Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-05-17 Thread Joseph Salowey
The discussion on the list has not changed the consensus from the IETF 95 meeting, 0-RTT client authentication should be removed from the draft. Cheers, J&S On Tue, Mar 29, 2016 at 5:59 AM, Sean Turner wrote: > All, > > To make sure we’ve got a clear way forward coming out of our BA sessions,

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-04-07 Thread Bill Cox
I've been reviewing this issue because I want to help figure out how to do token binding over TLS 1.3 PKS 0-RTT. When the server emulates a session cache, then the RMS is unique on every PSK 0-RTT resumption. That means the client handshake hash is also unique, and it therefore becomes an attract

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-04-04 Thread Subodh Iyengar
April 03, 2016 5:43 PM To: Sean Turner Cc: tls@ietf.org Subject: Re: [TLS] Call for consensus: Removing 0-RTT client auth Hi Sean & Joe, On Tue, March 29, 2016 5:59 am, Sean Turner wrote: > All, > > To make sure we’ve got a clear way forward coming out of our BA > sessions,

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-04-03 Thread Dan Harkins
Hi Sean & Joe, On Tue, March 29, 2016 5:59 am, Sean Turner wrote: > All, > > To make sure we’ve got a clear way forward coming out of our BA > sessions, we need to make sure there’s consensus on a couple of > outstanding issues. So... > > It seems that there is a clear consensus not to sup

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-03-31 Thread Benjamin Kaduk
On 03/31/2016 12:21 PM, Eric Rescorla wrote: > > > On Thu, Mar 31, 2016 at 10:17 AM, Benjamin Kaduk > wrote: > > On 03/31/2016 12:13 PM, Eric Rescorla wrote: >> >> >> On Thu, Mar 31, 2016 at 10:08 AM, Benjamin Kaduk >> mailto:bka...@akamai.com>> wrote: >> >>

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-03-31 Thread Eric Rescorla
On Thu, Mar 31, 2016 at 10:17 AM, Benjamin Kaduk wrote: > On 03/31/2016 12:13 PM, Eric Rescorla wrote: > > > > On Thu, Mar 31, 2016 at 10:08 AM, Benjamin Kaduk < > bka...@akamai.com> wrote: > >> On 03/31/2016 12:02 PM, Bill Cox wrote: >> >> On Thu, Mar 31, 2016 at 5:17 AM, Hannes Tschofenig < >>

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-03-31 Thread Bill Cox
On Thu, Mar 31, 2016 at 10:08 AM, Benjamin Kaduk wrote: > On 03/31/2016 12:02 PM, Bill Cox wrote: > > On Thu, Mar 31, 2016 at 5:17 AM, Hannes Tschofenig < > hannes.tschofe...@gmx.net> wrote: > >> Hi Sean, >> >> we at ARM would find it somewhat unfortunate to remove the client >> authentication fe

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-03-31 Thread Benjamin Kaduk
On 03/31/2016 12:13 PM, Eric Rescorla wrote: > > > On Thu, Mar 31, 2016 at 10:08 AM, Benjamin Kaduk > wrote: > > On 03/31/2016 12:02 PM, Bill Cox wrote: >> On Thu, Mar 31, 2016 at 5:17 AM, Hannes Tschofenig >> mailto:hannes.tschofe...@gmx.net>> wrote: >> >>

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-03-31 Thread Eric Rescorla
On Thu, Mar 31, 2016 at 10:08 AM, Benjamin Kaduk wrote: > On 03/31/2016 12:02 PM, Bill Cox wrote: > > On Thu, Mar 31, 2016 at 5:17 AM, Hannes Tschofenig < > hannes.tschofe...@gmx.net> wrote: > >> Hi Sean, >> >> we at ARM would find it somewhat unfortunate to remove the client >> authentication fe

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-03-31 Thread Benjamin Kaduk
On 03/31/2016 12:02 PM, Bill Cox wrote: > On Thu, Mar 31, 2016 at 5:17 AM, Hannes Tschofenig > mailto:hannes.tschofe...@gmx.net>> wrote: > > Hi Sean, > > we at ARM would find it somewhat unfortunate to remove the client > authentication feature from the 0-RTT exchange since this is one

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-03-31 Thread Bill Cox
On Thu, Mar 31, 2016 at 5:17 AM, Hannes Tschofenig < hannes.tschofe...@gmx.net> wrote: > Hi Sean, > > we at ARM would find it somewhat unfortunate to remove the client > authentication feature from the 0-RTT exchange since this is one of the > features that could speed up the exchange quite signif

Re: [TLS] Call for consensus: Removing 0-RTT client auth

2016-03-31 Thread Hannes Tschofenig
Hi Sean, we at ARM would find it somewhat unfortunate to remove the client authentication feature from the 0-RTT exchange since this is one of the features that could speed up the exchange quite significantly and would make a big difference compared to TLS 1.2. For the IoT use cases we need clien