Re: [kitten] SCRAM and draft-ietf-kitten-tls-channel-bindings-for-tls13

Simon Josefsson <simon@josefsson.org> Sat, 27 March 2021 19:08 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46AF13A0D76 for <kitten@ietfa.amsl.com>; Sat, 27 Mar 2021 12:08:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b=IhWu+a9J; dkim=pass (2736-bit key) header.d=josefsson.org header.b=FK3S4daq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PX3V5M20DfVx for <kitten@ietfa.amsl.com>; Sat, 27 Mar 2021 12:08:43 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7F163A0DA5 for <kitten@ietf.org>; Sat, 27 Mar 2021 12:08:41 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2101; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=WXZdZzLkzTjFmAbpmkghEF3IC5FBTRtweaCKKj8BntY=; t=1616872121; x=1618081721; b=IhWu+a9JL1ChdImZvLemZ5uvt1ieYBrLMWQ1E8pPWZWLPkXDc2Hzz8omnyPK7DCrVe5YNWPkzK /CCv8gkhO/Aw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2101; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=WXZdZzLkzTjFmAbpmkghEF3IC5FBTRtweaCKKj8BntY=; t=1616872121; x=1618081721; b=FK3S4daqChES7QGOifMXsaKsujKQA7m+Aq4hJ2VJo5HAWPX6rByJAB4qMPnVvwhXM/b3a5448x A/Q0dYOd+O6WxQRLrrcdj9sIEdshbwysvlSSZLHNGa7x14DFOmI4/VvWtksHQysWZ9/UaJMUTY1vM fkRDd5hVaxdDTkBK948zSwZPkY51/C6tD/kx6zSgkvw4teKzDR1MdxwJ7bOQs6+w8UcwMH6AWALUI GZkE7eW7mQGiih0SumvgP+FkRwBpoCjy+DzWlhZJ5m6POT5LT9OmizJf9mex08YwadWfPpR3hw+LE Ub9qx8yQPHl3z7aEOboqyRIw3dWMSk8YzMqwS/RrVRaExG0Pu1j+G00ab/MCgUyeJsWvb3VKPU7JF Dyqo+cwS5X8IDBUd4xqU03/gVTTfm8XnahuNB90f8HW7HJ6n3+a99cePVc+Y5IujQR+lDY51ux ;
Received: from h-130-130.a498.priv.bahnhof.se ([178.174.130.130]:50136 helo=latte) by uggla.sjd.se with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <simon@josefsson.org>) id 1lQEIW-000225-DC; Sat, 27 Mar 2021 19:08:36 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Sam Whited <sam@samwhited.com>
Cc: KITTEN Working Group <kitten@ietf.org>
References: <874kgztvs4.fsf@latte.josefsson.org> <313a79cb-b58e-4098-b79e-2030c4e77c15@www.fastmail.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:22:210327:sam@samwhited.com::OxiKFPKwxUegb2GF:mKk
X-Hashcash: 1:22:210327:kitten@ietf.org::UZPEGJt/XGE3EJ2Q:FdBH
Date: Sat, 27 Mar 2021 20:08:36 +0100
In-Reply-To: <313a79cb-b58e-4098-b79e-2030c4e77c15@www.fastmail.com> (Sam Whited's message of "Thu, 25 Mar 2021 08:10:34 -0400")
Message-ID: <87v99cs9cb.fsf@latte.josefsson.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/6P0iKt1nCexX57SusmxPyDrsldw>
Subject: Re: [kitten] SCRAM and draft-ietf-kitten-tls-channel-bindings-for-tls13
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Mar 2021 19:08:49 -0000

"Sam Whited" <sam@samwhited.com> writes:

> I don't really know what "Updates" means in this context, so I just put
> an RFC that uses tls-unique. The point wasn't so much that it changes
> any normative text, but that this document should be discoverable from
> 5802 so that if you read "tls-unique" then go up to the top and see
> "Updated by <new TLS 1.3 unique CB RFC>" you have a chance at finding
> and implementing this instead.

That makes sense, but to me it isn't clear how I would actually
implement SCRAM (or GS2) when your draft is approved.  Are you
suggesting to replace tls-unique with something else?  There seems to be
some guidance missing.  There is backwards compatibility concerns with
changing the default channel binding.

/Simon

> On Thu, Mar 25, 2021, at 05:41, Simon Josefsson wrote:
>> Thanks for draft-ietf-kitten-tls-channel-bindings-for-tls13!  It is
>> not clear to me that it would actually modify anything for SCRAM/GS2,
>> would it?  Those documents still reference 'tls-uniqe' and things will
>> still be broken, as far as I can tell.  Should the new draft update
>> the SCRAM/GS2 specs?  I believe the channel binding flexibility in
>> SCRAM/GS2 has been one complexity that has prevented adoption, but
>> solving that may be too late but we may be able to solve the security
>> issues.  I see that there is an 'Updates: 5802' but I can't find any
>> text describing what is intendted to be changed.