summaryrefslogtreecommitdiff
path: root/doc/protocol/draft-santesson-tls-supp-00.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/protocol/draft-santesson-tls-supp-00.txt')
-rw-r--r--doc/protocol/draft-santesson-tls-supp-00.txt448
1 files changed, 0 insertions, 448 deletions
diff --git a/doc/protocol/draft-santesson-tls-supp-00.txt b/doc/protocol/draft-santesson-tls-supp-00.txt
deleted file mode 100644
index 7c72a91a0e..0000000000
--- a/doc/protocol/draft-santesson-tls-supp-00.txt
+++ /dev/null
@@ -1,448 +0,0 @@
-
-
-
-
-INTERNET-DRAFT S. Santesson (Microsoft)
-Updates: 2246, 4346
-Intended Category: Standards track
-Expires September 2006 March 2006
-
-
- TLS Handshake Message for Supplemental Data
- <draft-santesson-tls-supp-00.txt>
-
-
-Status of this Memo
-
- By submitting this Internet-Draft, each author represents that any
- applicable patent or other IPR claims of which he or she is aware
- have been or will be disclosed, and any of which he or she becomes
- aware will be disclosed, in accordance with Section 6 of BCP 79.
-
- Internet-Drafts are working documents of the Internet Engineering
- Task Force (IETF), its areas, and its working groups. Note that
- other groups may also distribute working documents as Internet-
- Drafts.
-
- Internet-Drafts are draft documents valid for a maximum of six months
- and may be updated, replaced, or obsoleted by other documents at any
- time. It is inappropriate to use Internet-Drafts as reference
- material or to cite them other than a "work in progress."
-
- The list of current Internet-Drafts can be accessed at
- http://www.ietf.org/1id-abstracts.html
-
- The list of Internet-Draft Shadow Directories can be accessed at
- http://www.ietf.org/shadow.html
-
-
-Abstract
-
- This specification specifies a TLS handshake message for exchange of
- supplemental application data. TLS hello message extensions are used
- to determine which supplemental data types are supported by both the
- TLS client and the TLS server. Then, the supplemental data handshake
- message is used to exchange the data. Other documents will define
- the syntax of these extensions and the syntax of the associated
- supplemental data types.
-
-
-
-
-
-
-
-
-Santesson [Page 1]
-
-INTERNET DRAFT TLS Handshake Message for Supplemental Data March 2006
-
-
-1. Introduction
-
- Recent standards activities have proposed different mechanisms for
- transmitting supplemental application data in the TLS handshake
- message. For example, recent proposals transfer data that is not
- processed by the TLS protocol itself, but assist the TLS-protected
- application in the authentication and authorization decisions. One
- proposal transfers user name hints for locating credentials, and
- another proposal transfers attribute certificates and SAML assertions
- for authorization checks.
-
- In order to avoid definition of multiple handshake messages, one for
- each new type of application specific supplemental data, this
- specification defines a new handshake message type that bundles all
- such data objects together and sends them in a single handshake
- message.
-
-1.1 Terminology
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in RFC 2119 [STDWORDS].
-
- The syntax for the supplemental_data handshake message is defined
- using the TLS Presentation Language, which is specified in Section 4
- of [N2].
-
-2 Supplemental Data Handshake Message
-
- The new supplemental_data handshake message type is defined to
- accommodate communication of supplemental data objects as agreed
- during the exchange of extensions in the client and server hello
- messages. See RFC 2246 (TLS 1.0) [N2] and RFC 4346 (TLS 1.1) [N3]
- for other handshake message types.
-
-
- enum {
- supplemental_data(TBD), (255)
- } HandshakeType;
-
- struct {
- HandshakeType msg_type; /* handshake type */
- uint24 length; /* octets in message */
- select (HandshakeType) {
- case supplemental_data: SupplementalData;
- } body;
- } Handshake;
-
-
-
-
-Santesson [Page 2]
-
-INTERNET DRAFT TLS Handshake Message for Supplemental Data March 2006
-
-
- struct {
- SupplementalDataEntry supp_data<1..2^24-1>;
- } SupplementalData;
-
- struct {
- SupplementalDataType supp_data_type;
- select(SupplementalDataType) { }
- } SupplementalDataEntry;
-
- enum {
- (65535)
- } SupplementalDataType;
-
-
- If present, the SupplementalData handshake message MUST contain a non
- empty SupplementalDataEntry structure carrying data associated with
- at least one defined SupplementalDataType. An explicit agreement
- that governs presence of any associated data MUST be concluded
- between client and server for each SupplementalDataType. This
- agreement MUST be concluded through the use of TLS extensions in the
- client and server hello messages.
-
- Other documents will specify specific SupplementalDataType and their
- associated data syntax and processing. These same specifications
- must also specify the client and server hello message extensions that
- are used to negotiate the support for the specified supplemental data
- type. This document simply specifies the TLS Handshake Protocol
- message that will carry the supplemental data objects.
-
- Different situations require the transfer of supplemental data from
- the client to the server, require the transfer of supplemental data
- from server to the client, or require the transfer of supplemental
- data from the client to the server as well as the transfer from the
- server to the client. All three situations are fully supported.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Santesson [Page 3]
-
-INTERNET DRAFT TLS Handshake Message for Supplemental Data March 2006
-
-
-4 Message flow
-
- The SupplementalData handshake message, if exchanged, MUST be sent as
- the first handshake message as illustrated in Figure 1 below.
-
- Client Server
-
- ClientHello (with extensions) -------->
-
- ServerHello(with extensions)
- SupplementalData*
- Certificate*
- ServerKeyExchange*
- CertificateRequest*
- <-------- ServerHelloDone
-
- SupplementalData*
- Certificate*
- ClientKeyExchange
- CertificateVerify*
- [ChangeCipherSpec]
- Finished -------->
- [ChangeCipherSpec]
- <-------- Finished
- Application Data <-------> Application Data
-
- * Indicates optional or situation-dependent messages.
-
- Figure 1. Message flow with SupplementalData
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Santesson [Page 4]
-
-INTERNET DRAFT TLS Handshake Message for Supplemental Data March 2006
-
-
-5 Security Considerations
-
- Each SupplementalDataType included in the handshake message defined
- in this specification introduces its own unique set of security
- properties and related considerations. Security considerations must
- therefore be defined in each document that defines a supplemetal data
- type.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Santesson [Page 5]
-
-INTERNET DRAFT TLS Handshake Message for Supplemental Data March 2006
-
-
-6 Normative References
-
- [N1] S. Bradner, "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [N2] T. Dierks, C. Allen, "The TLS Protocol Version 1.0",
- RFC 2246, January 1999.
-
- [N3] T. Dierks, E. Rescorla, "The TLS Protocol Version 1.1",
- RFC 4346, January 2006.
-
- [N4] S. Blake-Wilson, M. Nystrom, D. Hopwood, J. Mikkelsen,
- T. Wright, "Transport Layer Security (TLS) Extensions",
- RFC 4366, February 2006.
-
-
-7 IANA Considerations
-
- IANA needs to establish a registry for TLS Supplemental Data Formats.
- TLS Authorization Data Format identifiers with values in the
- inclusive range 0-16385 (decimal) are assigned via RFC 2434 [IANA]
- Standards Action. Values from the inclusive range 16385-65279
- (decimal) are assigned via RFC 2434 Specification Required. Values
- from the inclusive range 65280-65535 (decimal) are reserved for RFC
- 2434 Private Use.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Santesson [Page 6]
-
-INTERNET DRAFT TLS Handshake Message for Supplemental Data March 2006
-
-
-Author's Address
-
- Stefan Santesson
- Microsoft
- Finlandsgatan 30
- 164 93 KISTA
- Sweden
-
- EMail: stefans(at)microsoft.com
-
-
-Acknowledgements
-
- The fundamental architectural idea for the supplemental data
- handshake message was provided by Russ Housley and Eric Rescorla.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Santesson [Page 7]
-
-INTERNET DRAFT TLS Handshake Message for Supplemental Data March 2006
-
-
-Disclaimer
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-Copyright Statement
-
- Copyright (C) The Internet Society (2006).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
-
-Expires September 2006
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Santesson [Page 8]
View Lorry Controller Status