Last Call: 'TLS User Mapping Extension' to Proposed Standard

[The IESG]

The IESG has received a request from an individual submitter to consider the 
following documents:

- 'TLS User Mapping Extension'
   draft-santesson-tls-ume-04.txt as a Proposed Standard
- 'TLS Handshake Message for Supplemental Data'
   draft-santesson-tls-supp-00.txt as a Proposed Standard

The previous Last Call on draft-santesson-tls-ume-03.txt has finished.
However, to resolve some comments that were received during the
previous Last Call, the document has been updated and
draft-santesson-tls-supp-00.txt was written.  Due to the significant
changes in one area of the document, the IESG is making a second
call for comments.  This comment period is shorter since the majority
of the document is unchanged.

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send any comments to the
iesg@ietf.org or ietf@ietf.org mailing lists by 2006-04-11.

The file can be obtained via
http://www.ietf.org/internet-drafts/draft-santesson-tls-ume-04.txt
http://www.ietf.org/internet-drafts/draft-santesson-tls-supp-00.txt


___
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce

Last Call: 'TLS User Mapping Extension' to Proposed Standard

[The IESG]

The IESG has received a request from an individual submitter to consider the 
following document:

- 'TLS User Mapping Extension'
   draft-santesson-tls-ume-02.txt as a Proposed Standard

The TLS User Mapping extension enables a client to send a name hint to
a server during a TLS handshake, enabling the server to locate
necessary authentication credentials, such as X.509 certificates, for
the claimed user.

This aims to solve two issues:

 1) To enable use of legacy PKI implementations where existing
certificates lack a name that unambiguously maps to the user
account at the server.

 2) Allow a user to use the same certificate to authenticate to
multiple accounts, while still being able to specify which
account the user intends to employ for a particular TLS session.

In the case of allowing legacy PKI, the user mapping hint provide
information that can be used by the server to retrieve any necessary
data, including certificates, to authenticate the user.

The proposed TLS protocol extensions allow additional user mapping
hint types to be defined in the future.  The basic hint type allows
either a UPN (Universal Principal Name) or a DNS hint to be sent to
the server.

The UPN hint enables authentication to a Microsoft domain account
using existing PKI deployments.  Without this TLS protocol extension,
the client certificate must contain a UPN name in the form of the
Microsoft UPN otherName in the Subject Alternative Name extension.

This TLS protocol extension is being implemented by Microsoft in
Windows Vista.  It is expected to be used by enterprise customers with
PKI deployments.  In fact, the development of this TLS protocol
extension is a direct result of requirements raised from the user
community.

This document is an individual submission.  However, the draft was
announced to the TLS WG, and it was presented at the TLS WG session
during IETF 64 in Vancouver.  Comments received from WG participants
were addressed.  After resolving these comments, no further objections
were raised.

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send any comments to the
iesg@ietf.org or ietf@ietf.org mailing lists by 2006-03-10.

The file can be obtained via
http://www.ietf.org/internet-drafts/draft-santesson-tls-ume-02.txt


___
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce