[TLS] I-D Action: draft-ietf-tls-dtls-connection-id-06.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : Connection Identifiers for DTLS 1.2 Authors : Eric Rescorla Hannes Tschofe

[TLS] Delegated Credentials in Client certificates

Hello TLSWG, At previous meetings (and I think on the list?) there were requests to extend the Delegated Credentials in TLS ( https://tools.ietf.org/html/draft-ietf-tls-subcerts) draft to support client certificates. This turns out to be a pretty minor change to the document. I've put up a PR: ht

[TLS] I-D Action: draft-ietf-tls-dtls13-32.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 Authors : Eric Rescorla

Re: [TLS] Delegated Credentials in Client certificates

Thanks for writing this up Nick. I support this change. I think one interesting addition to this PR might be a discussion of what could happen if you use the same DC as both a client and server. I suspect this is what a lot of people might do in a datacenter environment and that this is safe (

[TLS] HTTPSSVC record draft - ESNI alternative for HTTPS

For those not on the HTTP-WG or DNSOP lists, Ben Mike and I have a draft for an "HTTPSSVC" DNS record. There's a -03 that incorporates some feedback from the first version: https://tools.ietf.org/html/draft-nygren-httpbis-httpssvc-03 This attempts to address a number of problems (ESNI, QUIC

Re: [TLS] HTTPSSVC record draft - ESNI alternative for HTTPS

Hi Erik, On 08/07/2019 22:27, Erik Nygren wrote: > > In particular for the TLS WG, we'd be interested in hearing if this would > solve enough of the ESNI-key-delivery-via-DNS needs for the HTTPS use-case. I'm not clear if you envisage this entirely replacing the new ESNI RR (as defined in ESNI

Re: [TLS] HTTPSSVC record draft - ESNI alternative for HTTPS

Hi Stephen, On Mon, Jul 8, 2019 at 5:39 PM Stephen Farrell wrote: > > On 08/07/2019 22:27, Erik Nygren wrote: > > > > In particular for the TLS WG, we'd be interested in hearing if this would > > solve enough of the ESNI-key-delivery-via-DNS needs for the HTTPS > use-case. > > I'm not clear if y

[TLS] I-D Action: draft-ietf-tls-subcerts-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : Delegated Credentials for TLS Authors : Richard Barnes Subodh Iyengar

Re: [TLS] AD review of draft-ietf-tls-grease-02

Thanks for the comments! I've addressed them in https://github.com/tlswg/draft-ietf-tls-grease/pull/10. On Wed, Jul 3, 2019 at 1:11 PM Benjamin Kaduk wrote: > Section 1 > >The TLS protocol [RFC8446] includes several points of extensibility, >including the list of cipher suites and the li

Re: [TLS] HTTPSSVC record draft - ESNI alternative for HTTPS

I'm not sure what I think about the general idea TBH but just on this bit... On 08/07/2019 23:08, Erik Nygren wrote: > > A downside is that this does add complexity for tools that operate entirely > at the TLS layer such as openssl s_client that would be happier if only > an ESNI record existed.

[TLS] I-D Action: draft-ietf-tls-esni-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : Encrypted Server Name Indication for TLS 1.3 Authors : Eric Rescorla Kazuh