Re: [Secdispatch] Agenda time request: DANE for IOT security
Shumon Huque <shuque@gmail.com> Sun, 15 November 2020 03:41 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34DCA3A1047 for <secdispatch@ietfa.amsl.com>; Sat, 14 Nov 2020 19:41:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FnOdEpu2TxAV for <secdispatch@ietfa.amsl.com>; Sat, 14 Nov 2020 19:41:29 -0800 (PST)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34BBD3A1044 for <secdispatch@ietf.org>; Sat, 14 Nov 2020 19:41:29 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id m16so349844edr.3 for <secdispatch@ietf.org>; Sat, 14 Nov 2020 19:41:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QIw21dTvM1fK2zHZPUpDXnjpwKj1ud4CIEfA44xHkPM=; b=Q3D4+K0kNTogAGLAnsiEgoPbjJSW5PQblo2OinQfaxzng/40PC3Dww+EJz6uBK8/j3 PDT3+TQSq/HtyNRO9xQWPRQNu3rjloXbaafZxI4C0vC2KH7xZSKUqro390Qtl/x1HGda AqJX9IM1A82vVWevyHVM6Ovi0qh00AaFdcLXtluaurcTooHNSI6s3CBKOD7G+R13ihdl 9ztQLsF7BLMavSxsotuigPGpmA3iQ0cxtLfS5NPlYPg15Km2kBy3Y5SgZhzI1OiKAKJD 7zd4R50aos1xDSPpUoYiGgMpEHEvMZGQmE6niYEbFX7W1yK2oG6FEZhD9shkwpwBHO0k G3bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QIw21dTvM1fK2zHZPUpDXnjpwKj1ud4CIEfA44xHkPM=; b=E8BL8vzJY7SOLNe7CizAxcPqnTMddpm8ru5JpUICFCHLuxKwnUS7L4wiHqp28x01pt QQshekZ4byixseBeWfMqMTTspx2g6ZhEp0jDV769yrAyf4CsrRpN5NAEpq3CHxIZySZe L2QJunqoViv6Xln2bCU4oejWJi2wFiqPSiisCTcYL9cq1hghpuY8odudJa65j7oWYJmx z30S+hcDHh7TWBpvmyM9GTR96/NeORL3TAy2mRegwn8YFHFpUkmC0LyXn+7KqrV/jsKo DypaSTPBkPkGS8c+mFSAsm6byBDxRZCSQH2yxKG+kZa9ybYWgZN+TKhvI0qwgcRqhUZY 5csg==
X-Gm-Message-State: AOAM532rZdUHCUtflKZpF+zTQHd/zzonRBvp31remLLaFwrwysAAop8r N+IMko8HMNeLcbjhn+CX1Sp572EGxFco/DYGENo=
X-Google-Smtp-Source: ABdhPJw/RvXF7QmCDce7+p3X69PRNwg+w0RI16DECKIcrQR7ClLHdQLdzByBObja2hQsv5H4ZNc1NJcgocS0B6Ry+es=
X-Received: by 2002:a05:6402:1c8e:: with SMTP id cy14mr10234173edb.39.1605411687309; Sat, 14 Nov 2020 19:41:27 -0800 (PST)
MIME-Version: 1.0
References: <CAHPuVdUKVaZfpyg_aLf6--CXTo_24SEq3ju+sm7OWW9L75_R+Q@mail.gmail.com> <CABcZeBOMdqZuh-K9p4rwgKCtOks0RRhCoMKFZ4UUSP=H2RJxnQ@mail.gmail.com>
In-Reply-To: <CABcZeBOMdqZuh-K9p4rwgKCtOks0RRhCoMKFZ4UUSP=H2RJxnQ@mail.gmail.com>
From: Shumon Huque <shuque@gmail.com>
Date: Sat, 14 Nov 2020 22:41:15 -0500
Message-ID: <CAHPuVdUuerC3yr8sRBD5LY=QX6u7T4_4DvTuJ0Yq5jfkjie74A@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: IETF SecDispatch <secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000057272e05b41d094c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/lVSpMynolctkgsyAhVcZOwq-C4E>
Subject: Re: [Secdispatch] Agenda time request: DANE for IOT security
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2020 03:41:31 -0000
On Sat, Nov 14, 2020 at 8:28 PM Eric Rescorla <ekr@rtfm.com> wrote: > I have reviewed these drafts. While I don't have any strong opinions about > whether this technology is a good thing or not. I do have some thoughts > about > the TLS binding. > Thanks for the review! > Overall, it's probably not good to try to do the same thing for TLS > 1.3 and TLS 1.2, given the very different properties of client > authentication in the two protocols. > > In 1.3 the right way to do this is for the server to indicate > willingness/desire for DANE information in the CertificateRequest and > the client to answer that in the Certificate. This will automatically > encrypt the contents of the extension without resort to ECH, just > as the client's cert is already encrypted. > > TLS 1.2 doesn't support ECH nor does it it encrypt the certificate, > so it seems like ideally we would not support TLS 1.2 at all for > this extension. Is there a strong need for it? > Yeah, we're aware the privacy protections can only be achieved with TLS 1.3. My assumption (possibly mistaken) has been that we will need to support deployed bases of both TLS 1.2 and 1.3. However, since this protocol requires code changes in TLS stacks anyway, perhaps we can mandate TLS 1.3 only, and modify the protocol according to your suggestion (adding the new protocol elements to CertificateRequest and Certificate and remove the need for ECH). I'll ponder and chat with some of the potential consumers of this technology re: TLS 1.2/1.3. > > > Your encoding for the extension is not extensible because it does > not contain a length as well as a type. > > struct { > NameType name_type; > select (name_type) { > case host_name: HostName; > } name; > } ClientName; > > .. > > struct { > ClientName client_name_list<1..2^16-1> > } ClientNameList; > > The issue is that a receiver of an unknown type cannot properly skip > past it because it doesn't know the length (note that this is a known > problem in SNI as well). The correct approach is to have the ClientName > include a length field: > > struct { > NameType name_type; > uint16 length; // NEW > select (name_type) { > case host_name: HostName; > } name; > } ClientName; > > struct { > ClientName client_name_list<1..2^16-1> > } ClientNameList; > > Note that this will create a redundant length but that's basically > just the natural thing for TLS encoding and not really worth > fixing. > Thanks for this suggestion. It was modelled after SNI, and thus inherited that defect :) At the moment, only one name type (and one instance of it) is supported, so it doesn't really matter. But it is best to design for extensibility, so I will plan to add the additional length field. Shumon.
- [Secdispatch] Agenda time request: DANE for IOT s… Shumon Huque
- Re: [Secdispatch] Agenda time request: DANE for I… Eric Rescorla
- Re: [Secdispatch] Agenda time request: DANE for I… Shumon Huque
- Re: [Secdispatch] Agenda time request: DANE for I… Martin Thomson