|
»
« Return to Thread: cipher suites for protecting client credentials
Re: cipher suites for protecting client credentials
by Hannes Tschofenig-2
::
Rate this Message:
Hi Mohamad,
One aspect we noticed when the IAB did privacy reviews of existing IETF specifications was that most people did not describe their threat model and the terminology was often confusing as well.
You may also want to take a look at our most recent version of the privacy guidelines document:
http://tools.ietf.org/html/draft-iab-privacy-considerations-02
I believe you mostly care eavesdroppers along the path between the TLS client and the TLS server when using client-side authentication within TLS. Correct?
We defined the term "Identity Confidentiality" in http://tools.ietf.org/html/draft-iab-privacy-terminology-01#section-3.3
and it covers this case.
I do not believe you provide any other privacy properties in your proposal (which is OK).
Ciao
Hannes
From: ext Mohamad Badra [mailto:mbadra@...]
Sent: Wednesday, March 14, 2012 3:40 PM
To: Tschofenig, Hannes (NSN - FI/Espoo)
Cc: tls@...
Subject: Re: [TLS] cipher suites for protecting client credentials
Hi Hannes
Yoav answered your question.
"protect" the client credentials is to avoid sending the client certificate in cleartext during TLS Handshake
Best regards
Badra
On Wed, Mar 14, 2012 at 1:46 PM, Tschofenig, Hannes (NSN - FI/Espoo) <hannes.tschofenig@...> wrote:
Hi Badra,
I looked at your document but I do not quite understand what you are trying to accomplish.
When you say that you want to "protect" the client credentials what do you mean?
When a client authenticates to the server based on public key cryptography it sends a certificate (among other things).
Could you elaborate?
Ciao
Hannes
From: tls-bounces@... [mailto:tls-bounces@...] On Behalf Of ext Mohamad Badra
Sent: Tuesday, March 13, 2012 11:11 PM
To: tls@...
Subject: [TLS] cipher suites for protecting client credentials
Dear all,
I have taken an initial crack at a document that defines a set of cipher suites to add client credential protection to TLS:
http://www.ineovation.fr/tls-identity-protection/draft-badra-tls-ciphersuite-identity-protection-00.txt
Looking forward for your comments, best regards
Badra
_______________________________________________
TLS mailing list
TLS@...
https://www.ietf.org/mailman/listinfo/tls
One aspect we noticed when the IAB did privacy reviews of existing IETF specifications was that most people did not describe their threat model and the terminology was often confusing as well.
You may also want to take a look at our most recent version of the privacy guidelines document:
http://tools.ietf.org/html/draft-iab-privacy-considerations-02
I believe you mostly care eavesdroppers along the path between the TLS client and the TLS server when using client-side authentication within TLS. Correct?
We defined the term "Identity Confidentiality" in http://tools.ietf.org/html/draft-iab-privacy-terminology-01#section-3.3
and it covers this case.
I do not believe you provide any other privacy properties in your proposal (which is OK).
Ciao
Hannes
From: ext Mohamad Badra [mailto:mbadra@...]
Sent: Wednesday, March 14, 2012 3:40 PM
To: Tschofenig, Hannes (NSN - FI/Espoo)
Cc: tls@...
Subject: Re: [TLS] cipher suites for protecting client credentials
Hi Hannes
Yoav answered your question.
"protect" the client credentials is to avoid sending the client certificate in cleartext during TLS Handshake
Best regards
Badra
On Wed, Mar 14, 2012 at 1:46 PM, Tschofenig, Hannes (NSN - FI/Espoo) <hannes.tschofenig@...> wrote:
Hi Badra,
I looked at your document but I do not quite understand what you are trying to accomplish.
When you say that you want to "protect" the client credentials what do you mean?
When a client authenticates to the server based on public key cryptography it sends a certificate (among other things).
Could you elaborate?
Ciao
Hannes
From: tls-bounces@... [mailto:tls-bounces@...] On Behalf Of ext Mohamad Badra
Sent: Tuesday, March 13, 2012 11:11 PM
To: tls@...
Subject: [TLS] cipher suites for protecting client credentials
Dear all,
I have taken an initial crack at a document that defines a set of cipher suites to add client credential protection to TLS:
http://www.ineovation.fr/tls-identity-protection/draft-badra-tls-ciphersuite-identity-protection-00.txt
Looking forward for your comments, best regards
Badra
_______________________________________________
TLS mailing list
TLS@...
https://www.ietf.org/mailman/listinfo/tls
« Return to Thread: cipher suites for protecting client credentials
| Free embeddable forum powered by Nabble | Forum Help |
