ISSUE-19: x509v3 Independence and TLS Extensions

x509v3 Independence and TLS Extensions

State:
POSTPONED
Product:
WebID-authn-TLS-spec
Raised by:
Nathan Rixham
Opened on:
2011-02-01
Description:
WebID Protocol is currently tightly bound to the use of X.509v3 certificates, re-purposing the subjectAltName extension in order to carry an "Identification Agents" "WebID URI".

However, RFC 4346 "Transport Layer Security (TLS) Extensions" [1] (obsoleting RFC 3546) defines several general extension methods including "Extended Client Hello" [2].

The Client Hello of TLS can be extended in order to pass the identifying agents "WebID URI" in a certificate independent manner, by creating a well defined extension.

This approach is already used by such specifications as Secure Remote Password (SRP) [3,4,5] which defines the "SRP Extension" [6] in order to pass user names via Client Hello.

The definition and use of a TLS extension would remove the need for "custom" X.509v3 certificates which require the presence of a "WebID URI" in the subjectAlternativeName certificate extension, allowing any X.509v3 certificate (should the use of certificates be deemed as needed), or the use of PGP Certificates as defined by TLSPGP[7], and additionally resolve ISSUE-1 "Multiple URI entries in the SAN extension".

[1] http://tools.ietf.org/html/rfc4366
[2] http://tools.ietf.org/html/rfc4366#section-2.1
[3] http://en.wikipedia.org/wiki/Secure_remote_password_protocol
[4] http://srp.stanford.edu/
[5] http://tools.ietf.org/html/rfc2945
[6] http://tools.ietf.org/html/rfc5054#section-2.8.1
[7] http://tools.ietf.org/html/rfc5081
Related Actions Items:
No related actions
Related emails:
  1. Re: Formal WebID Teleconf Friday February 1 2013 15:00UTC (from henry.story@bblfish.net on 2013-02-01)
  2. RE: issue of initiating client auth for parallel SSL sessionids (from home_pw@msn.com on 2011-02-28)
  3. RE: issue of initiating client auth for parallel SSL sessionids (from ryan-webid@sleevi.com on 2011-02-27)
  4. RE: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from home_pw@msn.com on 2011-02-04)
  5. Re: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from nathan@webr3.org on 2011-02-04)
  6. RE: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from home_pw@msn.com on 2011-02-04)
  7. Re: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from nathan@webr3.org on 2011-02-04)
  8. RE: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from home_pw@msn.com on 2011-02-03)
  9. RE: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from home_pw@msn.com on 2011-02-03)
  10. RE: WebID-ISSUE-26: [WebID Spec] (from home_pw@msn.com on 2011-02-02)
  11. WebID-ISSUE-26: [WebID Spec] (from sysbot+tracker@w3.org on 2011-02-02)
  12. Re: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from henry.story@bblfish.net on 2011-02-02)
  13. RE: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from home_pw@msn.com on 2011-02-02)
  14. Re: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from henry.story@bblfish.net on 2011-02-01)
  15. RE: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from home_pw@msn.com on 2011-02-01)
  16. RE: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from home_pw@msn.com on 2011-02-01)
  17. Re: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from henry.story@bblfish.net on 2011-02-01)
  18. Re: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from benjamin.heitmann@deri.org on 2011-02-01)
  19. Re: Documenting implicit assumptions? (from nathan@webr3.org on 2011-02-01)
  20. WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from sysbot+tracker@w3.org on 2011-02-01)

Related notes:

too complicated to do within current group

Ted Thibodeau, 1 Feb 2013, 15:46:48

Display change log ATOM feed


Henry Story <Henry.Story@bblfish.net>, Chair, Dominique Hazaƫl-Massieux <dom@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 19.html,v 1.1 2019/12/03 13:24:55 carcone Exp $