Re: [kitten] SCRAM and draft-ietf-kitten-tls-channel-bindings-for-tls13
Simon Josefsson <simon@josefsson.org> Mon, 24 May 2021 16:46 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF9AE3A2ECD for <kitten@ietfa.amsl.com>; Mon, 24 May 2021 09:46:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b=RBVN584e; dkim=pass (2736-bit key) header.d=josefsson.org header.b=XoFkPaW8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q4Trlg0hTZU0 for <kitten@ietfa.amsl.com>; Mon, 24 May 2021 09:46:38 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DED593A2ECB for <kitten@ietf.org>; Mon, 24 May 2021 09:46:37 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2101; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jpd/ajFi5mhP+9SDk7BHKlZgo6qSyDFls0cN8RtvkKU=; t=1621874797; x=1623084397; b=RBVN584exiQDF32FrZ6MS0DM+HU+vBlIzJYSQKn3X2T4gKmEYlkML9hH6Xy128orzwoMy6mgIc mMls0qBe2qDw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2101; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=jpd/ajFi5mhP+9SDk7BHKlZgo6qSyDFls0cN8RtvkKU=; t=1621874797; x=1623084397; b=XoFkPaW8FoyZl8SJBleQLAZ497wP7PhYj5ec8kjjudkAPW0WxtLq6/zF7Zb0WeDf9JCu0lAucM DJhtqgWyCvLPouERP+qJGOOt4xlooiVPhovnOg7yJWjnRvul93EEKJX8P11CEWBjfsBBdr/W3c9A6 cQjcF0U1k/XuM5AXgSHaii4hrTkrb6Nav0ovGuRCoTTcsJVqbvcOpkKqnZRcXus629EfCZ+qCD109 s/ENDzGuogsdT2SlF4iRiXwINmJYte/Q50xB5Y8jU7nQHPhJsFcL0G6UuGlWIs3MTbpdRJwiYZwJW BscY33B9+depmuDfc/ZJcMYNUubmPnSgpBWcjPuiGO+N/rcK1xfB6tX2XHrFCD0HEubKfPHpEkZKk 3GTsdZBtlnExH+O6w4JHtEzJNr1mnDYd7m2CnoKwUCbQWDO3YWgo7LGJvn2cyFtQxnAMJp16++ ;
Received: from [2001:9b1:41ac:ff00:60cf:be83:d196:9c4f] (port=35396 helo=latte) by uggla.sjd.se with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <simon@josefsson.org>) id 1llDip-0001Sy-Fm; Mon, 24 May 2021 16:46:31 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: Sam Whited <sam@samwhited.com>, KITTEN Working Group <kitten@ietf.org>
References: <874kgztvs4.fsf@latte.josefsson.org> <313a79cb-b58e-4098-b79e-2030c4e77c15@www.fastmail.com> <87v99cs9cb.fsf@latte.josefsson.org> <d0100358-5870-5ca0-6b8f-9f3c94edce25@isode.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:22:210524:alexey.melnikov@isode.com::tAA87xsGMBV6DXBs:4AFD
X-Hashcash: 1:22:210524:sam@samwhited.com::dOwLmXIUyCJ8mZc0:DSdB
X-Hashcash: 1:22:210524:kitten@ietf.org::mSLLs/9+nc2N7UZi:EouG
X-Hashcash: 1:22:210524:simon=40josefsson.org@dmarc.ietf.org::dJsdsBUh5LGMRIQs:+YUI
Date: Mon, 24 May 2021 18:46:30 +0200
In-Reply-To: <d0100358-5870-5ca0-6b8f-9f3c94edce25@isode.com> (Alexey Melnikov's message of "Mon, 24 May 2021 16:38:03 +0100")
Message-ID: <87sg2c5bbt.fsf@latte.josefsson.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/ourpXgFmqG1-6s1Fu7Imvmb_o74>
Subject: Re: [kitten] SCRAM and draft-ietf-kitten-tls-channel-bindings-for-tls13
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 May 2021 16:46:44 -0000
Alexey Melnikov <alexey.melnikov@isode.com> writes: > Hi Simon/Sam, > > Picking up an old thread that you had in March 2021: > > On 27/03/2021 19:08, Simon Josefsson wrote: >> "Sam Whited" <sam@samwhited.com> writes: >> >>> I don't really know what "Updates" means in this context, so I just put >>> an RFC that uses tls-unique. The point wasn't so much that it changes >>> any normative text, but that this document should be discoverable from >>> 5802 so that if you read "tls-unique" then go up to the top and see >>> "Updated by <new TLS 1.3 unique CB RFC>" you have a chance at finding >>> and implementing this instead. >> That makes sense, but to me it isn't clear how I would actually >> implement SCRAM (or GS2) when your draft is approved. Are you >> suggesting to replace tls-unique with something else? There seems to be >> some guidance missing. There is backwards compatibility concerns with >> changing the default channel binding. > > After thinking about this with my implementor's hat on, I agree. This > new requirement can be either in SCRAM update (if we ever do one) or > this document. Adding it to this document seems quicker (and also the > right thing) to me. Maybe as a strawman proposal: > > When a client/server implementation supports TLS 1.3 and > SCRAM-*-PLUS, require support for "tls-exporter". Leave "tls-unique" > as mandatory-to-implement for older versions of TLS. > > What do you think? I think this is reasonable. TLS 1.3 does not support tls-unique, so SCRAM-PLUS under TLS 1.3 is not well specified today. I believe the document should have a 'Updates: RFC 5929' too. Another thing that could be lifted from https://datatracker.ietf.org/doc/html/draft-josefsson-sasl-tls-cb-02 would to add the following to the Security Considerations: The derived data MUST NOT be used for any other purpose than channel bindings as described in [RFC5056]. /Simon > > Best Regards, > > Alexey > >> /Simon >> >>> On Thu, Mar 25, 2021, at 05:41, Simon Josefsson wrote: >>>> Thanks for draft-ietf-kitten-tls-channel-bindings-for-tls13! It is >>>> not clear to me that it would actually modify anything for SCRAM/GS2, >>>> would it? Those documents still reference 'tls-uniqe' and things will >>>> still be broken, as far as I can tell. Should the new draft update >>>> the SCRAM/GS2 specs? I believe the channel binding flexibility in >>>> SCRAM/GS2 has been one complexity that has prevented adoption, but >>>> solving that may be too late but we may be able to solve the security >>>> issues. I see that there is an 'Updates: 5802' but I can't find any >>>> text describing what is intendted to be changed. >>>> >>>> _______________________________________________ >>>> Kitten mailing list >>>> Kitten@ietf.org >>>> https://www.ietf.org/mailman/listinfo/kitten > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten >
- [kitten] SCRAM and draft-ietf-kitten-tls-channel-… Simon Josefsson
- Re: [kitten] SCRAM and draft-ietf-kitten-tls-chan… Sam Whited
- Re: [kitten] SCRAM and draft-ietf-kitten-tls-chan… Simon Josefsson
- Re: [kitten] SCRAM and draft-ietf-kitten-tls-chan… Alexey Melnikov
- Re: [kitten] SCRAM and draft-ietf-kitten-tls-chan… Simon Josefsson
- Re: [kitten] SCRAM and draft-ietf-kitten-tls-chan… Sam Whited
- Re: [kitten] SCRAM and draft-ietf-kitten-tls-chan… Ludovic BOCQUET
- Re: [kitten] SCRAM and draft-ietf-kitten-tls-chan… Simon Josefsson
- Re: [kitten] SCRAM and draft-ietf-kitten-tls-chan… Sam Whited