Re: [Secdispatch] Best practices for applications using X.509 client certificates
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 19 June 2023 01:32 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C955C14F693 for <secdispatch@ietfa.amsl.com>; Sun, 18 Jun 2023 18:32:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.092
X-Spam-Level:
X-Spam-Status: No, score=-1.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ehWUzSmth7tH for <secdispatch@ietfa.amsl.com>; Sun, 18 Jun 2023 18:32:46 -0700 (PDT)
Received: from relay.sandelman.ca (unknown [176.58.120.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D151C14F5E0 for <secdispatch@ietf.org>; Sun, 18 Jun 2023 18:32:40 -0700 (PDT)
Received: from dyas.sandelman.ca (rrcs-108-176-21-107.nyc.biz.rr.com [108.176.21.107]) by relay.sandelman.ca (Postfix) with ESMTPS id 6E1611F4A2; Mon, 19 Jun 2023 01:32:37 +0000 (UTC)
Received: by dyas.sandelman.ca (Postfix, from userid 1000) id 5A9B1A1086; Thu, 15 Jun 2023 11:11:55 -0400 (EDT)
Received: from dyas (localhost [127.0.0.1]) by dyas.sandelman.ca (Postfix) with ESMTP id 585F3A1026; Thu, 15 Jun 2023 11:11:55 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: David Woodhouse <dwmw2@infradead.org>, secdispatch@ietf.org, Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
In-reply-to: <2887d285ffe450fd89dfb78d89b97c503d98091e.camel@infradead.org>
References: <2887d285ffe450fd89dfb78d89b97c503d98091e.camel@infradead.org>
Comments: In-reply-to David Woodhouse <dwmw2@infradead.org> message dated "Fri, 09 Jun 2023 15:54:30 +0100."
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 15 Jun 2023 11:11:55 -0400
Message-ID: <413256.1686841915@dyas>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/lONBk4uAT8nac-VikSRffFq02is>
Subject: Re: [Secdispatch] Best practices for applications using X.509 client certificates
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jun 2023 01:32:50 -0000
David Woodhouse <dwmw2@infradead.org> wrote: > There is a distinct lack of consistency across applications which use > client certificates for authentication. It confuses users and hurts > adoption of more secure methods of key storage, especially TPMs and > hardware/software tokens accessed via PKCS#11. > Following a discussion on the SAAG list in 2016, I drafted a document > describing "best practices" for applications: > http://david.woodhou.se/draft-woodhouse-cert-best-practice.html Will you submit your XML to the datatracker? > The gist of it is, "this stuff should Just Work". Whatever form I get I sure like that simple summary. > my cert+key in from the baroque outdated corporate infrastructure that > issues them — as long as it's not *completely* unreasonably insane — I > should just be able to give that to *any* application and expect it to > work. Yeah, except for use of EKUs that I really find silly for client certificates. It's hard enough getting indivuals and enterprises to pay the client side certificate tax, it seems like we ought to maximize the investment. > That goes for files containing PKCS#1, PKCS#8, PKCS#12 or even TPM- > wrapped keys. And in place of a filename I should be able to pass a > reference like a RFC7512 PKCS#11 URI (or similar identifiers for system > key stores or TPM internal storage) and *that* should just work too. Do we need a standard for which URI scheme to use? You write: } There are a number of forms which a certificate identifier might } take. Applications MAY require that the user explicitly disambiguate } between an inline data blob as discussed in Section 4.2, and an identifier } which is merely a reference to the location of the object, such as a } filename or other identifier addressed in the other subsections below. and we have did:, ni:, file: and also data: > We've had a little bit of success over the years in making life better > for users. It's now more common for applications to automatically > accept a PKCS#11 URI in place of a filename, for example, and we've > defined a standard file format for TPMv2.0 key storage which is > interoperable between the two OpenSSL provider/engines and GnuTLS > implementations. That's awesome. > I've just updated the above draft to reference the TPMv2 support, and > I'd like work out what it would take to submit it as an actual I-D. As > noted by Ted Lemon last time, the challenge would be socializing it to > the people who need to read it. Publishing it through the IETF as an > informational RFC would certainly be better than sticking it on my own > web page in draft form. The IETF is definitely a good place to start. Standards Track RFC can be cited as performance specifications in RFP (according to many trade treaties). That's relevant because it allows an entity (typically, a government) to be very clear about what they want. That might also get things like OpenSSL fixed, (section 7/7.1). I suggest that your document should be standards track. Or BCP, which can also have force of law, while Informational does not. (Not that trade agreement lawyers understand the distinction, but still) > There's plenty of technical heckling to be done on the content, for > sure, but also a process question there. So, I would rewrite the document slightly, for each place where we have options, I suggest that we have a list of things that application SHOULD accept, and where multiple options exist, about what they SHOULD emit by default. > I posted this again to the SAAG list today for further feedback, and > Rich Salz suggested I bring it to the SECDISPATCH WG for a view on next > steps. Thus... A trip through secdispatch is probably worthwhile and inline with current practices, but I would dispatch it to LAMPS. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS*
- [Secdispatch] Best practices for applications usi… David Woodhouse
- Re: [Secdispatch] Best practices for applications… Michael Richardson
- Re: [Secdispatch] Best practices for applications… David Woodhouse
- Re: [Secdispatch] Best practices for applications… Michael Richardson
- Re: [Secdispatch] Best practices for applications… David Woodhouse