Re: [TLS] TLS-OBC proposal
Dirk Balfanz <balfanz@google.com> Thu, 25 August 2011 06:21 UTC
Return-Path: <balfanz@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E8B021F875E for <tls@ietfa.amsl.com>; Wed, 24 Aug 2011 23:21:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.559
X-Spam-Level:
X-Spam-Status: No, score=-105.559 tagged_above=-999 required=5 tests=[AWL=0.417, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gcjva9JmnCgJ for <tls@ietfa.amsl.com>; Wed, 24 Aug 2011 23:21:16 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by ietfa.amsl.com (Postfix) with ESMTP id 64E8921F8754 for <tls@ietf.org>; Wed, 24 Aug 2011 23:21:16 -0700 (PDT)
Received: from hpaq1.eem.corp.google.com (hpaq1.eem.corp.google.com [172.25.149.1]) by smtp-out.google.com with ESMTP id p7P6MSDf006594 for <tls@ietf.org>; Wed, 24 Aug 2011 23:22:28 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1314253348; bh=xST4Kwjz6NgvMdLgOJPPpp9dOp0=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=XK0Ezd7C76LV4DFudWCuH9K8m8BwyHnTIYn2sZ8p/xSbUfK+DoLj4mzm2iapeCNk3 Jc1JCwsKMk8sjq0eWqkRg==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:in-reply-to:references:date: message-id:subject:from:to:cc:content-type:x-system-of-record; b=LLJyHnHap7MvS6VXnCDTxZY2Tnn9SZesqX6zXst48zEeI6izywxoN7kgRSrMQjRc+ Y4fhHdAqa3AhpMQXI7z6g==
Received: from gwj17 (gwj17.prod.google.com [10.200.10.17]) by hpaq1.eem.corp.google.com with ESMTP id p7P6MQYG009774 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <tls@ietf.org>; Wed, 24 Aug 2011 23:22:27 -0700
Received: by gwj17 with SMTP id 17so1314135gwj.10 for <tls@ietf.org>; Wed, 24 Aug 2011 23:22:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=h9UzrzSYtPSNb2FIQtY19zOMToWHh2QAAYOJYkd+Svs=; b=eINqFG4KZ/Nd5ah9GmmwfHMtCiaFyl0pF3PnfuGalP18v1kBxiUM7aOcaLI3+L96bc UO9pPcKVWzSnwWnA/H6A==
Received: by 10.91.160.39 with SMTP id m39mr5859054ago.17.1314253345811; Wed, 24 Aug 2011 23:22:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.91.160.39 with SMTP id m39mr5859044ago.17.1314253345524; Wed, 24 Aug 2011 23:22:25 -0700 (PDT)
Received: by 10.90.56.4 with HTTP; Wed, 24 Aug 2011 23:22:25 -0700 (PDT)
In-Reply-To: <CADKevbDYnjzFe8w7MTyQWhBUBRLo_vUROEy2uinjaA3cwpqq9w@mail.gmail.com>
References: <CADHfa2AMOeShxH_k5ZEB3DUVJAnOqvZmLMg5Yz8smtBDGkQsNg@mail.gmail.com> <CADKevbDYnjzFe8w7MTyQWhBUBRLo_vUROEy2uinjaA3cwpqq9w@mail.gmail.com>
Date: Wed, 24 Aug 2011 23:22:25 -0700
Message-ID: <CADHfa2B8ntB9yHWfU2Y_nA4ysx2hAm9--ATKAVnDZh=+O+on-w@mail.gmail.com>
From: Dirk Balfanz <balfanz@google.com>
To: Chris Richardson <chris@randomnonce.org>
Content-Type: multipart/alternative; boundary="0016e6407cd6cec15e04ab4e731e"
X-System-Of-Record: true
Cc: tls@ietf.org
Subject: Re: [TLS] TLS-OBC proposal
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 06:21:18 -0000
On Tue, Aug 23, 2011 at 4:25 PM, Chris Richardson <chris@randomnonce.org>wrote: > I think the draft is inconsistent with respect to the > certificate_authorities list. > > From section 3.3: "[if both sides include the extension], client and > server are considered to have negotiated origin-bound client > certificates for the session." > > No problem there. > > From section 3.4: "the server MAY use an empty "certificate_authorities" > list" > > Should that be a MUST, or at least a SHOULD? If OBC has been > negotiated, why would a CA-signed cert be used? > Agreed. I'll fix it. Probably a SHOULD, just in case some servers find it hard to turn off their standard list of CAs? > > From section 3.4: [the client] MUST ignore the "certificate_authorities" > list > > No problem there, but it again makes me think the server SHOULD/MUST > send an empty list. > > Section 3.5: If the "certificate_authorities" list in the Certificate > Request is empty, that certificate SHOULD be an origin-bound > certificate, and it should be selected by the client without any > assistance or approval by the end-user. If the > "certificate_authorities" list in the Certificate Request is not > empty, the client MAY select a regular certificate for inclusion in > the Client Certificate message, and MAY involve the end-user in the > certificate selection process." > > The client MUST ignore the list, but MAY take action based upon the > content of the list? > Good catch - you're seeing a bad merge of two different versions of this section. The one I meant to be in there is the one where the client MUST ignore the list (long story...:-). I'll collect more comments for now (instead of fixing it right away), but I will make sure that gets fixed in the next draft. Dirk. > > Chris > > > On Mon, Aug 22, 2011 at 1:53 PM, Dirk Balfanz <balfanz@google.com> wrote: > > > > Dear TLS-WG, > > I few weeks ago I presented a proposal for an "origin-bound certificates" > TLS extension at IETF 81. It's much easier to understand what this extension > is trying to accomplish when presented in a broader context of web > authentication (which I tried to give in Quebec), so I put together a little > web site that is supposed to do just that for those who couldn't be at the > IETF meeting: http://browserauth.net (This took me a little while, hence > the delay in sending out the I-D). > > Anyway, here is the I-D: > http://tools.ietf.org/html/draft-balfanz-tls-obc, which I submit for your > comments/feedback. (Again, remember to read http://browserauth.net for > some context.) > > All feedback is welcome, of course, but if you can't think of anything to > comment on, I have a couple particular questions: > > - in Section 2.1.1 we currently stipulate that the client include the > origin of the origin-bound cert as part of the OBC X.509 extension. When we > implemented this, we didn't really know what to do with that data on the > server side. If the client also uses TLS-SNI, then we could imagine > comparing the SNI and OBC origins in some manner on the server side, but > there isn't really a vehicle to signal an error back to the client saying > "your SNI and OBC origins don't match". Similarly, we could perhaps at some > higher layer compare the HTTP "Host" header with the OBC origin, but then > again - what do you do when they don't match? Respond with a 400 at the HTTP > layer? An alternative to the current language in the I-D would be to simply > mark the cert as origin-bound, but without putting the origin itself into > the cert. Any thoughts? > > - What do you think of the privacy-enhancing power of using per-origin > certs? The idea there is that different domains see different "identities" > (public keys) for the same client. Of course, if two domains choose to > collaborate, they can probably find a way to correlate the two identities > they see for the same client. This is similar to cookies, where normally > "identities" (cookies) for one domain are not revealed to another domain > unless, of course, they choose to collaborate. How much privacy would we > really lose if we just used one certificate for all origins? It would > certainly make the design and implementation simpler. (I tend to favor > per-origin certs, but I'm curious as to what other people think.) > > Thanks for your consideration! > > Dirk. > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > >
- [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Anders Rundgren
- Re: [TLS] TLS-OBC proposal Chris Richardson
- Re: [TLS] TLS-OBC proposal Wan-Teh Chang
- Re: [TLS] TLS-OBC proposal Chris Newman
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Nikos Mavrogiannopoulos
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Nikos Mavrogiannopoulos
- Re: [TLS] TLS-OBC proposal Anders Rundgren
- Re: [TLS] TLS-OBC proposal Nikos Mavrogiannopoulos
- Re: [TLS] TLS-OBC proposal Anders Rundgren
- Re: [TLS] TLS-OBC proposal Martin Rex
- Re: [TLS] TLS-OBC proposal Nico Williams
- Re: [TLS] TLS-OBC proposal Nico Williams
- Re: [TLS] TLS-OBC proposal Nico Williams