IETF Logo Mail Archive

Re: [TLS] Summary of discussion regarding spontaneuous authentication

Martin Thomson <martin.thomson@gmail.com> Wed, 22 October 2014 12:07 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FA4E1A900A for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 05:07:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E0Vx28tnaA0a for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 05:07:31 -0700 (PDT)
Received: from mail-la0-x235.google.com (mail-la0-x235.google.com [IPv6:2a00:1450:4010:c03::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15FE11A8F3C for <tls@ietf.org>; Wed, 22 Oct 2014 05:07:30 -0700 (PDT)
Received: by mail-la0-f53.google.com with SMTP id gq15so2729529lab.26 for <tls@ietf.org>; Wed, 22 Oct 2014 05:07:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=jgrsdPKopP5Pez9XymFFh1m1pbFUtWsdOx5itOxbKVs=; b=zyOwxXWJn9Jw5zHGysKn5ABHDKdtB7m5mH1qDOVMBx6EtMpmO0gqnL32D9GsFhOlRq k4ejqfAW/XHuSVLoK+YIFIDWLFCi9kmhP3+Uke+gk3D2IHpxX6E05SyZuy5Yy8QzEnr5 px/34D9mVyyTDTY15pHFGNbneL7sIEzx+QrNu0c/IroKJXCzbgi3fFcKVkLquwAGtKYJ 9rSqXZiWJLRb5CuPEjJ1625zCb7jggJ8AtxzXTZoHePvVpnSuzPljPhlHMvCNtHKMB5J NQ0hJ6Rx1Ao43a9gdUACPZSRv3uIhnAduH9OLduXJgKWMwXvnh95UCuRq4G55zaf2hrP czHw==
MIME-Version: 1.0
X-Received: by 10.152.27.38 with SMTP id q6mr2542550lag.92.1413979649214; Wed, 22 Oct 2014 05:07:29 -0700 (PDT)
Received: by 10.25.215.217 with HTTP; Wed, 22 Oct 2014 05:07:29 -0700 (PDT)
In-Reply-To: <CABkgnnUAhEV=wLZyTew=ne7VgSq50XYR3Fo5EfjNXc8=_hbpyg@mail.gmail.com>
References: <CABkgnnUAhEV=wLZyTew=ne7VgSq50XYR3Fo5EfjNXc8=_hbpyg@mail.gmail.com>
Date: Wed, 22 Oct 2014 05:07:29 -0700
Message-ID: <CABkgnnXAk+HU2yaUJdOQ0w-heHwYrPK6Zf3HrH5tU+2Tk7_cCA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/8WCvHCIR2_6Zd_zNtYwNpjPME0U
Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 12:07:33 -0000

I forgot one point that we discussed.

We discussed the removal of the CertificateRequest and we will permit
the client to unilaterally send authentication.

The theory here is that clients tend to know whether they need to
authenticate.  Most uses of mutual authentication start with the
client knowing that they need to authenticate.  Anything more
complicated will require some application protocol signals.

This also avoids the deficiencies with CertificateRequest, allowing -
or requiring - application protocols to provide equivalent
functionality if that is desired (see my -cant proposal for one
potential way to do that).

On 22 October 2014 03:04, Martin Thomson <martin.thomson@gmail.com> wrote:
> The update proposal that ekr sent around was discussed.
>
> The primary concern was that the properties of the connection were
> considered to change with respect to authentication.  Any data
> received before the authentication, or messages that appear partially
> before and partially after would have ambiguous properties.
>
> Concerns were raised that having the authentication attest to data
> that was sent prior to the authentication would expose us to a variety
> of attacks that relied on confusion about the state of the connection.
> There was also a concern that this would be difficult to analyse.
>
> It was pointed out that update was still interesting, but only from a
> rekeying perspective, because that had far lesser risks and no real
> API implications.
>
> If we decided to continue with Update, then we would have a place to
> add a future extension that re-enabled this feature.
>
> I noted that the use case that renegotiation provides was not going to
> be supported with the proposed Update message, since there was no
> analogue for the HelloRequest message.
>
> All of this led to the decision not to pursue spontaneous authentication.

v2.23.0 | Report a Bug | By Email