IETF Logo Mail Archive

Re: FW: New Version Notification for draft-bishop-httpbis-http2-additional-certs-05.txt

Kazuho Oku <kazuhooku@gmail.com> Tue, 14 November 2017 06:34 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4868128B8D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 13 Nov 2017 22:34:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oBvbGv5D8vvZ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 13 Nov 2017 22:34:03 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D002129426 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 13 Nov 2017 22:34:02 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1eEUdw-0006Se-0w for ietf-http-wg-dist@listhub.w3.org; Tue, 14 Nov 2017 06:24:20 +0000
Resent-Date: Tue, 14 Nov 2017 06:24:20 +0000
Resent-Message-Id: <E1eEUdw-0006Se-0w@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <kazuhooku@gmail.com>) id 1eEUdq-0006RL-Jc for ietf-http-wg@listhub.w3.org; Tue, 14 Nov 2017 06:24:14 +0000
Received: from mail-pg0-f43.google.com ([74.125.83.43]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <kazuhooku@gmail.com>) id 1eEUdo-0005yV-RU for ietf-http-wg@w3.org; Tue, 14 Nov 2017 06:24:14 +0000
Received: by mail-pg0-f43.google.com with SMTP id z184so9212413pgd.13 for <ietf-http-wg@w3.org>; Mon, 13 Nov 2017 22:23:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=aA50pPkAluAFDotzSr1418DXI2zAlZ4fCS03kiBNmyE=; b=Jx0+Clkyg/wGepa+e1B3HwMlaPhsBCyeWB8mRQmFP3J+Ldp8G5JzcMwlGUYqCVDXt4 GOLcSTXb9g18um4MlGPgy1CqGhFJ1CiQkuYwd6Urkn6kO46NKvKgFTJt21p0f4YwnbTo j1hc4Dt6n3VT1KWwrtEiJ771LyPqPxsE5AVG2Di8dMjetS3poTAD6jMgdJPeTIMnyd7J TbqjZ3yxJEHrIYc6b6c7lg4ehrkldocMOHBAcIvv3jX76DZ/OzxLmbhYpha3AF7i02Ji AleR0y0PjjWRGMSlOe1Yi22728ILwDeJ18+NJbIkuvHVfq0ooh/vThbJpuL4Zza4br0p FGzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=aA50pPkAluAFDotzSr1418DXI2zAlZ4fCS03kiBNmyE=; b=jkmFwg3kmAB+1ffB+a8mgkq+9sZVO+sjEWhmoJNw3WRD3gCrC8pQSGiyvyt6o9UaqA Pkmoxhu1QTtv5Q+5Pi6YHhhPBkiaRz8ueR8DLqxM2tdXvtUHNh09ztD+ZOu6dfad8VSr P/jKsE8mX1s2G1bvwSFwUuC7NiChPOlVhrTEjWeE/pt5qDgk65v2ufN3YET+2GF6EcSp Uw0qqEb3G2pBtygkldKaK3/8+VafxCwOvpqeULkZWoPFJhuWfpOShkO5AtXfRi9D9uZO 952KVazkjV/jRengvvsJ7vNWabCQ3fiKfziZZBlLHAHRTTE+Ezhh6aEbg1z1hCIjWpY5 BLGQ==
X-Gm-Message-State: AJaThX5oYcX1dbizh9BCOmtNPBcOYI1iioB5Rn4LCZ8czV8MPyApenZ/ xYb9ETO0RjPQBvfQ3o/r+7+Qwgz8P4ojKj8CvLCaXQ==
X-Google-Smtp-Source: AGs4zMbnlezfCBQhhm9nFfAvuex34surg/uQTNpQjKRoS4XLA8ngZbvXb4eqBBTrjE+n01rnm7RMxfL9p8iPcXJ3nsc=
X-Received: by 10.99.113.5 with SMTP id m5mr11284971pgc.9.1510640631266; Mon, 13 Nov 2017 22:23:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.130.79 with HTTP; Mon, 13 Nov 2017 22:23:50 -0800 (PST)
In-Reply-To: <CAOjisRyTn4UR0oV7si93da2G4gbzZZXU4LO-NW2PZWSLosFOLg@mail.gmail.com>
References: <150939960176.7740.5723475746682417243.idtracker@ietfa.amsl.com> <MWHPR08MB347212B6F2F9DDD092728354DA5E0@MWHPR08MB3472.namprd08.prod.outlook.com> <CANatvzzO0gsuvjBjCuGuvxenubnVt4G==qw1huzjSd57V+8A9Q@mail.gmail.com> <CAOjisRyTn4UR0oV7si93da2G4gbzZZXU4LO-NW2PZWSLosFOLg@mail.gmail.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Tue, 14 Nov 2017 14:23:50 +0800
Message-ID: <CANatvzypXjz3+88V5JayfyzTW=ZX3P0BEKHSXe7RMBP4bz2LWQ@mail.gmail.com>
To: Nick Sullivan <nicholas.sullivan@gmail.com>
Cc: Mike Bishop <mbishop@evequefou.be>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=74.125.83.43; envelope-from=kazuhooku@gmail.com; helo=mail-pg0-f43.google.com
X-W3C-Hub-Spam-Status: No, score=-5.5
X-W3C-Hub-Spam-Report: AWL=1.326, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1eEUdo-0005yV-RU 2ec6b6f0c68af7e2a0469e6a9f975646
X-Original-To: ietf-http-wg@w3.org
Subject: Re: FW: New Version Notification for draft-bishop-httpbis-http2-additional-certs-05.txt
Archived-At: <https://www.w3.org/mid/CANatvzypXjz3+88V5JayfyzTW=ZX3P0BEKHSXe7RMBP4bz2LWQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34788
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Nick, Ilari, Mike,

Thank you for your responses.

First, let me argue that there is no need to negotiate AUTOMATIC_USE.
Current draft permits the server to let the client choose a
certificate even in case AUTOMATIC_USE is being used. So it is
possible to cover the CGI use case under the current draft, though the
need to spend 2 RTT makes me bit sad (especially since I do not
understand the benefit of letting the server choose the certificate).

That said, let me elaborate about another issue related to
AUTOMATIC_USE; a potential privacy concern.

Consider the case of a CDN terminating example.com and example.org.
Both of the hosts require authentication using client certificates
issued by the same CA.

At first, a client connects to the CDN sending a request to
example.com, and sends its client certificate with AUTOMATIC_USE flag
set.

Then, using the same connection, a client sends a request to
example.org. At this point, is the CDN allowed to present the
certificate that was sent for example.com to example.org? My
understanding is that in HTTP/1, a user has the total control of
choosing the certificate the person wants to send to each domain.

So to me, it seems that we would be required to standardize when a
certificate sent with AUTOMATIC_USE flag set can be reused across the
authorities that are coalesced into a single connection, if we are to
enable automatic reuse (please let me know if that’s already
specified; I may have missed that).

One way to avoid the issue is to drop AUTOMATIC_USE from the
specification, and require the client to specify the certificate that
is associated to every request.

If we take that route, we would no longer be required to seek an
agreement and document when an intermediary can reuse a client
certificate across authorities. Elimination of AUTOMATIC_USE would
give the clients total control on how certificates are associated to
the requests they send, and the added bonus would be that the behavior
could be verified by consulting the client behavior.

2017-11-13 17:29 GMT+08:00 Nick Sullivan <nicholas.sullivan@gmail.com>:
> Hi Kazuho,
>
> Thanks for this. I think you found an issue that we did not consider: the
> fact that server support for setting AUTOMATIC_USE in client certificates
> may not be desirable for all servers. The CGI case you describe would work
> find as long as the client doesn't use AUTOMATIC_USE.
>
> Here's a possible solution to this:
> Let the server advertise support for AUTOMATIC_USE in the
> CERTIFICATE_REQUEST message as a flag. If the client receives a
> CERTIFICATE_REQUEST without AUTOMATIC_USE set, then it should not be able to
> reply with a CERTIFICATE with AUTOMATIC_USE set.
>
> Nick
>
> On Mon, Nov 13, 2017 at 3:18 PM Kazuho Oku <kazuhooku@gmail.com> wrote:
>>
>> Hi, Mike, Nick, Martin,
>>
>> I have briefly asked this in the IETF meeting, but let me question if
>> it sounds logical to adjust the approach so that the client will be
>> required to proactively specify the certificate that is associated to
>> each HTTP request.
>>
>> I ask this due to the following reason.
>>
>> In HTTP/1, it was always clear from the server’s viewpoint which
>> certificate is associated to a HTTP request. This is because the
>> underlying connection allowed only one client certificate at maximum
>> to be used. CGI is designed after that model. A CGI gateway is
>> expected to designate _at most one_ certificate that has been
>> associated to the request by using a set of environment variables
>> (e.g., `SSL_CLIENT_S_DN` [1]). I would assume that it is the same for
>> other de-facto standards that have evolved from CGI (e.g., FastCGI,
>> Rack).
>>
>> The secondary certificates draft changes the model. Under the model
>> proposed by the draft, the server is expected to choose from one of
>> the certificates that it has received with AUTOMATIC_USE flag set, or
>> to request the client to send a new certificate.
>>
>> However, to me (as a HTTP server developer that acts as a CGI gateway)
>> it is unclear how a server can make such choice. Applications that are
>> run using the CGI protocol _might_ have sufficient information to make
>> such choice, but that is not the case for a CGI gateway.
>>
>> That means that unless the draft (in the following revisions) specify
>> the guess logic that I should implement, I would be forced into
>> sending CERTIFICATE_NEEDED for every HTTP request I receive. Doing so
>> would introduce one extra roundtrip.
>>
>> Considering that, I wonder if you could adjust the approach proposed
>> in the draft to require the client to proactively clarify the
>> certificate that is associated to each HTTP request.
>>
>> For example, I believe that the draft could specify that:
>> * If the client does not specify a certificate that is associated to a
>> request, a server MAY request the client to specify the certificate.
>> * The client can specify the certificate that is associated to a
>> request proactively, instead of sending USE_CERTIFICATE frame in
>> response to a CERTIFICATE_NEEDED frame.
>>
>> By changing the approach as such, the only case in which two
>> roundtrips are required for processing a request could become when the
>> client is required to send a new certificate. Also, AUTOMATIC_USE flag
>> becomes unnecessary.
>>
>> One downside caused by such change is that the bandwidth slightly
>> increases due to the fact that the client would be required to specify
>> the certificate that is associated to every HTTP request. However that
>> is just sending Cert-ID per every HTTP request; I believe that the
>> increase of bandwidth is negligible.
>>
>> To summarize, I am suggesting to push the responsibility of choosing
>> the certificate back to the client. Note that in the current draft the
>> client is still required to make such choice if the server sends a
>> CERTIFICATE_NEEDED frame; so I think requiring the client to _always_
>> make the choice does not increase the complexity on the client side.
>>
>> [1] https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
>>
>> 2017-10-31 8:14 GMT+08:00 Mike Bishop <mbishop@evequefou.be>:
>> > In preparation for Singapore, we've updated the Additional Certs draft
>> > to track changes in TLS 1.3 and the Exported Authenticators TLS draft.
>> > There's been substantial interest here, and we'll be discussing the draft
>> > during the WG meeting.
>> >
>> > -----Original Message-----
>> > From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
>> > Sent: Monday, October 30, 2017 2:40 PM
>> > To: Martin Thomson <martin.thomson@gmail.com>; Mike Bishop
>> > <mbishop@evequefou.be>; Nick Sullivan <nick@cloudflare.com>
>> > Subject: New Version Notification for
>> > draft-bishop-httpbis-http2-additional-certs-05.txt
>> >
>> >
>> > A new version of I-D, draft-bishop-httpbis-http2-additional-certs-05.txt
>> > has been successfully submitted by Mike Bishop and posted to the IETF
>> > repository.
>> >
>> > Name:           draft-bishop-httpbis-http2-additional-certs
>> > Revision:       05
>> > Title:          Secondary Certificate Authentication in HTTP/2
>> > Document date:  2017-10-30
>> > Group:          Individual Submission
>> > Pages:          21
>> > URL:
>> > https://www.ietf.org/internet-drafts/draft-bishop-httpbis-http2-additional-certs-05.txt
>> > Status:
>> > https://datatracker.ietf.org/doc/draft-bishop-httpbis-http2-additional-certs/
>> > Htmlized:
>> > https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs-05
>> > Htmlized:
>> > https://datatracker.ietf.org/doc/html/draft-bishop-httpbis-http2-additional-certs-05
>> > Diff:
>> > https://www.ietf.org/rfcdiff?url2=draft-bishop-httpbis-http2-additional-certs-05
>> >
>> > Abstract:
>> >   TLS provides fundamental mutual authentication services for HTTP,
>> >   supporting up to one server certificate and up to one client
>> >   certificate associated to the session to prove client and server
>> >   identities as necessary.  This draft provides mechanisms for
>> >   providing additional such certificates at the HTTP layer when these
>> >   constraints are not sufficient.
>> >
>> >   Many HTTP servers host content from several origins.  HTTP/2
>> >   [RFC7540] permits clients to reuse an existing HTTP connection to a
>> >   server provided that the secondary origin is also in the certificate
>> >   provided during the TLS [I-D.ietf-tls-tls13] handshake.
>> >
>> >   In many cases, servers will wish to maintain separate certificates
>> >   for different origins but still desire the benefits of a shared HTTP
>> >   connection.  Similarly, servers may require clients to present
>> >   authentication, but have different requirements based on the content
>> >   the client is attempting to access.
>> >
>> >   This document describes how TLS exported authenticators
>> >   [I-D.ietf-tls-exported-authenticator] can be used to provide proof of
>> >   ownership of additional certificates to the HTTP layer to support
>> >   both scenarios.
>> >
>> >
>> >
>> >
>> > Please note that it may take a couple of minutes from the time of
>> > submission until the htmlized version and diff are available at
>> > tools.ietf.org.
>> >
>> > The IETF Secretariat
>> >
>> >
>>
>>
>>
>> --
>> Kazuho Oku
>>
>



-- 
Kazuho Oku

v2.23.0 | Report a Bug | By Email