IETF Logo Mail Archive

Re: [TLS] security considerations for draft-rescorla-tls-subcerts

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 05 April 2017 19:30 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68B8B12948B for <tls@ietfa.amsl.com>; Wed, 5 Apr 2017 12:30:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6LxdtXEdYv6R for <tls@ietfa.amsl.com>; Wed, 5 Apr 2017 12:30:35 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82F8612946D for <tls@ietf.org>; Wed, 5 Apr 2017 12:30:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1CEA2BE79; Wed, 5 Apr 2017 20:30:33 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EeCyH8WDp23p; Wed, 5 Apr 2017 20:30:32 +0100 (IST)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A8598BE74; Wed, 5 Apr 2017 20:30:31 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1491420632; bh=1inxc+iPGQ+YqhOdidfxuLOVWy9u1xRJA7d6u3buHFM=; h=Subject:To:References:From:Date:In-Reply-To:From; b=Wq4ciZm6gPyyqdLh6ZBLQJufVtQp11mWVcn/ybu8FXSt1FJtNrLZmh3Tra/KkfV+E e+enpINUaU5r4jYn+8oIe1DbyM99Kw/3bk8R5iOH8ezF003QlMLA6g5AJW1S8XokT6 4/uQYBxO9Gb5ZRqCwRd8H1YZc/A58nZPJth0iyEk=
To: Subodh Iyengar <subodh@fb.com>, Simon Friedberger <simon.tls@a-oben.org>, "tls@ietf.org" <tls@ietf.org>, Richard Salz <rich.salz@gmail.com>, "Kaduk, Ben" <bkaduk@akamai.com>
References: <m27f362zxm.fsf@dhcp-89ad.meeting.ietf.org> <MWHPR15MB1455F0758BE196CAB4BDF8BDB6360@MWHPR15MB1455.namprd15.prod.outlook.com> <c5799647-4568-4cbf-1708-52934a961f67@akamai.com> <d93fe5c1-5236-f86c-34d0-2606204d672d@a-oben.org> <f4aeff835aa4437f8d2996cba926bc11@usma1ex-dag1mb1.msg.corp.akamai.com> <df23dab4-d8cd-7d7e-3372-1dfed4457d45@a-oben.org> <MWHPR15MB145571244E36DA811C5F6CDCB60A0@MWHPR15MB1455.namprd15.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <b5f89159-57da-a443-e675-5e2ccf5ecae5@cs.tcd.ie>
Date: Wed, 05 Apr 2017 20:30:31 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <MWHPR15MB145571244E36DA811C5F6CDCB60A0@MWHPR15MB1455.namprd15.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="Nuq4v4IIj8IAAfvdlOkusWLBvvbgsOgrd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0_wX7_CJP_OaFFQraDeltG7b6EU>
Subject: Re: [TLS] security considerations for draft-rescorla-tls-subcerts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2017 19:30:41 -0000

I've no strong opinion for or against this. One question below
though.

On 05/04/17 17:07, Subodh Iyengar wrote:
> The threat model here is that since if a less-trusted host having a
> key is compromised for a certain period of time without detection,
> and an attacker can steal private keys during that period. In many
> situations we are fine with giving the TLS terminator a certificate /
> key, i.e. they actually have a trust relationship, however we want a
> compromise to only give the attacker a limited power to use the
> credential. Revocation is arguably effective, so we would not be okay
> with giving a less trusted host a long term private key. However we'd
> be okay with giving a less-trusted host a short term key.

With that goal in mind, wouldn't it help mitigate the threat if
the holder of the longer term credential (the cert subject) were
to include within the signature e.g. an IP address range within
which the delegated credential is allowed to be used?

Cheers,
S.

v2.23.0 | Report a Bug | By Email