IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Issue

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 11 July 2012 15:57 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4AEB11E8091 for <tls@ietfa.amsl.com>; Wed, 11 Jul 2012 08:57:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.615
X-Spam-Level:
X-Spam-Status: No, score=-102.615 tagged_above=-999 required=5 tests=[AWL=-0.016, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WWdHBnpW-17q for <tls@ietfa.amsl.com>; Wed, 11 Jul 2012 08:57:22 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id A6C4B11E8085 for <tls@ietf.org>; Wed, 11 Jul 2012 08:57:21 -0700 (PDT)
Received: (qmail invoked by alias); 11 Jul 2012 15:57:50 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.106]) [88.115.216.191] by mail.gmx.net (mp002) with SMTP; 11 Jul 2012 17:57:50 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18yfEkf9ZIy0I2cVQl15ZgyHsrqyeh55NcLMYJ1Rf jO73HsrI1UnRvQ
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <CABcZeBOUzauWUzosjKB+TphvuJgCoY929zb_NezfypbmJv98gQ@mail.gmail.com>
Date: Wed, 11 Jul 2012 18:57:48 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <B85C6601-9090-42F1-AEB1-B8575F483B6F@gmx.net>
References: <1CA8C4CB-1FD8-4498-9988-41B6334F58FD@gmx.net> <CABcZeBOUzauWUzosjKB+TphvuJgCoY929zb_NezfypbmJv98gQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Issue
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2012 15:57:22 -0000

Hi Ekr, 

thanks for your quick response. 

When we started the work we just copied the functionality from RFC 6091 and that RFC defined a new "cert_type" extension. 
As it turns out RFC 6091 didn't IMHO clearly specify the semantic of the value in the cert type.

There are various scenarios, as described below. 

For example, when a client sends a cert_type="raw-key, x509" does this mean it can raw public keys for client authentication and it is OK to receive an X.509 for server authentication? Does it want to receive also a raw public key from the server when the server supports it? 

> 
>> I) Server uses Raw Public Keys (client authentication happens at some other layer)
>> (the DANE use case)
>> 
>> client_hello,
>> raw-public-key-indicator="Server, when you send me your raw public key?
> 
> Is your suggestion that this is indicating ":I would not support X.509?

There has to be a way to indicate what is supported. The rest is not supported. 

> 
> 
>> I support this out-of-band key validation using DANE." ->
> 
> Wait, who said anything about indicating DANE here? The agreed upon
> indication was
> "I would support a public key", nothing about DANE.
> 
> 
What happens if the client supports raw public keys but does not support the out-of-band validation using DNSSEC? 
While I wasn't really suggesting to provide the way to say "I want to use DANE" I see problems for interoperability here. 


> 
>>                          <-  server_hello,
>>                              raw-public-key="OK. The certificate structure below contains my raw public key.",
>>                              certificate, // with raw public key inside
>>                              server_key_exchange,
>>                              server_hello_done
>> 
>> client_key_exchange,
>> change_cipher_spec,
>> finished                  ->
>> 
>>                          <- change_cipher_spec,
>>                             finished
>> 
>> Application Data        <------->     Application Data
>> 
>> 
>> II) Client and Server use Raw Public Keys
>> (the smart object use case - CORE working group)
>> 
>> client_hello,
>> raw-public-key="Server, please send me your raw public key and I will then send you mine. Are you OK processing my raw public key for client authentication?" ->
> 
> This is not a semantic associated with the client. In TLS the server
> requests client auth. At most the client could say "I could
> send you a raw public key for auth if you asked for it"

The important thing here is the indication that both the server and the client are able to process and accept raw public keys. 


> 
> 
>>                          <-  server_hello,
>>                              raw-public-key="Below you find my raw public key and please send me your raw public key for client
>>                                                           authentication",
>>                              certificate, // raw public key
>>                              server_key_exchange,
>>                              certificate_request,
>>                              server_hello_done
>> 
>> certificate, // with client's raw public key
>> client_key_exchange,
>> certificate_verify,
>> change_cipher_spec,
>> finished                  ->
>> 
>>                          <- change_cipher_spec,
>>                             finished
>> 
>> Application Data        <------->     Application Data
>> 
>> 
>> II) Hybrid Scenario
>> (the OAuth Holder-of-the-Key Use case)
>> 
>> client_hello,
>> raw-public-key="I would like to use my raw public key for client authentication with OAuth. I also process X.509 for server-side authentication." ->
> 
> As above.
> 
> 
>>                          <-  server_hello,
>>                              raw-public-key="Please send me your raw public key.
> 
> This is in certreq, no?

I should have rather written. The certreq is asking for your raw public key since you said you support raw public keys (but you have may other certificate types). 

> 
> 
>> I use X.509 for server-side authentication",
> 
> Why would this need an indication?

I believe the problem is that we have to provide a way for the client to figure out what is in the certificate extension. In the raw public key case we only dump the SubjectPublicKeyInfo structure into the Certificate payload. 

We make it easier for the client to parse the content of the structure. 

Right? 



> 
>>                              certificate,  // with X.509 cert.
>>                              server_key_exchange,
>>                              certificate_request,
>>                              server_hello_done
>> 
>> certificate, // with client's raw public key
>> client_key_exchange,
>> certificate_verify,
>> change_cipher_spec,
>> finished                  ->
>> 
>>                          <- change_cipher_spec,
>>                             finished
>> 
>> Application Data        <------->     Application Data
>> --------
>> 
>> QUESTION: Are these all the message exchanges we need? Are there some problems with the exchanges?
>> 


Ciao
Hannes

v2.23.0 | Report a Bug | By Email