IETF Logo Mail Archive

Re: [Emu] New Version Notification for draft-janfred-eap-fido-02.txt

Jan-Frederik Rieckers <rieckers@uni-bremen.de> Sun, 03 March 2024 12:57 UTC

Return-Path: <rieckers@uni-bremen.de>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B2A6C15153F for <emu@ietfa.amsl.com>; Sun, 3 Mar 2024 04:57:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uni-bremen.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhf-ugLLvOix for <emu@ietfa.amsl.com>; Sun, 3 Mar 2024 04:57:13 -0800 (PST)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 813B5C151538 for <emu@ietf.org>; Sun, 3 Mar 2024 04:57:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uni-bremen.de; s=2019; t=1709470627; bh=GLXDZEK169M7oFbTDvnjiCSTBd+L9Wp/J3HSFhWTO+k=; h=Date:Subject:To:References:From:In-Reply-To; b=KKQYAkSNb8GgGW1GQcPkT1CTLLfR8avv1x0Hwtx4Ewb4dug7eDx7DWjg93vXYzrfe 5JWHvpzCyrHG4lf6vaXVIdymvX5d+GNBdMTr4kvHh6N97HDCd1eb1Fx/EW1+uWQGee TvJua5KxQYaMmZbcIGV13w7cWjfwwMRschYH7QntkkfCyIIGF1mP7RTISiLYaxgiQ+ yftFezfTI9TcPH9QLsJY/PDMn4a28fkYqYxje1gNAGtz/SDEA0CJVFJx+iMTKjzOWg DC0pIcj/7rxWRBBcjpaytZ85vTPFFF9C8tvP2nJIxPkEKXy3H0g1qEk2LrJcklb0iY P02ZlUuO40rlg==
Received: from [IPV6:2a02:8106:57:952a:1c8e:df6a:b2a4:7ff9] (unknown [IPv6:2a02:8106:57:952a:1c8e:df6a:b2a4:7ff9]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4Tnhg73v57zDCc4 for <emu@ietf.org>; Sun, 3 Mar 2024 13:57:07 +0100 (CET)
Message-ID: <523cd040-7485-4968-8367-4a6c274a284c@uni-bremen.de>
Date: Sun, 03 Mar 2024 13:57:06 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: emu@ietf.org
References: <170932527085.22824.18343512124707075119@ietfa.amsl.com> <66bca1b2-4b2d-429d-8f85-5c76d29005ad@dfn.de> <c2951f3d-bcc7-4b90-bcdd-077a506dd464@app.fastmail.com>
From: Jan-Frederik Rieckers <rieckers@uni-bremen.de>
Autocrypt: addr=rieckers@uni-bremen.de; keydata= xsFNBFq1GKUBEADElkCtqFTHRdFWsYiTNtY5XdlUknbEQI8tNOZtuHdaABg68B0FGVAlUn1e F1/jIU9tke2fBB+7ndmxJpr8IOFzPxDRcnkS3Hltw9MQcR18Art/69Xr/myCtTu50wlMzM8D bM6TMwd1u1c4BxVb0rsOm8AQ+ksVa1HMq6w01GubNH3L3SEgOPM+dYfb20IVgCKMXOsLURc+ juGzofU4K3QLK5SkvS40DSyVx3lJhRl+mz9DlMtXzKJbG47eshoHeKhCDfacFo37kGUQ64sD NgYJlEczcUdq4xC9bujPHrHyoHbrDK6PHg31RA3U7p4esujtSmRV8wGhn/orYgjOQ4U5rpBh Tl+VFVxscahaJELongxnpEn5E/tJbSYLZywPx2/Jumaw8CTeVK4TSff00f3nKP8Kig6bPn1T rLkDR/WOylSEIQmBbXaZs/Fqo/KTdtGGcEIuUQ3D4QZSBYNEjDjDVNZ4TK9JmYhbRHUBwXzE w4yvAiEdyVePUTVv9qlZx3JG5JeAzAUXJ3hJPbcmmJ9LdESCToTfQRjGRmGHUgzH19R4Di5l ONv8kYCu8svdiS9SRs01rNzDqSn80ri4HfCugpCm/h7UBFbZ/UsZ+VaLGOwI2eU2vCESadm2 NQyw/xTs2TfDR/6C0iSaS+85d7sxbJLqzXP8xO0JBoH2TtmXvQARAQABzS5KYW4tRnJlZGVy aWsgUmllY2tlcnMgPHJpZWNrZXJzQHVuaS1icmVtZW4uZGU+wsGXBBMBCABBAhsDBQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEO9n8U/6Yuq3qYHN1UHR7NOiKGm0FAmVbGZ0FCQwJ 9fgACgkQUHR7NOiKGm155A/+Jt6EdDQ7LHbOy9WFzm/yqjmaLtMrRyCBbKgebISWlC4Nvz0k mm1E/g6+GqH4JAT/5T9cmTH9fscXmVUToBFGc5prho1vXxJ7TiAZy9no8nnWcAFmSMr4H+gX RdCiJftPEyEkjycV9sQDnWnJnwEBQsVsYTdWxu4+PKMcimasUiAShrNiQB2k9knDqmRCJ2xk TpQy+BEsELd/dwFWl/tRA+iYNZ6t3QQ3kloSNoDZjshZSUNBi5EXpMKrY+5u8m/QGIz7IBTr HDu2bWUvkf4oSaB1JEA8vPfFmnl1Mk7/p1OLa+BmeFaOaXMiZPWO+wHRdx5865IH7p0XOMwN H5pWgM53I/5nVQ3Xf2z8+W1F0uxONRDF+8AY+x2mnMOpBTu6d8yRZVBTOUQef1mpIudMf1w5 aQTjhcVHqmnF0OX5NFZY0xlt7WUZbZWR3xrkQ/YAujmvicEFNrYC8fI/5KAGtWa25jgTG6Eg AiaRO8ErX5HddRvV0cNYrR79drXEuMP70rANmdQnhJuD6bYuqzLJwNB7yRyPqAKzNYEekOGf DuUgaUj+vry/hfqQzI5Kue1xQ/UQRVW0yuP1lbRiHJtn5EDySbsyOZhNWXyrId9ANToLCkzh GwwgFfCiJ/l+w19WD0QIkhGIlRcEb8bacHvF2X397+vvt5QKGW9AXnVA99LOwU0EWrUYpQEQ ALaPdFbeL4O5vaixjMcxGNKqvNwnB4B6RarB07gtYYNgond+h/HVgP6rkKz846LsZkeFhVJg jlsLF0jmKj/uAuUi9IytB+woc4i0BwSbytByMItzh5a2ZgBv6b7WXcaWi3jQJYRWHtHOffLz t4++bbegutUb9PwF8RBfgNUTGfYRX1ERnIMzxkqnSctLDkRVqsHeKEl+XWyXPLdCAfaXq5D8 5i7Yg8vFw+SmMEifrsPNt6bkvW6kXp4//6G8TPk93GBGdpnhJJiSKRU+xlxTzv/2h55L51pc OgCTDRt39e7EWbyHS/FBsxnCMusi7+MWhRjHee11cpl21ktlhbYVZHENLDAkpZozQnRvVz8v bQpJqxwn4VLZemfhoP2OBcB7LbwlmMKXlcNdFQfMy9We9BzXE9SYrUkd4mJWaoqkK1L+Bgk6 POvup93l1IvN6D2Hf+xtieWP0BkR1v/BIzOEi4/s0tE4nSIX3d6tYxuJZeWN+Qe9G9UiHy8m npxlf0Qy/hJXaZT1xNaOvx2Qx58EBsPZyqk0Iv7CeByuNSRD/rapWAd+gTHeR8wEDkguiHtq xp/0C2tP8z+/BCXOkNZVyyw6edJ83BBQEWVTUrjBKIJBervZ3F4Fgqug0Bxzup/qCwuKeuaP 8QuymZz1WSjTOKC57Aq5zYSH2dKXYMXxkPcDABEBAAHCwXwEGAEIACYCGwwWIQQ72fxT/pi6 repgc3VQdHs06IoabQUCZVsZswUJDAn2DgAKCRBQdHs06IoabUgKD/9ISYKD4U/9iCUJVGu/ z08Cwvg80DplwNpv97buZ6bXCHONjKhyQAImX4/dYsJtUvSyP9ZRLT8TKS9T1KLlO3HcBhOg dDNcew5deiQ8gfpxdcgBKIcJ5i7MW105T5mFuCppWUJF+n6xZocvkQjQLrnHbT0eFxuO15pL vVuvWIPgPvQULuY5L1ZU69Ye5QEJq2T1iRnIV0mINXez5KZ9zw9q9JOEtxVE21a/Sgq6d4JL HEfsGeL8legUjJC4I2WBIDKzspvDhJpaMTiMWLJoVgApr1xLc3sJNDI8/bi3xNd5/I8359r/ KZy3yy7a3maN8rNRJZi1SbOXcsfwxG8s42fsgALdQ2ycxzXoEB/ueD4LzBR4vsrmQ42izA4O V62iHzU6CMfoupK5S9uKQiVo1x7lGjA0dPJdisc8wTh71VIrY5Z6mfGdMBijCFuWoJwyZz4Y CBxAQ5WbiuqLTY8bc5IX13EhgbX6uF9RXbf3sWdXX2KozjiX/Y6PcROjGe4FzObF3AIqg9O+ Kwz8qOHZa/puH8zHk+sT4f18FpAptPXRYMDX24LoRKRheSDC09vGeBUNp4YtHGhddQgfdWqv 8CA0URAGJ+6BzUNCA4xLcT3xyfn3enEzK0+5I0PN5HTno51YuRfvwy0p8p1SFi/pDQ1Ohko8 UkWnxdn9gINJsTCxnw==
X-Enigmail-Draft-Status: N11222
In-Reply-To: <c2951f3d-bcc7-4b90-bcdd-077a506dd464@app.fastmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms040902030400030506050205"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/rHnxhv63vlI1LRQ8Zg0h9gPCWIU>
Subject: Re: [Emu] New Version Notification for draft-janfred-eap-fido-02.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Mar 2024 12:57:18 -0000

Thanks so much for the comments.

I'll respond to some from the top of my head, the others I'll address 
some time next week.

On 03.03.24 13:39, Alexander Clouter wrote:
> Section 4.1.2
> -------------
> It just popped up as an idea in my reply to the the SEC review of TEAP but...
> 
> EAP-TLS sub-methods have been copying the version bits since forever. Maybe it is time to break the mold?
> 
> You could instead mark the version field just as reserved bits and move to use TLS ALPN to indicate version as it solves all the problems of downgrade attacks.
> 
> It would though require a registration for the entry. Fortunately, this is the initial version, so you could just use "no ALPN" as the indicator and make it a problem for 'future you' to seek a registration when you want a v2.

The idea here is that future versions may signal some information 
outside the TLS tunnel. Our first idea, where this kind of still stems 
from was that the server signals the RPID outside the TLS tunnel, so the 
client can verify that the server's certificate is in fact valid for that.
Now that we've moved the RPID to be an explicit configuration item, this 
has become obsolete, but who knows what other things you could signal there.

But I'm open to just define those as "reserved" and completely rely on ALPN.

> Section 4.3
> -----------
> Explicitly stating SHA256 is going to get you into trouble as hardcoding these things makes it awkward to remove them later (eg. MD5 and RADIUS)
> 
> Instead I would be inclined to mix your client component (the 'second' part) by using it as the 'context' value for the TLS-Exporter. If you look at the exporter (RFC8446, section 7.5) it is used to mix the label which I suspect is what you are looking for; not part of the secret which the client part is likely to be public knowledge.
> 
> This way, as future ciphers and TLS versions come along, you should not need to update the 'hardcoded' SHA256 as you have just outsourced the problem to the TLS-Exporter; the OpenSSL magic for this is `SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(ssl))`.

The idea to use SHA256 comes from FIDO, they make a lot of use of SHA-256.
But of course, since that part is not done inside the FIDO 
Authenticator, there should be no problem to use the hash algorithm 
negotiated in the cipher suite for that too.

Thanks for spotting that.

> Section 6.1.1:
> --------------
> Do not mix the advantages and disadvantages into the same itemised list.

Completely agree. That's still on my TODO list to reformat that.
Shame on me for not doing that this time around, I'll definitely fix 
that in the -03 version of the draft.

Cheers,
Janfred

v2.23.0 | Report a Bug | By Email