- From: David Schinazi <dschinazi.ietf@gmail.com>
- Date: Thu, 12 Oct 2023 17:19:25 -0700
- To: Eric Gorbaty <e_gorbaty@apple.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAPDSy+6dCeNMy+4EKL44PAYNFXg-D6GHjKNaLUEx=kxrKnLjbg@mail.gmail.com>
This is definitely an interesting area of work. I think the use cases are useful and I'll happily volunteer to review drafts and all that. Consider this a statement of support for spending WG time on this topic. David On Thu, Oct 12, 2023 at 1:07 PM Eric Gorbaty <e_gorbaty@apple.com> wrote: > Hi everyone, > > Following up on this: I've made some revisions to the draft to clarify > usage and related mechanisms, see the updated version: > https://datatracker.ietf.org/doc/draft-egorbaty-httpbis-secondary-server-certs/01/ > > Mainly, these revisions address: > - Removing any remaining references to client certificates to focus on > server authentication > - Clarify the usage of the spontaneous server certificates flow from TLS > Exported authenticators > - More strongly suggest the usage of ORIGIN in the event that a DNS check > is not used > > Other changes (Like using multiple frames to send authenticators over > HTTP/2), should come later; but those are less interesting as far as the > vision of the draft is concerned. > > Regarding use cases, it seems that discussion so far has revolved around > two main uses for this: > - CDNs being able to make additional origins that they support available > to particular requesters at a much more controlled, granular level than > massive "cruise-liner" certificates at TLS establishment > - Forward-proxies like MASQUE being able to switch to a reverse-proxy mode > for particular origins, either optimistically or in response to particular > requests > > Feedback on all of this would be appreciated! > > Thanks, > Eric Gorbaty > Apple > > > > On Oct 11, 2023, at 5:34 PM, Mark Nottingham <mnot@mnot.net> wrote: > > > > Hello everyone, > > > > At IETF 117, we had a discussion about reviving the Secondary > Certificates work: > > > https://httpwg.org/wg-materials/ietf117/minutes.html#secondary-certificate-authentication-of-http-servers---eric-gorbaty > > > > The Chairs are considering issuing a Call for Adoption for this work, > because there seems to be significant interest in this area still. However, > more discussion about the use cases would help us make a decision about > re-starting this work. > > > > If necessary, we can reserve some further time in Prague, but mailing > list discussion is preferred. > > > > Cheers, > > > > -- > > Mark Nottingham https://www.mnot.net/ > > > > > > >
Received on Friday, 13 October 2023 00:19:43 UTC