[TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-03.txt

Tue, 04 Oct 2016 03:19:43 -0700

Daniel and I just submitted a new version of this draft. Other than numerous editorial improvements and clarifications, the main changes are to the cryptographic operations, to bring them in-line with the latest version of TLS 1.3. 

Thanks,
        Yaron

-------- Forwarded Message --------
Subject: New Version Notification for draft-sheffer-tls-pinning-ticket-03.txt 
Date: Tue, 04 Oct 2016 03:00:10 -0700
From: internet-dra...@ietf.org
To: Yaron Sheffer <yaronf.i...@gmail.com>, Daniel Migault <daniel.miga...@ericsson.com> 


A new version of I-D, draft-sheffer-tls-pinning-ticket-03.txt
has been successfully submitted by Yaron Sheffer and posted to the
IETF repository.

Name:           draft-sheffer-tls-pinning-ticket
Revision:       03
Title:          TLS Server Identity Pinning with Tickets
Document date:  2016-10-04
Group:          Individual Submission
Pages:          23
URL: https://www.ietf.org/internet-drafts/draft-sheffer-tls-pinning-ticket-03.txt Status: https://datatracker.ietf.org/doc/draft-sheffer-tls-pinning-ticket/ Htmlized: https://tools.ietf.org/html/draft-sheffer-tls-pinning-ticket-03 Diff: https://www.ietf.org/rfcdiff?url2=draft-sheffer-tls-pinning-ticket-03 

Abstract:
   Misissued public-key certificates can prevent TLS clients from
   appropriately authenticating the TLS server.  Several alternatives
   have been proposed to detect this situation and prevent a client from
   establishing a TLS session with a TLS end point authenticated with an
   illegitimate public-key certificate, but none is currently in wide
   use.

   This document proposes to extend TLS with opaque pinning tickets as a
   way to pin the server's identity.  During an initial TLS session, the
   server provides an original encrypted pinning ticket.  In subsequent
   TLS session establishment, upon receipt of the pinning ticket, the
   server proves its ability to decrypt the pinning ticket and thus the
   ownership if the pinning protection key.  The client can now safely
   conclude that the TLS session is established with the same TLS server
   as the original TLS session.  One of the important properties of this
   proposal is that no manual management actions are required.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to