Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Issue
Robert Cragie <robert.cragie@gridmerge.com> Wed, 11 July 2012 17:01 UTC
Return-Path: <robert.cragie@gridmerge.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC90A11E80EF; Wed, 11 Jul 2012 10:01:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SZf7CtXPEWkl; Wed, 11 Jul 2012 10:01:26 -0700 (PDT)
Received: from mail78.extendcp.co.uk (mail78.extendcp.co.uk [79.170.40.78]) by ietfa.amsl.com (Postfix) with ESMTP id 6433211E80C0; Wed, 11 Jul 2012 10:01:25 -0700 (PDT)
Received: from client-82-26-85-222.pete-bam-1.adsl.virginmedia.com ([82.26.85.222] helo=[192.168.0.2]) by mail78.extendcp.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) id 1Sp0IU-0004lP-Ad; Wed, 11 Jul 2012 18:01:54 +0100
Message-ID: <4FFDB24F.8060600@gridmerge.com>
Date: Wed, 11 Jul 2012 18:05:19 +0100
From: Robert Cragie <robert.cragie@gridmerge.com>
Organization: Gridmerge Ltd.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: tls@ietf.org, core <core@ietf.org>
References: <1CA8C4CB-1FD8-4498-9988-41B6334F58FD@gmx.net>
In-Reply-To: <1CA8C4CB-1FD8-4498-9988-41B6334F58FD@gmx.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms070204090907070709000705"
X-Authenticated-As: robert.cragie@gridmerge.com
Subject: Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Issue
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert.cragie@gridmerge.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2012 17:01:27 -0000
Hi Hannes, I think it would be easier to understand if the actual extensions were specified in the message diagrams. This seems to reveal a problem in the third use case (hybrid scenario), as it is not possible for the client to use a different certificate type to that selected by the server according to the http://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-03/RFC 6091. Robert I) Server uses Raw Public Keys (client authentication happens at some other layer) (the DANE use case) client_hello, cert-type=(RawPublicKey, X.509) -> // (1) <- server_hello, cert-type=RawPublicKey, // (2) certificate, // (3) server_key_exchange, server_hello_done // (4) client_key_exchange, change_cipher_spec, finished -> <- change_cipher_spec, finished Application Data <-------> Application Data (1) Client supports both, preferring RawPublicKey. Alternatively, cert-type=(RawPublicKey), i.e. client supports onlyRawPublicKey (2) Server supports and chooses RawPublicKey (3) With raw public key (SPKI) inside (4) Server knows OOB that it doesn't need Client certificate so doesn't send certificate_request (security policy for the system) II) Client and Server use Raw Public Keys (the smart object use case - CORE working group) client_hello, cert-type=(RawPublicKey) -> // (1) <- server_hello, cert-type=RawPublicKey, // (2) certificate, // (3) server_key_exchange, certificate_request, // (4) server_hello_done certificate, // (5) client_key_exchange, certificate_verify, // (6) change_cipher_spec, finished -> <- change_cipher_spec, finished Application Data <-------> Application Data (1) Client supports only RawPublicKey (2) Server supports only RawPublicKey (3) With raw public key (SPKI) inside (4) Server knows OOB that it needs Client certificate so sends certificate_request (security policy for the system) (5) With raw public key (SPKI)inside (6) Implies signing ability of raw public key III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case) client_hello, cert-type=(RawPublicKey, X.509) -> // (1) <- server_hello, cert-type=X.509 // (2) certificate, // (3) server_key_exchange, certificate_request, // (4) server_hello_done certificate, // (5) client_key_exchange, certificate_verify, // (6) change_cipher_spec, finished -> <- change_cipher_spec, finished Application Data <-------> Application Data (1) Client supports both, preferring RawPublicKey (2) Server supports and chooses X.509 (3) With X.509 cert. (4) Server knows OOB that it needs Client certificate so sends certificate_request(security policy for the system). **** Note it could be possible to request a RawPublicKey at this point. It is not clear that CertificateRequest supports requesting of a SPKI **** (5) With raw public key(SPKI)inside *** This doesn't seem possible as X.509 has been chosen **** (6) Implies signing ability of raw public key On 11/07/2012 11:56 AM, Hannes Tschofenig wrote: > Hi all, > > draft-ietf-tls-oob-pubkey specifies a new TLS certificate type for exchanging raw public keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) for use with out-of-band public key validation. > > Here is the latest draft: > http://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-03 > > I would be great to get your feedback on an open issue that concerns the semantic of the exchange. I believe there are three use cases we would like to support with this work. Below, I provide high level message exchanges to explain those: > > I) Server uses Raw Public Keys (client authentication happens at some other layer) > (the DANE use case) > > client_hello, > raw-public-key-indicator="Server, when you send me your raw public key? I support this out-of-band key validation using DANE." -> > > <- server_hello, > raw-public-key="OK. The certificate structure below contains my raw public key.", > certificate, // with raw public key inside > server_key_exchange, > server_hello_done > > client_key_exchange, > change_cipher_spec, > finished -> > > <- change_cipher_spec, > finished > > Application Data <-------> Application Data > > > II) Client and Server use Raw Public Keys > (the smart object use case - CORE working group) > > client_hello, > raw-public-key="Server, please send me your raw public key and I will then send you mine. Are you OK processing my raw public key for client authentication?" -> > > <- server_hello, > raw-public-key="Below you find my raw public key and please send me your raw public key for client > authentication", > certificate, // raw public key > server_key_exchange, > certificate_request, > server_hello_done > > certificate, // with client's raw public key > client_key_exchange, > certificate_verify, > change_cipher_spec, > finished -> > > <- change_cipher_spec, > finished > > Application Data <-------> Application Data > > > II) Hybrid Scenario > (the OAuth Holder-of-the-Key Use case) > > client_hello, > raw-public-key="I would like to use my raw public key for client authentication with OAuth. I also process X.509 for server-side authentication." -> > > <- server_hello, > raw-public-key="Please send me your raw public key. I use X.509 for server-side authentication", > certificate, // with X.509 cert. > server_key_exchange, > certificate_request, > server_hello_done > > certificate, // with client's raw public key > client_key_exchange, > certificate_verify, > change_cipher_spec, > finished -> > > <- change_cipher_spec, > finished > > Application Data <-------> Application Data > -------- > > QUESTION: Are these all the message exchanges we need? Are there some problems with the exchanges? > > Ciao > Hannes > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] draft-ietf-tls-oob-pubkey: The Open Issue Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Iss… Eric Rescorla
- Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Iss… Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Iss… Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Iss… Eric Rescorla
- Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Iss… Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Iss… Robert Cragie
- Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Iss… Nikos Mavrogiannopoulos