Re: draft-thomson-httpbis-cant
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Wed, 22 October 2014 14:56 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E65FF1ACD29 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 22 Oct 2014 07:56:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MKi3BFdAkDdA for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 22 Oct 2014 07:56:06 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8718C1ACD3D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 22 Oct 2014 07:55:53 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XgxHk-0007LR-FI for ietf-http-wg-dist@listhub.w3.org; Wed, 22 Oct 2014 14:53:12 +0000
Resent-Date: Wed, 22 Oct 2014 14:53:12 +0000
Resent-Message-Id: <E1XgxHk-0007LR-FI@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <ilari.liusvaara@elisanet.fi>) id 1XgxHe-0007Kd-Lt for ietf-http-wg@listhub.w3.org; Wed, 22 Oct 2014 14:53:06 +0000
Received: from emh06.mail.saunalahti.fi ([62.142.5.116]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <ilari.liusvaara@elisanet.fi>) id 1XgxHd-0000Wr-CI for ietf-http-wg@w3.org; Wed, 22 Oct 2014 14:53:06 +0000
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh06.mail.saunalahti.fi (Postfix) with ESMTP id EF24769999; Wed, 22 Oct 2014 17:52:39 +0300 (EEST)
Date: Wed, 22 Oct 2014 17:52:39 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Martin Thomson <martin.thomson@gmail.com>, ietf-http-wg@w3.org
Message-ID: <20141022145239.GA21530@LK-Perkele-VII>
References: <5447BAE5.2040104@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <5447BAE5.2040104@cs.tcd.ie>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Received-SPF: pass client-ip=62.142.5.116; envelope-from=ilari.liusvaara@elisanet.fi; helo=emh06.mail.saunalahti.fi
X-W3C-Hub-Spam-Status: No, score=-3.2
X-W3C-Hub-Spam-Report: AWL=-3.194, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1XgxHd-0000Wr-CI f8dbaac5cc9426f724cc71244c069768
X-Original-To: ietf-http-wg@w3.org
Subject: Re: draft-thomson-httpbis-cant
Archived-At: <http://www.w3.org/mid/20141022145239.GA21530@LK-Perkele-VII>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27682
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Wed, Oct 22, 2014 at 03:10:45PM +0100, Stephen Farrell wrote: > > First off, I like the idea - the more ways in which we > can try push passwords a bit further off stage the better. > So I hope this is taken up somewhere and progressed and > gets deployed. > > That said: > > - section 2: I don't like the auth scheme name - this > should work without X.509. I'd suggest "TLSClientAuth" > would be a better thing to use. Looks like the name is "ClientCertificate" (the first paragraph) > - 3.1: I assume this is solely for backwards compat? > If not they who do we expect to use this? If so, > please say so and encourage use of (hashes of) keys > or certs instead. It is not for backwards compatiblity. TLS 1.0-1.2 have the equivalent field. TLS 1.3 probably not. And besides, having it available at HTTP level saves a handshake attempt to obtain the list of acceptable CAs. > - 3.1: You should probably profile X.500 names for > use here - requiring the full complexity of X.500 > (e.g. it allows for X.400 ORAddress as an option) > would seem like a bad idea. Not sure where you could > find that already done by someone else but it ought > be somewhere (maybe some ldap thing?). The matching looks the simplest possible: Raw opaque binary blob (to be compared using memcmp()) Base64url encoded. > - 3.2: Someone needs to do a compare/contrast against > websec's key pinning but also DANE and JOSE for this > bit. Not sure its quite right now. - This uses existing registry of hashes, whereas HPKP defines just SHA-256, DANE has its own set in registry and I think JOSE just defines SHA-1 and SHA-256. - Websec and JOSE pinning pins just keys inside certificates, whereas this pins whole certificates. DANE can pin either keys or whole certificate. > - 3.2: You need to add support for hash(public-key) > which could be done like DANE or even via RFC6920 > URIs if that made sense (no idea, so don't take this > as me pushing an RFC I co-authored:-). That's needed > for bare-keys TLS anyway, and is just a good plan (tm). I read the section that if the certificate is RPK, then the hash matches the RPK. (Of course, this runs into trouble with identification). > - somewhere: why not have a KeyIDType somewhere here > where the client/server can signal what kind(s) of > key identifiers (or containers) are being, or to be, > used. Probably something that maps to an existing > TLS construct. Who knows maybe someday someone will > come up with a privacy-friendly way to identify > public keys that'd even help with this in TLS1.2 and > earlier? So having that here would be a good plan > I think. Identifying the public key itself runs into trouble with identification. If one does not use X509, one would presumably need some sort of tag to identify public key (and actually with X509, the CA can be such tag, since there is no requirement for the client to trust the CA). > - Its not clear to me how or if this ought be bound > to the TLS session. I think that'd be a good thing > to ponder, but I've not:-) OTOH, it'd be a pain to > define this but also have it work via e.g. a TLS > MITM as that would utterly make it meaningless as a > strong client authentication scheme. Not sure what's > doable there but maybe the UA could send an Authorization > header field based on the challenge and a TLS extractor > (RFC5704) value and its public key as at least an > option that'd detect MITMs or maybe some other forms > of attack. It will be a new TLS session. > - I'm sure you'll need changes to keep the http > auth scheme police happy:-) [1] seems to have now > achieved that status so copying from there may help. > > S. > > [1] https://tools.ietf.org/html/draft-ietf-httpauth-hoba Another thing that isn't clear: The spec says that the scheme can't be used with http://. What about HTTP/2 oppsec http://? If not via proxy, there is presumably direct connection, suitable for using TLS client certificates. -Ilari
- draft-thomson-httpbis-cant Stephen Farrell
- Re: draft-thomson-httpbis-cant Ilari Liusvaara
- Re: draft-thomson-httpbis-cant Martin Thomson
- Re: draft-thomson-httpbis-cant Stephen Farrell
- Re: draft-thomson-httpbis-cant Stephen Farrell
- Re: draft-thomson-httpbis-cant Martin Thomson