[TLS] Lars Eggert's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)

2022-05-25 Thread Lars Eggert via Datatracker
Lars Eggert has entered the following ballot position for draft-ietf-tls-subcerts-14: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http

Re: [TLS] [Last-Call] Genart last call review of draft-ietf-tls-subcerts-12

2022-05-25 Thread Lars Eggert
Elwyn, thank you for your review. I have entered a No Objection ballot for this document. Lars > On 2022-4-9, at 3:18, Elwyn Davies via Datatracker wrote: > > Reviewer: Elwyn Davies > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Rev

[TLS] Draft TLS Extension for Path Validation

2022-05-25 Thread Ashley Kopman
Hi TLS, I have just submitted a draft TLS Extension for Path Validation https://www.ietf.org/archive/id/draft-segers-tls-cert-validation-ext-00.txt The proposal is for a Path Validation Extension to provide a new pro

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-25 Thread Robert Moskowitz
I am working with Ashley and Rob Segers of FAA on this.  I don't make any claims of being able to comment on the TLS content.  I am providing IETF mentoring.  I work with Rob in ICAO TFSG items. We want this discussed at IETF114.  Perhaps in SECDISPATCH if it does not need its own BOF.  Or as

Re: [TLS] Draft TLS Extension for Path Validation

2022-05-25 Thread Ilari Liusvaara
On Wed, May 25, 2022 at 12:40:13PM -0400, Ashley Kopman wrote: > Hi TLS, > > I have just submitted a draft TLS Extension for Path Validation > https://www.ietf.org/archive/id/draft-segers-tls-cert-validation-ext-00.txt >

Re: [TLS] Better TLS Client Authentication

2022-05-25 Thread Phillip Hallam-Baker
On Tue, May 24, 2022 at 12:59 AM Anders Rundgren < anders.rundgren@gmail.com> wrote: > Hi Phillip, > I'm not able to figure out the merits of your proposal, but I see one > major obstacle: Google have a de-facto monopoly (80%) on browser technology > and your proposal seems to require a rather

Re: [TLS] Better TLS Client Authentication

2022-05-25 Thread Phillip Hallam-Baker
If we are looking at installed footprint, then TLS Client Auth wins. Don't accuse me of re-inventing the wheel because TLS Client Auth predates FIDO by decades. It is a completely different application though. FIDO was designed to enable use of physical authenticator tokens. As far as I can see, s