needed - Issue raised by WGLC set. |
2018-05-29 |
06 | Sean Turner | IETF WG state changed to Waiting for WG Chair Go-Ahead from In WG Last Call |
2018-04-19 |
06 | Sean Turner | IETF WG state changed to In WG Last Call from WG Document |
2018-04-19 |
06 | Sean Turner | Notification list changed to Sean Turner <sean@sn3rd.com> |
2018-04-19 |
06 | Sean Turner | Document shepherd changed to Sean Turner |
2018-03-05 |
06 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-06.txt |
2018-03-05 |
06 | (System) | New version approved |
2018-03-05 |
06 | (System) | Request for posting confirmation emailed to previous authors: Nick Sullivan <nick@cloudflare.com> |
2018-03-05 |
06 | Nick Sullivan | Uploaded new revision |
2017-12-13 |
05 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-05.txt |
2017-12-13 |
05 | (System) | New version approved |
2017-12-13 |
05 | (System) | Request for posting confirmation emailed to previous authors: Nick Sullivan <nick@cloudflare.com> |
2017-12-13 |
05 | Nick Sullivan | Uploaded new revision |
2017-11-07 |
04 | Sean Turner | Added to session: IETF-100: tls Thu-0930 |
2017-10-30 |
04 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-04.txt |
2017-10-30 |
04 | (System) | New version approved |
2017-10-30 |
04 | (System) | Request for posting confirmation emailed to previous authors: Nick Sullivan <nick@cloudflare.com> |
2017-10-30 |
04 | Nick Sullivan | Uploaded new revision |
2017-07-17 |
03 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-03.txt |
2017-07-17 |
03 | (System) | New version approved |
2017-07-16 |
03 | (System) | Request for posting confirmation emailed to previous authors: Nick Sullivan <nick@cloudflare.com> |
2017-07-16 |
03 | Nick Sullivan | Uploaded new revision |
2017-06-20 |
02 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-02.txt |
2017-06-20 |
02 | (System) | New version approved |
2017-06-20 |
02 | (System) | Request for posting confirmation emailed to previous authors: Nick Sullivan <nick@cloudflare.com> |
2017-06-20 |
02 | Nick Sullivan | Uploaded new revision |
2017-06-20 |
01 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-01.txt |
2017-06-20 |
01 | (System) | New version approved |
2017-06-20 |
01 | (System) | Request for posting confirmation emailed to previous authors: Nick Sullivan <nick@cloudflare.com> |
2017-06-20 |
01 | Nick Sullivan | Uploaded new revision |
2017-05-18 |
00 | Sean Turner | Changed consensus to Yes from Unknown |
2017-05-18 |
00 | Sean Turner | Intended Status changed to Proposed Standard from None |
2017-05-18 |
00 | Sean Turner | This document now replaces draft-sullivan-tls-exported-authenticator instead of None |
2017-05-18 |
00 | Nick Sullivan | New version available: draft-ietf-tls-exported-authenticator-00.txt |
2017-05-18 |
00 | (System) | New version approved |
2017-05-18 |
00 | Nick Sullivan | Request for posting confirmation emailed to submitter and authors: Nick Sullivan <nick@cloudflare.com> |
2017-05-18 |
00 | Nick Sullivan | Uploaded new revision |