IETF Logo Mail Archive

Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections

"Fries, Steffen" <steffen.fries@siemens.com> Thu, 11 March 2021 12:30 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C20063A1B20 for <tls@ietfa.amsl.com>; Thu, 11 Mar 2021 04:30:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A3JAIEhYNfmL for <tls@ietfa.amsl.com>; Thu, 11 Mar 2021 04:30:58 -0800 (PST)
Received: from gw-eagle2.siemens.com (gw-eagle2.siemens.com [194.138.20.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 065323A1B1E for <tls@ietf.org>; Thu, 11 Mar 2021 04:30:57 -0800 (PST)
Received: from mail2.dc4ca.siemens.de (mail2.dc4ca.siemens.de [139.25.224.94]) by gw-eagle2.siemens.com (Postfix) with ESMTPS id 42ED6468030; Thu, 11 Mar 2021 13:30:54 +0100 (CET)
Received: from DEMCHDC8A0A.ad011.siemens.net (demchdc8a0a.ad011.siemens.net [139.25.226.106]) by mail2.dc4ca.siemens.de (Postfix) with ESMTPS id DE86718123D80; Thu, 11 Mar 2021 13:30:51 +0100 (CET)
Received: from DEMCHDC89XA.ad011.siemens.net (139.25.226.103) by DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Thu, 11 Mar 2021 13:30:51 +0100
Received: from DEMCHDC89XA.ad011.siemens.net ([139.25.226.103]) by DEMCHDC89XA.ad011.siemens.net ([139.25.226.103]) with mapi id 15.01.2106.013; Thu, 11 Mar 2021 13:30:51 +0100
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: Jonathan Hoyland <jonathan.hoyland@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>
CC: "john.mattsson=40ericsson.com@dmarc.ietf.org" <john.mattsson=40ericsson.com@dmarc.ietf.org>
Thread-Topic: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
Thread-Index: AQHXEeEgKe23eiCLoE+KwrPix1Q1lap1l0qAgAAS1ACAAA6hAIACZKcAgAGaHsCAAJ8RgIAA7xIwgAKharGAANnQsA==
Date: Thu, 11 Mar 2021 12:30:51 +0000
Message-ID: <08166ec1525648568276e05bc4da6dc6@siemens.com>
References: <DE27E5E0-4AB9-4B53-92F6-1057015A8F6C@ericsson.com> <20210305173516.GV30153@localhost> <701E874C-EA40-47FD-A4E4-C4C595E96337@ericsson.com> <20210305193502.GW30153@localhost> <AM0PR08MB3716A4C8D0F9BB007F9A0CBCFA949@AM0PR08MB3716.eurprd08.prod.outlook.com> <40166b1968e04cc392c16e2de559e684@siemens.com> <YEZnS1Fi6GRxBMH5@straasha.imrryr.org> <02f23fa168b64d7d9294cf986bc56717@siemens.com> <YEcng7+1iL4jLOu2@straasha.imrryr.org> <CACykbs3R6rQ1+wb4Aq8_j7GaMnxW5e7LwpeBk=5UvTMUFuD6Lw@mail.gmail.com>
In-Reply-To: <CACykbs3R6rQ1+wb4Aq8_j7GaMnxW5e7LwpeBk=5UvTMUFuD6Lw@mail.gmail.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-03-11T12:30:50Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=75f1c427-e997-469e-8364-29f275fe1745; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
x-originating-ip: [139.21.146.198]
x-tm-snts-smtp: F3CD14E5C71D7B7F3D241BB9A921338D408286FBDB810EA852F0E52DBA3427D92000:8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8UrdmuuIHv9vw87Tcq19hijMPMA>
Subject: Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 12:31:00 -0000

> From: Jonathan Hoyland <jonathan.hoyland@gmail.com> 
> Sent: Donnerstag, 11. März 2021 00:31
> One option that I haven't seen mentioned in the thread is https://tools.ietf.org/html/draft-ietf-tls-exported-authenticator-14.
Thank you for the pointer to the draft. 

> EAs let you send a certificate from either side of the connection at any point after the handshake is complete. 
> I'm not sure what the behaviour is if the certificate itself is expired at the time the EA was sent, but valid at the time the connection was established, but I'm sure that could be nailed down.
> Would something like the client (and equivalently the server) requesting an EA every 24 hours and hard failing if it didn't get one meet your needs?
It may help here. From an integration standpoint it is important that the same certificate would be used with EA as used in the handshake to ensure the one used to authenticate in the first place would be verified. That may mean that one would have to store the initially used certificate or at least the fingerprint or serial number and issuer to be able to request the right one in the authenticator request. 
This would be handled on application layer if I understood it right. As the goal would be to have a trigger to verify the certificate against a (new) CRL, the approach of having a timer or a trigger by the newly arrived CRL may be more suitable. But I will have a closer look.

Best regards
Steffen

> Regards,

> Jonathan

On Tue, 9 Mar 2021 at 07:45, Viktor Dukhovni <mailto:ietf-dane@dukhovni.org> wrote:
On Tue, Mar 09, 2021 at 07:28:26AM +0000, Fries, Steffen wrote:

> > My take is such measures are much too complicated.  Just keep the connection
> > lifetime short, and make a new one from time to time.  Also keep certificate
> > lifetimes short.  Where DNSSEC is an option on both ends, you can also use
> > DANE TLSA records instead of CRLs, just publish a
> > "1 1 1" (PKIX + DANE) or "3 1 1" (DANE only) record that validates the server's
> > public key, and give it a short-enough TTL that it can be replaced quickly.
> > Presto-magic, no need for OCSP, CRLs, ...
>
> While this may be a solution in general, it may not fit for power systems (like a substation). 
> The application of DNSSEC or DANE is not very common and may not be used. Also due to 
> Existing deployments, which do not feature these services (yet). 

I am not trying to suggest that DANE is currently a mainstream option
outside of SMTP (primarily in Northern and Central Europe for now, with
some signs of life in the USA, Canada and Brazil).  The above was more
of an aside for the record.  DANE may be a more realistic choice a few
years from now.  DNSSEC adoption is starting to grow faster, and if this
continues and accelerates, DANE may become more common, time will tell.

Early adopters can of course choose to use it now, but it is far from
mainstream today.

-- 
    Viktor.

_______________________________________________
TLS mailing list
mailto:TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email