Re: [kitten] Comments on draft-tls-channel-bindings-for-tls13
Sam Whited <sam@samwhited.com> Thu, 19 November 2020 02:41 UTC
Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 390253A0A20 for <kitten@ietfa.amsl.com>; Wed, 18 Nov 2020 18:41:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=T6OaMq5i; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=SfTT5TxC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d8p--4_ckcRv for <kitten@ietfa.amsl.com>; Wed, 18 Nov 2020 18:41:54 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2EDD3A0A13 for <kitten@ietf.org>; Wed, 18 Nov 2020 18:41:53 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id EE7F55C0079 for <kitten@ietf.org>; Wed, 18 Nov 2020 21:41:52 -0500 (EST)
Received: from imap34 ([10.202.2.84]) by compute4.internal (MEProxy); Wed, 18 Nov 2020 21:41:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm1; bh=UcTJU AMK37eoP7NwrpzDGTcet/plDhVWysn7Z6N//BE=; b=T6OaMq5iiaASBoz01UbEG AlOjcSibkAff6c7TkE58MB+FQlE8FalLhrXVTQ1WPDAoEL4MEP+EQf5aAYTXktHn s5b/OQvCOTVVjGwBxPvitOYnQAUDMknYQHArMGqG2LC4NR1eZrkZ3Zr1wMxj9j6b UK0B0/R+C9ArGNBMx0smpnr7LrtHQfRsOnYGZ8qA56lw8m2bwySdjsEFFtDUvMos G2ECcaJrP1o33UQWDbxK+Pd+OC6RnIY0Sa5Qylk2jqbrI66/ib7JFSNZYkbJ3Ldh 8pLjS76fNSI5l+PLtZTX48yH7x1nq4nD9e1dPRinyeRvNfj8dBP/JMTAWv/VUOM0 A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=UcTJUAMK37eoP7NwrpzDGTcet/plDhVWysn7Z6N// BE=; b=SfTT5TxCibAfKK/9IHlrHUR0YKaNWvYHRE3B0/Q1rJ9LMo2QotLXOuKmK i+eA06wLFdvUvcMBEdrWDi/sigl/Ehls8egMSUnOKef0r3bXD23ixo8hOrF1ONt0 gjylNUeENodItokqWLCREiFfyasoZx0axDJFj1tK8T74/rXQ1Cq2t7iWIHFUjoQn IeVsxwr2bcy8MFRYYTJQpbTmIgo1GZw6ALjXv+zNpaVBbsVu7NbPmh/gflkOhI7H alwimutHylaYcx0+aTcUDLCrjIhrnSggo1IH8Av6HhPCR946SM3xgA+j41HfOOZL 8Hg7oJEWW/jDgQtpGUPMRFcqFLi3g==
X-ME-Sender: <xms:cNu1X4oTx5Xzf3ZR0l5-FYcq7dCfsBYnoTlz7GXqFg0_-WNF2JnASQ> <xme:cNu1X-ppf5hXiM3fFwVYu6l4mmpuMGyjE4Y0vxWpP3E_WJ0eU8FMkHSvBTxBeEq2o YRG16Chfyu_HjPxxw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudefiedggeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfufgr mhcuhghhihhtvggufdcuoehsrghmsehsrghmfihhihhtvggurdgtohhmqeenucggtffrrg htthgvrhhnpedvffeuvdduhfefvdeiheeukeffhfekjeevgffggedtlefhhffhieevkedu vefhjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hsrghmsehsrghmfihhihhtvggurdgtohhm
X-ME-Proxy: <xmx:cNu1X9OsgO5oMpQeHhEAtT8OgVTZ3xPe4i9NmjPl3eT6jDeXzz1Efw> <xmx:cNu1X_6TdrkxclVNasThquvAih_SQVpa_21k6CdYu9HRH4yUJEg6uQ> <xmx:cNu1X3773m5Ln4BYgf3ufIlL0fKlikc7XWgtgpQFLoXgS7gv4JU2Yg> <xmx:cNu1X5GlDglCCasNu0pJEQ2ZI9j4s1V58iClOcQvAmrtY3hs9bz9Xw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id B0BA51460063; Wed, 18 Nov 2020 21:41:52 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-622-g4a97c0b-fm-20201115.001-g4a97c0b3
Mime-Version: 1.0
Message-Id: <d2bfc973-36c6-40f6-9a2f-cca6b4bce0b0@www.fastmail.com>
In-Reply-To: <jlgsg965tu9.fsf@redhat.com>
References: <jlgsg965tu9.fsf@redhat.com>
Date: Wed, 18 Nov 2020 21:41:32 -0500
From: Sam Whited <sam@samwhited.com>
To: KITTEN Working Group <kitten@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/NI_zentzm-ACAaYPPU3yYjm4Pkg>
Subject: Re: [kitten] Comments on draft-tls-channel-bindings-for-tls13
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2020 02:41:55 -0000
Responses inline: On Wed, Nov 18, 2020, at 14:49, Robbie Harwood wrote: > This document doesn't seem to address what the problems with the > previous channel binding types were. I'll add some text here. The TL;DR is that without the extended master secret fix from RFC7627 tls-unique is not actually unique. I also recall someone suggesting that the unique data really wasn't long enough, which seems likely, but I don't have a citation for that off the top of my head so I'll stick to mentioning the triple handshake vulnerability and the extended master secret extension and leave it at that. > It also doesn't appear in the referenced section (i.e., RFC 8446 > section 7.5 doesn't seem to have this information; moreover, that > section doesn't reference RFC 5929). > > RFC 8446 section C.5 does call out cbs as a protection mechanism, but > merely notes that they're not implemented for 1.3, so it's probably > not a case of wrong section. That was indeed supposed to be a reference to C.5. That's the only reference I'm aware of for why the two CB mechanisms from 5929 aren't defined in 1.3. This is a very confusing off-the-cuff reference in the TLS 1.3 spec, but it's what I'm basing the entire need for a new CB mechanism on. > In "2. The 'tls-exporter' Channel Binding Type": … This feels > redundant with the formal IANA considerations section later in the > document. I think it would be more helpful to orient it toward > explaining the cb type as pertains to RFC 5705 and RFC 8446. I did it this way because RFC5929 did it this way, but I agree it's awkward. I'll rewrite this to be descriptive and give a bit of background on EKM and TLS 1.3 instead. > Hmm, this text is a bit awkward right now. I suggest something like: > > When TLS renegotiation is enabled, implementations MUST NOT > support channel binding using the "tls-exporter" type as it is not > defined. Sounds good to me; thanks. > Curious - is there a practical reason to want this CB type with TLS <= > 1.2? Not that I can think of. I suppose it would be nice to have a single channel binding type that works regardless of the TLS version being used, but it seems simpler to just let TLS 1.2 die and not worry about it since channel binding isn't widely supported right now anyways. > Please also see the idnits here: Will do, thanks. I'll have a new version up soon. —Sam -- Sam Whited
- [kitten] Comments on draft-tls-channel-bindings-f… Robbie Harwood
- Re: [kitten] Comments on draft-tls-channel-bindin… Sam Whited
- Re: [kitten] Comments on draft-tls-channel-bindin… Benjamin Kaduk
- Re: [kitten] Comments on draft-tls-channel-bindin… Sam Whited