Re: FW: New Version Notification for draft-bishop-httpbis-http2-additional-certs-05.txt from Patrick McManus on 2017-10-31 (ietf-http-wg@w3.org from October to December 2017)

From: Patrick McManus <mcmanus@ducksong.com>
Date: Tue, 31 Oct 2017 11:23:25 +0000 (UTC)
To: Mike Bishop <mbishop@evequefou.be>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAOdDvNoAKsz91=24PJak8rooWn9ubxvsWgGXK+ufvJ6yaCZWqw@mail.gmail.com>

Thanks Mike, Nick, Martin!

On Mon, Oct 30, 2017 at 8:14 PM, Mike Bishop <mbishop@evequefou.be> wrote:

> In preparation for Singapore, we've updated the Additional Certs draft to
> track changes in TLS 1.3 and the Exported Authenticators TLS draft.
> There's been substantial interest here, and we'll be discussing the draft
> during the WG meeting.
>
> -----Original Message-----
> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> Sent: Monday, October 30, 2017 2:40 PM
> To: Martin Thomson <martin.thomson@gmail.com>; Mike Bishop <
> mbishop@evequefou.be>; Nick Sullivan <nick@cloudflare.com>
> Subject: New Version Notification for draft-bishop-httpbis-http2-
> additional-certs-05.txt
>
>
> A new version of I-D, draft-bishop-httpbis-http2-additional-certs-05.txt
> has been successfully submitted by Mike Bishop and posted to the IETF
> repository.
>
> Name:           draft-bishop-httpbis-http2-additional-certs
> Revision:       05
> Title:          Secondary Certificate Authentication in HTTP/2
> Document date:  2017-10-30
> Group:          Individual Submission
> Pages:          21
> URL:            https://www.ietf.org/internet-drafts/draft-bishop-httpbis-
> http2-additional-certs-05.txt
> Status:         https://datatracker.ietf.org/doc/draft-bishop-httpbis-
> http2-additional-certs/
> Htmlized:       https://tools.ietf.org/html/draft-bishop-httpbis-http2-
> additional-certs-05
> Htmlized:       https://datatracker.ietf.org/
> doc/html/draft-bishop-httpbis-http2-additional-certs-05
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-bishop-httpbis-
> http2-additional-certs-05
>
> Abstract:
>   TLS provides fundamental mutual authentication services for HTTP,
>   supporting up to one server certificate and up to one client
>   certificate associated to the session to prove client and server
>   identities as necessary.  This draft provides mechanisms for
>   providing additional such certificates at the HTTP layer when these
>   constraints are not sufficient.
>
>   Many HTTP servers host content from several origins.  HTTP/2
>   [RFC7540] permits clients to reuse an existing HTTP connection to a
>   server provided that the secondary origin is also in the certificate
>   provided during the TLS [I-D.ietf-tls-tls13] handshake.
>
>   In many cases, servers will wish to maintain separate certificates
>   for different origins but still desire the benefits of a shared HTTP
>   connection.  Similarly, servers may require clients to present
>   authentication, but have different requirements based on the content
>   the client is attempting to access.
>
>   This document describes how TLS exported authenticators
>   [I-D.ietf-tls-exported-authenticator] can be used to provide proof of
>   ownership of additional certificates to the HTTP layer to support
>   both scenarios.
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at
> tools.ietf.org.
>
> The IETF Secretariat
>
>
>

Received on Tuesday, 31 October 2017 11:23:55 UTC