IETF Logo Mail Archive

Re: Call for Adoption: Secondary Certificate Authentication in HTTP/2

Amos Jeffries <squid3@treenet.co.nz> Sun, 17 July 2016 07:54 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91CA012D1BB for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 17 Jul 2016 00:54:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.208
X-Spam-Level:
X-Spam-Status: No, score=-8.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s7JFib2e7oGh for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 17 Jul 2016 00:54:21 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E91812D1A2 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 17 Jul 2016 00:54:21 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bOgq5-00017M-IN for ietf-http-wg-dist@listhub.w3.org; Sun, 17 Jul 2016 07:50:13 +0000
Resent-Date: Sun, 17 Jul 2016 07:50:13 +0000
Resent-Message-Id: <E1bOgq5-00017M-IN@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <squid3@treenet.co.nz>) id 1bOgq1-00016R-Oe for ietf-http-wg@listhub.w3.org; Sun, 17 Jul 2016 07:50:09 +0000
Received: from [121.99.228.82] (helo=treenet.co.nz) by maggie.w3.org with esmtp (Exim 4.80) (envelope-from <squid3@treenet.co.nz>) id 1bOgpz-00056O-8C for ietf-http-wg@w3.org; Sun, 17 Jul 2016 07:50:09 +0000
Received: from [192.168.20.251] (unknown [121.98.40.13]) by treenet.co.nz (Postfix) with ESMTP id 8A22EE6FBF for <ietf-http-wg@w3.org>; Sun, 17 Jul 2016 19:49:34 +1200 (NZST)
To: ietf-http-wg@w3.org
References: <F9D2CFF3-57C2-41BD-ACB1-FA6C991458D7@mnot.net> <CABcZeBPTYgcfecKErhacR=jfXkoRPESgUQ=1pzPEWg092fqZvw@mail.gmail.com> <BL2PR03MB1905D20659B406937EA7C021873B0@BL2PR03MB1905.namprd03.prod.outlook.com> <CABcZeBOuf0k5VwSO1nMp-P0YXF-j8pZ7ZVF1h-_pMU54LnwpJQ@mail.gmail.com> <CABkgnnXL-hS-raH5cC3c0nzpTHWP8speLbOhFNppv4p5LB5nQQ@mail.gmail.com> <CAOdDvNoVYPojUzqTgZBv=bqKFDPy8pg-w78s37Aa1WYQ0=g3GA@mail.gmail.com> <BLUPR03MB1330DCF6DD19EF369A56949A87340@BLUPR03MB1330.namprd03.prod.outlook.com>
From: Amos Jeffries <squid3@treenet.co.nz>
Message-ID: <6cec80ab-dd00-41ef-f2ea-e92d8f00cbdc@treenet.co.nz>
Date: Sun, 17 Jul 2016 19:49:33 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <BLUPR03MB1330DCF6DD19EF369A56949A87340@BLUPR03MB1330.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=121.99.228.82; envelope-from=squid3@treenet.co.nz; helo=treenet.co.nz
X-W3C-Hub-Spam-Status: No, score=-4.3
X-W3C-Hub-Spam-Report: AWL=-1.234, BAYES_00=-1.9, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1bOgpz-00056O-8C df949a28e71544a79f66ffe3cafe4dd0
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Call for Adoption: Secondary Certificate Authentication in HTTP/2
Archived-At: <http://www.w3.org/mid/6cec80ab-dd00-41ef-f2ea-e92d8f00cbdc@treenet.co.nz>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31988
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 17/07/2016 7:30 a.m., Mike Bishop wrote:
> Thanks for the editorial catches!
> 
> Server might also prefer encrypted SNI, but with this model it’s only
> the client that decides whether to conceal the identity it actually
> intends to make requests of.  We can tweak the wording.  Your point
> about not calling it the “”real” certificate” with quotes is another
> candidate for wordsmithing.  The certificate of the origin to which
> it actually intends to make requests?  I’m basically taking this off
> of EKR and DKG’s idea that you do an external TLS handshake with an
> innocuous hostname, then get the cert for the hostname you actually
> care about inside the encrypted context.  So “fake” in that it’s not
> actually the origin you care about, not “fake” in the not-valid
> sense.

So one certificate is about the channel and one about the origin. Can we
agree to use those terms (or similar polite equivalents) to describe them?

I agree with Patrick. Lets avoid branding anything "fake" if its an
expected or required part of the protocol, even if only by implication
of derived from something else being "real".


> 
> Yeah, the stream states aren’t ideal.  I was trying to define invalid
> stream states, and basically came down to only one stream state where
> this exchange can’t be made.  And you’re correct – it will normally
> either be done on an idle stream (pre-HEADERS) or a closed stream
> (unauthenticated push).  We could simplify that if we just said that
> servers MUST provide the certificate prior to pushing, which is
> probably worthwhile.  If we’re not expecting/permitting clients to
> just remember which certificates were collocated, then the server
> always knows exactly what set of certificates the client has seen
> from it on the current connection.

Considered the other way, what use is the certificate if its not
received until (long?) after the recipient has delivered the related
stream data[1] on to other unsuspecting actors?

Because thats what it will probably be doing once a stream is closed.
There is also the case of the stream closure triggering the whole
connection closure and in-transit octets being discarded unseen.


[1] I mean the transaction data in its general sense. HTTP headers,
metadata and payload inclusive, either partially or in whole


> 
> We’ve gotten into the is-it/isn’t-it of IP routing, name resolution,
> and the PKI’s interrelationship in the security model a couple times
> now.  I think you’ve mostly convinced me that we’re effectively
> betting the farm on certs and routing is just our security blanket,

I don't see why you would need convincing of that. This draft is about
certificate security - its name says as much. One expects it to focus on
the certificate part of the system and rely on external resources to
define the other parts.


> but the reality is that this would still make the use of a cert
> compromise / spoof much nastier.  I don’t have to get you to connect
> to me with the origin I compromised, I just have to get you to
> connect to me with some origin.  And the restriction does exist in
> HTTP/2 already, so I’d like a little better motivation to change it
> than just having thought better of it.  If it’s actually wrong,
> should we be updating RFC 7540 independent of this work?  Do you
> ignore DNS for coalescing purposes if the presented cert is valid for
> the origin?  But yes, I’d like to see us clarify our security model
> and assumptions, and if this helps move us down that road, I’m
> happy.

Calling the important dependencies out is good of course, but not at
expense of drowning out the document focus.


HTH
Amos

v2.23.0 | Report a Bug | By Email