IETF Logo Mail Archive

[kitten] TLS export for channel binding

Sam Whited <sam@samwhited.com> Thu, 30 April 2020 20:02 UTC

Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF77F3A1225 for <kitten@ietfa.amsl.com>; Thu, 30 Apr 2020 13:02:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=KGDrIC/m; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=dRBVG7EA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t4q4gu0jRkpf for <kitten@ietfa.amsl.com>; Thu, 30 Apr 2020 13:02:39 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BA8B3A1220 for <kitten@ietf.org>; Thu, 30 Apr 2020 13:02:39 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id CB9B15C0085 for <kitten@ietf.org>; Thu, 30 Apr 2020 16:02:37 -0400 (EDT)
Received: from imap34 ([10.202.2.84]) by compute7.internal (MEProxy); Thu, 30 Apr 2020 16:02:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=mime-version:message-id:date:from:to:subject:content-type :content-transfer-encoding; s=fm2; bh=0SSGiKHtFOznRGtmR+2mBss0WH F0wdbbLCslICLCTSE=; b=KGDrIC/mHB7c9dVNZ6COJEiQZoIR2UNKIR/AY0aHol WK7TYSCWzrW/fWXZSU29dKT5YzFYyha5Yzr3aIGg9Rz5+Lp2XlGktXY7HLhNb5aq YSEj3Al8tqpK4LWVh8yuUsqRJPLmSmw8ADAhd43ezBB+H8qGMM/wjWKIZyPw4dmu 214qoUg90lcauY5TcgRVZcFowb59zFURmkTOyhu97dCyV9G4ttSYGN1CTuS6saNc 6r5lldtK87f/qQGj9nMCvgB7JUBg9p9dXhhK12yckLagEbLne8NMMdKBAmyb3Jl6 jcokWMRTAu8eUjAZ4HhqVVISmEn2cY5RFDKbyPxkPmaA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=0SSGiK HtFOznRGtmR+2mBss0WHF0wdbbLCslICLCTSE=; b=dRBVG7EATSUpFOFgaPGX96 ApgaV0O8wuAIUk3k+TwLgixZBtueie2OcmAUYPA+dUYtG3sH/nduq23bGZ6bEgrX iGT2a6XQZY5/bcykTQuxNBB2RpieUdt7WhwzXcrw3CWhwh2yFy1YJncVYGVWLSYi 8A7+8ov5qRx8euxPH7k8n078eR+Kj9bbtH9dE9L4mx3sXtlHLmgG3fQqlquHVjVF 16LM828BsUxB+FCOf6L/B7ceJfpJcPxIOAE610KQmRrgxTRz1r7iaYy7N8glez2H wwrWr3+SkcRskqWe32ogLuDQoMRm9zYN7KdcU+Y44OVyMO+vB4Y3VY7en/BnQmzg ==
X-ME-Sender: <xms:3S6rXjn0jBQ7XYSyouYqfLKCeGLPCW5GRuJeYH5iLapS6FcjEYaIWg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrieehgddugedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkfffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfufgrmhcu hghhihhtvggufdcuoehsrghmsehsrghmfihhihhtvggurdgtohhmqeenucggtffrrghtth gvrhhnpeeitdejkedtffekheejkeeiueeludfhtdfhveduuddvieeffeevheehudefjeet heenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsrg hmsehsrghmfihhihhtvggurdgtohhm
X-ME-Proxy: <xmx:3S6rXkObu4nZEiBTh6xpjFWjzoNmtk4DZfIQu5nC-dZ4SMaO33IRrA> <xmx:3S6rXjJelTDBt_RXBW_YQ6JeE-Q05lL_wdjoSS3aRkl-kAkyIQ0GvQ> <xmx:3S6rXm3JzJ3T8XL_1xAWVyWByY5M-c70tJuJ0_cLkptHgJSJhn9fHw> <xmx:3S6rXsQMny6z49AQFR668aN2XjoIj-dRTqr6ml4IzLRMxd6cSQR0TA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 5652A1460061; Thu, 30 Apr 2020 16:02:37 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-351-g9981f4f-fmstable-20200421v1
Mime-Version: 1.0
Message-Id: <ddff592a-4774-43c7-8b23-392516d892ab@www.fastmail.com>
Date: Thu, 30 Apr 2020 16:02:17 -0400
From: Sam Whited <sam@samwhited.com>
To: KITTEN Working Group <kitten@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/U38NL0onXdbr6896ksmLsPx3Ydk>
Subject: [kitten] TLS export for channel binding
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2020 20:02:42 -0000

Hi all,

I'm in need of a channel binding mechanism that works for TLS 1.3, but
as far as I can tell there isn't one. I was thinking about defining a
mechanism using RFC 5705 (which is updated by RFC 8446 so it should work
on both TLS 1.2 with appropriate cipher suites and 1.3 in general).

Is anyone aware of work already being done in this area, and if I were
to define a mechanism would it be a better fit for this working group or
for the tls WG?

I know that exporters have some caveats around how to ensure uniqueness
across different sessions, so this would likely require a great deal of
expert review if it's a feasible mechanism at all and I wasn't sure
where the best place to get that review would be.

—Sam

Thanks, Sam

v2.23.0 | Report a Bug | By Email