Re: [Gen-art] Genart last call review of draft-ietf-tls-exported-authenticator-09

Christer Holmberg <> Fri, 11 October 2019 07:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C26371200F7; Fri, 11 Oct 2019 00:00:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id i9KNvFvFmY_C; Fri, 11 Oct 2019 00:00:07 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 035C112008B; Fri, 11 Oct 2019 00:00:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=fIinv3GNBlU7vg5k4xuVfRMiQuebsfQUgdLHWLUe66UPjF2iDPU6j9SODfD7lLbktFGxzgKsZBaLrrD4EAh1OcfB+blPfcB9LayfLRXYnocgLxr8WdOqz9q0zj0v/MuNwc5pT7+oAQxK5wVhXbsCVBq64Xe0IJjVGnZACPSV5SiUd6l/BhH3FoEzzJd3gWbM3GCSWg1nrB3pM0ppWswmtWPu0EUWYqWE6zkNrOkr+Bt6j2TaxlS2Lsvrp4sWFH7mQpw5UkPqETjLTNnrVL+3vQQNjw9HoYEl/MKSumyQCAsnE4xbROnIf78lmgAmNlPwa4JUI0n6iwLWE5Nk2rJUwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dNh73YD33BCxI7XyMMf689J6XS9bIsk8RPuz3khxZdI=; b=PVuq5jePRSfDXDz/a6X2v/0NQD8XC0Er/b776rMF6jbntyfuyUORvH2uQjdMtnRxZVCSFaGVvj4Xu6GfQ6FvSLkePutjk4IO9oUOXXyJ0S74MlOer6CFFJHOd3XsFBnU0peW/NCVd2md63IgfnG1NZTTjgpi0dGhE0pM5ZwVb9aqVOUBDeoj+tJFSLJLL7PlUEYa79l674KJYVhnnNVXcHsXt4kxuTRd4vsOdkUPBLJH6WfwEXMBs5sUhdTOzcmVcVCMX+NppcpM3DOnyKVjkB4O4cY0WxzGxcR12uor0XVba4r+2U62iVoOBxzrSC7Jx1/L0w6WkGLwmokSxBSyrw==
ARC-Authentication-Results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dNh73YD33BCxI7XyMMf689J6XS9bIsk8RPuz3khxZdI=; b=neX2RA2aldL0sjS3ZpvSVviFeRBBjMNpXhYq6kgLH3lo+cVUJEWCOsc0B2mwCXMFU80kMYshU70Cpi3k3h2H7QcPGa87QFoxXeDjMZIXqnuSsKmlkgMSQh4MNxB7f2gh3PSkwO5Tvy63SMaQf6armQWObIsJhs5+XoflXpwJux8=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.13; Fri, 11 Oct 2019 07:00:00 +0000
Received: from ([fe80::14d0:5c4f:26b7:b6e9]) by ([fe80::14d0:5c4f:26b7:b6e9%3]) with mapi id 15.20.2347.021; Fri, 11 Oct 2019 07:00:00 +0000
From: Christer Holmberg <>
To: Nick Sullivan <>
CC: "" <>, "" <>, "" <>, "<>" <>
Thread-Topic: Genart last call review of draft-ietf-tls-exported-authenticator-09
Thread-Index: AQHVbmsQQiMh+1FWRUS8h+cw2bI1hKcy5WaAgAC48gCAALCBAIAe3NkAgAIswIA=
Date: Fri, 11 Oct 2019 06:59:59 +0000
Message-ID: <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-GB
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 755e078a-c313-4220-87e8-08d74e18a215
x-ms-traffictypediagnostic: HE1PR07MB3516:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0187F3EA14
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(396003)(136003)(346002)(376002)(39860400002)(54094003)(189003)(199004)(66066001)(446003)(6436002)(4326008)(2616005)(476003)(256004)(14444005)(14454004)(316002)(486006)(71200400001)(71190400001)(11346002)(58126008)(8676002)(6486002)(5660300002)(54906003)(44832011)(81156014)(81166006)(6246003)(86362001)(229853002)(66446008)(236005)(2906002)(606006)(7736002)(33656002)(6916009)(66946007)(3846002)(6116002)(186003)(66476007)(6512007)(76176011)(64756008)(53546011)(478600001)(6506007)(66556008)(99286004)(102836004)(54896002)(6306002)(76116006)(8936002)(25786009)(91956017)(26005)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3516;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Pkihoj7h4DMadsg8lLPsA8rXP0c1WeiamYd98WjvBbZpH7pqylH+BdBTCO64mtDEIeGtemhDCxSXy9E7JcBjvKXpE6+HD7XrOx3VapiF271XYBJmrUL+BoNBEgMphGw9BdgSr0XHLMnB0I3Ps55fWZZYS4kL6qZUFJxEFzTPixZJ5u3AVpdX0TGcguWaTYM7wSaXs9Lcd3KHQBWC17pyg+4PeVbSF0ZkXoxWOFyX828Y7RDH8d5zGa48s6hZ+V2VPsUYCHfw6SobCmX7dzSidR0rKFl2DPYrNywtOv/Lzvs0c2V5i/J4tkOvGEiFsBbWUdHHT7Q89pcnsdCMRPljoHeIxeOBDY7PRD68ePinLMh9BTg8gNmxBOUzwmqrySyFqZWvNilJ25t9T7auH+sm5RytvV0QxS6VB0a4hbRSI/GxfS2HWVLqj+JTgFY3x10/5Pmj2L9E8k1hWks4JeseHg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_7F09A9E2645545EB808A2951DCCA26ABericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 755e078a-c313-4220-87e8-08d74e18a215
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 07:00:00.0526 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: m4qDH5qG4dKybgqophQ7mXu+JdAHDz1aebaVdvSKRUWx4C1hjdVIXRC7jPrD+mLVqQikAmRXz92ll3xDFKZyujY8LGk+VMPiy5hiGh40kqc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3516
Archived-At: <>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-tls-exported-authenticator-09
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 11 Oct 2019 07:00:10 -0000


>Thanks again for your review! The PR is on Github (<>) and will be incorporated into a new
>version of the document that addresses both your comments and those by Yaron Sheffer.

Looks good.



On Thu, Sep 19, 2019 at 11:29 PM Christer Holmberg <<>> wrote:

>Some answers to your questions inline. I'm not sure further changes along the lines suggested here are needed, but I'm open to arguments that point in that direction.

I am mostly fine with your answers. Just a couple of comments inline still.



>>>> Can the mechanism be used also for DTLS?
>>> I think the answer is yes. I don't see any reason to disallow the use of Exported Authenticators in DTLS.
>> Would it be useful to clarify that?
> Going through what the modified text would look like, it seems like a substantial amount of re-writing (even the title!) for what amounts to an unclear use case.
> Keeping in mind that DTLS 1.3 hasn't been finalized and doesn't directly define exporters, I'm disinclined to define how EAs would work with DTLS. If someone
> has a strong use case for EA in DTLS, it may be worth considering it.

Would it then be useful with a statement saying that it might be possible to use exporters also with DTLS, but that such usage is outside the scope of the document and needs to be specified in a separate document?

I added a line to this effect.



>>>> The documents talk about additional certificates. If I only have one additional
>>>> certificate, can I use that for multiple authenticators throughout the TLS
>>>> session?
>>> Yes, there is nothing disallowing the creation of multiple exported authenticators with the same certificate.
>> Would it be useful to clarify that?
> I'm not convinced this is a realistic use case. Since exported authenticators are based on the exporter, there is no inherent ordering.
> If you re-authenticate with the same certificate, there's nothing asserting freshness of the second certificate. Is there something in
> the text that suggests that using a certificate multiple times is disallowed? If there's no suggestion that this is not possible that
> needs to be corrected, I don't see the benefit of calling out this specific use case.

I don't think there is any text suggesting that it is disallowed. But, if you don't think it is a realistic use case I'll take your word for it :)



>>>> Section 3 says: "The authenticator request is a structured message that can be
>>>> created..." Section 4 says: "The authenticator is a structured message that can
>>>> be exported..."
>>>> In the 2nd paragraph of Section 4 it is stated that "authenticator" is sent
>>>> based on an "authenticator request". I wonder if that could be stated already
>>>> in the beginning of Section 4, to further clarify the difference between them.
>>>> E.g.,
>>>> "The authenticator is a structured message, triggered by an authenticator
>>>> request, that can be exported from either party of a TLS connection."
>>> The issue is that servers can generate spontaneous exported authenticators without
>>> an authenticator request.
>> Where is this written? Did I miss it?
> Section 4:
>   An authenticator message can be constructed by either the client or
>   the server given an established TLS connection, a certificate, and a
>   corresponding private key.  Clients MUST NOT send an authenticator
>   without a preceding authenticator request; for servers an
>   authenticator request is optional.  For authenticators that do not
>   correspond to authenticator requests, the certificate_request_context
>   is chosen by the server.

Ok. Looks good.