From 01ea697fcca5cf0f0c33d2bfe654f71b5d8ac322 Mon Sep 17 00:00:00 2001 From: "andrea.vesco" Date: Tue, 7 Nov 2023 11:20:57 +0100 Subject: [PATCH] First structure of the I-D --- draft-vesco-perugini-tuveri-tls-ssi.md | 61 +++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/draft-vesco-perugini-tuveri-tls-ssi.md b/draft-vesco-perugini-tuveri-tls-ssi.md index 662abfd..4b01a0a 100644 --- a/draft-vesco-perugini-tuveri-tls-ssi.md +++ b/draft-vesco-perugini-tuveri-tls-ssi.md @@ -26,8 +26,17 @@ venue: author: - fullname: "Andrea Vesco" - organization: Your Organization Here - email: "109175919+andreavesco@users.noreply.github.com" + organization: LINKS Foundation + email: "andrea.vesco@linksfoundation.com" + - + fullname: "Leonardo Perugini" + organization: LINKS Foundation + email: "leonardo.perugini@linksfoundation.com" + - + fullname: "Nicola Tuveri" + organization: Tampere University + email: "nic.tuv@gmail.com" + normative: @@ -50,6 +59,54 @@ TODO Introduction {::boilerplate bcp14-tagged} +# Structure of the FOOBAR Extensions + +## ssi_parameters + +## foobar1 + +## foobar2 + +# Possibly the new Messages + +# TLS Client and Server Handshake Behavior + +## ClientHello + +## CertificateRequest + +## Certificate + +## CertificateVerify + +# An alternative Design / Design Consideration + +# Examples + +## TLS Server Uses a VP + +## TLS Client and Server Use VPs + +## TLS Client Uses VP and Server Uses Certificate + +## TLS Client Uses Certificate and Server Uses VP + +it happens when the server does not send ssi_paramters extension in certificate request or it does but the client does not have a DID in the list of supported DLT (i.e. DID Methods) by the server + +## Fallback to Traditional Handshake + +server ignores ssi_parameters extension in the clientHello + +## Empty intersection of Client and Server DID Methods + +HelloRetryRequest + foobar extension +server replies with the list of its DID Methods, this implies that the server has a DID stored in each of the DLT of the listed DID Methods. + +## TLS Server Enforces SSI Server Authentication + +server enforces SSI client authentication (no fall back bu enforce SSI to the client) + +HelloRetryRequest # Security Considerations