Re: [keyassure] Bare keys again
Matt McCutchen <matt@mattmccutchen.net> Mon, 21 March 2011 20:28 UTC
Return-Path: <matt@mattmccutchen.net>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1630828C174 for <keyassure@core3.amsl.com>; Mon, 21 Mar 2011 13:28:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FybAO5emfC4O for <keyassure@core3.amsl.com>; Mon, 21 Mar 2011 13:28:00 -0700 (PDT)
Received: from homiemail-a4.g.dreamhost.com (caiajhbdcbbj.dreamhost.com [208.97.132.119]) by core3.amsl.com (Postfix) with ESMTP id 81B1528C16C for <keyassure@ietf.org>; Mon, 21 Mar 2011 13:27:59 -0700 (PDT)
Received: from homiemail-a4.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a4.g.dreamhost.com (Postfix) with ESMTP id 5F95451C08B; Mon, 21 Mar 2011 13:29:32 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=mattmccutchen.net; h=subject:from :to:cc:in-reply-to:references:content-type:date:message-id :mime-version:content-transfer-encoding; q=dns; s= mattmccutchen.net; b=bS5+9ikWm2+NW5hZKqTddlNJ6sYDcfPQdjBZWXAYqrQ x//TiIpE8YK9Zo3LKA5o2jQEbnPdjiX6xYP4R2ir51ivqSbAUCW0pE49K5jNxhge StS30jsM6j61tckmUPLPX2rKtLkfXUwS+xaIEc2dZW/cMrjOVnt0iflw1/cCTpIM =
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mattmccutchen.net; h= subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:content-transfer-encoding; s= mattmccutchen.net; bh=+5chxKb1mL4gxk/80z+pCnD+Wog=; b=eg7VHUp6Ck QM3BOCKXbWmg/QrvN9w+HRCmH94eLlnpJzHkxtnTD8NHzD3HOWOJW/8RYQEoIfz5 teLaw01UYkElYfBA1icQ4QEWEzhY0YlOfTfteXjug9YCi5yitZ6sJalSDtK72m9o Thk6rvOQs5hTBDBauXY1EV8CICyHu1z2o=
Received: from [192.168.1.40] (pool-96-231-2-98.washdc.east.verizon.net [96.231.2.98]) (Authenticated sender: matt@mattmccutchen.net) by homiemail-a4.g.dreamhost.com (Postfix) with ESMTPA id E6E3051C07C; Mon, 21 Mar 2011 13:29:31 -0700 (PDT)
From: Matt McCutchen <matt@mattmccutchen.net>
To: Paul Wouters <paul@xelerance.com>
In-Reply-To: <alpine.LFD.1.10.1103202211390.20162@newtla.xelerance.com>
References: <92D68A5E-5CB7-4C80-8D7B-0B8D55D93608@kumari.net> <alpine.LFD.1.10.1103201932370.20162@newtla.xelerance.com> <9D285351-8D73-4C15-BE2C-5DF731C08DCE@vpnc.org> <alpine.LFD.1.10.1103202028110.20162@newtla.xelerance.com> <1300669586.2117.12.camel@localhost> <alpine.LFD.1.10.1103202211390.20162@newtla.xelerance.com>
Content-Type: text/plain; charset="UTF-8"
Date: Mon, 21 Mar 2011 16:29:30 -0400
Message-ID: <1300739370.2117.40.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.3
Content-Transfer-Encoding: 7bit
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Bare keys again
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2011 20:28:09 -0000
For completeness (I think the main points have been also made elsewhere): On Sun, 2011-03-20 at 22:18 -0400, Paul Wouters wrote: > On Sun, 20 Mar 2011, Matt McCutchen wrote: > > >> The client sends its hello message saying "I have all the CA root trust > >> anchors I need from pre-agreement". Whether that means it got information > >> from DNSSEC/DANE or elsewhere does not matter. What matters is, is that > >> the client can start the TLS handshake without the server sending any > >> PKIX certs. > > > > How does this look at the message level? The server sends a Certificate > > message containing a zero-length sequence of certificates? > > No, it sends an Hello TLS extension of type "trusted_ca_keys" containing > in its "extension_data" a 'struct' TrustedAuthorities containing one > "TrustedAuthority" that has an "IdentifierType" of "agreed" which is > 'struct {}' I understand that part. I was asking about the "without the server sending any PKIX certs" part. > > This is not > > at all what is envisioned by RFC 6066. To say that your scheme involves > > no TLS protocol changes is a little misleading: you are using existing > > messages but dramatically repurposing them. > > Not at all! According to 6066: > > 6. Trusted CA Indication > > > Constrained clients that, due to memory limitations, possess only a > small number of CA root keys may wish to indicate to servers which > root keys they possess, in order to avoid repeated handshake > failures. > > In order to indicate which CA root keys they possess, clients MAY > include an extension of type "trusted_ca_keys" in the (extended) > client hello. The "extension_data" field of this extension SHALL > contain "TrustedAuthorities" where: > > struct { > TrustedAuthority trusted_authorities_list<0..2^16-1>; > } TrustedAuthorities; > > struct { > IdentifierType identifier_type; > select (identifier_type) { > case pre_agreed: struct {}; > case key_sha1_hash: SHA1Hash; > case x509_name: DistinguishedName; > case cert_sha1_hash: SHA1Hash; > } identifier; > } TrustedAuthority; > > enum { > pre_agreed(0), key_sha1_hash(1), x509_name(2), > cert_sha1_hash(3), (255) > } IdentifierType; > > opaque DistinguishedName<1..2^16-1>; > > Here, "TrustedAuthorities" provides a list of CA root key identifiers > that the client possesses. Each CA root key is identified via > either: > > - "pre_agreed": no CA root key identity supplied. "pre_agreed" stands for a set of one or more trust anchors that is already known to the other side in the context of a particular deployment. Hence, bandwidth is saved by not sending identifiers for the trust anchors. Using "pre_agreed" to tell the server it can skip sending a certificate chain is not envisioned by RFC 6066. > > IMO, this scheme should be > > standardized and subjected to the attendant level of scrutiny before we > > consider supporting it in DANE. > > The only thing that is different here is that I am using a client contraint > that is different from the examples listed at the start of section 6. What is different is that the server does not send a certificate chain. -- Matt
- Re: [keyassure] Issues that no longer issues? Ondřej Surý
- [keyassure] Issues that no longer issues? Warren Kumari
- Re: [keyassure] Issues that no longer issues? Paul Wouters
- [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Stephen Kent
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Phillip Hallam-Baker
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Jeff Schmidt
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Douglas Otis
- Re: [keyassure] Bare keys again Douglas Otis
- Re: [keyassure] Bare keys again Henry Story
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Ben Laurie
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Matt McCutchen