IETF Logo Mail Archive

Re: [saag] Channel binding is great but not a silver bullet

Nicolas Williams <Nicolas.Williams@sun.com> Mon, 02 March 2009 17:43 UTC

Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EE19C3A692A for <saag@core3.amsl.com>; Mon, 2 Mar 2009 09:43:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.994
X-Spam-Level:
X-Spam-Status: No, score=-5.994 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ErozKkMF-l4L for <saag@core3.amsl.com>; Mon, 2 Mar 2009 09:43:17 -0800 (PST)
Received: from sca-ea-mail-2.sun.com (sca-ea-mail-2.Sun.COM [192.18.43.25]) by core3.amsl.com (Postfix) with ESMTP id D2F8328C20B for <saag@ietf.org>; Mon, 2 Mar 2009 09:42:47 -0800 (PST)
Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id n22HhD2k010531 for <saag@ietf.org>; Mon, 2 Mar 2009 17:43:13 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n22HhDNe025311 for <saag@ietf.org>; Mon, 2 Mar 2009 10:43:13 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n22HQfSm013013; Mon, 2 Mar 2009 11:26:41 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n22HQf5h013012; Mon, 2 Mar 2009 11:26:41 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Mon, 02 Mar 2009 11:26:41 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Jeffrey Hutzelman <jhutz@cmu.edu>
Message-ID: <20090302172641.GP9992@Sun.COM>
References: <2788466ED3E31C418E9ACC5C3166155768B2CB@mou1wnexmb09.vcorp.ad.vrsn.com> <0c2301c9979f$8a1cd770$0600a8c0@china.huawei.com> <2788466ED3E31C418E9ACC5C3166155768B2CE@mou1wnexmb09.vcorp.ad.vrsn.com> <20090226143809.GF7227@mit.edu> <1235663917.3293.16.camel@localhost> <20090226165448.GK9992@Sun.COM> <tslprh5rlvt.fsf_-_@mit.edu> <200903021609.n22G9hIg014931@grapenut.srv.cs.cmu.edu> <1232E3FA9408ED0962D481EF@atlantis.pc.cs.cmu.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1232E3FA9408ED0962D481EF@atlantis.pc.cs.cmu.edu>
User-Agent: Mutt/1.5.7i
Cc: Sam Hartman <hartmans-ietf@mit.edu>, der Mouse <mouse@Rodents-Montreal.ORG>, saag@ietf.org
Subject: Re: [saag] Channel binding is great but not a silver bullet
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2009 17:43:18 -0000

On Mon, Mar 02, 2009 at 12:08:45PM -0500, Jeffrey Hutzelman wrote:
> --On Monday, March 02, 2009 10:00:36 AM -0600 Nicolas Williams 
> <Nicolas.Williams@sun.com> wrote:
> >Yes, but if we solve the mutual authentication case then for the cases
> >where we don't need mutual authentication we can probably live with a
> >weak PKI.
> 
> No, that is not true.  These days, people routinely establish new, real 
> business relationships online.  Companies like Amazon and PayPal depend on 
> this model, and so do smaller merchants who probably number in the 
> millions.  In many cases, consumers engage in a single transaction with 
> such a merchant and there is _never_ any enrollment.
> 
> Mutual authentication plus channel binding is a great model for some 
> things, but expecting to use off-line enrollment for everything forever is 
> a non-starter.

I addressed enrolment in separate posts.  I believe enrolment can be
bootstrapped securely in a great many ways.  For example:

 - via SMS (requires a phone)
 - via telephone (requires a phone)

 - at any network access point if you can authenticate the access point:

   Imagine a coffee house that posts a certificate fingerprint on a
   flyer by the cashier, then you can use the coffee house's
   infrastructure (an access point and a small service running on it) to
   enrol in any service federated with that coffee house.

   This method has anonymity.  It is a form of off-line enrolment in
   that it requires finding such a coffee house and going there, but we
   all pretty much do that -- we're physical beings after all and most
   of us go places (and even those that can't go places can still, with
   the help of others, do enrolment).

Note again that channel binding is but a means to an end -- if TLS were
to provide suitable mutual authentication mechanisms then we'd not need
channel binding as that would be but an internal detail of TLS.  Sadly
TLS does not (no, TLS-PSK is not a suitable mutual authentication
mechanism, for reasons I set out in a reply to Peter just now).

Nico
--

v2.23.0 | Report a Bug | By Email