- From: Eric Gorbaty <e_gorbaty@apple.com>
- Date: Fri, 30 Jun 2023 20:43:06 -0700
- To: ietf-http-wg@w3.org
- Message-id: <7F3CE71C-E9BC-4172-A9F5-0A06B9089B87@apple.com>
Hello HTTP Enthusiasts, I’ve put up a -00 draft, in collaboration with Mike Bishop (and others), a re-imagining of secondary certs. - https://datatracker.ietf.org/doc/draft-egorbaty-httpbis-secondary-server-certs/ "This document defines a way for HTTP/2 and HTTP/3 servers to send additional certificate-based credentials after a TLS connection is established, based on TLS Exported Authenticators.” It’s pretty similar to the older archived secondary certs draft (https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-http2-secondary-certs-06), with a few key differences: 1. It defines support for both HTTP/2 and HTTP/3 2. It is focused on unprompted authentication for servers; as it’s the most flexible and simple to coordinate. 3. TLS Exported authenticators are now an RFC A decent amount of the language and ideas are borrowed from the previous draft, credit goes to the previous authors and contributors. The draft is still in early stages and could certainly use some feedback. We’re having some luck at Apple as far as useful implementation is concerned. One of the goals is to build this from the bottom up based on implementation. And probably to leave client authentication out of it. It would be great to get some feedback from the working group on interest and if there are things that can be improved. It would be lovely to be able to get some agenda time in SF as well. Go easy on me, I’m new to this :P Thanks everyone, Eric
Received on Saturday, 1 July 2023 03:45:19 UTC