Re: [Secdispatch] Agenda time request: DANE for IOT security
Eric Rescorla <ekr@rtfm.com> Sun, 15 November 2020 01:28 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEFEA3A0E1F for <secdispatch@ietfa.amsl.com>; Sat, 14 Nov 2020 17:28:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8T1uWiDdVCBi for <secdispatch@ietfa.amsl.com>; Sat, 14 Nov 2020 17:28:50 -0800 (PST)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FDB23A0E1D for <secdispatch@ietf.org>; Sat, 14 Nov 2020 17:28:49 -0800 (PST)
Received: by mail-lj1-x235.google.com with SMTP id x9so15529784ljc.7 for <secdispatch@ietf.org>; Sat, 14 Nov 2020 17:28:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=W2iTwkDrXLwxEsPabUM0AGikpDm1KA+72YzI46WQ3F4=; b=cJZKl7cB2cMOoPsny/r2CSSDDrXUglb4/Ue8EEaqFxJWgTRV7fE23tfPxfao9r/1hG +6+TKtFXyB/akJH6pr/4Xvf1sgBNSlPQGr4pF3g3gN9tCh7LPsh+F9jFda58d9Vl82hn smjSmoHcw5B2FtEv6A7Og+aYQU2u1rS9YNepxtvLj2MkJ5RbuH6mrwSHFShF3tW0bgMX GUkgTPUXES05Ujmi6RfqgXN5PMP/x9bncLCjyO0v/VfEEkS/2kM5aznGRhw+QOrqWY/0 aCkwvcNRmeGE6uA9O7rhgVkQVMFqgorUBZSsjX75Fcl9v3zxxuy7aiiMOnUQNCvtidch Cl3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=W2iTwkDrXLwxEsPabUM0AGikpDm1KA+72YzI46WQ3F4=; b=Iv+8dbhd0pGD0YEfxFm4tbSr+vWPEIvF2FxcId2pCvTyPuUOhV87rRBzqXRkqfSrHm G0NQ/8V0Eu3m764awXzNVajsuF21wSGIUFE8ROh9XxzQikjlinvL+0YzmaEwkJzIspUG xCMbkj6ZJUYLOcNcEvepRlotFiKOmIl6T4ofOp6Naj11+U6H3+yYqnnddpc40e2oxjUX obeIhdAbSznDZ/9rKplIFIjLhMJgsjCpvhLMSMmWeBtumk9B7k9Lf0hewvuwAvrTLTgm ANOJJkVsUV9rGXPF9+xOD2BJBstVngQmDd6qPC8UCPIse4pFe06NLgT+UF0/K4tniLhM lnmQ==
X-Gm-Message-State: AOAM532iGHN4Z8M2Yt8MMKufF0TzMImNRS+Lb3FQrpQ8sFZlw+rmMTiK U4amQxPSxbxhIVaN93C1+WpBOGwwr2VaWH31GmcPdQ==
X-Google-Smtp-Source: ABdhPJy1A4+VuDO0/WLXHlUwDxfFQ72omdDl/txW99pm/KIhlxuQG8KWn3zFbvS2TNz3Anj06aZacZCZ4IxFiBefRYc=
X-Received: by 2002:a05:651c:113b:: with SMTP id e27mr3420661ljo.17.1605403727680; Sat, 14 Nov 2020 17:28:47 -0800 (PST)
MIME-Version: 1.0
References: <CAHPuVdUKVaZfpyg_aLf6--CXTo_24SEq3ju+sm7OWW9L75_R+Q@mail.gmail.com>
In-Reply-To: <CAHPuVdUKVaZfpyg_aLf6--CXTo_24SEq3ju+sm7OWW9L75_R+Q@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 14 Nov 2020 17:28:11 -0800
Message-ID: <CABcZeBOMdqZuh-K9p4rwgKCtOks0RRhCoMKFZ4UUSP=H2RJxnQ@mail.gmail.com>
To: Shumon Huque <shuque@gmail.com>
Cc: IETF SecDispatch <secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e8e64305b41b2ed6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/gcEhkIZl0c01pZfVktmhJz13hfA>
Subject: Re: [Secdispatch] Agenda time request: DANE for IOT security
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2020 01:28:52 -0000
I have reviewed these drafts. While I don't have any strong opinions about
whether this technology is a good thing or not. I do have some thoughts
about
the TLS binding.
Overall, it's probably not good to try to do the same thing for TLS
1.3 and TLS 1.2, given the very different properties of client
authentication in the two protocols.
In 1.3 the right way to do this is for the server to indicate
willingness/desire for DANE information in the CertificateRequest and
the client to answer that in the Certificate. This will automatically
encrypt the contents of the extension without resort to ECH, just
as the client's cert is already encrypted.
TLS 1.2 doesn't support ECH nor does it it encrypt the certificate,
so it seems like ideally we would not support TLS 1.2 at all for
this extension. Is there a strong need for it?
Your encoding for the extension is not extensible because it does
not contain a length as well as a type.
struct {
NameType name_type;
select (name_type) {
case host_name: HostName;
} name;
} ClientName;
..
struct {
ClientName client_name_list<1..2^16-1>
} ClientNameList;
The issue is that a receiver of an unknown type cannot properly skip
past it because it doesn't know the length (note that this is a known
problem in SNI as well). The correct approach is to have the ClientName
include a length field:
struct {
NameType name_type;
uint16 length; // NEW
select (name_type) {
case host_name: HostName;
} name;
} ClientName;
struct {
ClientName client_name_list<1..2^16-1>
} ClientNameList;
Note that this will create a redundant length but that's basically
just the natural thing for TLS encoding and not really worth
fixing.
-Ekr
On Mon, Oct 12, 2020 at 5:53 PM Shumon Huque <shuque@gmail.com> wrote:
> Dear SecDispatch chairs,
>
> We'd like to ask for a presentation slot at SecDispatch during
> IETF109 to talk about the use of DNS and DANE for IOT security.
> We'd cover the following set of topics:
>
> * DANE for TLS client authentication. Some proposed mechanisms
> are described in the following drafts, which were originally
> written a while back, and have recently been refreshed:
> https://tools.ietf.org/html/draft-huque-dane-client-cert-04
> https://tools.ietf.org/html/draft-huque-tls-dane-clientid-02
>
> * The use of DNS & DANE for certificate discovery.
>
> * Expanding the scope of DANE to cover the general use case of object
> security (DANE currently offers TLSA for TLS channel authentication,
> and SMIMEA for object security in email applications and email like
> identities, so neither quite fit the bill in their current forms).
>
> Shumon Huque
> (with some colleagues working in the IOT security space).
>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch
>
- [Secdispatch] Agenda time request: DANE for IOT s… Shumon Huque
- Re: [Secdispatch] Agenda time request: DANE for I… Eric Rescorla
- Re: [Secdispatch] Agenda time request: DANE for I… Shumon Huque
- Re: [Secdispatch] Agenda time request: DANE for I… Martin Thomson