On Thu, Mar 31, 2016 at 10:17 AM, Benjamin Kaduk <bka...@akamai.com> wrote:
> On 03/31/2016 12:13 PM, Eric Rescorla wrote: > > > > On Thu, Mar 31, 2016 at 10:08 AM, Benjamin Kaduk < <bka...@akamai.com> > bka...@akamai.com> wrote: > >> On 03/31/2016 12:02 PM, Bill Cox wrote: >> >> On Thu, Mar 31, 2016 at 5:17 AM, Hannes Tschofenig < >> <hannes.tschofe...@gmx.net>hannes.tschofe...@gmx.net> wrote: >> >>> Hi Sean, >>> >>> we at ARM would find it somewhat unfortunate to remove the client >>> authentication feature from the 0-RTT exchange since this is one of the >>> features that could speed up the exchange quite significantly and would >>> make a big difference compared to TLS 1.2. >>> >> >> Client certs can still be used with PSK 0-RTT, but only on the initial >> 1-RTT handshake. it is up to the client to ensure that the security of the >> resumption master secret (RMS) is solid enough to warrant doing 0-RTT >> session resumption without re-verification of the client cert. >> >> >> That seems to rule out most corporate uses of client certs [for 0-RTT >> client authentication], since I doubt anyone will be interested in trusting >> that the client does so properly. >> > > Do those servers generally carry over client auth through resumption? > > > I don't know, offhand. I just wanted to point out that for one sizeable > use case for client certs in general (not considering 0RTT), this proposed > scheme does not seem useful. It may still be useful in other use cases, of > course. > I'm really not following you here. My point is that for TLS 1.2 there are two categories of servers that do client auth: - Those which carry over client auth through resumption - Those which do not The former should be equally happy (modulo all the concerns about replay, etc.) to carry over client auth through 0-RTT resumption. The latter will presumably not be but can do 1-RTT. The question then becomes how large the two populations are. -Ekr > > -Ben >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
