FW: New Version Notification for draft-bishop-httpbis-http2-additional-certs-05.txt from Mike Bishop on 2017-10-31 (ietf-http-wg@w3.org from October to December 2017)

From: Mike Bishop <mbishop@evequefou.be>
Date: Tue, 31 Oct 2017 00:14:07 +0000
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <MWHPR08MB347212B6F2F9DDD092728354DA5E0@MWHPR08MB3472.namprd08.prod.outlook.com>

In preparation for Singapore, we've updated the Additional Certs draft to track changes in TLS 1.3 and the Exported Authenticators TLS draft.  There's been substantial interest here, and we'll be discussing the draft during the WG meeting.

-----Original Message-----
From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] 
Sent: Monday, October 30, 2017 2:40 PM
To: Martin Thomson <martin.thomson@gmail.com>; Mike Bishop <mbishop@evequefou.be>; Nick Sullivan <nick@cloudflare.com>
Subject: New Version Notification for draft-bishop-httpbis-http2-additional-certs-05.txt

A new version of I-D, draft-bishop-httpbis-http2-additional-certs-05.txt
has been successfully submitted by Mike Bishop and posted to the IETF repository.

Name:		draft-bishop-httpbis-http2-additional-certs
Revision:	05
Title:		Secondary Certificate Authentication in HTTP/2
Document date:	2017-10-30
Group:		Individual Submission
Pages:		21
URL:            https://www.ietf.org/internet-drafts/draft-bishop-httpbis-http2-additional-certs-05.txt
Status:         https://datatracker.ietf.org/doc/draft-bishop-httpbis-http2-additional-certs/
Htmlized:       https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs-05
Htmlized:       https://datatracker.ietf.org/doc/html/draft-bishop-httpbis-http2-additional-certs-05
Diff:           https://www.ietf.org/rfcdiff?url2=draft-bishop-httpbis-http2-additional-certs-05

Abstract:
  TLS provides fundamental mutual authentication services for HTTP,
  supporting up to one server certificate and up to one client
  certificate associated to the session to prove client and server
  identities as necessary.  This draft provides mechanisms for
  providing additional such certificates at the HTTP layer when these
  constraints are not sufficient.

  Many HTTP servers host content from several origins.  HTTP/2
  [RFC7540] permits clients to reuse an existing HTTP connection to a
  server provided that the secondary origin is also in the certificate
  provided during the TLS [I-D.ietf-tls-tls13] handshake.

  In many cases, servers will wish to maintain separate certificates
  for different origins but still desire the benefits of a shared HTTP
  connection.  Similarly, servers may require clients to present
  authentication, but have different requirements based on the content
  the client is attempting to access.

  This document describes how TLS exported authenticators
  [I-D.ietf-tls-exported-authenticator] can be used to provide proof of
  ownership of additional certificates to the HTTP layer to support
  both scenarios.

Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

Received on Tuesday, 31 October 2017 07:31:16 UTC