Transport Layer Security (TLS) Authorization Extensions
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com> Subject: Document Action: 'Transport Layer Security (TLS) Authorization Extensions' to Experimental RFC The IESG has approved the following document: - 'Transport Layer Security (TLS) Authorization Extensions ' <draft-housley-tls-authz-extns-09.txt> as an Experimental RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-housley-tls-authz-extns-09.txt
Technical Summary This document specifies authorization extensions to the Transport Layer Security (TLS) Handshake Protocol. Extensions carried in the client and server hello messages to confirm that both parties support the desired authorization data types. Then, if supported by both the client and the server, authorization information is exchanged in the supplemental data handshake message. Working Group Summary This document is not the product of the TLS working group but has been reviewed there. Changes were made to address comments. The document went through four contentious IETF last calls. Controversy centered on RedPhone's IPR, but no technical issues were raised. The IPR issues have been particularly heated, including a Free Software Foundation email campaign against standards with patented technology. The TLS working group chairs also raised procedural issues, stating that standards track publications of this magnitude should be developed in the working group. After some deliberation, I gauge rough consensus within the IETF to support publication as an Experimental RFC, but not to publish on the standards track. Protocol Quality This specification has been reviewed for the IESG by Tim Polk.