Re: [TLS] TLS 1.3 wishlist

Anders Rundgren <anders.rundgren.net@gmail.com> Sat, 07 December 2013 11:09 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8D7A1AE2DC for <tls@ietfa.amsl.com>; Sat, 7 Dec 2013 03:09:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_25=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aYS5_rkDVjex for <tls@ietfa.amsl.com>; Sat, 7 Dec 2013 03:09:06 -0800 (PST)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) by ietfa.amsl.com (Postfix) with ESMTP id E11171AE2CE for <tls@ietf.org>; Sat, 7 Dec 2013 03:09:05 -0800 (PST)
Received: by mail-wi0-f170.google.com with SMTP id hq4so2006899wib.5 for <tls@ietf.org>; Sat, 07 Dec 2013 03:09:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=76YQDa11lpeupgm2pZ72yHx3tlmSlTiHrNXGC/IlQoY=; b=029dDLDsGcfukITOqYZjd1YXPgEJPFZDM59fLBjS2oqw6UcpH0ET+jAWAuNeneH95S dVZEoWsqMr1UOfb/Trp/itGHNerg9iNeproAB9N5AlvoZUu9TIzlabZSeizVp18/yo6q 67OosKEFGOJL9Y8aSG10v/KUKZDD544iEjY5Ts4PoTGpfCBanUniVc9dAfALXQdfVn/d UqwFxbd8/Q/GBDoBp8LR4djs4AKyh+EQTE8d/fwUBu/wYgH8wF0HGj5xhPofK+yvC2LX X78OJJPm+ZkDx5eUfhKUfggXMG2aTnyzAzGJpmyt0rLVLGeEPtDRr94iVEi1iiNozzpb b0Xg==
X-Received: by 10.180.73.70 with SMTP id j6mr6413070wiv.47.1386414541436; Sat, 07 Dec 2013 03:09:01 -0800 (PST)
Received: from [192.168.1.99] (33.50.125.78.rev.sfr.net. [78.125.50.33]) by mx.google.com with ESMTPSA id f11sm4534307wic.4.2013.12.07.03.09.00 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 07 Dec 2013 03:09:01 -0800 (PST)
Message-ID: <52A301C5.50608@gmail.com>
Date: Sat, 07 Dec 2013 12:08:53 +0100
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: Henry Story <henry.story@bblfish.net>, Michael D'Errico <mike-list@pobox.com>
References: <5239F4C9.5090805@pobox.com> <01CA3CC6-C3C4-4412-80F8-E7101BA5C209@bblfish.net>
In-Reply-To: <01CA3CC6-C3C4-4412-80F8-E7101BA5C209@bblfish.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 wishlist
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Dec 2013 11:09:08 -0000

On 2013-12-07 11:15, Henry Story wrote:
> 
> On 18 Sep 2013, at 20:45, Michael D'Errico <mike-list@pobox.com> wrote:
> 
>> A "wish list" for an upcoming new version of TLS is available
>> online (I found it via a message on Twitter):
>>
>> https://www.ietf.org/proceedings/87/slides/slides-87-tls-5.pdf
>>
>> Is it appropriate to discuss this now, prior to rechartering?
> 
> Hi,
> 
>   One thing that would be nice would be some way of having more flexibility
> for the server to request a client certificate. In TLS 1.2 it seems
> the only way to do this is to use the certificate_authorities
> list. 
> 
>   With WebID over TLS [1] a server may in fact be satisfied if the 
> Client certificate contains a WebID in the Subject Alternative Name.
> But this then leaves the question open as to how the server can transmit
> to the client it's ability to accept such certificates.
> 
> The only solution currently available that I know of 
> would be to create a CA with DN such as
> 
>    CN=WebID, O={}
> 
> that every WebID enabled certificate would claim it is signed by (somewhere
> in the certificte chain)
> 
> Then this could be passed by the server in the certificate_authorities
> list as specified in http://tools.ietf.org/html/rfc5246#section-7.4.6
> 
> 
> Some people are worried that this would require CAs to resign their root
> CAs with a WebID certificate in case they wanted to release WebID 
> certificates.
> 
> Is there a better way to do this currently? Could there be a better 
> way to do it?

I believe we had this discussion before, so here we go again :-)
Making TLS CCA (Client Certificate Authentication) useful for consumer authentication (be it to an enterprise, bank or social network), is IMO unrealistic, no matter how desirable it may be.

Technical reasons:
http://webpki.org/papers/PKI/webauth.pdf#page=1

TLS CCA is also at odds with the market:
http://www.forbes.com/sites/amadoudiallo/2013/11/30/google-wants-to-make-your-passwords-obsolete

As an authentication solution for VPNs (and even more "secure box-2-box" communication), TLS CCA is great but that's not "le web".

Regarding the specific WebID issue, I would be cautious about assigning additional semantics to existing constructs.
X.509 offers many other ways of signalling a unique/non-standard use.

Cheers,
Anders

> 
> 
> Henry
> 
> 
> [1] https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html
> 
> 
> Social Web Architect
> http://bblfish.net/
> 
>