IETF Logo Mail Archive

Re: HTTP/2 and TLS 1.3 post-handshake authenication

Patrick McManus <mcmanus@ducksong.com> Thu, 04 April 2019 13:25 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE4661201B3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 4 Apr 2019 06:25:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.998
X-Spam-Level:
X-Spam-Status: No, score=-2.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ducksong.com header.b=WUPrJy5D; dkim=pass (2048-bit key) header.d=outbound.mailhop.org header.b=PlkbmQaS
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xJv3zkVFEgmU for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 4 Apr 2019 06:25:02 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A79312015A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 4 Apr 2019 06:25:02 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1hC2KJ-00038I-7x for ietf-http-wg-dist@listhub.w3.org; Thu, 04 Apr 2019 13:22:43 +0000
Resent-Date: Thu, 04 Apr 2019 13:22:43 +0000
Resent-Message-Id: <E1hC2KJ-00038I-7x@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mcmanus@ducksong.com>) id 1hC2KH-00037Y-No for ietf-http-wg@listhub.w3.org; Thu, 04 Apr 2019 13:22:41 +0000
Received: from outbound1b.ore.mailhop.org ([54.200.247.200]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mcmanus@ducksong.com>) id 1hC2KD-0000wL-UU for ietf-http-wg@w3.org; Thu, 04 Apr 2019 13:22:41 +0000
ARC-Seal: i=1; a=rsa-sha256; t=1554384136; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=J/rhIwDR3XT8hTUhvvT59+/2f4tkA8Aof6r6wpH/DhlLfbBb7YLdF1HkkvaRm4X1V7LTVBUaGh/na 5DuFAaAOkTk1Lc4OyTdDHitrcvEEnuHgEQi5MslDvqHCoWKdepr5JZsdfZlhxUn7e7v1e+s2nmHZjE j5tBZNK3AaWxig9eXilvagATfimHyunLCOlww8yy42Y10B7S4FpRYaBiXM8V9LSgSJ8MDt4hRYdqsc qVhCHUOw46fPJ8CbhgW1vda9yAY+r0vgtzoS7OSXtRPTGXXeleJjuhFiVBBi5fvNglYsiFaLOLESby //yw09mrbC0oQb83LIIrLQ49wLdNaDg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:dkim-signature:dkim-signature:from; bh=IUY6DvRogWZ67MIrY7B3TTrypyKJcWsFkZp0z6x/cdg=; b=Nt8OpWJFuPf6VwesBqOj5TIBKvJqq4EK9Sx1S3YjpFFA50UKB6Rkde6McY6VU0kWrZn+0+Q+xq8j0 rSizDiZx0VsUdVIH57sqdmOYGMHsOvmKr08LTd6y8A8EVns95XZy+syMuPO3A18XDZBrArM0YotozO nqaHekVUpDaBUf0V313w1o9vPHPb7loM4mmgdYSl23TmZdSgt21xoWyLdMGimEkVwcFRpmlNHTZNYa 14PvZTjnQJezFmuD4sSa+Pcf/pgzvpq8S6eGoqmJt6jLA5LYMr3sCPCVq4O1ZHVe/rBb/C+7yfbHPj wJCS2sUC0TpPLHLI+HFKktLl1sa3rAQ==
ARC-Authentication-Results: i=1; outbound3.ore.mailhop.org; spf=pass smtp.mailfrom=ducksong.com smtp.remote-ip=209.85.210.45; dmarc=none header.from=ducksong.com; arc=none header.oldest-pass=0;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ducksong.com; s=duo-1537391512170-ea99bbb3; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=IUY6DvRogWZ67MIrY7B3TTrypyKJcWsFkZp0z6x/cdg=; b=WUPrJy5Dn+7ZOM1R9ypqFWamgq5iYeUJGxnhDcSI5SCcVMi+uI3ubQnuT1mDLCjsFjggcBwGJGfs+ xegzew4zgd+e/9ATHk9yctb93NsXv3JFPbNQJBzildNBE2c/m41QyW7bSwVkkFJuQagGgx5J+lPUwM bnlBRkqtJTm7FrOI=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=IUY6DvRogWZ67MIrY7B3TTrypyKJcWsFkZp0z6x/cdg=; b=PlkbmQaSDC992ebJs743wdZZkx3pmGaN/AGKTo+AHY9SyxCyYoWtgiZm44lAu5N3mQy4+/nkoI/Ub 9FaTMvvoLsms9HG6XpblSNTjuj9cad0W3dNYVD9Jog2kUvkak3lMmcnKBxWG4aKZ/S1hrksbJNDHUd sMlHw9mQcjErrzjrZWgqvdH7UXkKLkJBGdYIcyKrzQfVJYbu3pqk2EW4ibhBLqFLbWFt9Z2VmJ6Z/y HOstYJBtVHk7XjcThAv02sUAObSt3l0y5r24gdvjYGorPg9yHpQGla3OBmIl4DxzDwZM03XRzWmtmz 80U49yqkzCLwm3lINexs11aGnP69ZlA==
X-MHO-RoutePath: bWNtYW51cw==
X-MHO-User: a980ec82-56dc-11e9-9bb1-1f29e4676f89
X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information
X-Originating-IP: 209.85.210.45
X-Mail-Handler: DuoCircle Outbound SMTP
Received: from mail-ot1-f45.google.com (unknown [209.85.210.45]) by outbound3.ore.mailhop.org (Halon) with ESMTPSA id a980ec82-56dc-11e9-9bb1-1f29e4676f89; Thu, 04 Apr 2019 13:22:15 +0000 (UTC)
Received: by mail-ot1-f45.google.com with SMTP id u15so2263732otq.10 for <ietf-http-wg@w3.org>; Thu, 04 Apr 2019 06:22:15 -0700 (PDT)
X-Gm-Message-State: APjAAAWBLjn5biOkKLLgnk5ico8je62U4mO1IQ+szvPowsxIn8Vb8VcO MtMHD2wIBLBjYbW6VtuTDsro0p6EQ+pV9neqtBg=
X-Google-Smtp-Source: APXvYqxznDuJO26MCuZkuXJ5X8tqp4QwfhXbM3Lx6ZlGpsPxhqKZgNXwXG9i00pkQuv0vWCjvQSv7tFjw70ZGhbxVHM=
X-Received: by 2002:a9d:7847:: with SMTP id c7mr4051038otm.164.1554384134646; Thu, 04 Apr 2019 06:22:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAF8qwaCB6jsa03jtL+9W06s+Aqh1+ftwZaM+PH-b=5Omq5KG_w@mail.gmail.com>
In-Reply-To: <CAF8qwaCB6jsa03jtL+9W06s+Aqh1+ftwZaM+PH-b=5Omq5KG_w@mail.gmail.com>
From: Patrick McManus <mcmanus@ducksong.com>
Date: Thu, 04 Apr 2019 15:22:03 +0200
X-Gmail-Original-Message-ID: <CAOdDvNqHQNgKGXDzviRT6CEew+CcXcLLZeS+dNU6u8pYUEeQrw@mail.gmail.com>
Message-ID: <CAOdDvNqHQNgKGXDzviRT6CEew+CcXcLLZeS+dNU6u8pYUEeQrw@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="00000000000030b4e80585b442aa"
Received-SPF: permerror client-ip=54.200.247.200; envelope-from=mcmanus@ducksong.com; helo=outbound1b.ore.mailhop.org
X-W3C-Hub-Spam-Status: No, score=-5.2
X-W3C-Hub-Spam-Report: AWL=-0.093, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1hC2KD-0000wL-UU 243b386e0abad4f53f08c80be663d175
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and TLS 1.3 post-handshake authenication
Archived-At: <https://www.w3.org/mid/CAOdDvNqHQNgKGXDzviRT6CEew+CcXcLLZeS+dNU6u8pYUEeQrw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36500
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

David, this looks good and obvious to me. Would you like the chairs to
discuss issuing a working group call for adoption for it?

On Tue, Apr 2, 2019 at 1:23 AM David Benjamin <davidben@chromium.org> wrote:

> Hi all,
>
> HTTP/2 and TLS 1.3 have a minor incompatibility around post-handshake
> authentication. Mike Bishop suggested that, rather than add some text in
> the secondary certs draft, it would better to make a separate document that
> actually updates HTTP/2. I've done so and uploaded a draft.
> https://tools.ietf.org/html/draft-davidben-http2-tls13-00
> https://www.ietf.org/id/draft-davidben-http2-tls13-00.txt
>
> HTTP/2 was specified against TLS 1.2, which had a renegotiation mechanism
> to rekey the connection. It additionally changed parameters, so in
> HTTP/1.1, this is often used in a hack to implement reactive client auth
> <https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-03#section-1.2.1>.
> This hack doesn't work in a multiplexed protocol like HTTP/2, because the
> client cannot tell which request triggered the authentication request.
> Thus, HTTP/2 forbids renegotiation
> <https://tools.ietf.org/html/rfc7540#section-9.2.1>.
>
> TLS 1.3 removed renegotiation and replaced it with two features: a
> lightweight key update, and post-handshake client authentication. The
> former is meant to be transparent and is compatible with HTTP/2. The latter
> reintroduces renegotiation's multiplexing problems. There is no spec text
> which says how to interpret HTTP/2's existing renegotiation ban in TLS 1.3.
>
> The draft fixes it by documenting the status quo. KeyUpdate is fine. It is
> internal to the TLS stack and works just fine in existing servers[*].
> Post-handshake auth is forbidden. No existing servers request it because
> they already do not request renegotiation, and no existing clients accept
> it because they cannot usefully interpret it. Instead, the reactive client
> auth use case for HTTP/2 is instead being covered
> by draft-ietf-httpbis-http2-secondary-certs.
>
> Note it's not sufficient to lean on the TLS 1.3 post_handshake_auth
> extension because that extension is not correlated with ALPN. A client may
> wish to support post-handshake auth with HTTP/1.1, for continuity with the
> TLS 1.2 renego hack, while still supporting HTTP/2.
>
> David
>
> [*] Aside from an OpenSSL bug
> <https://mailarchive.ietf.org/arch/msg/tls/Aw1WY5gBAifAZXowgx5Ym82RIKI> which,
> pertinently, made some applications misinterpret it as a renegotiation to
> be blocked. That bug has been fixed in OpenSSL 1.1.1b
> <https://www.openssl.org/news/changelog.html#x1>.
>

v2.23.0 | Report a Bug | By Email