Re: [CHANNEL-BINDING] TLS endpoint channel bindings in SCRAM
Nicolas Williams <Nicolas.Williams@sun.com> Fri, 03 April 2009 16:59 UTC
Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: channel-binding@core3.amsl.com
Delivered-To: channel-binding@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC3B33A6954 for <channel-binding@core3.amsl.com>; Fri, 3 Apr 2009 09:59:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.799
X-Spam-Level:
X-Spam-Status: No, score=-5.799 tagged_above=-999 required=5 tests=[AWL=0.247, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J1NlMxE8oMFq for <channel-binding@core3.amsl.com>; Fri, 3 Apr 2009 09:59:59 -0700 (PDT)
Received: from sca-ea-mail-2.sun.com (sca-ea-mail-2.Sun.COM [192.18.43.25]) by core3.amsl.com (Postfix) with ESMTP id B58E13A694E for <channel-binding@ietf.org>; Fri, 3 Apr 2009 09:59:58 -0700 (PDT)
Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id n33H11NS002477 for <channel-binding@ietf.org>; Fri, 3 Apr 2009 17:01:01 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n33H10Wu030768 for <channel-binding@ietf.org>; Fri, 3 Apr 2009 11:01:01 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n33GiBoj002950; Fri, 3 Apr 2009 11:44:11 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n33GiBRf002949; Fri, 3 Apr 2009 11:44:11 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Fri, 03 Apr 2009 11:44:11 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Dave Cridland <dave@cridland.net>
Message-ID: <20090403164411.GB1500@Sun.COM>
References: <20090403152535.GY1500@Sun.COM> <15429.1238776301.804018@puncture>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <15429.1238776301.804018@puncture>
User-Agent: Mutt/1.5.7i
Cc: Mark Novak <Mark.Novak@microsoft.com>, channel-binding@ietf.org, Stefan Santesson <stefans@microsoft.com>, Larry Zhu <lzhu@windows.microsoft.com>, ietf-sasl@imc.org, Paul Leach <paulle@windows.microsoft.com>, Kevin Damour <kdamour@microsoft.com>, Jeffrey Altman <jaltman@secure-endpoints.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [CHANNEL-BINDING] TLS endpoint channel bindings in SCRAM
X-BeenThere: channel-binding@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of channel binding IANA registry requests and specifications <channel-binding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/channel-binding>
List-Post: <mailto:channel-binding@ietf.org>
List-Help: <mailto:channel-binding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/channel-binding>, <mailto:channel-binding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2009 16:59:59 -0000
On Fri, Apr 03, 2009 at 05:31:41PM +0100, Dave Cridland wrote: > On Fri Apr 3 16:25:36 2009, Nicolas Williams wrote: > > I > >don't know though. Can you comment on Pasi's comments? Are there > >any > >commonly used TLS implementations that encode the server cert > >differently on the wire than in their APIs for getting at the server > >cert? > > I have no idea at all, I'm sorry to say. It makes sense to me that > X.509 certs, at least, would always be encoded in DER, since that's > the form in which they're signed. Between this and my other comment I'm willing to close this as a non-issue. > That then reduces the problem of the existing channel binding to > being figuring out which hash to use, and I strongly suspect that > just using SHA-256 is sufficient for now. (it's unfortunate this is > different to the hash algorithm we seem to have settled on for SCRAM, > but it's far from a blocker, merely a mild inconvenience). Right, we chose SHA-256 for tls-server-end-point because it should future proof us for long enough that people will be able to implement a cert->hash API as described in tls-server-end-point. I think that's fine. We couldn't use SHA-1 because we're not using HMAC here, so there's no mitigation against SHA-1 breaks. SHA-256 implementations, including open source ones in various licenses, exist. So I'm going to consider this a non-issue also. Nico --
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Nicolas Williams
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Simon Josefsson
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Dave Cridland
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Pasi.Eronen
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Nicolas Williams
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Nicolas Williams
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Dave Cridland
- Re: [CHANNEL-BINDING] TLS endpoint channel bindin… Nicolas Williams