Re: [Dance] client-id and client-auth WGLC summary
Shumon Huque <shuque@gmail.com> Mon, 10 July 2023 14:34 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B02FC151995 for <dance@ietfa.amsl.com>; Mon, 10 Jul 2023 07:34:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vBXDUeAozzxM for <dance@ietfa.amsl.com>; Mon, 10 Jul 2023 07:34:56 -0700 (PDT)
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE7C3C1524DC for <dance@ietf.org>; Mon, 10 Jul 2023 07:34:56 -0700 (PDT)
Received: by mail-io1-xd34.google.com with SMTP id ca18e2360f4ac-7869bcee569so147063139f.0 for <dance@ietf.org>; Mon, 10 Jul 2023 07:34:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688999696; x=1691591696; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=llxuMIBoHlR/ikh8vsQFU/Xi+hyUl6Gus4hxNX3IMo0=; b=D8j7ykcvnVX/r5EE1yHOvuubwD8D/vFjAdbVKaSeDvrIWlLMBufmONoYhCTufMVS6g JjW+7dsoy5X3PGq+E1RoFZQWss2j0+JcOx4pvWXl9WQQzRZkZDPp3PYY6WGihJynNG0h N0VSvx7ucRqUH1gowyf62GfaZlBuLtERRwn2c+QqG1yc1TaseN80neJKn5uHQQHEoPj8 LW76+1uYMtaLXJUCJ1VOV7sm2N00rE6kBAKU1U5at8duK7k6PttAEsScDtPNoH+WcI9u sFmKTqoXPVSAGsuQYvUsLJJoW6Pr6PrJL9NsA1s+pQFCgYUo10aPzSmP9VOhbGX28iTe Gv2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688999696; x=1691591696; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=llxuMIBoHlR/ikh8vsQFU/Xi+hyUl6Gus4hxNX3IMo0=; b=MP+c7diEVrG59Vp5ideU2TRzAELImMJN9m3KW3JmlRcDfvraCZLJ94ShJp+kKZj6zY pp6aESHuviODLuf+R7cNMTGxHoHIEAKJ31rgaAkZZpsC5evzgtfNI1/1p4GFBMdfpGjV /i1Dx84Kz0l3xvXyRitxblNWgv+IputWqdbi1ErFyPwfx+sMt8gCXXkMDhF3AK74nseY SPMKqXLi7+8yhEqfyQHv8byLsF9GIE8WiQkt4SvTMNzdMqI0nlc1B2gqG2uKcU0Ph1LU F9i4vR0dnxHkkysicUJA+/bsqZOfFXEPcrnlT/Al6XMw1Zx0D9znOFxAnHjSI1Agzx5o gP2g==
X-Gm-Message-State: ABy/qLb/LfXSv3BSjl0iPj8KwE07yvkguud847RPMv/yGB+S2q5nBlSp AoCXU4U21fo9czIdKN6ZdGqgKrj6kXcqBQvBPdE=
X-Google-Smtp-Source: APBJJlHxoj45xJYj4zwmit9Ddx0oOwEWy5YNyF+ZLazJSlhcfkQJI4n+q1HPYWaIP3TXk7jJz63U2laZX8xCjZxfzVw=
X-Received: by 2002:a5d:8894:0:b0:760:e308:107e with SMTP id d20-20020a5d8894000000b00760e308107emr12506368ioo.0.1688999696059; Mon, 10 Jul 2023 07:34:56 -0700 (PDT)
MIME-Version: 1.0
References: <CAEhLragxtY9vExBsHi=31GbNRzeXc8=tZznFK=MwJCc+xHEdKw@mail.gmail.com>
In-Reply-To: <CAEhLragxtY9vExBsHi=31GbNRzeXc8=tZznFK=MwJCc+xHEdKw@mail.gmail.com>
From: Shumon Huque <shuque@gmail.com>
Date: Mon, 10 Jul 2023 10:34:44 -0400
Message-ID: <CAHPuVdVWMFDJGinLniDmTMtxx2eqvFciWC=G38Xxy=F4AZ0NAg@mail.gmail.com>
To: Joey Salazar <joeygsal@gmail.com>
Cc: dance@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e8d1c4060022e2ea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/P-Ydl5X4ILT2emikDO2DpqcLxeE>
Subject: Re: [Dance] client-id and client-auth WGLC summary
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>, <mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>, <mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2023 14:34:59 -0000
On Wed, Mar 1, 2023 at 11:24 AM Joey Salazar <joeygsal@gmail.com> wrote: > Hello DANCErs, > > WGLC was held in November for the 2 extension documents; client-id [1] and client-auth [2]. > > Here's a summary of the feedback received. I've started preparing updated drafts to address the WGLC comments. However, some discussion needs to happen on some of the points, which I'll begin with this email. I won't be able to make the IETF117 draft cutoff deadline (today) obviously, but aim to have updated drafts ready to be released once the submission window opens again during IETF117 week on July 24th. > client-id: -------------- > The draft SHOULD say what RR content it expects Looking through email, it looks like this comment is from Robert Moskowitz, and I'm not sure I agree. The TLS DANE client identity extension only conveys the server and client's capability/intent to do DANE client authentication. Details of what type or format of DANE record to be employed seems to me to be an application specific detail better handled in other documents that define those characteristics of the application. The DANE client authentication draft could in theory constrain the format of the RR (e.g. only allowing say the DANE* usage modes, or a specific selector/matching type) but then again, that may unnecessarily inhibit certain applications that wanted to do something different. > Needs a check regarding the supported TLS version, the reference used for framing extensions (RFC6066 vs RFC8446) and for the architecture document This comment came from Michael Richardson. The specs support TLS 1.2 and 1.3 (and presumably future versions going forward). What specific check do you propose to be included? We reference 5246 for TLS 1.2 and 8446 for TLS 1.3. RFC 6066 is a companion document to 5246 that describes the currently (at that time) defined extensions in TLS 1.2. The general definition of extensions is in 5246 and 8446, so I don't think this draft needs to reference 6066. Yes, we should reference the DANCE architecture document. I'll queue up that change. > Request for clarity on the ClientName limit definition and the decode_error alert and a closedown of the connection when using empty dane_clientid extensions defined as <1..255> The limit question came from Michael Richardson I believe - and yes, and we can expand on why the "1..255" length was chosen. Technically, the 255 character limit is the limit on a "wire" format domain name (see RFC 1035, section 2.3.4), whereas in keeping with how TLS specifies hostnames, the extension uses textual presentation format domain names without the trailing dot. However, in practice these 2 lengths are close enough and most hostnames seen in the wild don't approach anywhere near that limit. The potential "decode_error alert" on using empty extension comment was from Rick van Rein, who says the definition of this in the draft does not account for an empty extension, and this will cause an error. However, reading the draft more closely, we clearly state this: "Its extension data (if not empty) has the following format: opaque ClientName<1..2^8-1>;" So, this definition is only for the extension data in a non-empty extension, which seems to correctly account for this. I'm not an expert in TLS presentation language syntax however - if there is a way to more cleanly define an extension with optional extension data, please suggest a modification here. > Request for consideration of the use case for mixed environments in terms of certificate_authorities We don't directly address this, but I suspect the typical methods employed in mixed mode environments would work here too. You would either separate endpoints (or URLs), and if the application on top of TLS needs to instruct clients of new authentication parameters, I suspect it would probably use re-negotiation (TLS 1.2) or post-handshake authentication (TLS 1.3). Rick - do you have any specific suggestions about how you think such environments would handle it? And even better, do you have any proposed text? > More stiff requirements suggested in order to improve interoperability and reduce code complexity Reading email archives, the strict mode suggestion was to say things like MUST supply the extension. We could. But I think we are again branching into application and environment specific requirements which are best specified in other documents - mixed mode environments, to refer to a previous comment, maybe one case where such mandating could cause problems. > client-auth: ------------------ > Request to add domain name example and text on the use of wildcards and DANE-TA Yes, we can add an example of a wildcard DANE-TA TLSA record. > Request to consider the potential need to encode the transport label I think this comes from Michael Richardson's comment that there may be situations in which the transport protocol may matter - and that presumably a client could need different credentials for each transport. I agree that could be the case. But as the doc already says, these are examples of client TLSA record names that could be generally useful, and not comprehensive or proscriptive. Individual application profiles of DANCE are free to specify those details and define their own specific formats. My immediate suggestion would be to remove the absolute like language from the draft ("There is no need to encode the transport label"). > Request for clarity on the security considerations from RFCs 6698 and 7671 Ok, I'll see if I can pick out specific security considerations pertinent to DANCE. > Request for clarity on the exception that allows for SHOULD when using X.509 certificate and a suggestion to change it to MUST The specific question from Michael is: "What is the exception that allows for SHOULD?" in relation to the following text: } Additionally, when using raw public key authentication, the client MUST } send the TLS DANE Client Identity extension [TLSCLIENTID] in its Client Hello } message. When using X.509 certificate authentication, it SHOULD send this } extension. The short answer is that with X.509 authentication the server can extract the client name from the certificate, whereas with raw public key, the client has to send its name in the DANE client identity extension, because there is nowhere else to get it from. Let me see if I can make the text clearer. We also need to clarify whether the SHOULD refers to sending the extension, or sending data in the extension. > Smaller wording suggestions and nits IRT DNSSEC validation, distinction between TLS and DTLS, [_service] and device notation, references for both RFCs and inactive drafts I'm not 100% sure what this paragraph is referring to, but am digging into past email list discussion. > Looking forward to the upcoming discussion about any of these points and updated drafts, I look forward to more discussion on these points, and we can then work on text. Viktor D - it would be helpful if you can review this too. Thanks, Shumon.
- [Dance] client-id and client-auth WGLC summary Joey Salazar
- Re: [Dance] client-id and client-auth WGLC summary Shumon Huque
- Re: [Dance] client-id and client-auth WGLC summary Shumon Huque
- Re: [Dance] client-id and client-auth WGLC summary Joey Salazar
- Re: [Dance] client-id and client-auth WGLC summary Michael Richardson