IETF Logo Mail Archive

Re: [secdir] review of draft-hollenbeck-rfc4933bis-02

"Polk, William T." <william.polk@nist.gov> Thu, 16 July 2009 15:01 UTC

Return-Path: <william.polk@nist.gov>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F17943A6D8C; Thu, 16 Jul 2009 08:01:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.11
X-Spam-Level:
X-Spam-Status: No, score=-6.11 tagged_above=-999 required=5 tests=[AWL=0.489, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JxPECovanr+T; Thu, 16 Jul 2009 08:01:41 -0700 (PDT)
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by core3.amsl.com (Postfix) with ESMTP id BA7843A6964; Thu, 16 Jul 2009 08:01:40 -0700 (PDT)
Received: from WSXGHUB2.xchange.nist.gov (wsxghub2.nist.gov [129.6.18.19]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id n6GF2AAu006814; Thu, 16 Jul 2009 11:02:10 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB2.xchange.nist.gov ([2002:8106:1213::8106:1213]) with mapi; Thu, 16 Jul 2009 11:01:58 -0400
From: "Polk, William T." <william.polk@nist.gov>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Date: Thu, 16 Jul 2009 11:01:57 -0400
Thread-Topic: [secdir] review of draft-hollenbeck-rfc4933bis-02
Thread-Index: AcoGB0s9WTyFR0ThSV6ypjTdqj4AvgAHgOeKAABDgbQ=
Message-ID: <C684B925.11ACE%tim.polk@nist.gov>
In-Reply-To: <C684B760.11AC5%tim.polk@nist.gov>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: william.polk@nist.gov
X-Mailman-Approved-At: Thu, 16 Jul 2009 08:12:31 -0700
Cc: Nicolas, Williams <Nicolas.Williams@sun.com>, "secdir@ietf.org" <secdir@ietf.org>, "Hollenbeck, Scott" <shollenbeck@verisign.com>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] review of draft-hollenbeck-rfc4933bis-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2009 15:01:42 -0000

Alexey,

I just went back and looked at 4934bis... You were right, there is no
channel bindings problem there.

I missed the fact that client certs are *required*, since the bulk of the
section specified how the client should verify the server identity, but no
such text exists for the client cert.  Probably should correct that
oversight, but there is no systemic problem.

Still mulling over 4930...

Any reason we can't make 4934bis the mandatory to implement transport?

Tim 



On 7/16/09 10:54 AM, "Polk, Tim" <tim.polk@nist.gov> wrote:

> Hi Alexey,
> 
> 
> On 7/16/09 7:18 AM, "Alexey Melnikov" <alexey.melnikov@isode.com> wrote:
> 
>> Hi Tim,
>> 
>> Polk, William T. wrote:
>> 
>>> I¹m a little late to the party, but I have been quietly mulling over
>>> this problem as well. Now that Sandy has explicitly asked for an AD to
>>> step in, I figured I should participate more actively. I have also
>>> added Nico Williams to the CC list (my apologies, Nico) since channel
>>> bindings is really his area of expertise.
>>> 
>>> I think there is a real need for channel bindings with some
>>> applications of EPP, but may not always be strictly necessary in other
>>> cases. For example, the e-Automation project for the administration of
>>> DNS root zone uses EPP but if I recall correctly most of the objects
>>> that are transferred are digitally signed objects. In this case,
>>> channel bindings are perhaps less important since we aren¹t relying
>>> solely on the EPP authentication mechanism. So, in my opinion we
>>> should encourage their use but should not require channel bindings.
>> 
>>> 
>>> However, if the application is relying on EPP in combination with
>>> transport for security, channel bindings would provide significantly
>>> enhanced security. That says channel bindings deserves to be mentioned
>>> and a little guidance on (1) implementing channel bindings and (2)
>>> determining when channel bindings is required. That begs a new
>>> question of course ­ where does this information go?
>> 
>> Nico's response confirmed what I was thinking about this myself: for EPP
>> running over TLS over TCP (4934bis), channel bindings are not required,
>> because TLS authentication is mandatory and because TLS server
>> certificate verification procedure is also mandatory.
>> So I don't think there is an issue with 4934bis document.
>> 
> 
> I'm not so sure... TLS server certificate verification protects the client
> against a MITM attack.  The server has no way of knowing whether this
> procedure has been implemented.  So, the server does not have all the
> protection it needs unless the TLS connection uses client certificate
> authentication as well.
> 
> Channel bindings would extend the level of assurance for the server.
> Alternatively, mutual authentication using certificates would resolve the
> problem as well.
> 
>>> I am starting to believe that the security considerations section of
>>> 4930bis should note that enhanced security SHOULD be achieved through
>>> channel bindings unless the application involves digitally signed objects,
>> 
>> I think another alternative can be to require mutual TLS authentication
>> in a transport protocol mapping document.
> 
> I think that would be a great solution, and it wouldn't need to tamper with
> EPP or 4934bis.  Any new EPP transport protocol mappings in the works?
> 
>> 
>>> and that the TLS usage section of 4934bis (section 9) should include a
>>> pointer to techniques for implementing channel bindings with TLS.
>> 
>> As per my coment above, I don't think this is needed.
>> Besides adding channel bindings to EPP would require an extension to EPP
>> itself.
> 
> That has been part of my concern from the beginning.  Since we are progressing
> to Full Standard, extending EPP is pretty much a non-starter.
> 
> That is why I would prefer to restrict my discuss or comment to raising
> issues in the security considerations of 4930bis.
> 
>> 
>>> I am still mulling this over, and will probably not enter any discuss
>>> until tomorrow, but this seems the best approach. (Hopefully Nico will
>>> weigh in before then and keep me straight on this one...)
>> 
>> 
>>

v2.23.0 | Report a Bug | By Email