Re: [kitten] [TLS] last call: draft-ietf-kitten-tls-channel-bindings-for-tls13-02
Jonathan Hoyland <jonathan.hoyland@gmail.com> Fri, 12 March 2021 11:45 UTC
Return-Path: <jonathan.hoyland@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B2093A1910; Fri, 12 Mar 2021 03:45:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ieBa7KLqZFhi; Fri, 12 Mar 2021 03:45:35 -0800 (PST)
Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD69F3A190E; Fri, 12 Mar 2021 03:45:35 -0800 (PST)
Received: by mail-qv1-xf2e.google.com with SMTP id h3so4069801qvh.8; Fri, 12 Mar 2021 03:45:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IwrfKMpd+JPMSX2YdDq6kEV2nqBjyPdLxDiypLGn290=; b=ocZxZnZbSo3eGiD6AstGrnhbwF22rKE0MkZJBzxXgr2qCECK1zHH6vJEazFCN68l7D f6ilTz8lPhKwsDYO/v12dCgnyqcfZpvSeaZkjXNFeWjB1ZQoPbx45Qx3Kl7AaFecB/nq 1k+7kW4Z2aJQ5uZZ0UN1eGdNKRyrXMkh7VwTd8C27j+qDXLpNYt4bNxi6vm3i3Ok0Epo Vz5Z0b/BDqhvAFWJA4JYNdmrPkv/MAIz0EZP23jJDjyfobdh5/g+Zy8QQItSY7lGyNnX kqUAVCXV64DdU3EjgA1qc4lEZWB+y5hPFSC4mk30JdHYVEcA9xCXjy0LM1heTsJAB3B+ kqOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IwrfKMpd+JPMSX2YdDq6kEV2nqBjyPdLxDiypLGn290=; b=YQhWLu3a/8SB+l3pI6MQbQk2hcXffl+8Q42gp5MSVS8PceTDIfhMzxIY0mwxJdenBN hq/+LzCOfd4S7mib9oQ2F8uUVpFEvZ9UINLKYAiomGM8S6Jfv6HPf5vrFGXiGmKkFCtu OciL8Vt46AXxJR5S6AaOteiy0B8l5+t2VFA6BXzDvFtvhMXUQ/EpJ+NHDGE+fvgOMCf6 7NAzbuGEAjoxKfjOgMYtCTco8Jz8EjlHUdYaSLq4CE6d3rELy6xXVBKehwyERmuyOCwy F65BamcrZJOL5Imoqh9IaCADdUWdCsjPJ1hHg2VTMOTsql0ndVRHd73fSVnzH90AR/ia wqwg==
X-Gm-Message-State: AOAM5309xldzUczk06Rla8cHxSbh7T3fsacphsWVvZ36MH7GmxXiCUEI W+qs5eoU7vzuvJCVYuwr451xTbRAa5B9reVVrsY=
X-Google-Smtp-Source: ABdhPJyPUeHLLZGxQKpM+mQtlaZfPuFLA/9sv4uZ/zkl2gWQVoqfP9LXEfziS9CeK1ymfk/M97QXaKA+cBQZbu8q2y4=
X-Received: by 2002:ad4:4c83:: with SMTP id bs3mr11797938qvb.41.1615549533832; Fri, 12 Mar 2021 03:45:33 -0800 (PST)
MIME-Version: 1.0
References: <jlgy2eu3j6s.fsf@redhat.com> <CACsn0c=Z5bNcpYGNEQi5RhzvV9LaKckH230Un2Oqp6ot457VNQ@mail.gmail.com> <20210310193630.GJ30153@localhost> <CACykbs1PAhVCRD3GmjkAESox_jPBH9LqLLdtGZ7AWBrnZDzLGg@mail.gmail.com> <CACsn0cmK=WnAaby_SOrFk+Vty4uHtXtsGUKxUMSVm6CReVgCBQ@mail.gmail.com>
In-Reply-To: <CACsn0cmK=WnAaby_SOrFk+Vty4uHtXtsGUKxUMSVm6CReVgCBQ@mail.gmail.com>
From: Jonathan Hoyland <jonathan.hoyland@gmail.com>
Date: Fri, 12 Mar 2021 11:47:42 +0000
Message-ID: <CACykbs39LDcudiA0WTuQNH_NJZdoNSd=TextV2HOvtu8b8fF5g@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: Nico Williams <nico@cryptonector.com>, KITTEN Working Group <kitten@ietf.org>, TLS List <tls@ietf.org>, Robbie Harwood <rharwood@redhat.com>
Content-Type: multipart/alternative; boundary="00000000000014cbc305bd55706c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/13pPj4E3-gYwpbu2K844uI1BPoU>
Subject: Re: [kitten] [TLS] last call: draft-ietf-kitten-tls-channel-bindings-for-tls13-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 11:45:37 -0000
Hi Watson, Exporters are a form of channel binding (in the protocol theory sense, not in the RFC 5056 sense). Two protocols that use the defined binding on a single TLS connection will derive the same Exporter. This is clearly intended to be generic, the input string is "EXPORTER-Channel-Binding" not something specific to a single protocol, so presumably more than one thing will use it. Ideally this wouldn't be defined and anything that would have used this would just use the Exporter interface directly because, as you say, using the Exporter interface with different context strings will yield different values. However, if this "Channel binding" exporter is defined as described, and is used by more than one thing, as the name suggests, then it will have all the same issues as those found by Karthik. Yes, other things that use the Exporter interface will be unaffected, but if two things use this binding then they could be vulnerable. Regards, Jonathan On Thu, 11 Mar 2021 at 21:56, Watson Ladd <watsonbladd@gmail.com> wrote: > On Wed, Mar 10, 2021 at 3:57 PM Jonathan Hoyland > <jonathan.hoyland@gmail.com> wrote: > > > > IIUC a channel binding (in this context) provides a unique "name" for a > channel. > > In the case where two distinct protocols running over the top of TLS use > this definition, they will both get the same channel binding. > > This draft is using exporter instead since channel bindings died an > ignominious death at the hands of Karthikeyan Bhargavan and his > students. Because it uses exporters and registers a use in the > registry, the other exporter values will be distinct. > > Exporters are stronger, so I think this is less relevant. > > Sincerely, > Watson Ladd > -- > Astra mortemque praestare gradatim >
- [kitten] last call: draft-ietf-kitten-tls-channel… Robbie Harwood
- Re: [kitten] [TLS] last call: draft-ietf-kitten-t… Watson Ladd
- Re: [kitten] [TLS] last call: draft-ietf-kitten-t… Nico Williams
- Re: [kitten] [TLS] last call: draft-ietf-kitten-t… Jonathan Hoyland
- Re: [kitten] [TLS] last call: draft-ietf-kitten-t… Watson Ladd
- Re: [kitten] [TLS] last call: draft-ietf-kitten-t… Jonathan Hoyland
- Re: [kitten] last call: draft-ietf-kitten-tls-cha… Dave Cridland
- Re: [kitten] last call: draft-ietf-kitten-tls-cha… Sam Whited