IETF Logo Mail Archive

Re: [Dance] client-id and client-auth WGLC summary

Joey Salazar <joeygsal@gmail.com> Tue, 25 July 2023 23:30 UTC

Return-Path: <joeygsal@gmail.com>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0D5EC151AF7 for <dance@ietfa.amsl.com>; Tue, 25 Jul 2023 16:30:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nfbDMtM7dj3O for <dance@ietfa.amsl.com>; Tue, 25 Jul 2023 16:30:21 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D88ECC15170B for <dance@ietf.org>; Tue, 25 Jul 2023 16:30:16 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-52240b64407so2413403a12.0 for <dance@ietf.org>; Tue, 25 Jul 2023 16:30:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690327815; x=1690932615; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Exj7uKlE+e8HrmC94yGumiUWUbgOR6+PEuM9Numf7vU=; b=NghZolCAtwg/BkJK0Xl9jjzx2nN/2ALSTq5P8UkZ8PexYa3YaNX7UrdYm15hS2n969 zEVw5RDce7vKRNY88jM30uWEiQm2CQiOmRSqvXdInowbOd1WtLU+0/lOhBIAKzN0lHaF xK74MIlM4dhiPZQRjDdZ+NPuwE8l+5g6pH0AK1bHFWNz+/pTCBgA5SJFr2+68xuHJ5PM NnZj4of+utsHFIEGy0lq6F7uBPHjd+vyL21yBLRx5S8L/UQ5WMFd7cm/jd0MxF7p5OQL YCXYclolWb+hRYv4eaqW2yKKCiuE6RnVKPO9fD4mNZJpSs227YkzkfbN16RyU2gHFcSB WZbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690327815; x=1690932615; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Exj7uKlE+e8HrmC94yGumiUWUbgOR6+PEuM9Numf7vU=; b=bzUZ4AY5vWDv0XD+PxQ0l9jxhO3ooTlMh+G/wvaAaak7PGzi/LhUBRm2agzg5aVEpz 6vIjRx5sjAhnWviJ+SMNnvFqq4+bhwqSvKg5bpHbYQEpyKTh2jJvqySs/oUbL6KxYo7p CplimOqu80i7peFCFcnijpKFh1FOPVF3+d07z1m5BwmNnmd+AYOQodZHVH7j+h6OOBDA zeZIM5O0Kykt9BO5uhDFeYdXzMrU16Y6Zej/23TlRnBBr9Ag6FW+I3q59n/+CYKmvP9a rQezDw3J0+FatwOei2T5OAsRj/ahKJLf2uVQuglIFGYRElqVQKxxRTvwoO9Atw1lth08 npLw==
X-Gm-Message-State: ABy/qLYPG1pj/lwCxQ8mFb24au60VqhS3KZaGIc4PIXxFCzNj3rpQS9x ErsL773NLluFbzNGki0MAZ2S6zLpZrA1g2y8spxPUAownWRULQ==
X-Google-Smtp-Source: APBJJlEFaJFPueVcilAmYYReFo/D4PJdpkU4SyMXRbFDXWXr/I+oiFLBcScNeBSfqa/4WJ6oSQMc5JRIpjg0WIh64mM=
X-Received: by 2002:aa7:c706:0:b0:522:296f:9082 with SMTP id i6-20020aa7c706000000b00522296f9082mr219203edq.10.1690327814670; Tue, 25 Jul 2023 16:30:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAEhLragxtY9vExBsHi=31GbNRzeXc8=tZznFK=MwJCc+xHEdKw@mail.gmail.com> <CAHPuVdVWMFDJGinLniDmTMtxx2eqvFciWC=G38Xxy=F4AZ0NAg@mail.gmail.com>
In-Reply-To: <CAHPuVdVWMFDJGinLniDmTMtxx2eqvFciWC=G38Xxy=F4AZ0NAg@mail.gmail.com>
From: Joey Salazar <joeygsal@gmail.com>
Date: Tue, 25 Jul 2023 16:29:56 -0600
Message-ID: <CAEhLraiOAoetuUgiwE+nXdsf3x5awRPQHRxESHcMv4s708maHQ@mail.gmail.com>
To: Shumon Huque <shuque@gmail.com>
Cc: dance@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f28d9f0601581cab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/z_-rM606LtdSgWA2Mi8tmi18fk4>
Subject: Re: [Dance] client-id and client-auth WGLC summary
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>, <mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>, <mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2023 23:30:22 -0000

Thank you Shumon for the clarifications and follow up questions.

Michael Richardson, Rick, Viktor D, and dance at large, we look forward to
reading your thoughts on these!

--
Joey

On Mon, Jul 10, 2023 at 8:34 AM Shumon Huque <shuque@gmail.com> wrote:

> On Wed, Mar 1, 2023 at 11:24 AM Joey Salazar <joeygsal@gmail.com> wrote:
> > Hello DANCErs,
> >
> > WGLC was held in November for the 2 extension documents; client-id [1]
> and client-auth [2].
> >
> > Here's a summary of the feedback received.
>
> I've started preparing updated drafts to address the WGLC comments.
> However, some discussion needs to happen on some of the points, which I'll
> begin with this email.
>
> I won't be able to make the IETF117 draft cutoff deadline (today)
> obviously, but aim to have updated drafts ready to be released once the
> submission window opens again during IETF117 week on July 24th.
>
> > client-id:
> --------------
>
> > The draft SHOULD say what RR content it expects
>
> Looking through email, it looks like this comment is from Robert
> Moskowitz, and I'm not sure I agree. The TLS DANE client identity extension
> only conveys the server and client's capability/intent to do DANE client
> authentication. Details of what type or format of DANE record to be
> employed seems to me to be an application specific detail better handled in
> other documents that define those characteristics of the application. The
> DANE client authentication draft could in theory constrain the format of
> the RR (e.g. only allowing say the DANE* usage modes, or a specific
> selector/matching type) but then again, that may unnecessarily inhibit
> certain applications that wanted to do something different.
>
> > Needs a check regarding the supported TLS version, the reference used
> for framing extensions (RFC6066 vs RFC8446) and for the architecture
> document
>
> This comment came from Michael Richardson. The specs support TLS 1.2 and
> 1.3 (and presumably future versions going forward). What specific check do
> you propose to be included?
>
> We reference 5246 for TLS 1.2 and 8446 for TLS 1.3. RFC 6066 is a
> companion document to 5246 that describes the currently (at that time)
> defined extensions in TLS 1.2. The general definition of extensions is in
> 5246 and 8446, so I don't think this draft needs to reference 6066.
>
> Yes, we should reference the DANCE architecture document. I'll queue up
> that change.
>
> > Request for clarity on the ClientName limit definition and the
> decode_error alert and a closedown of the connection when using empty
> dane_clientid extensions defined as <1..255>
>
> The limit question came from Michael Richardson I believe - and yes, and
> we can expand on why the "1..255" length was chosen. Technically, the 255
> character limit is the limit on a "wire" format domain name (see RFC 1035,
> section 2.3.4), whereas in keeping with how TLS specifies hostnames, the
> extension uses textual presentation format domain names without the
> trailing dot. However, in practice these 2 lengths are close enough and
> most hostnames seen in the wild don't approach anywhere near that limit.
>
> The potential "decode_error alert" on using empty extension comment was
> from Rick van Rein, who says the definition of this in the draft does not
> account for an empty extension, and this will cause an error. However,
> reading the draft more closely, we clearly state this:
>
>     "Its extension data (if not empty) has the following format:
>
>        opaque ClientName<1..2^8-1>;"
>
> So, this definition is only for the extension data in a non-empty
> extension, which seems to correctly account for this. I'm not an expert in
> TLS presentation language syntax however - if there is a way to more
> cleanly define an extension with optional extension data, please suggest a
> modification here.
>
> > Request for consideration of the use case for mixed environments in
> terms of certificate_authorities
>
> We don't directly address this, but I suspect the typical methods employed
> in mixed mode environments would work here too. You would either separate
> endpoints (or URLs), and if the application on top of TLS needs to instruct
> clients of new authentication parameters, I suspect it would probably use
> re-negotiation (TLS 1.2) or post-handshake authentication (TLS 1.3). Rick -
> do you have any specific suggestions about how you think such environments
> would handle it? And even better, do you have any proposed text?
>
> > More stiff requirements suggested in order to improve interoperability
> and reduce code complexity
>
> Reading email archives, the strict mode suggestion was to say things like
> MUST supply the extension. We could. But I think we are again branching
> into application and environment specific requirements which are best
> specified in other documents - mixed mode environments, to refer to a
> previous comment, maybe one case where such mandating could cause problems.
>
>
> > client-auth:
> ------------------
>
> > Request to add domain name example and text on the use of wildcards and
> DANE-TA
>
> Yes, we can add an example of a wildcard DANE-TA TLSA record.
>
> > Request to consider the potential need to encode the transport label
>
> I think this comes from Michael Richardson's comment that there may be
> situations in which the transport protocol may matter - and that presumably
> a client could need different credentials for each transport. I agree that
> could be the case. But as the doc already says, these are examples of
> client TLSA record names that could be generally useful, and not
> comprehensive or proscriptive. Individual application profiles of DANCE are
> free to specify those details and define their own specific formats. My
> immediate suggestion would be to remove the absolute like language from the
> draft ("There is no need to encode the transport label").
>
> > Request for clarity on the security considerations from RFCs 6698 and
> 7671
>
> Ok, I'll see if I can pick out specific security considerations pertinent
> to DANCE.
>
> > Request for clarity on the exception that allows for SHOULD when using
> X.509 certificate and a suggestion to change it to MUST
>
> The specific question from Michael is: "What is the exception that allows
> for SHOULD?" in relation to the following text:
>
> } Additionally, when using raw public key authentication, the client MUST
> } send the TLS DANE Client Identity extension [TLSCLIENTID] in its Client
> Hello
> } message. When using X.509 certificate authentication, it SHOULD send this
> } extension.
>
> The short answer is that with X.509 authentication the server can extract
> the client name from the certificate, whereas with raw public key, the
> client has to send its name in the DANE client identity extension, because
> there is nowhere else to get it from. Let me see if I can make the text
> clearer. We also need to clarify whether the SHOULD refers to sending the
> extension, or sending data in the extension.
>
> > Smaller wording suggestions and nits IRT DNSSEC validation, distinction
> between TLS and DTLS, [_service] and device notation, references for both
> RFCs and inactive drafts
>
> I'm not 100% sure what this paragraph is referring to, but am digging into
> past email list discussion.
>
> > Looking forward to the upcoming discussion about any of these points and
> updated drafts,
>
> I look forward to more discussion on these points, and we can then work on
> text.
>
> Viktor D - it would be helpful if you can review this too.
>
> Thanks,
> Shumon.
>
>

v2.23.0 | Report a Bug | By Email