subject:"Re\: \[TLS\] Draft TLS Extension for Path Validation"

Re: [TLS] Draft TLS Extension for Path Validation

2022-06-03 Thread Ashley Kopman

Version -01 of this draft has been submitted https://www.ietf.org/archive/id/draft-segers-tls-cert-validation-ext-01.txt It incorporates updates based on the comments we have received so far. Limit this to (D)TLS 1.3,

Re: [TLS] Draft TLS Extension for Path Validation

2022-06-01 Thread Ira McDonald

Hi Ashley, Bear in mind that DTLS 1.3 languished in the RFC Editor's queue for over a year. The major TLS libraries have had implementations and have been doing interop testing for a long time. Simply doing software update to current library versions would make DTLS 1.3 available in civil aviati

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-31 Thread Ashley Kopman

Eric, Thank you for your comments. My initial concern with limiting this to (D)TLS 1.3 was that the DTLS 1.3 RFC has just been released and support is not yet widely available. However, our use case is for civil aviation and it will take time for the community begin using it. By that time ther

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-28 Thread Eric Rescorla

I took a quick look at this draft. A few comments follow. VENUE The correct venue for this work is the TLS WG. This is a relatively straightforward piece of work that is clearly within the TLS WG's charter scope ("This includes extensions or changes that help protocols better use TLS as an authen

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-26 Thread Robert Moskowitz

This is the Aviation use case I mentioned in earlier mails. I will be submitting a BOF request tomorrow, performa. Of course it is for the ADs to decide if this is a standalone BOF or a 20min slot in SECDISPATCH. How much time people want to discuss it is in large measure related to the disc

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-26 Thread Ashley Kopman

The use case for the D(TLS) Path Validation extension in civil aviation has been submitted https://www.ietf.org/archive/id/draft-segers-tls-cert-val-ext-use-case-00.txt there is also referenced slide deck available http://conceptsbeyond.com/resources/SCVPValidationRequest_UseCase_CB.pdf Thank you,

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-26 Thread Salz, Rich

>So this is important in one community: Civil Aviation. Thanks for the explanation Bob. That's very cool, and I am grateful to those behind the scenes who worked to bring this to the IETF. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/ma

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-26 Thread Ashley Kopman

Ilari, Thank you for your feedback. You are correct in assuming that this was designed after the OCSP status_request extension. It is a valid point that the extension can likely be omitted from the server hello. The intent was to communicate to the client that the server supports the extension

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-26 Thread Robert Moskowitz

Oh, and it is this community's input to see that this is well designed as once something is put into a plane, it tends to be there for years... On 5/26/22 04:46, Peter Gutmann wrote: An indirect question on the overall premise here: Given that SCVP is essentially nonexistent (unless there's som

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-26 Thread Robert Moskowitz

Peter, SCVP *IS* being used in aviation applications today in ground-to-ground cases. But the comm cost for air-to-ground is excessive. So this is directly what at least US FAA and EU EUROCONTROL are implementing. Aviation, through ICAO, is building their own PKI. The CP is in final draft

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-26 Thread Peter Gutmann

An indirect question on the overall premise here: Given that SCVP is essentially nonexistent (unless there's some niche market somewhere using it that I'm not aware of, which is why I didn't use an unqualified "nonexistent"), does it really matter much? If an RFC falls in the forest and all that..

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-25 Thread Ilari Liusvaara

On Wed, May 25, 2022 at 12:40:13PM -0400, Ashley Kopman wrote: > Hi TLS, > > I have just submitted a draft TLS Extension for Path Validation > https://www.ietf.org/archive/id/draft-segers-tls-cert-validation-ext-00.txt >

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-25 Thread Robert Moskowitz

I am working with Ashley and Rob Segers of FAA on this. I don't make any claims of being able to comment on the TLS content. I am providing IETF mentoring. I work with Rob in ICAO TFSG items. We want this discussed at IETF114. Perhaps in SECDISPATCH if it does not need its own BOF. Or as

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

Re: [TLS] Draft TLS Extension for Path Validation

13 matches

Site Navigation

Mail list logo

Footer information