Re: [Dance] client-id and client-auth WGLC summary
Joey Salazar <joeygsal@gmail.com> Tue, 25 July 2023 23:30 UTC
Return-Path: <joeygsal@gmail.com>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0D5EC151AF7 for <dance@ietfa.amsl.com>; Tue, 25 Jul 2023 16:30:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nfbDMtM7dj3O for <dance@ietfa.amsl.com>; Tue, 25 Jul 2023 16:30:21 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D88ECC15170B for <dance@ietf.org>; Tue, 25 Jul 2023 16:30:16 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-52240b64407so2413403a12.0 for <dance@ietf.org>; Tue, 25 Jul 2023 16:30:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690327815; x=1690932615; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Exj7uKlE+e8HrmC94yGumiUWUbgOR6+PEuM9Numf7vU=; b=NghZolCAtwg/BkJK0Xl9jjzx2nN/2ALSTq5P8UkZ8PexYa3YaNX7UrdYm15hS2n969 zEVw5RDce7vKRNY88jM30uWEiQm2CQiOmRSqvXdInowbOd1WtLU+0/lOhBIAKzN0lHaF xK74MIlM4dhiPZQRjDdZ+NPuwE8l+5g6pH0AK1bHFWNz+/pTCBgA5SJFr2+68xuHJ5PM NnZj4of+utsHFIEGy0lq6F7uBPHjd+vyL21yBLRx5S8L/UQ5WMFd7cm/jd0MxF7p5OQL YCXYclolWb+hRYv4eaqW2yKKCiuE6RnVKPO9fD4mNZJpSs227YkzkfbN16RyU2gHFcSB WZbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690327815; x=1690932615; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Exj7uKlE+e8HrmC94yGumiUWUbgOR6+PEuM9Numf7vU=; b=bzUZ4AY5vWDv0XD+PxQ0l9jxhO3ooTlMh+G/wvaAaak7PGzi/LhUBRm2agzg5aVEpz 6vIjRx5sjAhnWviJ+SMNnvFqq4+bhwqSvKg5bpHbYQEpyKTh2jJvqySs/oUbL6KxYo7p CplimOqu80i7peFCFcnijpKFh1FOPVF3+d07z1m5BwmNnmd+AYOQodZHVH7j+h6OOBDA zeZIM5O0Kykt9BO5uhDFeYdXzMrU16Y6Zej/23TlRnBBr9Ag6FW+I3q59n/+CYKmvP9a rQezDw3J0+FatwOei2T5OAsRj/ahKJLf2uVQuglIFGYRElqVQKxxRTvwoO9Atw1lth08 npLw==
X-Gm-Message-State: ABy/qLYPG1pj/lwCxQ8mFb24au60VqhS3KZaGIc4PIXxFCzNj3rpQS9x ErsL773NLluFbzNGki0MAZ2S6zLpZrA1g2y8spxPUAownWRULQ==
X-Google-Smtp-Source: APBJJlEFaJFPueVcilAmYYReFo/D4PJdpkU4SyMXRbFDXWXr/I+oiFLBcScNeBSfqa/4WJ6oSQMc5JRIpjg0WIh64mM=
X-Received: by 2002:aa7:c706:0:b0:522:296f:9082 with SMTP id i6-20020aa7c706000000b00522296f9082mr219203edq.10.1690327814670; Tue, 25 Jul 2023 16:30:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAEhLragxtY9vExBsHi=31GbNRzeXc8=tZznFK=MwJCc+xHEdKw@mail.gmail.com> <CAHPuVdVWMFDJGinLniDmTMtxx2eqvFciWC=G38Xxy=F4AZ0NAg@mail.gmail.com>
In-Reply-To: <CAHPuVdVWMFDJGinLniDmTMtxx2eqvFciWC=G38Xxy=F4AZ0NAg@mail.gmail.com>
From: Joey Salazar <joeygsal@gmail.com>
Date: Tue, 25 Jul 2023 16:29:56 -0600
Message-ID: <CAEhLraiOAoetuUgiwE+nXdsf3x5awRPQHRxESHcMv4s708maHQ@mail.gmail.com>
To: Shumon Huque <shuque@gmail.com>
Cc: dance@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f28d9f0601581cab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/z_-rM606LtdSgWA2Mi8tmi18fk4>
Subject: Re: [Dance] client-id and client-auth WGLC summary
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>, <mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>, <mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2023 23:30:22 -0000
Thank you Shumon for the clarifications and follow up questions. Michael Richardson, Rick, Viktor D, and dance at large, we look forward to reading your thoughts on these! -- Joey On Mon, Jul 10, 2023 at 8:34 AM Shumon Huque <shuque@gmail.com> wrote: > On Wed, Mar 1, 2023 at 11:24 AM Joey Salazar <joeygsal@gmail.com> wrote: > > Hello DANCErs, > > > > WGLC was held in November for the 2 extension documents; client-id [1] > and client-auth [2]. > > > > Here's a summary of the feedback received. > > I've started preparing updated drafts to address the WGLC comments. > However, some discussion needs to happen on some of the points, which I'll > begin with this email. > > I won't be able to make the IETF117 draft cutoff deadline (today) > obviously, but aim to have updated drafts ready to be released once the > submission window opens again during IETF117 week on July 24th. > > > client-id: > -------------- > > > The draft SHOULD say what RR content it expects > > Looking through email, it looks like this comment is from Robert > Moskowitz, and I'm not sure I agree. The TLS DANE client identity extension > only conveys the server and client's capability/intent to do DANE client > authentication. Details of what type or format of DANE record to be > employed seems to me to be an application specific detail better handled in > other documents that define those characteristics of the application. The > DANE client authentication draft could in theory constrain the format of > the RR (e.g. only allowing say the DANE* usage modes, or a specific > selector/matching type) but then again, that may unnecessarily inhibit > certain applications that wanted to do something different. > > > Needs a check regarding the supported TLS version, the reference used > for framing extensions (RFC6066 vs RFC8446) and for the architecture > document > > This comment came from Michael Richardson. The specs support TLS 1.2 and > 1.3 (and presumably future versions going forward). What specific check do > you propose to be included? > > We reference 5246 for TLS 1.2 and 8446 for TLS 1.3. RFC 6066 is a > companion document to 5246 that describes the currently (at that time) > defined extensions in TLS 1.2. The general definition of extensions is in > 5246 and 8446, so I don't think this draft needs to reference 6066. > > Yes, we should reference the DANCE architecture document. I'll queue up > that change. > > > Request for clarity on the ClientName limit definition and the > decode_error alert and a closedown of the connection when using empty > dane_clientid extensions defined as <1..255> > > The limit question came from Michael Richardson I believe - and yes, and > we can expand on why the "1..255" length was chosen. Technically, the 255 > character limit is the limit on a "wire" format domain name (see RFC 1035, > section 2.3.4), whereas in keeping with how TLS specifies hostnames, the > extension uses textual presentation format domain names without the > trailing dot. However, in practice these 2 lengths are close enough and > most hostnames seen in the wild don't approach anywhere near that limit. > > The potential "decode_error alert" on using empty extension comment was > from Rick van Rein, who says the definition of this in the draft does not > account for an empty extension, and this will cause an error. However, > reading the draft more closely, we clearly state this: > > "Its extension data (if not empty) has the following format: > > opaque ClientName<1..2^8-1>;" > > So, this definition is only for the extension data in a non-empty > extension, which seems to correctly account for this. I'm not an expert in > TLS presentation language syntax however - if there is a way to more > cleanly define an extension with optional extension data, please suggest a > modification here. > > > Request for consideration of the use case for mixed environments in > terms of certificate_authorities > > We don't directly address this, but I suspect the typical methods employed > in mixed mode environments would work here too. You would either separate > endpoints (or URLs), and if the application on top of TLS needs to instruct > clients of new authentication parameters, I suspect it would probably use > re-negotiation (TLS 1.2) or post-handshake authentication (TLS 1.3). Rick - > do you have any specific suggestions about how you think such environments > would handle it? And even better, do you have any proposed text? > > > More stiff requirements suggested in order to improve interoperability > and reduce code complexity > > Reading email archives, the strict mode suggestion was to say things like > MUST supply the extension. We could. But I think we are again branching > into application and environment specific requirements which are best > specified in other documents - mixed mode environments, to refer to a > previous comment, maybe one case where such mandating could cause problems. > > > > client-auth: > ------------------ > > > Request to add domain name example and text on the use of wildcards and > DANE-TA > > Yes, we can add an example of a wildcard DANE-TA TLSA record. > > > Request to consider the potential need to encode the transport label > > I think this comes from Michael Richardson's comment that there may be > situations in which the transport protocol may matter - and that presumably > a client could need different credentials for each transport. I agree that > could be the case. But as the doc already says, these are examples of > client TLSA record names that could be generally useful, and not > comprehensive or proscriptive. Individual application profiles of DANCE are > free to specify those details and define their own specific formats. My > immediate suggestion would be to remove the absolute like language from the > draft ("There is no need to encode the transport label"). > > > Request for clarity on the security considerations from RFCs 6698 and > 7671 > > Ok, I'll see if I can pick out specific security considerations pertinent > to DANCE. > > > Request for clarity on the exception that allows for SHOULD when using > X.509 certificate and a suggestion to change it to MUST > > The specific question from Michael is: "What is the exception that allows > for SHOULD?" in relation to the following text: > > } Additionally, when using raw public key authentication, the client MUST > } send the TLS DANE Client Identity extension [TLSCLIENTID] in its Client > Hello > } message. When using X.509 certificate authentication, it SHOULD send this > } extension. > > The short answer is that with X.509 authentication the server can extract > the client name from the certificate, whereas with raw public key, the > client has to send its name in the DANE client identity extension, because > there is nowhere else to get it from. Let me see if I can make the text > clearer. We also need to clarify whether the SHOULD refers to sending the > extension, or sending data in the extension. > > > Smaller wording suggestions and nits IRT DNSSEC validation, distinction > between TLS and DTLS, [_service] and device notation, references for both > RFCs and inactive drafts > > I'm not 100% sure what this paragraph is referring to, but am digging into > past email list discussion. > > > Looking forward to the upcoming discussion about any of these points and > updated drafts, > > I look forward to more discussion on these points, and we can then work on > text. > > Viktor D - it would be helpful if you can review this too. > > Thanks, > Shumon. > >
- [Dance] client-id and client-auth WGLC summary Joey Salazar
- Re: [Dance] client-id and client-auth WGLC summary Shumon Huque
- Re: [Dance] client-id and client-auth WGLC summary Shumon Huque
- Re: [Dance] client-id and client-auth WGLC summary Joey Salazar
- Re: [Dance] client-id and client-auth WGLC summary Michael Richardson