[Dance] Re: Last Call: <draft-ietf-dance-client-auth-09.txt> (TLS Client Authentication via DANE TLSA records) to Proposed Standard
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Tue, 16 December 2025 22:46 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: dance@mail2.ietf.org
Delivered-To: dance@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1BAED9B84EBC; Tue, 16 Dec 2025 14:46:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S2XoY1FbLA5T; Tue, 16 Dec 2025 14:46:16 -0800 (PST)
Received: from mailout7.zih.tu-dresden.de (mailout7.zih.tu-dresden.de [141.76.32.220]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 20E1D9B84EAE; Tue, 16 Dec 2025 14:46:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:CC:References:To :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=P+t8N2qm45dPIdaLpF4c3WUHO9OVtz2cb9i7cgbuLIE=; b=SzT4nw7DQz4HX1unmtVHBm1tpI EHuppBIGmEQGIALEckW5TVuG8TLOAdxyF9wNBI3NqhVPgVhmA6VI8nbzbL0NEzoyyRhQ9HXUCgcAt EuVxGwGjPmOALZsSoRat8f8xybRyopE4saRERQhyHiHOaeps61xwJRbn22vCwGHr4fTq3x8XhVX/u WZ86F4Fy2yC74lvqO7sqm6QsbUG4WH3Sl3vlOOVXWiV01FSX9/N7BEttBe/1FxToHuZL3+7780oZM IOtvUJ6lSx0kQfRTJ8LTa2FgECbseH9h8uL+mDYAAh/M30AxRHRz9iCBZiF80NuXgJY7f3WsTwnUU cI5Rmohg==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout7.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vVdo3-000WHi-0Q; Tue, 16 Dec 2025 23:46:15 +0100
Received: from [10.12.5.228] (141.76.13.165) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.35; Tue, 16 Dec 2025 23:45:44 +0100
Message-ID: <eca40529-6d93-42c3-91ea-c6a5f89acfdf@tu-dresden.de>
Date: Tue, 16 Dec 2025 23:45:43 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Last Call <last-call@ietf.org>, dance-chairs@ietf.org, dance@ietf.org, draft-ietf-dance-client-auth@ietf.org, Michael Richardson <mcr+ietf@sandelman.ca>, Paul Wouters <paul.wouters@aiven.io>
References: <176529902699.1146491.1360588667931244217@dt-datatracker-5bd94c585b-wk4l4> <CABcZeBOCNZf-mYJ2DM1YTnUAYpvtyc5Ba2qQ6aOmsYhS1y5fvA@mail.gmail.com> <CABcZeBPTFka1yri1VZPP+JoV7WrvsFzX9zCSaZpSYd8teM-5wA@mail.gmail.com>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <CABcZeBPTFka1yri1VZPP+JoV7WrvsFzX9zCSaZpSYd8teM-5wA@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms000002020106090302030109"
X-ClientProxiedBy: MSX-L415.msx.ad.zih.tu-dresden.de (172.26.34.135) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout7.zih.tu-dresden.de
Message-ID-Hash: ANBWB4GOCYOT3H7QZJAXHPPAKRTA6ZCA
X-Message-ID-Hash: ANBWB4GOCYOT3H7QZJAXHPPAKRTA6ZCA
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Eric Rescorla <ekr@rtfm.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Dance] Re: Last Call: <draft-ietf-dance-client-auth-09.txt> (TLS Client Authentication via DANE TLSA records) to Proposed Standard
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/GIPVxwb4SnnN4I4K-xY0QLK0EzQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Owner: <mailto:dance-owner@ietf.org>
List-Post: <mailto:dance@ietf.org>
List-Subscribe: <mailto:dance-join@ietf.org>
List-Unsubscribe: <mailto:dance-leave@ietf.org>
On 16.12.25 20:55, Eric Rescorla wrote: > I apologize for catching these so late, but it does not > appear that these documents were sent to TLS-WG prior to being sent to > IETF LC, so this is the first time I am reviewing these. I also think it was not sent to TLS WG. At least, I haven't seen it before. > # Cross-Protocol Attacks > > S 2.1 of client-auth contemplates that the client might have multiple > identities > corresponding to different applications. If these services have the > same public key, it appears that an attacker could mount a > cross-protocol attack there traffic is redirected from one service to > another. > > Arguably, this attack already exists if the server uses the same > identity for both protocols, but it seems possible that there might be > a setting in which this was inferred solely from something like the > client IP address. In any case, it seems like it would be better for > the service identifier to be included in the transcript. I strongly suggest this should be resolved before proceeding with next steps on this draft. A couple of my collaborators have worked on related formal analysis (ProVerif code [0] and paper [1]). I recommend draft authors to reach out to them to ask if they can possibly extend their analysis to get a confirmation on this. Moreover, I am not sure why the security considerations section is talking mostly about privacy. I believe privacy parts should be in a separate privacy considerations section. -Usama [0] https://github.com/moustafamariam/tls-rpk [1] https://link.springer.com/chapter/10.1007/978-3-031-79007-2_4
- [Dance] Last Call: <draft-ietf-dance-client-auth-… The IESG
- [Dance] Re: Last Call: <draft-ietf-dance-client-a… Eric Rescorla
- [Dance] Re: Last Call: <draft-ietf-dance-client-a… Muhammad Usama Sardar
- [Dance] Re: Last Call: <draft-ietf-dance-client-a… Shumon Huque
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Salz, Rich
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Shumon Huque
- [Dance] Re: Last Call: <draft-ietf-dance-client-a… Eric Rescorla
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Eric Rescorla
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Muhammad Usama Sardar
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Paul Wouters
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Salz, Rich
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Eric Rescorla
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Paul Wouters
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Eric Rescorla
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Muhammad Usama Sardar
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Muhammad Usama Sardar
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Shumon Huque
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Eric Rescorla
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Muhammad Usama Sardar
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Eric Rescorla
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Paul Wouters
- [Dance] Re: [Last-Call] Re: [TLS] Re: Last Call: … Salz, Rich
- [Dance] Re: [TLS] Re: Last Call: <draft-ietf-danc… Paul Wouters