Re: Report on preliminary decision on TLS 1.3 and client auth
Willy Tarreau <w@1wt.eu> Sat, 26 September 2015 06:42 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6742F1B2B03 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 25 Sep 2015 23:42:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IGhyudN-_smc for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 25 Sep 2015 23:42:11 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 859A81B2B02 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 25 Sep 2015 23:42:11 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Zfj7p-0005xX-Mc for ietf-http-wg-dist@listhub.w3.org; Sat, 26 Sep 2015 06:38:25 +0000
Resent-Date: Sat, 26 Sep 2015 06:38:25 +0000
Resent-Message-Id: <E1Zfj7p-0005xX-Mc@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <w@1wt.eu>) id 1Zfj7j-0005wl-Gb for ietf-http-wg@listhub.w3.org; Sat, 26 Sep 2015 06:38:19 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by lisa.w3.org with esmtp (Exim 4.80) (envelope-from <w@1wt.eu>) id 1Zfj7h-0003nL-VL for ietf-http-wg@w3.org; Sat, 26 Sep 2015 06:38:19 +0000
Received: (from willy@localhost) by pcw.home.local (8.14.3/8.14.3/Submit) id t8Q6bcDq026574; Sat, 26 Sep 2015 08:37:38 +0200
Date: Sat, 26 Sep 2015 08:37:38 +0200
From: Willy Tarreau <w@1wt.eu>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Yoav Nir <ynir.ietf@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20150926063738.GC26560@1wt.eu>
References: <CABkgnnWREq6X+chcvookChGAZGxkJ6Zs_7FGwz7Mbn12XMxewQ@mail.gmail.com> <5603599F.8090303@treenet.co.nz> <CABkgnnVq9FDeGf_=JF0m0AkgfO1G3DVV2QN_aPrbYnFtfRLFrw@mail.gmail.com> <5603745A.7020509@treenet.co.nz> <6818.1443172702@critter.freebsd.dk> <8F0BC939-B0BD-43F6-AB41-7676B5B94054@gmail.com> <7301.1443176081@critter.freebsd.dk> <CABkgnnXDVDp1DPDBkWiOJm82WZXHnsJOpk95NPY1ccHUQ+RYiw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABkgnnXDVDp1DPDBkWiOJm82WZXHnsJOpk95NPY1ccHUQ+RYiw@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-7.3
X-W3C-Hub-Spam-Report: AWL=1.277, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1Zfj7h-0003nL-VL 322a4e3db50eb56eabc6367fb733a765
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Report on preliminary decision on TLS 1.3 and client auth
Archived-At: <http://www.w3.org/mid/20150926063738.GC26560@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/30279
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Fri, Sep 25, 2015 at 10:08:50AM -0700, Martin Thomson wrote: > I think that your general observation about client certificates is > overwhelmingly true. On the web at least, I'm seeing a general trend > away from using the TLS layer to authenticate clients. On the *browser* web that's true, and the main reason is that if you don't have your cert, you can't connect and you get a connect error instead of a nice page delivered by the application proposing you to regenerate your cert. Note: some sites manage to get it right, but it's really complicated because the application needs to be aware of what happens at the transport layer and needs to trust itself as much as the transport layer, which is hardly a good thing to do by todays development standards... And keep in mind that certs are a pain to manage. Client certs are even worse because you have to support them at the edge and manage them in the backend from the application. In the end it provides no better security than the weakest point : the application, which may sometimes be forced to generate rogue certs due to regular bugs, but with a longer effect since these certs can be abused even after the application bugs are fixed! Between reverse-proxies and servers, or between servers, client certs are much more common and perfectly fit the purpose : guarantee to each side that they're talking with whom they believe they're talking. For example, you don't forward an online payment request from an application server on DC A to a payment server on DC B without client auth, or you're definitely seeking for trouble. Just like you may only accept incoming connections from your CDN. > I'd like to find other solutions for the use cases that drive this, > but the view was that we still needed something like this so that we > don't strand those users on old protocols. We don't have to *like* it > though. > > There was strong agreement that this feature would be accompanied by a > prominent and severe admonishment against using it. I definitely want > to talk about what the alternatives look like, but perhaps we should > start a separate thread on that subject. We should always be careful not to make security look evil just because it comes with privacy concerns. If I go to my bank and want to make a wire transfer, I have to show my ID card. If at some point people feel concerned that the person they're talking to suddenly knows their name and that it's a privacy concern and that they'd rather not ask for the ID card, I would feel much less safe because I would have a harder way to prove I'm the one I'm claiming, and others could pretend to be me. And if I had the choice between having to show my ID card to everyone in the queue at the same time as the bank's employee, or murmuring a secret word hoping noone else hears it, guess what ? I'd prefer to show my ID card to everyone, because as long as I have it and I keep my face, I'm sure to be the only one to be able to do this wire transfer, while the secret word can leak and be reused (even by the employee after he leaves the bank and ends up in the same queue as me). There are many situations where identification and authentication are required. And by doing so we have to disclose our identity. We just have not to abuse this, and possibly remind those who request it that those who are asked to provide it may feel uncomfortable and that sometimes alternatives are just as good. But we should not make this mechanism look evil because it does more good than bad. Regards, Willy
- Report on preliminary decision on TLS 1.3 and cli… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Amos Jeffries
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Amos Jeffries
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Ilari Liusvaara
- Re: Report on preliminary decision on TLS 1.3 and… Poul-Henning Kamp
- Re: Report on preliminary decision on TLS 1.3 and… Yoav Nir
- Re: Report on preliminary decision on TLS 1.3 and… Poul-Henning Kamp
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Poul-Henning Kamp
- Re: Report on preliminary decision on TLS 1.3 and… Kyle Rose
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Willy Tarreau
- Re: Report on preliminary decision on TLS 1.3 and… Poul-Henning Kamp
- Re: Report on preliminary decision on TLS 1.3 and… Ilari Liusvaara
- Re: Report on preliminary decision on TLS 1.3 and… Willy Tarreau
- Re: Report on preliminary decision on TLS 1.3 and… Willy Tarreau
- Difffent ways to authenticate (Was: Re: Report on… Ilari Liusvaara
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Ilari Liusvaara
- Re: Report on preliminary decision on TLS 1.3 and… Jason T. Greene
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Kyle Rose
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Kyle Rose
- Re: Report on preliminary decision on TLS 1.3 and… Yoav Nir
- RE: Report on preliminary decision on TLS 1.3 and… Mike Bishop
- Re: Report on preliminary decision on TLS 1.3 and… Yoav Nir