Re: [kitten] Call for adoption on draft-whited-tls-channel-bindings-for-tls13
Sam Whited <sam@samwhited.com> Thu, 04 June 2020 18:44 UTC
Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADEEF3A0E3C for <kitten@ietfa.amsl.com>; Thu, 4 Jun 2020 11:44:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=boXhiWvE; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ZvyMLJdx
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v_ubr41YbrYu for <kitten@ietfa.amsl.com>; Thu, 4 Jun 2020 11:44:07 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 737B63A0E3B for <kitten@ietf.org>; Thu, 4 Jun 2020 11:44:07 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id D176843E for <kitten@ietf.org>; Thu, 4 Jun 2020 14:44:06 -0400 (EDT)
Received: from imap34 ([10.202.2.84]) by compute7.internal (MEProxy); Thu, 04 Jun 2020 14:44:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=6TSaU if9gshbA1liKIi/9+WGEcyJ7YJhc3ATBEIe7Sw=; b=boXhiWvEJkEZw7xy7x77a 9BjIdxkBAMKyy/ec793Hm1D3GCXNXNp89qqisP+QPq+cvWCGTamqMRpW9WpgY3ES 0k1RaP9gb6xalJnW0fyqbtnM03H0Wo0aUQSn9CM30FocTAm9Qx5u3xwtPD+RkfAc yhx7/Jex+dswUVeKmYUI+PBN7q/nfRao0WBZ8zIPUVpVCgyBJTYKoeVLRSc0URrR YvDyQVy0lt6qL4g4q89HvafdtAExGdimMGkWAUvW5+UEuLg24XmEtANyobozGLYN wMw75mnlC+RCbl43NO1uWCgJzfrfjM5+XKPFvSP5kc6O0IxcTjiXsfOUo+J0x0Fe Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=6TSaUif9gshbA1liKIi/9+WGEcyJ7YJhc3ATBEIe7 Sw=; b=ZvyMLJdxb61B9b71FhJfybpRStnYpvhYUK26FD4jZGfPNAph1Lsz4qvqX 9LAwGfIMq+bU65mn87wp43wamnU47JRGnCxSunBCBOZjFMes4435Aw6TZVcfesJ6 jHLU2f1oG2hHWIDOMbuHqXiFvnL6WtC6Hb3Y1vlHhJYdfUCxLiXkzy0Y1VDpF+Ra sNxkP9Ph2GCeAXr8nAq2k/BR8RzbjbqCXgN901A09xLilTfly5iz3L4g5CLcTGI4 5urcbMRpg+EG7VZoblHZRDjeTTcJ8W/5ng/jKdtlvHQTWr/v1xZmNOv97YANaNJI cjUdF1YjWTCcgZDFg9CpU7tY6y88g==
X-ME-Sender: <xms:9UDZXmUpYq-oKhEEshivJSKfMv3p_s5uTk6gPRoKJXUwI-cwdntL7w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrudeguddguddvtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdfu rghmucghhhhithgvugdfuceoshgrmhesshgrmhifhhhithgvugdrtghomheqnecuggftrf grthhtvghrnhepvdffuedvudfhfedvieehueekfffhkeejvefggfegtdelhffhhfeiveek udevhfejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epshgrmhesshgrmhifhhhithgvugdrtghomh
X-ME-Proxy: <xmx:9UDZXil6DuUBkSaYKu_LkyRjOL9AyNOf2WXzIIKMLBvtRaFfl2370Q> <xmx:9UDZXqYxF6yipk69N3iRJwUoyeBYTAl99S1ytFIT5SIQtXpU-YxwnQ> <xmx:9UDZXtWzZhoUV5L-p4T3LpviBSELjc5cf0_3wzhe58AxRArJnUVbAQ> <xmx:9kDZXummVtToBYiThd0EnG0QCUFUGB-3LC1cTqjfVa30_ulcKcxmUA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id CCA571460062; Thu, 4 Jun 2020 14:44:05 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-519-g0f677ba-fm-20200601.001-g0f677ba6
Mime-Version: 1.0
Message-Id: <de97c402-3d8a-4c8d-b33a-d9b9efaa7bb4@www.fastmail.com>
In-Reply-To: <ead6071b1264f4eb83ccfba8800e98e97147d702.camel@redhat.com>
References: <jlgmu5ivkel.fsf@redhat.com> <ead6071b1264f4eb83ccfba8800e98e97147d702.camel@redhat.com>
Date: Thu, 04 Jun 2020 14:43:45 -0400
From: Sam Whited <sam@samwhited.com>
To: KITTEN Working Group <kitten@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/OYMPMNouPBGAd6oX5kbKJdgcyxI>
Subject: Re: [kitten] Call for adoption on draft-whited-tls-channel-bindings-for-tls13
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2020 18:44:09 -0000
On Thu, Jun 4, 2020, at 14:37, Simo Sorce wrote: > Over time I've heard comments that the current tls-unique bindings are > not working out as initially expected. It would be nice to know if we > also plan to address those issues in this draft (or whether this draft > already avoid those). To my knowledge there are two problems here: 1) it's not long enough, and 2) without the master secret fix it's not actually unique enough. This spec should fix both of those. If there are any other problems with tls-unique that I'm not aware of, we should definitely fix them and this is why the TLS WG would need to be involved most likely. > Note that in practice, in the wild, I see that most implementations I > am exposed to are opting for tls-server-end-point, so it would be > important to know that this new bindings of type unique for TLS 1.3 > will be usable and there are consumers wanting to use them. I wouldn't mind having an end-point binding mechanism too, and could see us adding that to this document eventually; to start though I wanted to get the most dead simple thing in the hands of the IETF. > Not pushing back just asking to address these questions in due course. Indeed; I've added them to my list of TODOs, issues, and open questions. Thanks! —Sam -- Sam Whited
- [kitten] Call for adoption on draft-whited-tls-ch… Robbie Harwood
- Re: [kitten] Call for adoption on draft-whited-tl… Nico Williams
- Re: [kitten] Call for adoption on draft-whited-tl… Simo Sorce
- Re: [kitten] Call for adoption on draft-whited-tl… Sam Whited
- Re: [kitten] Call for adoption on draft-whited-tl… Alexey Melnikov