On Mon, Apr 24, 2017 at 05:42:08PM +0200, Hannes Tschofenig wrote: > Hi Ilari, > > thanks for your feedback. Remarks inline: > > On 04/21/2017 12:52 PM, Ilari Liusvaara wrote: > > On Fri, Apr 21, 2017 at 10:44:01AM +0200, Hannes Tschofenig wrote: > >> I have read draft-sullivan-tls-exported-authenticator-01 and have a few > >> questions. I haven't followed this work previously but have been > >> wondering whether this functionality would be useful for "me". > >> > >> The described functionality sounds like post-handshake authentication > >> from TLS 1.3 (although it does not use that term throughout the > >> document). I would have thought that this functionality is a replacement > >> to the TLS 1.2 renegotiation but then there is also the TLS 1.3 content > >> in there which raises the question about how this relates to the > >> post-handshake authentication functionality. > > > > There are two things that can't be accomplished with PHA: > > > > - Authenticating the server for more identities. > > - Transmitting application context with the certificate. > > > > TLS 1.2 renegotiation also is incapable of either of those. > > > In what situations would I want those features? The draft is rather > brief on the motivational side.
- Client authentication in HTTP/2 after handshake. - Dynamically adding server identities in HTTP/2 in order to hide services (SNI encryption is _HARD_). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
