Re: Secdir last call review of draft-ietf-tls-exported-authenticator-09
"Martin Thomson" <mt@lowentropy.net> Sun, 21 July 2019 14:26 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D2DE12004D for <ietf@ietfa.amsl.com>; Sun, 21 Jul 2019 07:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=LwjQna7V; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=sF3vX4oK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iEcRA1M9auxh for <ietf@ietfa.amsl.com>; Sun, 21 Jul 2019 07:26:45 -0700 (PDT)
Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC67D120020 for <ietf@ietf.org>; Sun, 21 Jul 2019 07:26:45 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.nyi.internal (Postfix) with ESMTP id E9C302FB3 for <ietf@ietf.org>; Sun, 21 Jul 2019 10:26:44 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Sun, 21 Jul 2019 10:26:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=ec8pSGz+U62PH7esp53+ZMNLi+mjalu CToqje8qlbYQ=; b=LwjQna7V/WdEOkwbRFqc5J+lZz3CLdd09clQwGxRiAQOOSj bNRQ/Laa4x67/hAh7VT/w1+KRkIQ8Q7C6H3IBCrXQDdlapej8k+SdDfmaFz/qqTm YqHUTY9ZQjUL4ygQ738skpdPXmw7sN7grFK/DspPY0o41anlxq2laFskwQtRWlsq a2bQBBZVtFWBL8juAEk4GcjzIDG/P1/DqnHEjapXA2I0X4scD++ukxywDctcnxLz CB85rWvR4H8vzilnFYj3RYYjx7ytmnVHns/B3bB758lY+nn4/E4O/XENSPl4CnoN 8md47OG6011+KanrplKmDtBxzGDjUtL+R4P8qTA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=ec8pSG z+U62PH7esp53+ZMNLi+mjaluCToqje8qlbYQ=; b=sF3vX4oKJ19afL5CkoWibn xy/Lu+YHsXy2CJz3xV4HA5B27xoeLQymj4W3f0VkmYqrMlnPD7n9J9hVXOyDfp0f x/aguIlhRBI3jJ9EfBu8xDNCpxPaWTPmurcqPTrS8S4TuZPxAR0Ug5gWPz59n+BX T1OirmidcED7ASNWIkor18gbME3HpluvIv3JM34YNTMPb7ptTGwJb8AEET6qYhpe f+pGmEz++HT/VhpOWmimXk6O7xN2JBT9+n3nUmKuba/FaDkivXN9fOW4VT8oDAEy FKeuFrgLLwq+Dt7Mnq7mqhWrq6u3tniG4YjrG8O4zdVTuTRxOE7OoQ/VKtHKcsgQ ==
X-ME-Sender: <xms:JHY0XZNVTIgO4g7kjLZMZu2-nFnpfFesQlhS_ipMXloMIi0YbKsuZQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrjedvgdejlecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreerjeenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofi gvnhhtrhhophihrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:JHY0XYurS5m-BG5HMa7rOxm_skYB1fFB3EMa-dZvmpPXg9w22Nqq_w> <xmx:JHY0XX22nLer9M5kmDdQ14J2rc4vIT1Pft6k8s7chlL6i5BXFybRNw> <xmx:JHY0XeVbTm6bVMey52Jfxf1oAWmK3ssESXxxgxk61Ss5P5oSYnKQyw> <xmx:JHY0XfZC-4CtpaUU5IdvS_k_q6vopcehTI7xxo29dZYDZGjlYqj3HQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 01D3DE0178; Sun, 21 Jul 2019 10:26:43 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-736-gdfb8e44-fmstable-20190718v2
Mime-Version: 1.0
Message-Id: <a5b0c119-b0fb-42e3-8795-9d4cfbda99d3@www.fastmail.com>
In-Reply-To: <20190721015659.GL23137@kduck.mit.edu>
References: <156330717256.15259.2193942101748847069@ietfa.amsl.com> <20190721015659.GL23137@kduck.mit.edu>
Date: Sun, 21 Jul 2019 10:26:56 -0400
From: Martin Thomson <mt@lowentropy.net>
To: ietf@ietf.org
Subject: Re: Secdir last call review of draft-ietf-tls-exported-authenticator-09
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/fF5SjddN5OLAx--gJ6iE_4FP5js>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Jul 2019 14:26:47 -0000
On Sat, Jul 20, 2019, at 21:57, Benjamin Kaduk wrote: > > already supported by TLS libraries? Also, are we in effect deprecating this TLS > > 1.3 feature because of the security issue of the mismatched record boundaries? > > I think in some peoples' minds that would be a good thing, though it's not > entirely clear that we are actually doing so. This wouldn't deprecate post-HS auth. It is intended to cover the cases where post-HS auth does not work. See draft-ietf-httpbis-http2-secondary-certs. > > "SHOULD use TLS", change to MUST. There's no way it can work otherwise anyway. > > What about QUIC? I think that we can safely regard QUIC (at least those versions that use TLS) as TLS. An informative mention might help avoid any confusion regarding this point. We might also regard DTLS-SRTP as one such protocol. > > * Is > > there a requirement for all protocol messages to be sent over a single TLS > > connection? If so, please mention it. Certainly this is true for the > > Authenticator message that must be sent over a single connection and cannot be > > multiplexed by the high-level protocol. I think this protocol actually assumes > > "nice" transport properties (no message reorder, reliability) that also require > > a single, clean TLS connection. > > It seems like we should be more clear about what we do (and do not) > require. Though IIRC we can do separate authenticators in parallel and not > require them to be ordered with respect to each other. See above regarding DTLS-SRTP. Being too crisp might constrain usage inappropriately. > > * Why no authenticator request for servers? > > Don't we care about replay? OTOH if the client wants to detect replays, it > > would need to keep state on received authenticators, which would be very messy. > > IIUC the thinking is that there's no way to revoke an authenticator for a > connection, so replay (if not detected by another layer anyway) would not > cause the authentication state to change. Ben is correct. > > * 7.1: this is > > changing TLS 1.3 by allowing this extension in Cert Request! I think it's a > > really bad idea. Better to hack special support to existing libraries, allowing > > this specific extension for this special case, than to change the base > > protocol. Otherwise, this document should UPDATE 8446. > > Or, since extension codepoints are cheap, just use a newcodepoint. We might want to discuss this one this week if we can.
- Secdir last call review of draft-ietf-tls-exporte… Yaron Sheffer via Datatracker
- Re: Secdir last call review of draft-ietf-tls-exp… Nick Sullivan
- Re: Secdir last call review of draft-ietf-tls-exp… Benjamin Kaduk
- Re: Secdir last call review of draft-ietf-tls-exp… Martin Thomson
- Re: Secdir last call review of draft-ietf-tls-exp… Nick Sullivan
- Re: Secdir last call review of draft-ietf-tls-exp… Nick Sullivan
- Re: Secdir last call review of draft-ietf-tls-exp… Yaron Sheffer
- Re: Secdir last call review of draft-ietf-tls-exp… Nick Sullivan
- Re: [TLS] Secdir last call review of draft-ietf-t… Benjamin Kaduk
- Re: [TLS] Secdir last call review of draft-ietf-t… Nick Sullivan