IETF Logo Mail Archive

Re: [TLS] New Version Notification for draft-wouters-tls-oob-pubkey-01.txt (fwd)

Paul Wouters <paul@xelerance.com> Fri, 18 November 2011 21:06 UTC

Return-Path: <paul@xelerance.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8CD61F0C73 for <tls@ietfa.amsl.com>; Fri, 18 Nov 2011 13:06:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.421
X-Spam-Level:
X-Spam-Status: No, score=-6.421 tagged_above=-999 required=5 tests=[AWL=0.178, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qY+pXHXSAMLj for <tls@ietfa.amsl.com>; Fri, 18 Nov 2011 13:06:08 -0800 (PST)
Received: from mx.xelerance.com (mx.xelerance.com [193.110.157.188]) by ietfa.amsl.com (Postfix) with ESMTP id 2BA7E1F0C40 for <tls@ietf.org>; Fri, 18 Nov 2011 13:06:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mx.xelerance.com (Postfix) with ESMTP id 1D7432C2; Fri, 18 Nov 2011 16:06:04 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xelerance.com; h= content-transfer-encoding:content-type:content-type:mime-version :user-agent:references:message-id:in-reply-to:subject:subject :from:from:date:date:received:received:received:received; s= smtp; t=1321650362; x=1322255162; bh=elO8aenjVSLDo/jBXW0jbafFRDl 32/ehyloxUqnLn84=; b=jPecphSS0JCh5ABP5zwUz4VFEedQO2cyKcfbUz8QDM2 J8S6QnFFiQ35JTKAvg7EXAZ9o7/CWVk35Ys7IXBfv8g5HFW0eNA8EcuKe5mF+3eY qMLZPgPkY3gy06jyNZK7i+Nxwwh3cdQgrpy9Hp6qr8oB35hbE5cn8wpnMeTsUikI =
Received: from mx.xelerance.com ([127.0.0.1]) by localhost (mx.xelerance.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP id RY6xhUDEml20; Fri, 18 Nov 2011 16:06:02 -0500 (EST)
Received: from mail.xelerance.com (mail.xelerance.com [193.110.157.189]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.xelerance.com (Postfix) with ESMTPS id C974D84; Fri, 18 Nov 2011 16:06:02 -0500 (EST)
Received: by mail.xelerance.com (Postfix, from userid 1001) id A9748598; Fri, 18 Nov 2011 16:06:02 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by mail.xelerance.com (Postfix) with ESMTP id A38C556B; Fri, 18 Nov 2011 16:06:02 -0500 (EST)
Date: Fri, 18 Nov 2011 16:06:02 -0500
From: Paul Wouters <paul@xelerance.com>
To: Badra <mbadra@gmail.com>
In-Reply-To: <CAOhHAXyMneJv_-gsKiKkXcyd+03VZdBbaiamyuWm3Y2QNaxtSw@mail.gmail.com>
Message-ID: <alpine.DEB.2.00.1111181601190.19177@mail.xelerance.com>
References: <alpine.DEB.2.00.1110311914480.17385@mail.xelerance.com> <CABcZeBOqziPWk5Je=Ld+Fa0i-vz+HXKaFTDyswptfKG6dXJkxw@mail.gmail.com> <CAOhHAXyMneJv_-gsKiKkXcyd+03VZdBbaiamyuWm3Y2QNaxtSw@mail.gmail.com>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: tls@ietf.org
Subject: Re: [TLS] New Version Notification for draft-wouters-tls-oob-pubkey-01.txt (fwd)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2011 21:06:11 -0000

On Fri, 18 Nov 2011, Badra wrote:

> And how does draft-wouters-tls-oob-pubkey differ from draft-ietf-tls-cached-info-09?

cached-info still needs PKIX validation on the first run, and then supports caching
the authentication. oob-pubkey allows for out of bound public key authentication
with tls server suppressing the sending of its (often huge) unneeded PKIX chain.

This avoids conflicting information (eg between DANE and PKIX), removes the need for
(re)generating bogus PKIX containers with self signed certs and dozens of subjctAltnames
and enables CoAP devices with are lacking the resources for PKIX do engage in TLS.

Paul

> Best regards,
> Badra
> 
> On Thu, Nov 17, 2011 at 8:47 AM, Eric Rescorla <ekr@rtfm.com> wrote:
>       Extending TLS to support a raw public key seems like a good idea and
>       I support taking it on.
>
>       Extending it to suppress the public key and instead send a hash from server
>       to the client seems less so; if the server sends the public key, it works
>       if the client knows either (a) the server public key or (b) a digest of the
>       public key. Sending a digest only works if the client already knows the
>       public key, which seems far less likely. If you want to suppress the
>       server sending the key, a better (and more general) solution is to
>       resurrect cached-info. This would work with both raw keys and
>       certificates.
>
>       -Ekr
> 
>
>       On Mon, Oct 31, 2011 at 4:21 PM, Paul Wouters <paul@xelerance.com> wrote:
>       >
>       > This is the new version of the draft incorporating the feedback from Quebec
>       > City
>       > and the TLS list since then. It changes the draft from a new TLS extension
>       > to a
>       > new Certificate Type for raw keys.
>       >
>       > It also merges in the unpublished draft material from Hannes Tschofenig
>       > and Tero Kivinen <kivinen@iki.fi> whom had also been working on raw RSA
>       > TLS keys for use with CoAP (eg devices with no real time clock where
>       > PKIX validation cannot work)
>       >
>       > I did not yet change the draft ofrom individual submission to working group
>       > item,
>       > as I was waiting for confirmation on the TLW WG list of the last Quebec City
>       > meeting.
>       >
>       > http://tools.ietf.org/html/draft-wouters-tls-oob-pubkey-01
>       >
>       > Paul
>       >
>       > ---------- Forwarded message ----------
>       > Date: Mon, 31 Oct 2011 17:44:35
>       > From: internet-drafts@ietf.org
>       > Cc: weiler@tislabs.com, hannes.tschofenig@gmx.net, gnu@toad.com,
>       >    paul@xelerance.com, kivinen@iki.fi
>       > To: paul@xelerance.com
>       > Subject: New Version Notification for draft-wouters-tls-oob-pubkey-01.txt
>       > X-Spam-Flag: NO
>       >
>       > A new version of I-D, draft-wouters-tls-oob-pubkey-01.txt has been
>       > successfully submitted by Paul Wouters and posted to the IETF repository.
>       >
>       > Filename:        draft-wouters-tls-oob-pubkey
>       > Revision:        01
>       > Title:           TLS out-of-band public key validation
>       > Creation date:   2011-10-31
>       > WG ID:           Individual Submission
>       > Number of pages: 11
>       >
>       > Abstract:
>       >   This document specifies a new TLS certificate type for exchanging raw
>       >   public keys or their fingerprints in Transport Layer Security (TLS)
>       >   and Datagram Transport Layer Security (DTLS) for use with out-of-band
>       >   authentication.  Currently, TLS authentication can only occur via
>       >   PKIX or OpenPGP certificates.  By specifying a minimum resource for
>       >   raw public key exchange, implementations can use alternative
>       >   authentication methods.
>       >
>       >   One such method is using DANE Resource Records secured by DNSSEC,
>       >   Another use case is to provide authentication functionality when used
>       >   with devices in a constrained environment that use whitelists and
>       >   blacklists, as is the case with sensors and other embedded devices
>       >   that are constrained by memory, computational, and communication
>       >   limitations where the usage of PKIX is not feasible.
>       >
>       >   The new certificate type specified can also be used to reduce the
>       >   latency of a TLS client that is already in possession of a validated
>       >   public key of the TLS server before it starts a (non-resumed) TLS
>       >   handshake.
>       >
>       >
>       >
>       >
>       > The IETF Secretariat
>       > _______________________________________________
>       > TLS mailing list
>       > TLS@ietf.org
>       > https://www.ietf.org/mailman/listinfo/tls
>       >
>       _______________________________________________
>       TLS mailing list
>       TLS@ietf.org
>       https://www.ietf.org/mailman/listinfo/tls
> 
> 
> 
>

v2.23.0 | Report a Bug | By Email