Re: [CHANNEL-BINDING] Last Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard
Simon Josefsson <simon@josefsson.org> Tue, 06 October 2009 07:44 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: channel-binding@core3.amsl.com
Delivered-To: channel-binding@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8C65228C0E7; Tue, 6 Oct 2009 00:44:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Level:
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vllv-l258bf8; Tue, 6 Oct 2009 00:44:15 -0700 (PDT)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id 5331E28C0ED; Tue, 6 Oct 2009 00:43:51 -0700 (PDT)
Received: from mocca.josefsson.org (c80-216-24-211.bredband.comhem.se [80.216.24.211]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n967jHqX028098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 6 Oct 2009 09:45:21 +0200
From: Simon Josefsson <simon@josefsson.org>
To: ietf@ietf.org, channel-binding@ietf.org
References: <20091005162704.8C1B43A6873@core3.amsl.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:091006:ietf@ietf.org::MwQOCeKte9kqyda7:0N33
X-Hashcash: 1:22:091006:sasl@ietf.org::1nUD5UkSGoFoKEJo:1YYF
X-Hashcash: 1:22:091006:tls@ietf.org::IvURsjl2DE3wv/ov:6Y/O
X-Hashcash: 1:22:091006:ietf-announce@ietf.org::oF2ogzltAizjTR5K:5/iY
X-Hashcash: 1:22:091006:channel-binding@ietf.org::nm5rJ8Z0+IzUCM3M:6+YJ
Date: Tue, 06 Oct 2009 09:45:16 +0200
In-Reply-To: <20091005162704.8C1B43A6873@core3.amsl.com> (The IESG's message of "Mon, 5 Oct 2009 09:27:04 -0700 (PDT)")
Message-ID: <87vditezjn.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Scanned: clamav-milter 0.95.2 at yxa-v
X-Virus-Status: Clean
Subject: Re: [CHANNEL-BINDING] Last Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard
X-BeenThere: channel-binding@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of channel binding IANA registry requests and specifications <channel-binding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/channel-binding>
List-Post: <mailto:channel-binding@ietf.org>
List-Help: <mailto:channel-binding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2009 07:44:25 -0000
I support the goal of this document, i.e. to publish the text in the IANA repository as an RFC. There are differences between the text in the current IANA repository and the document. These differences are not spelled out in the document for the 'tls-server-end-point' channel binding. The document says: Note that the only material changes from the original registration should be: the "owner" (now the IESG), the contacts, the published specfication, and a note indicating that the published specification should be consulted for applicability advice. That is not correct, compare the content registered with IANA The hash of the TLS server's end entity certificate as it appears, octet for octet, in the server's Certificate message (note that the Certificate message contains a certificate_list, the first element of which is the server's end entity certificate.) The hash function to be selected is as follows: if the certificate's signature hash algorithm is either MD5 or SHA-1, then use SHA-256, otherwise use the certificate's signature hash algorithm. The reason for using a hash of the certificate is that some implementations need to track the channel binding of a TLS session in kernel-mode memory, which is often at a premium. with what the document says: The hash of the TLS server's certificate [RFC5280] as it appears, octet for octet, in the server's Certificate message (note that the Certificate message contains a certificate_list, the first element of which is the server's certificate). The hash function is to be selected as follows: o if the certificate's signatureAlgorithm uses a single hash function, and that hash function is either MD5 [RFC1321] or SHA-1 [RFC3174] then use SHA-256 [FIPS-180-2]; o if the certificate's signatureAlgorithm uses a single hash function and that hash function neither MD5 nor SHA-1, then use the hash function associated with the certificate's signatureAlgorithm; o if the certificate's signatureAlgorithm uses no hash functions or multiple hash functions, then this channel binding type's channel bindings are undefined at this time (updates to is channel binding type may occur to address this issue if it ever arises). The reason for using a hash of the certificate is that some implementations need to track the channel binding of a TLS session in kernel-mode memory, which is often at a premium. I suggest that the first paragraph quoted above from section 4 is modified like this: OLD: Note that the only material changes from the original registration should be: the "owner" (now the IESG), the contacts, the published specfication, and a note indicating that the published specification should be consulted for applicability advice. NEW: Note that the only material changes from the original registration should be: the "owner" (now the IESG), the contacts, the published specfication, and a clarification to the description related to certificate's that do not use hash functions or use multiple hash functions. We also added a note indicating that this specification contains applicability advice, and we moved security considerations notes to the security considerations section of this document. The last sentence is copied from section 3 for consistency. Also missing is in section 3 and section 5 is a note that references were added to the text. I suggest: OLD: ...security considerations section of this document. All other fields of the registration are copied here for the convenience of readers. NEW: ...security considerations section of this document. References were added to the description. All other fields of the registration are copied here for the convenience of readers. /Simon
- Re: [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt … Nicolas Williams
- [CHANNEL-BINDING] Last Call: draft-altman-tls-cha… The IESG
- Re: [CHANNEL-BINDING] Last Call: draft-altman-tls… Simon Josefsson
- Re: [CHANNEL-BINDING] Last Call: draft-altman-tls… Nicolas Williams
- [CHANNEL-BINDING] Unrelated (Re: [TLS] RESOLVED (… Nicolas Williams
- Re: [CHANNEL-BINDING] [sasl] lasgt call comments … Pasi.Eronen
- Re: [CHANNEL-BINDING] lasgt call comments (st Cal… Simon Josefsson
- Re: [CHANNEL-BINDING] lasgt call comments (st Cal… Simon Josefsson
- Re: [CHANNEL-BINDING] [sasl] lasgt call comments … Nicolas Williams
- [CHANNEL-BINDING] lasgt call comments (st Call: d… Larry Zhu
- Re: [CHANNEL-BINDING] lasgt call comments (st Cal… Larry Zhu
- Re: [CHANNEL-BINDING] [TLS] [sasl] lasgt call com… Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] [sasl] lasgt call com… Larry Zhu
- Re: [CHANNEL-BINDING] [TLS] [sasl] lasgt call com… Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Nicolas Williams
- Re: [CHANNEL-BINDING] [sasl] lasgt call comments … Larry Zhu
- Re: [CHANNEL-BINDING] [TLS] [sasl] lasgt call com… Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] [sasl] lasgt call com… Martin Rex
- [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call… Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Martin Rex
- Re: [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt … Simon Josefsson
- Re: [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt … Martin Rex
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Martin Rex
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Martin Rex
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Peter Gutmann
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Nicolas Williams
- Re: [CHANNEL-BINDING] Unrelated (Re: [TLS] RESOLV… Martin Rex
- Re: [CHANNEL-BINDING] Unrelated (Re: [TLS] RESOLV… Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Martin Rex
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Pasi.Eronen
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Pasi.Eronen
- Re: [CHANNEL-BINDING] [TLS] lasgt call comments (… Pasi.Eronen
- Re: [CHANNEL-BINDING] [TLS] lasgt call comments (… Simon Josefsson
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Nicolas Williams
- Re: [CHANNEL-BINDING] [sasl] [TLS] lasgt call com… Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Jeffrey Hutzelman
- Re: [CHANNEL-BINDING] [sasl] [TLS] lasgt call com… Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Michael D'Errico
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Sam Hartman
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] lasgt call comments (… Simon Josefsson
- Re: [CHANNEL-BINDING] [TLS] lasgt call comments (… Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] RESOLVED (Re: [sasl] … Larry Zhu
- [CHANNEL-BINDING] New Problem (Was: Last Call: dr… Nicolas Williams
- Re: [CHANNEL-BINDING] [TLS] New Problem (Was: Las… Larry Zhu
- Re: [CHANNEL-BINDING] [TLS] New Problem (Was: Las… Nicolas Williams