Re: [TLS] Genart last call review of draft-ietf-tls-exported-authenticator-09

Christer Holmberg <christer.holmberg@ericsson.com> Fri, 11 October 2019 07:00 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C26371200F7; Fri, 11 Oct 2019 00:00:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i9KNvFvFmY_C; Fri, 11 Oct 2019 00:00:07 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50046.outbound.protection.outlook.com [40.107.5.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 035C112008B; Fri, 11 Oct 2019 00:00:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fIinv3GNBlU7vg5k4xuVfRMiQuebsfQUgdLHWLUe66UPjF2iDPU6j9SODfD7lLbktFGxzgKsZBaLrrD4EAh1OcfB+blPfcB9LayfLRXYnocgLxr8WdOqz9q0zj0v/MuNwc5pT7+oAQxK5wVhXbsCVBq64Xe0IJjVGnZACPSV5SiUd6l/BhH3FoEzzJd3gWbM3GCSWg1nrB3pM0ppWswmtWPu0EUWYqWE6zkNrOkr+Bt6j2TaxlS2Lsvrp4sWFH7mQpw5UkPqETjLTNnrVL+3vQQNjw9HoYEl/MKSumyQCAsnE4xbROnIf78lmgAmNlPwa4JUI0n6iwLWE5Nk2rJUwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dNh73YD33BCxI7XyMMf689J6XS9bIsk8RPuz3khxZdI=; b=PVuq5jePRSfDXDz/a6X2v/0NQD8XC0Er/b776rMF6jbntyfuyUORvH2uQjdMtnRxZVCSFaGVvj4Xu6GfQ6FvSLkePutjk4IO9oUOXXyJ0S74MlOer6CFFJHOd3XsFBnU0peW/NCVd2md63IgfnG1NZTTjgpi0dGhE0pM5ZwVb9aqVOUBDeoj+tJFSLJLL7PlUEYa79l674KJYVhnnNVXcHsXt4kxuTRd4vsOdkUPBLJH6WfwEXMBs5sUhdTOzcmVcVCMX+NppcpM3DOnyKVjkB4O4cY0WxzGxcR12uor0XVba4r+2U62iVoOBxzrSC7Jx1/L0w6WkGLwmokSxBSyrw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dNh73YD33BCxI7XyMMf689J6XS9bIsk8RPuz3khxZdI=; b=neX2RA2aldL0sjS3ZpvSVviFeRBBjMNpXhYq6kgLH3lo+cVUJEWCOsc0B2mwCXMFU80kMYshU70Cpi3k3h2H7QcPGa87QFoxXeDjMZIXqnuSsKmlkgMSQh4MNxB7f2gh3PSkwO5Tvy63SMaQf6armQWObIsJhs5+XoflXpwJux8=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3516.eurprd07.prod.outlook.com (10.170.248.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.13; Fri, 11 Oct 2019 07:00:00 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::14d0:5c4f:26b7:b6e9]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::14d0:5c4f:26b7:b6e9%3]) with mapi id 15.20.2347.021; Fri, 11 Oct 2019 07:00:00 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Nick Sullivan <nick@cloudflare.com>
CC: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-tls-exported-authenticator.all@ietf.org" <draft-ietf-tls-exported-authenticator.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-tls-exported-authenticator-09
Thread-Index: AQHVbmsQQiMh+1FWRUS8h+cw2bI1hKcy5WaAgAC48gCAALCBAIAe3NkAgAIswIA=
Date: Fri, 11 Oct 2019 06:59:59 +0000
Message-ID: <7F09A9E2-6455-45EB-808A-2951DCCA26AB@ericsson.com>
References: <156249708979.14501.13745976049183757305@ietfa.amsl.com> <CAFDDyk8iG0R2rT7x-t7fHkFxcYBBkf8j1-mg1xbexoh8gXts6A@mail.gmail.com> <7BDE969A-7B5F-4979-B4E9-7E6C03C0A1B1@ericsson.com> <CAFDDyk_yoOu01nBPrBj_AVBugFRGUCOthYDysOuAGCrKNWG8dg@mail.gmail.com> <57E5EB36-6A59-45A7-A2F4-1E1626391742@ericsson.com> <CAFDDyk-T_+RHDwEJ+8AQFTvZKykPxwd+A5+8xiZp22bOs48S8w@mail.gmail.com>
In-Reply-To: <CAFDDyk-T_+RHDwEJ+8AQFTvZKykPxwd+A5+8xiZp22bOs48S8w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 755e078a-c313-4220-87e8-08d74e18a215
x-ms-traffictypediagnostic: HE1PR07MB3516:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <HE1PR07MB35163BA51139A38FD577652693970@HE1PR07MB3516.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0187F3EA14
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(396003)(136003)(346002)(376002)(39860400002)(54094003)(189003)(199004)(66066001)(446003)(6436002)(4326008)(2616005)(476003)(256004)(14444005)(14454004)(316002)(486006)(71200400001)(71190400001)(11346002)(58126008)(8676002)(6486002)(5660300002)(54906003)(44832011)(81156014)(81166006)(6246003)(86362001)(229853002)(66446008)(236005)(2906002)(606006)(7736002)(33656002)(6916009)(66946007)(3846002)(6116002)(186003)(66476007)(6512007)(76176011)(64756008)(53546011)(478600001)(6506007)(66556008)(99286004)(102836004)(54896002)(6306002)(76116006)(8936002)(25786009)(91956017)(26005)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3516; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Pkihoj7h4DMadsg8lLPsA8rXP0c1WeiamYd98WjvBbZpH7pqylH+BdBTCO64mtDEIeGtemhDCxSXy9E7JcBjvKXpE6+HD7XrOx3VapiF271XYBJmrUL+BoNBEgMphGw9BdgSr0XHLMnB0I3Ps55fWZZYS4kL6qZUFJxEFzTPixZJ5u3AVpdX0TGcguWaTYM7wSaXs9Lcd3KHQBWC17pyg+4PeVbSF0ZkXoxWOFyX828Y7RDH8d5zGa48s6hZ+V2VPsUYCHfw6SobCmX7dzSidR0rKFl2DPYrNywtOv/Lzvs0c2V5i/J4tkOvGEiFsBbWUdHHT7Q89pcnsdCMRPljoHeIxeOBDY7PRD68ePinLMh9BTg8gNmxBOUzwmqrySyFqZWvNilJ25t9T7auH+sm5RytvV0QxS6VB0a4hbRSI/GxfS2HWVLqj+JTgFY3x10/5Pmj2L9E8k1hWks4JeseHg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_7F09A9E2645545EB808A2951DCCA26ABericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 755e078a-c313-4220-87e8-08d74e18a215
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 07:00:00.0526 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: m4qDH5qG4dKybgqophQ7mXu+JdAHDz1aebaVdvSKRUWx4C1hjdVIXRC7jPrD+mLVqQikAmRXz92ll3xDFKZyujY8LGk+VMPiy5hiGh40kqc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3516
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5w-MHeASAI9XcgoVg3deTSsdVQ0>
Subject: Re: [TLS] Genart last call review of draft-ietf-tls-exported-authenticator-09
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2019 07:00:10 -0000

Hi,

>Thanks again for your review! The PR is on Github (https://github.com/tlswg/tls-exported-authenticator/pull/50<https://protect2.fireeye.com/url?k=44e4cb6c-186d1140-44e48bf7-0cc47ad93da2-d674bd41a094d4bb&q=1&u=https%3A%2F%2Fgithub.com%2Ftlswg%2Ftls-exported-authenticator%2Fpull%2F50>) and will be incorporated into a new
>version of the document that addresses both your comments and those by Yaron Sheffer.

Looks good.

Regards,

Christer

On Thu, Sep 19, 2019 at 11:29 PM Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:
Hi,

>Some answers to your questions inline. I'm not sure further changes along the lines suggested here are needed, but I'm open to arguments that point in that direction.

I am mostly fine with your answers. Just a couple of comments inline still.

---

MIN_2:

>>>> Can the mechanism be used also for DTLS?
>>>
>>> I think the answer is yes. I don't see any reason to disallow the use of Exported Authenticators in DTLS.
>>
>> Would it be useful to clarify that?
>
> Going through what the modified text would look like, it seems like a substantial amount of re-writing (even the title!) for what amounts to an unclear use case.
> Keeping in mind that DTLS 1.3 hasn't been finalized and doesn't directly define exporters, I'm disinclined to define how EAs would work with DTLS. If someone
> has a strong use case for EA in DTLS, it may be worth considering it.

Would it then be useful with a statement saying that it might be possible to use exporters also with DTLS, but that such usage is outside the scope of the document and needs to be specified in a separate document?

I added a line to this effect.

---

MIN_3:

>>>> The documents talk about additional certificates. If I only have one additional
>>>> certificate, can I use that for multiple authenticators throughout the TLS
>>>> session?
>>>
>>> Yes, there is nothing disallowing the creation of multiple exported authenticators with the same certificate.
>>
>> Would it be useful to clarify that?
>
> I'm not convinced this is a realistic use case. Since exported authenticators are based on the exporter, there is no inherent ordering.
> If you re-authenticate with the same certificate, there's nothing asserting freshness of the second certificate. Is there something in
> the text that suggests that using a certificate multiple times is disallowed? If there's no suggestion that this is not possible that
> needs to be corrected, I don't see the benefit of calling out this specific use case.

I don't think there is any text suggesting that it is disallowed. But, if you don't think it is a realistic use case I'll take your word for it :)

---

ED_2:

>>>> Section 3 says: "The authenticator request is a structured message that can be
>>>> created..." Section 4 says: "The authenticator is a structured message that can
>>>> be exported..."
>>>>
>>>> In the 2nd paragraph of Section 4 it is stated that "authenticator" is sent
>>>> based on an "authenticator request". I wonder if that could be stated already
>>>> in the beginning of Section 4, to further clarify the difference between them.
>>>> E.g.,
>>>>
>>>> "The authenticator is a structured message, triggered by an authenticator
>>>> request, that can be exported from either party of a TLS connection."
>>>
>>> The issue is that servers can generate spontaneous exported authenticators without
>>> an authenticator request.
>>
>> Where is this written? Did I miss it?
>
> Section 4:
>   An authenticator message can be constructed by either the client or
>   the server given an established TLS connection, a certificate, and a
>   corresponding private key.  Clients MUST NOT send an authenticator
>   without a preceding authenticator request; for servers an
>   authenticator request is optional.  For authenticators that do not
>   correspond to authenticator requests, the certificate_request_context
>   is chosen by the server.

Ok. Looks good.

Regards,

Christer