Re: [CHANNEL-BINDING] TLS endpoint channel bindings in SCRAM
Simon Josefsson <simon@josefsson.org> Thu, 02 April 2009 08:26 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: channel-binding@core3.amsl.com
Delivered-To: channel-binding@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82C5D3A68A7 for <channel-binding@core3.amsl.com>; Thu, 2 Apr 2009 01:26:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.469
X-Spam-Level:
X-Spam-Status: No, score=-2.469 tagged_above=-999 required=5 tests=[AWL=0.130, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O82gYfk-iSHK for <channel-binding@core3.amsl.com>; Thu, 2 Apr 2009 01:26:33 -0700 (PDT)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id 953993A6872 for <channel-binding@ietf.org>; Thu, 2 Apr 2009 01:26:32 -0700 (PDT)
Received: from c80-216-29-127.bredband.comhem.se ([80.216.29.127] helo=mocca.josefsson.org) by yxa-v.extundo.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.69) (envelope-from <simon@josefsson.org>) id 1LpIGe-00042U-84; Thu, 02 Apr 2009 10:27:20 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Nicolas Williams <Nicolas.Williams@sun.com>
References: <5690.1237934257.266964@peirce.dave.cridland.net> <20090401225220.GA1500@Sun.COM>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:090402:ietf-sasl@imc.org::eTJ1T256XNHSrQUA:2HAR
X-Hashcash: 1:22:090402:stefans@microsoft.com::H7J3RubcGK0IhSaa:H18
X-Hashcash: 1:22:090402:lzhu@windows.microsoft.com::3o1i4ht2Tj48+D49:33n4
X-Hashcash: 1:22:090402:channel-binding@ietf.org::1aosdI0tDFj8A6yo:4Qxf
X-Hashcash: 1:22:090402:nicolas.williams@sun.com::K0dfax7O4ExmC9FW:510D
X-Hashcash: 1:22:090402:hartmans-ietf@mit.edu::WFPg2QGFWLn50kbP:EX37
X-Hashcash: 1:22:090402:mark.novak@microsoft.com::iXqNGcKJoQx9xppR:GTrX
X-Hashcash: 1:22:090402:dave@cridland.net::hr/q+nc/nYxr/BmC:WLk4
X-Hashcash: 1:22:090402:paulle@windows.microsoft.com::D9+T5KBa2jYtpUw3:V8w0
X-Hashcash: 1:22:090402:kdamour@microsoft.com::12iVMA0My1xh9Gf9:ch1C
X-Hashcash: 1:22:090402:jaltman@secure-endpoints.com::+Pr6TrIz7JQECDJ6:sqnU
Date: Thu, 02 Apr 2009 10:27:18 +0200
In-Reply-To: <20090401225220.GA1500@Sun.COM> (Nicolas Williams's message of "Wed, 1 Apr 2009 17:52:20 -0500")
Message-ID: <87ljqjsbo9.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.90 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: Larry Zhu <lzhu@windows.microsoft.com>, channel-binding@ietf.org, Stefan Santesson <stefans@microsoft.com>, Mark Novak <Mark.Novak@microsoft.com>, ietf-sasl@imc.org, Dave Cridland <dave@cridland.net>, Paul Leach <paulle@windows.microsoft.com>, Kevin Damour <kdamour@microsoft.com>, Jeffrey Altman <jaltman@secure-endpoints.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [CHANNEL-BINDING] TLS endpoint channel bindings in SCRAM
X-BeenThere: channel-binding@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of channel binding IANA registry requests and specifications <channel-binding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/channel-binding>
List-Post: <mailto:channel-binding@ietf.org>
List-Help: <mailto:channel-binding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2009 08:26:34 -0000
Nicolas Williams <Nicolas.Williams@sun.com> writes: >> Finally, I'd propose that SCRAM mandates support for the >> 'tls-x509-end-point' channel binding for the applicable cases as a >> reasonable fallback when support for the more flexible and >> future-proof tls-server-end-point binding is not available. >> >> Now I'll wait to get shot down in flames. :-) > > No flames. I think we could do a channel binding type just for SCRAM > (we did one just for TELNET, after all). But I think I'd want "DER" in > the name, that and the hash function name too. I don't think that will work -- TLS isn't just X.509. TLS supports OpenPGP server certs. Generally, TLS can support other forms of server authentication too. I don't want to see SCRAM require use of X.509 server certificates if we can avoid it. It seems simple to avoid that here: just request the necessary features from TLS stacks. If we don't do that now, we likely won't do it next time we need a channel binding for some application protocol, and then TLS interfaces will never have this feature. Nico volunteered to help with this for OpenSSL, and I can volunteer to do it for GnuTLS. We knew from the start that channel bindings would require changes to TLS stacks. The major native C libraries have already been adapted, I believe, so what remains are any language bindings. That seems like Just A Simple Matter Of Programming. The alternative is to make channel binding type negotiable, something I recall discussing at lengths earlier. Nothing came out of that, so RFC 5056 does not support any negotiation. I'm not sure how well it would work to add that feature for SCRAM? But it could be explored. /Simon
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Nicolas Williams
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Simon Josefsson
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Dave Cridland
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Pasi.Eronen
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Nicolas Williams
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Nicolas Williams
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Dave Cridland
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Nicolas Williams