IETF Logo Mail Archive

Re: Call for Adoption: Secondary Certificate Authentication in HTTP/2

Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 27 June 2016 17:44 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7AA112D689 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 27 Jun 2016 10:44:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.347
X-Spam-Level:
X-Spam-Status: No, score=-8.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y9Gohsd-J7Hj for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 27 Jun 2016 10:44:01 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA55F12D674 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 27 Jun 2016 10:44:00 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bHaVn-00007g-It for ietf-http-wg-dist@listhub.w3.org; Mon, 27 Jun 2016 17:39:55 +0000
Resent-Date: Mon, 27 Jun 2016 17:39:55 +0000
Resent-Message-Id: <E1bHaVn-00007g-It@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <ilariliusvaara@welho.com>) id 1bHaVd-00005g-L6 for ietf-http-wg@listhub.w3.org; Mon, 27 Jun 2016 17:39:45 +0000
Received: from welho-filter2.welho.com ([83.102.41.24]) by lisa.w3.org with esmtp (Exim 4.80) (envelope-from <ilariliusvaara@welho.com>) id 1bHaVb-0003I3-Il for ietf-http-wg@w3.org; Mon, 27 Jun 2016 17:39:45 +0000
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id C0AD98535; Mon, 27 Jun 2016 20:39:15 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id ocT-2hGzkpK9; Mon, 27 Jun 2016 20:39:15 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-177-32.bb.dnainternet.fi [87.100.177.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id 60A8D283; Mon, 27 Jun 2016 20:39:15 +0300 (EEST)
Date: Mon, 27 Jun 2016 20:39:13 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20160627173913.GA2456@LK-Perkele-V2.elisa-laajakaista.fi>
References: <F9D2CFF3-57C2-41BD-ACB1-FA6C991458D7@mnot.net> <20160624072833.GA6241@LK-Perkele-V2.elisa-laajakaista.fi> <CABkgnnWS0oA=OK7PScBEU6SBEu5DFpqSZAgWL1VpGBfLGOZhFA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABkgnnWS0oA=OK7PScBEU6SBEu5DFpqSZAgWL1VpGBfLGOZhFA@mail.gmail.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
Sender: ilariliusvaara@welho.com
Received-SPF: none client-ip=83.102.41.24; envelope-from=ilariliusvaara@welho.com; helo=welho-filter2.welho.com
X-W3C-Hub-Spam-Status: No, score=-6.0
X-W3C-Hub-Spam-Report: AWL=-0.857, BAYES_00=-1.9, RP_MATCHES_RCVD=-1.287, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1bHaVb-0003I3-Il cfdfaf52a3c7d73f1f59831b18601d50
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Call for Adoption: Secondary Certificate Authentication in HTTP/2
Archived-At: <http://www.w3.org/mid/20160627173913.GA2456@LK-Perkele-V2.elisa-laajakaista.fi>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31801
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Mon, Jun 27, 2016 at 12:06:43PM +1000, Martin Thomson wrote:
> On 24 June 2016 at 17:28, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
> >
> > What I don't like is MUST not send USE_CERTFICATE without
> > CERTIFICATE_REQUIRED. This forces client that wants to maintain
> > the required control in order to safely mux across authoriteies to
> > eat extra RTT for every request (yes, it would be guessing without,
> > but likely highly accurate guessing[1]).
> 
> This is something I'm not entirely happy with myself.  Hopefully we
> can find some way that we can define an interaction that doesn't
> require both the extra round trip AND the complexity.  As Cory notes,
> this is more complex than ideal.

Well, basically IMO the needs for client-server direction are:

1) Client to select the certificate set on per-request basis (including
   selecting the empty set).
2) Not to have to eat extra RTT for per-request control (as having to
   do that would be a perverse incentive).
3) Server to indicate that more certs are needed.
4) Client to be able to refuse server's request for extra certificate.

The set selection in 1) is obviously client-specific. E.g. Curl and
Firefox will do it in rather different ways.
 
An optimization would be for client to signal that the certificate set
it sent for request is closed: Any request to extend it will be denied
(the set will probably be empty, but not necressarily).

Capability to unilaterially send certificates would obviously
complicate things, as one would need to handle wild guesses about
capabilities of the server.


For the server-client direction:

1) Ability for server to push a new certificate unilaterially, and
   have the names appear in authority set.

IMO, no need to be ever able to remove names from that set or to
temporarily disable entries.

> > Also, with regard to certificate chains, there are still loads of
> > certificate chains that contain PKCS#1v1.5 signatures, and there will
> > likely be for forseeable future[2].
> 
> That's fine.  But we are explicitly not saying what is permitted in
> the certificate chain, we are only saying what *this* protocol can
> carry.  (In my opinion, saying that signature_algorithms also applies
> to signatures on certificates is a mistake in TLS; and we we don't
> need to replicate that.)

Oh, looks like I misinterpretted it then...

And yeah, what is acceptable for end-entity signature and certificate
chain are two different things.

Also, the legacy constraints are different (where one can use modern
stuff and limit the combinations for EE signature, there is lot worse
stuff still out there with CA certs and signatures).


-Ilari

v2.23.0 | Report a Bug | By Email