The draft describes using an opaque ticket (similar to a session
resumption ticket) to pin the identity of a TLS server. The new version
addresses several comments on this list, in particular regarding the
message syntax, and requesting a comparison with TACK - thanks Dave and
Daniel.
Thanks,
Yaron
-------- Forwarded Message --------
Subject: New Version Notification for
draft-sheffer-tls-pinning-ticket-01.txt
Date: Sat, 06 Feb 2016 12:25:54 -0800
From: internet-dra...@ietf.org
To: Yaron Sheffer <yaronf.i...@gmail.com>
A new version of I-D, draft-sheffer-tls-pinning-ticket-01.txt
has been successfully submitted by Yaron Sheffer and posted to the
IETF repository.
Name: draft-sheffer-tls-pinning-ticket
Revision: 01
Title: TLS Server Identity Pinning with Tickets
Document date: 2016-02-06
Group: Individual Submission
Pages: 16
URL:
https://www.ietf.org/internet-drafts/draft-sheffer-tls-pinning-ticket-01.txt
Status:
https://datatracker.ietf.org/doc/draft-sheffer-tls-pinning-ticket/
Htmlized: https://tools.ietf.org/html/draft-sheffer-tls-pinning-ticket-01
Diff:
https://www.ietf.org/rfcdiff?url2=draft-sheffer-tls-pinning-ticket-01
Abstract:
Fake public-key certificates are an ongoing problem for users of TLS.
Several solutions have been proposed, but none is currently in wide
use. This document proposes to extend TLS with opaque tickets,
similar to those being used for TLS session resumption, as a way to
pin the server's identity. That is, to ensure the client that it is
connecting to the right server even in the presence of corrupt
certificate authorities and fake certificates. The main advantage of
this solution is that no manual management actions are required.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
