Intent to Prototype: Trust Anchor Identifiers (TAI)
David Adrian
Contact emails
[email protected]Explainer
https://github.com/tlswg/tls-trust-anchor-ids/blob/main/explainer.mdSpecification
https://github.com/tlswg/tls-trust-anchor-idsSummary
Trust Anchor Identifiers (TAI) is a TLS protocol extension that enables a TLS server to efficiently advertise which trust anchors it supports (which roots its certificates chain to), and allows the client to select. It provides a fallback path in case the selection is wrong or otherwise out of date. In addition to enabling multi-certificate use cases, the same Trust Anchor Identifier mechanism can be used to elide intermediate certificates, saving hundreds to thousands of bytes transmitted during the handshake. This work is adopted by the IETF TLS working group.
Blink component
Internals>Network>SSLMotivation
Enable TLS endpoints to reliably and efficiently present certificates to peers that vary in supported trust anchors, particularly in larger PKIs like the Web PKI. Without a negotiation mechanism, the authenticating party must obtain a single certificate that simultaneously satisfies all relying parties. This is challenging when relying parties are diverse. PKI transitions, including those necessary for user security, naturally lead to relying party diversity, so the result is that service availability conflicts with security and overall PKI evolution. This avoids a conflict between service availability and user security. As authentication requirements evolve to meet user security, the result is increased variance in the ecosystem. If TLS endpoints cannot reliably meet each supported peer's requirements (e.g. because no single certificate satisfies both the oldest and newest supported peers), connections will fail. Often, the result is user security is deprioritized in favor of avoiding any kind of breakage. We approach this by following the standard TLS negotiation pattern. This same approach also enables eliding of intermediate certificates to up to date clients, which reduces the size of the certificate chain transmitted on the wire. This can be a significant amount of bandwidth at scale.
Initial public proposal
https://github.com/tlswg/tls-trust-anchor-ids/tree/mainSearch tags
tls, ssl, tai, tan, trust anchor identifiers, trust expressions, trust anchor negotiationTAG review
NoneTAG review status
PendingRisks
Interoperability and Compatibility
None
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Debuggability
None
Is this feature fully tested by web-platform-tests?
NoFlag name on about://flags
NoneFinch feature name
NoneNon-finch justification
NoneRequires code in //chrome?
FalseTracking bug
https://bugs.chromium.org/issues/414630735Launch bug
https://launch.corp.google.com/launch/4382800Estimated milestones
No milestones specified
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5132064512540672?gate=6323389589094400David Adrian
- This is a TLS launch associated with an IETF draft, not a web platform launch associated with a W3C spec. As such, we are primarily doing the Blink process for visibility.
- We will follow up with an Intent to Experiment (via Finch, not OT)
- Since it's not web platform, we don't plan on doing TAG review, etc.