A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Credential Protection Ciphersuites for Transport Layer Security (TLS)
Author(s) : I. Hajjeh
Filename : draft-hajjeh-tls-identity-protection-04.txt
Pages : 20
Date : 2008-03-27
The Transport Layer Security (TLS) supports three authentication
modes: authentication of both parties, server authentication with an
unauthenticated client, and total anonymity. For each mode, TLS
specifies a set of cipher suites. Whenever the server is
authenticated, the channel is secure against man-in-the-middle
attacks, but completely anonymous sessions are inherently vulnerable
to such attacks.
The authentication is usually based on either preshared keys or
public key certificates. If a public key certificate is used to
authenticate the TLS client during the TLS Handshake, the TLS client
credentials are sent in clear text over the wire. Thus, any observer
can determine the credentials used by the client, learn who is
reaching the network, when, and from where, and hence correlate the
client credentials to the connection location.
This document defines a set of cipher suites to add client credential
protection to the TLS protocol. This is useful especially if TLS is
used in wireless environments or to secure remote access.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hajjeh-tls-identity-protection-04.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-hajjeh-tls-identity-protection-04.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
