Hi Stephen, Hi Achim, thanks for your comments.
> I think, what is more in question is the comparison
> of the new certficate type with the two currently used ones (x509 and
> Raw Public Key). Reading your link, my first impression is, that this
> is pretty similar to x509 but in json. So talkin
Hi Andrea
thanks for the extra background.
How do you plan to deal with the large number of DID methods?
Standardization of many of the DID methods has not been finished and
they appear to have vastly different security properties, even for the
most basic DID methods like did:web and did:key.
Hi,
I'd go further - ISTM an argument for a re-design
that just doesn't have the privacy problem. (And
maybe come back to the TLS WG after that's done.)
The "privacy problem" may disappear, if the DLT is
part of that "IoT deployment" and is not considered
as an external component. Anyway, it's
Hiya,
On 05/04/2024 12:54, Achim Kraus wrote:
Hi,
On that basis, I'd consider this a bad idea that
ought not be pursued, and certainly not by the TLS
WG.
for me this sounds more like an argument for a
"recommended (for general use-cases) n".
I'd go further - ISTM an argument for a re-des
Hi,
On that basis, I'd consider this a bad idea that
ought not be pursued, and certainly not by the TLS
WG.
for me this sounds more like an argument for a
"recommended (for general use-cases) n".
Or does the TLS group focus on Web only and I missed that?
best regards
Achim
Hi Andrea,
> to avoid the only option available today:
That wonders me. I think, what is more in question is the comparison
of the new certficate type with the two currently used ones (x509 and
Raw Public Key). Reading your link, my first impression is, that this
is pretty similar to x509 but i
Hiya,
On 04/04/2024 09:53, Andrea Vesco wrote:
I-D: https://datatracker.ietf.org/doc/draft-vesco-vcauthtls/
From figure 2 it looks as if use of this mechanism
would have bad privacy properties as the DLT would
end up knowing which clients accessed which servers
at what times. That's v. similar
Hi Hannes, thanks for your question.
We are referring to a (well-resourced) IoT system with edge computing nodes. In
the IoT/edge segment, the VC can be used for mutual authentication directly in
TLS to avoid the only option available today: first establish a TLS channel
with X.509 based serve
Hi Andrea,
Thanks for sharing the info.
Could you say a bit more about your IoT use case?
Ciao
Hannes
-Original Message-
From: TLS On Behalf Of Andrea Vesco
Sent: Donnerstag, 4. April 2024 10:53
To: tls@ietf.org
Subject: [TLS] I-D on TLS authentication with VC
L. Perugini and I have w
