Re: [secdir] Secdir last call review of draft-ietf-tls-exported-authenticator-09

Nick Sullivan <> Wed, 18 September 2019 23:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DCE7E1200B3 for <>; Wed, 18 Sep 2019 16:55:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 93BsldJUtbFj for <>; Wed, 18 Sep 2019 16:55:38 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::e44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3F3C2120116 for <>; Wed, 18 Sep 2019 16:55:38 -0700 (PDT)
Received: by with SMTP id p13so1069127vsr.4 for <>; Wed, 18 Sep 2019 16:55:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jlZ1D3PjGjtg4tqd5kVd6jccJ1C1VMB7tAIM9nj0tSQ=; b=ehGJ8w1AW3fNUCzLzcc9AzD561B23hsmkYFdVfKDT64fxRYQZyDBQvkdigkH9X2dlg 39CnqvnSmWmvuAa5hp76Y1v+gF++bXxbbaxuogojMYqcvusXBkPH7vI59pigVNfGc31B s7YC6FIlohNBQW/eZI33mwSw3PF6ZIxocEHWk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jlZ1D3PjGjtg4tqd5kVd6jccJ1C1VMB7tAIM9nj0tSQ=; b=DbCF3kXAiH0HVUKbbEsCaSi3fyZU8XVUusCnOfeUPHeLXS7fNVGK5XG/jAt+qyFqpw +V+H4WzGoXrqruo3WTLzHl/+zMNLRNCPSqDJ+tF9f5J/aVKJTm6AM7MD3vFbHzbUdRiy 3SeQqt9USHYrRrcXFShtQAhFknQxfKsM9KkmFjbByLafxUtZeHA0O9ubc+kqC3QEYTjh HIYcvfhTqrx+QQmfq0KMsAk9LcteIvQ47jpY+FEV7Xxdpk7bv8XGZUjBFxQKPBeHdWZp lK8xDo5Fb53ucTZXjB/dt4+5Ql3MYOi2UmPUwBxb9wDZAOsw8+4OPzgv55w5MEYrBnxo bP9g==
X-Gm-Message-State: APjAAAWMKJ7jWxZR7frOwmVLtnjo7lrPajXk797cYKYepJ/xxnAR8NSF Ra24euH5DY+bN8kNWvF/CrznKkn7N5wTymr+npjo0g==
X-Google-Smtp-Source: APXvYqwTUw8YS3Ng2YaXqWrZ7pNu+XzcKxLktrw11wIhza6HTE7PXiA4oSl80LZg60IBfAM15OFcD+0urSoTXHRUeOg=
X-Received: by 2002:a67:ec09:: with SMTP id d9mr3705884vso.215.1568850937064; Wed, 18 Sep 2019 16:55:37 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Nick Sullivan <>
Date: Wed, 18 Sep 2019 16:55:20 -0700
Message-ID: <>
To: Yaron Sheffer <>
Cc:,,, "<>" <>
Content-Type: multipart/alternative; boundary="000000000000cf7b980592dc921b"
Archived-At: <>
Subject: Re: [secdir] Secdir last call review of draft-ietf-tls-exported-authenticator-09
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 18 Sep 2019 23:55:43 -0000

Hi Yaron,

Thank you for your thorough review. My answers will be inline, and I'll
incorporate some of Ben's replies if necessary. Here's a PR with proposed
changes in response to your comments:

On Tue, Jul 16, 2019 at 12:59 PM Yaron Sheffer via Datatracker <> wrote:

> Reviewer: Yaron Sheffer
> Review result: Has Issues
> The document is generally clear in both its motivation and the proposed
> solution.
> I think it's playing a bit too liberal with TLS 1.3, in sort-of but not
> quite
> deprecating renegotiation, and in changing the IANA registry in a way that
> actually changes the protocol. Details below.
> Other comments:
> * Abstract: please reword to make it clear that it's the proof (not the
> cert)
> that is portable.

Proposed text here:
This document describes a mechanism in Transport Layer Security (TLS) for
peers to
provide a proof of ownership of a certificate.  This proof can be exported
by one peer, transmitted out-of-band to the other peer, and verified by the
receiving peer.

* Introduction: TLS 1.3 post-handshake auth "has the
> disadvantage of requiring additional state to be stored as part of the TLS
> state machine." Why is that an issue is practice, assuming this feature is
> already supported by TLS libraries? Also, are we in effect deprecating
> this TLS
> 1.3 feature because of the security issue of the mismatched record
> boundaries?

My understanding is that post-handshake authentication as defined in the
TLS 1.3 RFC is not implemented in many (any?) TLS 1.3 libraries and some
implementors would prefer to use exported authenticators.

* "For simplicity, the mechanisms... require", maybe a normative REQUIRE?

I'm fine with this.

> * Authenticator Request: please clarify that we use the TLS 1.3 format
> even when
> running on TLS 1.2.

 Updated, though it might be a bit unnecessary.

* Also, I suggest to change "is not encrypted with a
> handshake key" which is too specific to "is sent unencrypted within the
> normal
> TLS-protected data".

This specific text is meant to differentiate the wire format of this
message from that of the CertificateRequest message, which is encrypted
with the handshake key. The specificity is warranted.

* Before diving into the detailed messages in Sec. 3, it
> would be nice to include a quick overview of the message sequence.

There are two message types and three potential sequences. I've added a
short overview.

> * Sec. 3:
> "SHOULD use TLS", change to MUST. There's no way it can work otherwise
> anyway.
As Ben noted, this could be any secure channel with equivalent security to
TLS, such as QUIC. We shouldn't forbid other secure out-of-band mechanisms.

> * "This message reuses the structure to the CertificateRequest message" -
> repeats the preceding paragraph.


> * Sec. 4: again, SHOULD use TLS -> MUST.

Again, I don't see the need for a MUST here.

> * Is
> there a requirement for all protocol messages to be sent over a single TLS
> connection? If so, please mention it. Certainly this is true for the
> Authenticator message that must be sent over a single connection and
> cannot be
> multiplexed by the high-level protocol. I think this protocol actually
> assumes
> "nice" transport properties (no message reorder, reliability) that also
> require
> a single, clean TLS connection.

There is no such requirement. Message ordering is managed by the
application layer protocol that utilizes exported authenticators.

> * Why no authenticator request for servers?
> Don't we care about replay? OTOH if the client wants to detect replays, it
> would need to keep state on received authenticators, which would be very
> messy.
I'm not sure I understand. It's possible to use authenticator requests for

* 4.1: when referencing Exporters, mention this is Sec. 7.5 of [TLS1.3].

Added  "Sec. 7.5"

* The
> discussion of Extended Master Secret only applies to TLS 1.2 - please
> clarify
> that, plus I suggest to reword this paragraph which I find hard to parse.


> 4.2: "the extensions are chosen from the TLS handshake." - What does it
> mean
> exactly, and how does an application even know which extensions were used
> at
> the TLS layer? Reading further, we mention "ClientHello extensions." Maybe
> the
> authenticator should also include a ClientHello message to indicate
> supported
> extensions. Assuming we can peek into ClientHello contradicts the hopeful
> "even
> if it is possible to implement it at the application layer" in Sec. 6.

This could be clearer. Effectively, the Certificate message in the
Authenticator needs
to be constructed in a similar manner to how a Certificate message would be
in a TLS handshake. Namely, it can only contain extensions that were
present in either
the client hello or a preceding CertificateRequest.

You're right that this makes an assumption that the party creating the
has access to the TLS handshake state. This implies that even if the
is created in the application space, an additional API needs to be exposed
to share
that information.

* 4.2.1:
> the first sentence of the section is incomplete.


> * Can I use TLS 1.3-specific
> extensions (oid_filters) if I'm running on a TLS 1.2 connection? Is there a
> situation where a certificate is acceptable for TLS 1.3 connections but
> not for
> TLS 1.2 connections?

Yes TLS 1.3-specific extensions are allowed, the CertificateRequest message
is TLS 1.3-compatible.

> * "using a value derived from the connection secrets" - I
> think we should recommend a specific construction here to ensure people do
> it
> securely.

This was a suggestion from the Additional Certificates use case (
I'm not sure we should get into the details here.

> * 4.2.3: Are we computing HMAC(MAC-key, Hash(a || b || c || d))? If
> so, please say so.

Yes, I'll put that in.

* 4.2.4: "a constant-time comparison" - why is it actually
> required, what is the threat? An attacker can do very little because each
> authenticator being sent is different.

As Ben noted, this was a safety note added during review.

> * 5: please say explicitly which
> messages are used in this case to construct the authenticator.


> * 6.1: the
> "MUST" is strange in a section that's only supposed to be informative.
> Also,
> the library may provide this extension (and possibly others) without
> requiring
> it as input.

How else do you propose wording the requirement that this API fail if the
connection doesn't support EAs?

> * 6.4: "The API MUST return a failure if the
> certificate_request_context of the authenticator was used in a previously
> validated authenticator." Are we requiring the library to keep previous
> contexts for replay protection? If so, please make it explicit.

I think this can be a SHOULD based on the burden replay protection places
on the implementation.

> *  7.1: this is
> changing TLS 1.3 by allowing this extension in Cert Request! I think it's a
> really bad idea. Better to hack special support to existing libraries,
> allowing
> this specific extension for this special case, than to change the base
> protocol. Otherwise, this document should UPDATE 8446.

This is a good point and one that we struggled a bit with during design. We
needed to allow SNI in the CertificateRequest message because it can be
client-generated in this context. I'd be ok with creating a different
extension for this, but it's rather elegant to re-use it in this context. *I'd
like to hear some opinions from the working group* on this point

> * 8: I think the
> Security Considerations is the right place to talk about interaction
> between
> this protocol and TLS 1.3 (or 1.2) renegotiation. Even if we simply
> not to do it. Or else explain the use cases where renegotiation is still
> useful
> if there are any.

I'm not sure this document should be prescriptive about use cases. This doc
is providing a new capability that may be leveraged at the application to
replace the functionality of existing mechanisms, but I'm not convinced the
evaluation of the trade-offs of different mechanisms should be contained in
this document.