[openscreenprotocol] Pull Request: Describes how TLS and certificates are used by agents. from Mark Foltz \(Google\) via GitHub on 2019-09-05 (public-webscreens@w3.org from September 2019)

From: Mark Foltz \(Google\) via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Sep 2019 20:54:03 +0000
To: public-webscreens@w3.org
Message-ID: <pull_request.opened-314693561-1567716842-sysbot+gh@w3.org>

mfoltzgoogle has just submitted a new pull request for https://github.com/webscreens/openscreenprotocol:

== Describes how TLS and certificates are used by agents. ==
This addresses the following issues:

* Issue #135: Propose TLS 1.3 certificate types and extensions for key exchange
* Issue #122: Challenge/Response over TLS
* Issue #130: Review attack and mitigation considerations for TLS 1.3

This PR defines what ciphers, signing algorithms, and key types are to be used with TLS.

It also defines the terms `agent certificate` and `agent fingerprint` to clarify how the fingerprint value is linked to the certificate.

A note about TLS extensions:

At the F2F we resolved to not require any extensions [1].  However, the supported_versions, signature_algorithms, supported_groups and key_share extensions are required for conforming implementations of TLS 1.3 [2] and have information necessary for EC key exchange to work at all.

The server_name and cookies extensions are also required for conforming implementations.  Even if they are not useful for our purposes, TLS 1.3 implementations may not work at all of they are not included in the handshake, so it seems safer to require them.

[1] https://www.w3.org/2019/05/23-webscreens-minutes.html#x20
[2] https://tools.ietf.org/html/rfc8446#section-9.2


See https://github.com/webscreens/openscreenprotocol/pull/212

Received on Thursday, 5 September 2019 20:54:09 UTC