Presentation is loading. Please wait.

Presentation is loading. Please wait.

TLS user mapping hint extension Stefan Santesson Microsoft.

Published byNorma Robertson Modified over 9 years ago

Similar presentations

Presentation on theme: "TLS user mapping hint extension Stefan Santesson Microsoft."— Presentation transcript:

1 TLS user mapping hint extension Stefan Santesson Microsoft

2 Purpose Logging on to a Microsoft domain currently requires a Microsoft UPN (User Principal Name) “user@domain” to be present in the client certificate. This TLS extension removes this requirement in the context of TLS.

3 Flow Client and server agrees that they support this extension. Client send its UPN in a new handshake message Server locate the user in AD and extract the users certificate. Authentication maps client certificate with use certificate extracted from AD.

4 New extension type A new extension type (user_mapping(nn)) is added to the Extension used in both the Client Hello and Server Hello. The extension type is specified as follows and has no data associated with it. enum { server_name(0), max_fragment_length(1), client_certificate_url(2),trusted_ca_keys(3), truncated_hmac(4), status_request(5), user_mapping(nn), (65535) } ExtensionType;

5 Extension to the Handshake Protocol A new handshake message is created (user_mapping_data(nn) to encapsulate the client’s domain. enum { hello_request(0), client_hello(1), server_hello(2), certificate(11), server_key_exchange (12), certificate_request(13), server_hello_done(14), certificate_verify(15), client_key_exchange(16), finished(20), certificate_url(21), certificate_status(22), user_mapping_data(nn),(255) } HandshakeType;

6 Handshake message syntax enum { UpnDomainHint(0), (255) } UserMappingType; struct { opaque user_principle_name ; opaque domain_name ; } UpnDomainHint; struct { UserMappingType user_mapping_version select(UserMappingType) { case UpnDomainHint: UpnDomainHint; } } UserMappingData;

7 Actions Submit new draft to be published as Informational RFC Provide IPR disclosure Assign identifiers for extension type and handshake message

Download ppt "TLS user mapping hint extension Stefan Santesson Microsoft."

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation 22.4.2008 ESPOO, Finland.

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation ESPOO, Finland.
Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? 1.2.3.4 Get index.htm from 1.2.3.4 Response from 1.2.3.4.

Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Internet Security CSCE 813 Transport Layer Security

Internet Security CSCE 813 Transport Layer Security
Security at the Transport Layer Lecture 6. Information and Nework Security2 SSL/TLS n SSL was developed by Phil Karlton & Netscape. çThe standards community.

Security at the Transport Layer Lecture 6. Information and Nework Security2 SSL/TLS n SSL was developed by Phil Karlton & Netscape. çThe standards community.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Slide 1 Vitaly Shmatikov CS 378 SSL/TLS. slide 2 What is SSL / TLS? uTransport Layer Security protocol, version 1.0 De facto standard for Internet security.

Slide 1 Vitaly Shmatikov CS 378 SSL/TLS. slide 2 What is SSL / TLS? uTransport Layer Security protocol, version 1.0 De facto standard for Internet security.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
We leave the world of cryptography for a while.

We leave the world of cryptography for a while.
IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.

IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
A Survey of WAP Security Architecture Neil Daswani

A Survey of WAP Security Architecture Neil Daswani

Similar presentations

Ads by Google