1 / 6

DTCP Certificate Authorization in TLS Handshake - Proposal

This proposal suggests allowing for the exchange of DTCP certificates as authorization data in the TLS Handshake. It utilizes extensions defined in RFC4680 and RFC5878. The use of DTCP Certs aims to protect audio-visual content and is already deployed in Smart TVs, game consoles, Blu-ray players, etc. The growing adoption of HTML5 on these devices further supports this proposal. This update addresses previous comments and suggestions.

jenkin
Download Presentation

DTCP Certificate Authorization in TLS Handshake - Proposal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. draft-dthakore-tls-authz Draft-03 IETF 86, Orlando

  2. Quick Recap • Proposal? Allow for the exchange of DTCP certificates as authorization data in the TLS Handshake • Use extensions defined in RFC4680 and RFC5878 • DTCPCerts? Used for link protection of audio visual content; already deployed in Smart TV’s, game consoles, blu-ray players etc. • HTML5 support on these devices becoming a reality • # of “apps” on these devices exploding • Benefit? reusing the deployed certs will enable and encourage use of HTTPS for services (instead of non-standard mechanisms)!

  3. Updates Since IETF85 • Two updates (-02 and -03) since Atlanta • Latest I-D: http://tools.ietf.org/html/draft-dthakore-tls-authz-03 • Latest version addresses comments and suggestions from: Mark B., Nikos M., et. al. (thanks)

  4. Major Changes • DTCP AuthzStructure • Explanation on the use of nonce (by client, by server) • Nonce vs running hash • Signature covers nonce when DTCP/X.509 certs sent • See: draft-dthakore-tls-authz-03#section-3.2 • Example Handshake • Added a sample handshake that shows client authorization • See: draft-dthakore-tls-authz-03#section-3.5

  5. Related Info: Sample Implementation • Extension implemented in OpenSSL 1.0.2 dev • Patches submitted to Openssl • Adding support in Qt (QtWebKit) • Contributing back to Qt Base • Will be on bitbucket.org shortly, contact me • d.thakore@cablelabs.com

  6. Next Steps • Any other Feedback? • Ready for Last Call?

More Related