Re: [TLS] Proposed text for removing renegotiation

Martin Thomson <martin.thomson@gmail.com> Mon, 09 June 2014 21:28 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07C651A020E for <tls@ietfa.amsl.com>; Mon, 9 Jun 2014 14:28:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DTo9I6jDapMQ for <tls@ietfa.amsl.com>; Mon, 9 Jun 2014 14:28:17 -0700 (PDT)
Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A04C1A01CF for <tls@ietf.org>; Mon, 9 Jun 2014 14:28:17 -0700 (PDT)
Received: by mail-wg0-f42.google.com with SMTP id z12so2808649wgg.1 for <tls@ietf.org>; Mon, 09 Jun 2014 14:28:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=IiKqOEX1hPXdsNMQY/zHP8/TDVaaEgLphATsgXI+PRI=; b=dWC0pOqaXjBmlmWDyCm/9DGchzkyuhlSsM661lObp6Yznb/TCmVZbHiKmvVONJpKgV tkFTwQlfCqZkL8y/kEDtq4e5kiII5bDBD+2O9QzyZxCFud7Eyj0xPokKj7TqJPFrloit ygaCOMBgRP7Kit0jejEK445JV/C59zvnslpk4UbJVGjl6ZZzMs463ykWtu/QNw2D5pyX 4NvESAeVCezqxvNK0d1K78cBzHhfA0O5ogwEm4Sw1RdQJGMdmkl+i/s6iIlvl3fDniN0 2l4yZ6D5P77CoTuty2Y7z6VhbJm9qOECpUq99Sf9jIs/yEaBaegAkMyFTXT4VJ6nS2oN kHrw==
MIME-Version: 1.0
X-Received: by 10.195.18.8 with SMTP id gi8mr35514384wjd.75.1402349295757; Mon, 09 Jun 2014 14:28:15 -0700 (PDT)
Received: by 10.194.51.134 with HTTP; Mon, 9 Jun 2014 14:28:15 -0700 (PDT)
In-Reply-To: <fab4976db86243c5a02039866e3be457@BL2PR03MB419.namprd03.prod.outlook.com>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <fab4976db86243c5a02039866e3be457@BL2PR03MB419.namprd03.prod.outlook.com>
Date: Mon, 9 Jun 2014 14:28:15 -0700
Message-ID: <CABkgnnWn8YTZvh3=caLmpQtT+tUWJmx20J3cPrQJEObRQK4UiA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/0wwCbB4DUaqlbSq_e2vKu4aDAJ4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jun 2014 21:28:19 -0000

On 9 June 2014 11:49, Andrei Popov <Andrei.Popov@microsoft.com> wrote:
>> The former we have decided to solve in HTTP.
>
> Are you referring to these I-Ds:
> http://tools.ietf.org/html/draft-thomson-httpbis-cant-00
> http://tools.ietf.org/html/draft-thomson-tls-care-00
>
> Httpbis-cant talks (rather vaguely) about using "realm" or "other challenge parameters" to select an appropriate client cert. I think client cert selection should be clearly specified before we can say that the mid-session client auth problem has been solved, and remove renegotiation from TLS 1.3.

The selection problem is, as we discussed in Denver, worth addressing.
The short term fix in HTTP/2 will actually be to force these users
down to HTTP/1.1.  That's suboptimal, certainly, but it does fix the
immediate problem.

As far as the -cant draft goes, I simply haven't uploaded an updated
version after our discussion in Denver.  There's a work in progress
version on github:
http://martinthomson.github.io/drafts/draft-thomson-httpbis-cant.html

> It would be even better to solve this problem at the TLS layer, so that each application protocol does not need to come up with a separate solution. And avoiding the round-trips involved in establishing a TCP connection would be awesome, too. The current solution using renegotiation has both of these desirable properties.

I'm sympathetic to this, but if HTTP is the only one that wants this
particular feature, then we are better off leaving them to work around
this.  At least in my opinion.