IETF Logo Mail Archive

RE: FW: New Version Notification for draft-thomson-http2-client-certs-01.txt

Mike Bishop <Michael.Bishop@microsoft.com> Wed, 27 January 2016 23:06 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E9271B30E1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 27 Jan 2016 15:06:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.003
X-Spam-Level:
X-Spam-Status: No, score=-7.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-lLp9SOmark for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 27 Jan 2016 15:06:14 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74FC11B2C84 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 27 Jan 2016 15:06:14 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aOZ61-0003zZ-EH for ietf-http-wg-dist@listhub.w3.org; Wed, 27 Jan 2016 23:01:53 +0000
Resent-Date: Wed, 27 Jan 2016 23:01:53 +0000
Resent-Message-Id: <E1aOZ61-0003zZ-EH@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <Michael.Bishop@microsoft.com>) id 1aOZ5v-0003yn-9t for ietf-http-wg@listhub.w3.org; Wed, 27 Jan 2016 23:01:47 +0000
Received: from mail-by2on0148.outbound.protection.outlook.com ([207.46.100.148] helo=na01-by2-obe.outbound.protection.outlook.com) by maggie.w3.org with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <Michael.Bishop@microsoft.com>) id 1aOZ5s-0004ZX-7u for ietf-http-wg@w3.org; Wed, 27 Jan 2016 23:01:46 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BOXwgZHg1+1kGXrH1oz/btfajnUhU+r3MjaXGxbV2+g=; b=QZXfJFgWc+Qn7/hqmb449s+55myCD8ME11wtdVf4bBHI3xDkRE1g38P4Gh+zwS2K0eu2QPVZmnAc4tlRLKydCd52+i5LJ4/tul7L1oz7Ks1zrHuGtul7VfZFQeckcDvvWH4bGWjqGqGEDNxU1JBv7jcT+QmZKD/d0DV+kPvKmRg=
Received: from CY1PR03MB1374.namprd03.prod.outlook.com (10.163.16.28) by CY1PR03MB1376.namprd03.prod.outlook.com (10.163.16.30) with Microsoft SMTP Server (TLS) id 15.1.390.13; Wed, 27 Jan 2016 23:01:13 +0000
Received: from CY1PR03MB1374.namprd03.prod.outlook.com ([10.163.16.28]) by CY1PR03MB1374.namprd03.prod.outlook.com ([10.163.16.28]) with mapi id 15.01.0390.016; Wed, 27 Jan 2016 23:01:13 +0000
From: Mike Bishop <Michael.Bishop@microsoft.com>
To: "ilariliusvaara@welho.com" <ilariliusvaara@welho.com>
CC: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: FW: New Version Notification for draft-thomson-http2-client-certs-01.txt
Thread-Index: AQHRVWOAcftGZF4T1UaJdSueCSI/S58OO4GAgAAdb4CAAAc/gIAAHimggACVuYCAAO3uAA==
Date: Wed, 27 Jan 2016 23:01:13 +0000
Message-ID: <CY1PR03MB1374BE68A92BACD8FA24A70087D90@CY1PR03MB1374.namprd03.prod.outlook.com>
References: <20160122222315.28781.93913.idtracker@ietfa.amsl.com> <CY1PR03MB1374890E32B6F6CA2AB78D8D87D80@CY1PR03MB1374.namprd03.prod.outlook.com> <20160126213813.GA5528@LK-Perkele-V2.elisa-laajakaista.fi> <CABkgnnVXvdLr7fh=Dc2HswE=hAmq30k2aXMvdi7u18=jj2iv9w@mail.gmail.com> <CY1PR03MB13742153C8F4DF64EEA67D8687D90@CY1PR03MB1374.namprd03.prod.outlook.com> <20160127084759.GA8247@LK-Perkele-V2.elisa-laajakaista.fi>
In-Reply-To: <20160127084759.GA8247@LK-Perkele-V2.elisa-laajakaista.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Bishop@microsoft.com;
x-originating-ip: [2001:4898:80e8:c::66d]
x-ms-office365-filtering-correlation-id: 90735847-0018-4023-7f54-08d3276dc130
x-microsoft-exchange-diagnostics: 1; CY1PR03MB1376; 5:Uc6jYbCWeFi6Vd1orGCLvT7YzLKf4OsqCsXadZZkZOsJFmqp3m446c2bVGu4TguMdw+0sg9kjiCCN8koKyfbavcEyhTPmVEiUtYruY4NcahmQ8G5cqCNsB26JDMHQz3j/VGf/J9pU3uWNP3hXrbWWw==; 24:DaT8M97hXxTPCTTEJaTW7Ca7fXX8ILXEHZYEpYK2xmqhAZ9uTL5AzIyEnMMbfXwjsBrUx1c4V1r2hLqhj72bwXymV8Q0qmK50TNAlvrmi2g=
x-exchange-antispam-report-test: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:CY1PR03MB1376; UriScan:;
x-microsoft-antispam-prvs: <CY1PR03MB1376403A86C4666D57CD304C87D90@CY1PR03MB1376.namprd03.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(61426038)(61427038); SRVR:CY1PR03MB1376; BCL:0; PCL:0; RULEID:; SRVR:CY1PR03MB1376;
x-forefront-prvs: 0834BAF534
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(24454002)(377454003)(199003)(13464003)(77096005)(1730700002)(106356001)(15975445007)(102836003)(86362001)(586003)(575784001)(97736004)(6116002)(4326007)(122556002)(93886004)(2501003)(19580405001)(74316001)(10290500002)(2900100001)(19580395003)(5008740100001)(81156007)(2906002)(106116001)(33656002)(40100003)(2950100001)(230783001)(5005710100001)(10400500002)(76576001)(92566002)(87936001)(8990500004)(5004730100002)(5002640100001)(105586002)(50986999)(54356999)(101416001)(10090500001)(189998001)(110136002)(5001960100002)(3470700001)(5003600100002)(11100500001)(99286002)(1096002)(76176999)(3280700002)(2351001)(86612001)(1220700001)(3660700001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR03MB1376; H:CY1PR03MB1374.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2016 23:01:13.2502 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR03MB1376
Received-SPF: pass client-ip=207.46.100.148; envelope-from=Michael.Bishop@microsoft.com; helo=na01-by2-obe.outbound.protection.outlook.com
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: AWL=-2.427, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_NW=0.5
X-W3C-Scan-Sig: maggie.w3.org 1aOZ5s-0004ZX-7u 445743e06a6e9bd30d28f27341d9ed75
X-Original-To: ietf-http-wg@w3.org
Subject: RE: FW: New Version Notification for draft-thomson-http2-client-certs-01.txt
Archived-At: <http://www.w3.org/mid/CY1PR03MB1374BE68A92BACD8FA24A70087D90@CY1PR03MB1374.namprd03.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31014
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Require EMS:  https://github.com/MikeBishop/http2-client-certs/commit/dfa59df62aec64044a407b0e8f67704e8eb91981
Smaller export:  https://github.com/MikeBishop/http2-client-certs/commit/3880e6069480523fcdfa6130fd28bc26ff6ebe9f
Cautions on AUTOMATIC_USE:  https://github.com/MikeBishop/http2-client-certs/commit/f1479486149e3d815662358d60d7be0bd877952c

I'm not doing the signature/hash changes quite yet, because I'm not sure what we want to restrict.

-----Original Message-----
From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] 
Sent: Wednesday, January 27, 2016 12:48 AM
To: Mike Bishop <Michael.Bishop@microsoft.com>
Cc: Martin Thomson <martin.thomson@gmail.com>; HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: FW: New Version Notification for draft-thomson-http2-client-certs-01.txt

On Wed, Jan 27, 2016 at 12:00:36AM +0000, Mike Bishop wrote:
> I believe the other comment is also around AUTOMATIC_USE, since both 
> occurrences of "future streams" are in that context.  Basically, it 
> means any future stream on which the server would have made the same 
> request, the server can just use the provided cert and not burn an RTT 
> asking.

And requests where that cert is inapporiate MUST NOT made on that connection.

Also, can it apply to streams that are none of:
1) The stream AUTOMATIC_USE is sent on
2) Stream in IDLE.
3) Stream in PUSH_PROMISE

At the time AUTOMATIC_USE is sent?

If yes, that would be a nasty surprise...

> Yes, the client loses visibility into whether the cert has been used, 
> and loses the ability to *not* use the cert if it chooses.  That's a 
> trade-off the client can make -- if it wants to retain those 
> capabilities (at the expense of 1 RTT per request), it just doesn't 
> set AUTOMATIC_USE.

I don't think server chosing to ignore cert is a problem, as it is equivalent to cert just provoding no privilege at all. But using a cert that should not be used is a *serious* security problem in presence of more than 2 parties (like in Web (but Web is far from being the only place where security problems happen)).

> The client makes the call -- and as Martin points out, it's 
> state-changing for the connection.  Once you AUTOMATIC_USE a 
> certificate, the server MAY apply it to any future request you make on the connection.
> If you change your mind later, new connection (and presumably GOAWAY 
> the old one).

Actually, in many cases where one would want to revoke certificate use, the old connection is not GOAWAY'd as it still might be useful.

> As to requiring EMS,

Basically, if you don't require EMS, maliscous server can hijack autenticated connection and misuse the certificates. HTTP/2 TLS use guidelines don't even come close to being able to prevent attacks like this.

> reducing exporter, and appropriate HashAndSignature algorithms, I'll 
> defer to those with more expertise in TLS-land.

Basically, I favor dropping insecure or excessively weak algorithms from new specifications or versions, even at severe cost to deploy- ability. We have gotten burned *far* too many times from not doing that, and *will* get burned in future if we continue allowing those.



-Ilari

v2.23.0 | Report a Bug | By Email