Dear Benjamin, See my comments below. ________________________________________ From: Benjamin Kaduk [bka...@akamai.com] Sent: Sunday, 15 July, 2018 11:26:25 AM To: Wang Haiguang Cc: <tls@ietf.org> Subject: Re: [TLS] Regarding the identity bidding issue when using raw public key with TLS
On Sat, Jul 14, 2018 at 01:44:28AM +0000, Wang Haiguang wrote: > Dear ilari, > > Thanks very much for the reply :-). Please see my comments inline below. > > -----Original Message----- > From: ilariliusva...@welho.com [mailto:ilariliusva...@welho.com] > Sent: Thursday, July 12, 2018 8:17 PM > To: Wang Haiguang <wang.haiguang.shield...@huawei.com> > Cc: <tls@ietf.org> <tls@ietf.org> > Subject: Re: [TLS] Regarding the identity bidding issue when using raw public > key with TLS > > On Thu, Jul 12, 2018 at 09:30:40AM +0000, Wang Haiguang wrote: > > Can anyone give us some comments regarding using IBC as raw public key > > for TLS for massive IoT authentication? > > I do not think there is any way currently to do that. The only defined > signature algorithms are ([*] means removed from TLS 1.3): > > - RSA PKCS#1 v1.5[*] > - DSA[*] > - ECDSA > - EdDSA2 (Ed25519 and Ed448) > > These are also the only algorithms that can be used with raw public key > authentication. None of these is IBC algorithm.. > > Also, the way the raw public keys work is the same in both TLS 1.2 and > 1.3 (the precise messages are different, but it still works the same). > > [HG-1] Yes. With TLS-1.3, IBC algorithm is not supported at the moment. So we > hope that we can develop a separate RFC based on 1.3 and support IBC for > massive IoT usage scenarios only? > RFC 6507 specifies an IBC signature method based on ECC, it is similar to > ECDSA. We can start with that first. Writing an internet-draft that specifies IBC signatures for TLS 1.3 is the first step, but in principle such usage would not need to be limited to "massive IoT usage scenarios only". [HG-2] Yes. IBC can be used for other scenarios also. We are happy to extend the usage scenarios also. --Haiguang _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
