[TLS] Re: Transparent TLS Client Auth (t2CA)
Eric Rescorla <ekr@rtfm.com> Thu, 22 May 2025 17:58 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 902972BF1D31 for <tls@mail2.ietf.org>; Thu, 22 May 2025 10:58:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GTIoc78ZbDCY for <tls@mail2.ietf.org>; Thu, 22 May 2025 10:58:52 -0700 (PDT)
Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A87F82BF1D27 for <tls@ietf.org>; Thu, 22 May 2025 10:58:52 -0700 (PDT)
Received: by mail-yb1-xb35.google.com with SMTP id 3f1490d57ef6-e7b99f387e8so4391284276.0 for <tls@ietf.org>; Thu, 22 May 2025 10:58:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1747936732; x=1748541532; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XeEI2i+6s+Nn1c2F382ayozbKtPSy6XJpQAMyT1X304=; b=m8spYWfYPca/3dmyjsN3GyEEGy9f4hX/EU1TICPu8vN2y73vRVyFfkupEl29uYlDf1 2Aa7MA2qxsF/PV4U0CM//k2uYVJkPpz1/JP18S6WnLPCvyeWNGMeDN+i4o4Lx1KwbW4d jb1KIwg48lWXx/lT19u+ukRKlKRyLd/kE6hP+ycW7EXoHBt6ECtcRUThIGJsUF2n+iw1 igRFxoqqOsZ+szdQQVDtKQrd13IzHNaUIRB5RcJZHc7SliJ3Ot3IWumJJufesuMd3Ypr ukwxVfO+efekHH5433HgK55jAuzD83GAPtUvcD0raAmh57wU95eFCffMGhGYXlRaYopG d5jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747936732; x=1748541532; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XeEI2i+6s+Nn1c2F382ayozbKtPSy6XJpQAMyT1X304=; b=SL2QQYKLOtgrJ2f7zeyjWLWLZoxG/k6SNOM2xG1MvEox6k4AxA2nJMFf6ZCxXAXaFe m30huR73JEQ1wYDDA/WCzWTY0M3NHEpTZ0fTnqF3TtMcV0xqVop/Jt/uF1XNiTXyqXIP kEr4KO0YeOBGjL7CLQvxbtg4foPz0l+FCRqwC3GJyYgVmYQSkuZCza7mfUURx4PuqpuJ qYEWqrwm98Oe7rNUC7j8qmZI6u6WhhaA4ejqn8pLoBQSTuycH5aSePEkiQUZExIT8uht zbNQxyoZ6Zwi/X0BVQUtRVEPbPGqM0bvszvO4nh/zVEU5fiy1cudkYM94+tA/qJSfdYj esBQ==
X-Gm-Message-State: AOJu0YxXb1JQ0IlrndK4eVSLlLw8FLsI//w8ACUJdBwSPJFt5Xnkovs8 llaVfiH3HlFaLlTeKNrLoTSuBQowJRRn7PuDOCHP+I7tUEJ7TjeKFiBAEo1xVuJhTbPK80NPTjg 82In06peVhK7iv+iKqk+DBVBuZgpYvuwNjoRCmE8FAJT75582fvS1
X-Gm-Gg: ASbGncv+GENLgznd5CdFr/R1EMA2Zyj/FCTO6CSeodXsnNCg4ZnXijnnvtNTRxPBc8+ Rbnw2lqmBQveAZ0X5kN1XIKESRVubeZDiF0wxUIfVbCgNw4dOQr6Sf5dtKElCvPoJDi6/q0aJsr dFakZ7ubHPiJ6PYeM4l0+hI79+76KgflQ=
X-Google-Smtp-Source: AGHT+IG50t1KIq+u/QQKRrF4pe3NTk3g/1Ef90MoWMFJ7JGxPqO5PVeUKi0zjrkdQYFCis9OH2PuB4qe4KaLqKWnx8Q=
X-Received: by 2002:a05:6902:1082:b0:e75:bb4f:65f with SMTP id 3f1490d57ef6-e7d7e0f2bbbmr211406276.17.1747936732013; Thu, 22 May 2025 10:58:52 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+LwgUckd7M4J1wop9srwxaFkfenmibLJ1=-dJb-pfEkXxLg@mail.gmail.com> <CABcZeBMkNs=Uhe5Wv49P8OquN8rn0z_p4cXgB51gS879RFxBZA@mail.gmail.com> <CAMm+LwgszwpdfB5k0ETEfg2cYyestZtq0y5pS7=Y7kzdyoBPbw@mail.gmail.com> <CABcZeBPgxDhqroAUO+fW4Sp6qvSHugd2pym5C2_+jNcQUXaqxw@mail.gmail.com> <CAMm+LwgMgsTyHgkenDU0XsBeRAk3kOb7cfpFhZNpNpOr8sam9Q@mail.gmail.com>
In-Reply-To: <CAMm+LwgMgsTyHgkenDU0XsBeRAk3kOb7cfpFhZNpNpOr8sam9Q@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 22 May 2025 10:58:16 -0700
X-Gm-Features: AX0GCFugXXwo9GEYYD4dNuTW5jaOXkK0ynkcJ5-tl_crq60Dm5MQN7wIDGTEcwg
Message-ID: <CABcZeBOdmwZkPwXGfYscRDwqO-icWuG1a4=ujQ7RpJBuBJcryw@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: multipart/alternative; boundary="0000000000000082420635bd3cff"
Message-ID-Hash: VVEFRJTI5IJGIODBGVRUCA3HHI6HE55R
X-Message-ID-Hash: VVEFRJTI5IJGIODBGVRUCA3HHI6HE55R
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Transparent TLS Client Auth (t2CA)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-Vns9HrjOidK-0-BoXdTtDGfMFs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Thu, May 22, 2025 at 10:28 AM Phillip Hallam-Baker <phill@hallambaker.com> wrote: > > > On Thu, May 22, 2025 at 1:04 PM Eric Rescorla <ekr@rtfm.com> wrote: > >> >> >> On Thu, May 22, 2025 at 9:56 AM Phillip Hallam-Baker < >> phill@hallambaker.com> wrote: >> >>> >>> >>> On Thu, May 22, 2025 at 11:50 AM Eric Rescorla <ekr@rtfm.com> wrote: >>> >>>> A few observations here. >>>> >>>> I generally agree that a signature-based scheme has superior privacy >>>> properties to something like OAuth, though the details really matter >>>> here. For example, if the system requires having a TXT record at the >>>> leaf node (e.g., ekr.<something>.gmail.com) then the end result is >>>> similar because the DNS server will get a query from the relying party >>>> for your specific identity, allowing the server to track you [0] >>>> >>> >>> The idea here is that you have your own personal DNS name that is yours >>> and only you use for authentication. It is a different approach but one >>> that has some surprising effects. >>> >>> A traditional Internet account is a delegation to a service. so >>> ekr@example.com. To resolve that name, a client first locates the auth >>> server for rtfm.com and then sends it a query. >>> >>> In the Blue Sky model, your account has its own DNS name and can be >>> queried independently of any account discovery service: @ekr.example.com >>> . >>> >> >> Yes, I understand this, but as a practical matter, people don't have >> their own DNS names, and I don't think it's likely they are going to get >> them. Rather, they are likely to have them subordinated under some >> provider, exactly as they do now, in which case it will be ` >> alice@gmail.com` which maps to `alice.gmail.com`, hence the privacy >> point I am making. >> > > I accept that most people are going to go for a free DNS handle issued by > a handle provider. But a system in which users have the option of exit has > completely different dynamics to one where they are locked in by switching > costs. > Yes, I agree with this. But even in the case where the DNS handle is associated with my own server, that server is then likely hosted by some DNS hosting provider, and so we have to worry about privacy via that provider. > * Allowing the site to control the timing of the authentication >> (e.g., offering you connect unauthenticated and then upgrading). >> * Allowing the site to offer multiple authentication options. >> * Allowing the site to control the look and feel of the interaction. >> > > I don't want the site to be doing any of that. I want there to be a single > consistent authentication experience across everything. Without > consistency, users have no idea what they are doing and the scheme is > vulnerable to social engineering attacks. > >> What matters here is not what you want but rather what the site wants, >> and in my experience they want these properties. >> So, again, I ask: which major players in the current ecosystem are >> interested in this. >> >> -Ekr >> > > The target 'site' in this case is the HTTPS server built into my next IoT > thermostat after the current one is disabled because of malicious > obsolescence. > OK, but there are still vendors who need to do things, so I think my question continues to be relevant. Which device and/or browser vendors are interested? -Ekr
- [TLS] Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Ben Schwartz
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Shumon Huque
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Eric Rescorla
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Eric Rescorla
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Eric Rescorla
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Eric Rescorla
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker