Secondary Certificates and 0-RTT from Ben Schwartz on 2018-07-09 (ietf-http-wg@w3.org from July to September 2018)

From: Ben Schwartz <bemasc@google.com>
Date: Mon, 9 Jul 2018 11:28:49 -0400
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAHbrMsA8fOjGEpzy4gWMrjDBpMiwOZu+Qtk=fHmSRhbAszA+JQ@mail.gmail.com>

Hi HTTP,

Section 5.1 of the Secondary Certificate Authentication draft [1] says:
   Clients MUST NOT consider
   previous secondary certificates to be validated after TLS session
   resumption.  However, clients MAY proactively query for previously-
   presented secondary certificates.

I think we should amend this to clarify the status of 0-RTT.  Here's a
proposed change.
   Clients MUST NOT consider
   previous secondary certificates to be validated after TLS session
   resumption.  However, clients MAY treat previous secondary certificates
as validated
   when sending TLS-1.3 0-RTT data, and MAY proactively query for
previously-
   presented secondary certificates in the 0-RTT data or after session
resumption.

This is my attempt to clarify that 0-RTT data retains the security scope of
the session that is being resumed, which is the union of the validated
certificates for that session.

--Ben

[1]
https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-02#section-5.1

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Monday, 9 July 2018 15:29:25 UTC