Re: [Teep] Working Group Last Call for HTTP Transport for Trusted Execution Environment Provisioning: Agent-to-TAM Communication

[Dave Thaler <dthaler@microsoft.com>]

For point 4 (TLS considerations), I filed https://github.com/ietf-teep/otrp-over-http/issues/10 and
my proposal to address it is as follows:

OLD: When HTTPS is used, TLS certificates MUST be checked according to [RFC2818]. 

NEW: When HTTPS is used, TLS certificates MUST be checked according to [RFC2818]. 
NEW: See [RFC7525] for additional TLS recommendations.      

Rationale is that RFC 7525 (BCP 195) is what contains the answers to questions like Tiru asked in point 4, in a way that is
not specific to TEEP, and already has IETF consensus.  For example, section 3.1.1 of that RFC deals with TLS versions
as Tiru asked about in point 4.   My proposed approach also means we don't need to come up with TEEP-specific text,
since I don't believe there's anything TEEP specific here, given that TEEP messages are secured end-to-end inside so
anything really TEEP specific to say would be up in the TEEP protocol.

Dave

-----Original Message-----
From: TEEP <teep-bounces@ietf.org> On Behalf Of Dave Thaler
Sent: Wednesday, April 1, 2020 6:35 PM
To: teep@ietf.org
Subject: Re: [Teep] Working Group Last Call for HTTP Transport for Trusted Execution Environment Provisioning: Agent-to-TAM Communication

As noted in my earlier response, I reached out to Mark Nottingham for his advice on Tiru's points 4 and 7.
Below is his response, forwarded with his permission (thanks Mark!).

-----Original Message-----
From: Mark Nottingham <mnot@mnot.net>
Sent: Wednesday, April 1, 2020 5:46 PM
To: Dave Thaler <dthaler@microsoft.com>
Subject: Re: bcp56bis advice

Hey,

> On 1 Apr 2020, at 1:43 pm, Dave Thaler <dthaler@microsoft.com> wrote:
> 
> 4)    When HTTPS is used, TLS certificates MUST be checked according to [RFC2818].
>  
> Comment> RFC2818 refers to TLS 1.0 and several of its sections are outdated in comparison with TLS 1.3.
> Comment> For example, when TLS 1.3 is used, is 0-RTT supported ?
> Comment> RFC2818 refers to RFC2459 and is obsoleted by RFC5280.
> Comment> What TLS versions should the client and server support (If TLS 1.2 needs to be supported, please add text discussing the privacy and security implications) ?
>  
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-httpbis-bcp56bis-09%23section-4.3&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C9d741f60d5ad452f08cd08d7d6a61edc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637213881296225956&amp;sdata=bEJ4sbVmO%2Fanq0ECkTHHzJn%2BV2Sfbz1DFCYZD4QY%2Fsc%3D&amp;reserved=0 says:
> >   o  Certificates - Applications using HTTP should specify that TLS
> >      certificates are to be checked according to [RFC2818] when HTTPS
> >      is used.
>  
> Which is what this doc says.   Do you think that bcp56bis is deficient in not asking app protocols to
> say what TLS versions should be supported?   If so, you should provide that feedback soon (if you didn’t already) since it’s
> listed as WG Consensus: Waiting for Write-Up
>  
> I’m hesitant to add any text here without a specific recommendation from that doc since I’d probably get it wrong.
> Leaving it silent, on the other hand, means people should get the answer from bcp56bis, which is referenced in the
> Security considerations section.   I don’t know if that’s sufficient or not, but would want advice from someone like
> Mark.

I'd probably handball this to the Security Directorate or similar; we didn't go there because it's not HTTP-specific.

> 7) 
>    If any error occurs where the TEEP/HTTP Server cannot get a message
>    buffer (empty or not) back from the TEEP implementation, the TEEP/
>    HTTP Server generates an appropriate HTTP error response.
>  
> Comment> Any specific reason for not specifying the error code ?
>  
> Yes.  There are many possible error reasons and legal HTTP error codes 
> for them, so it’s up to the implementation to pick an appropriate one based on HTTP specs.
>  
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-httpbis-bcp56bis&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C9d741f60d5ad452f08cd08d7d6a61edc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637213881296235912&amp;sdata=30gs5vohevDreckLzuahUqCqnHAN30aKiI5tujKBMSM%3D&amp;reserved=0 says:
>    Instead, applications using HTTP should define their errors to use
>    the most applicable status code, making generous use of the general
>    status codes (200, 400 and 500) when in doubt.  Importantly, they
>    should not specify a one-to-one relationship between status codes and
>    application errors, thereby avoiding the exhaustion issue outlined
>    above.
>  
> FYI, when MNot reviewed this spec (as author of bcp56bis) he said it looked ok.

It does. FWIW I don't think it's harmful to say "in this situation, servers should use status code X, because that's the most appropriate one for those semantics." What you want to stay away from is saying "clients receive status code X can infer Y." Unfortunately, the difference is subtle and easily misread.


> Comment> Why is ietf-httpbis-bcp56bis an Informative reference ?
>  
> Fair question. I don’t have a strong preference either way.
> Current answer is because it’s not used in any sentence in a normative way.

FWIW, I don't think it's necessary to reference 56bis unless you're relying on it for security considerations or the like.

Cheers,

--
Mark Nottingham

_______________________________________________
TEEP mailing list
TEEP@ietf.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fteep&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C9d741f60d5ad452f08cd08d7d6a61edc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637213881296235912&amp;sdata=epiCVsUuAaX9y6asychxO%2B4W9o5wmQcZSuhaKl8yxhQ%3D&amp;reserved=0