Re: [TLS] Genart last call review of draft-ietf-tls-exported-authenticator-09

Christer Holmberg <christer.holmberg@ericsson.com> Fri, 20 September 2019 06:29 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C3D912008A; Thu, 19 Sep 2019 23:29:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3mNsfxHNGtJ9; Thu, 19 Sep 2019 23:29:07 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70071.outbound.protection.outlook.com [40.107.7.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0979A12006F; Thu, 19 Sep 2019 23:29:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=flT4W7O+mobzpUVJgBmeLPqk3+pu90ljLbbQSKqpkLT3I6yZtLaIujMVXNOu2Gyi2IK2cIOvsrXTVDEO1hG9UxX6KJidS1m3P+xSk0G0Kua8Xk0qiVQyaEMYQl0V++VCVUlWLA9ZyR2INk127782j6O/7ur0PukXDiPQcIYPBgFlWGYFQLqu5JDt1Wopy8g34OzDBJiBezwMtPdeia8zb2DDnKUBne13lqkWoyEtZbe3LsrS1/Xm5SYNqhhwdOFAIqnPjGkokXnM6q7PQWUMpA4iGDWEdshPeyQ6qF3QCuROkvRvscLAfOAWm5C7sx9xUjK2u/TiaSrN603YdEYE/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b9ncPhIt5jwtL6AuewqXWRjvomVx2I+uFUH2VOTOLBY=; b=HWlDXz7YHCmYQ4RJgoFTHSGyeUpnTxJTqEo1bNt+bLScEJBAUyORLKNrced1ZV0imVT8VIgMk4G62cNJzp1CEupmvF+KtbUnAusjWVsqbGp9jc8egJZ7C8W64FkL2qtJc3+yvdTz7DPwuY1SVkDFK0Al8duYt8PwjKoVTgrNBg1ry56uAXXoy09QHTw7uMnctsjigm020ItMVK6UIcNRo0Bmi52dkY1qNTPIcEI+KsrDcqllFTh9CoaCGLZ2JMpCQctWM9k1X6e46TjU3LFxJUo6J/WW+7+qgyfGMxlHvbLJFekfLp0H91sWyER9ajnHHJR9POoecLtEsjE9ZU4/zw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b9ncPhIt5jwtL6AuewqXWRjvomVx2I+uFUH2VOTOLBY=; b=fHbLExmiEFdTc6TUoGC1MLjBmtsOib5WNqxdzua/iqoPmlO/OYfbX42wdsGCZsscmPiyy9+HE5kprBfeMNOC8WRSfgPHRU3r0TFjkebd+rEuYWj2oQTnMcRAea+LZzCAKgi4JP3TgkAHUOlLL34mdqJa8UN+beXD7UHmtWWmovY=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3419.eurprd07.prod.outlook.com (10.170.244.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.17; Fri, 20 Sep 2019 06:29:04 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::f0a1:2199:7816:ff8d]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::f0a1:2199:7816:ff8d%6]) with mapi id 15.20.2284.009; Fri, 20 Sep 2019 06:29:04 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Nick Sullivan <nick@cloudflare.com>
CC: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-tls-exported-authenticator.all@ietf.org" <draft-ietf-tls-exported-authenticator.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-tls-exported-authenticator-09
Thread-Index: AQHVbmsQQiMh+1FWRUS8h+cw2bI1hKcy5WaAgAC48gCAALCBAA==
Date: Fri, 20 Sep 2019 06:29:04 +0000
Message-ID: <57E5EB36-6A59-45A7-A2F4-1E1626391742@ericsson.com>
References: <156249708979.14501.13745976049183757305@ietfa.amsl.com> <CAFDDyk8iG0R2rT7x-t7fHkFxcYBBkf8j1-mg1xbexoh8gXts6A@mail.gmail.com> <7BDE969A-7B5F-4979-B4E9-7E6C03C0A1B1@ericsson.com> <CAFDDyk_yoOu01nBPrBj_AVBugFRGUCOthYDysOuAGCrKNWG8dg@mail.gmail.com>
In-Reply-To: <CAFDDyk_yoOu01nBPrBj_AVBugFRGUCOthYDysOuAGCrKNWG8dg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1b.0.190715
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ebb3a4ad-ccba-4044-e408-08d73d93d562
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR07MB3419;
x-ms-traffictypediagnostic: HE1PR07MB3419:
x-microsoft-antispam-prvs: <HE1PR07MB3419822F9B976344B7ECEC5E93880@HE1PR07MB3419.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0166B75B74
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(366004)(376002)(346002)(396003)(54094003)(189003)(199004)(44832011)(11346002)(99286004)(2616005)(66066001)(476003)(81166006)(305945005)(186003)(8676002)(6486002)(86362001)(6436002)(25786009)(7736002)(8936002)(81156014)(26005)(71200400001)(66556008)(66476007)(64756008)(6512007)(2906002)(71190400001)(5660300002)(229853002)(54906003)(446003)(66446008)(14444005)(102836004)(6916009)(256004)(6116002)(36756003)(76116006)(6506007)(3846002)(58126008)(76176011)(478600001)(6246003)(66946007)(4326008)(33656002)(316002)(14454004)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3419; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: rAQVxTwkAaAOY5z8RFgRuN5qVGp0JTjs2L5ua/gSbuwaWiG//32OZTgfhT4PuOcp6YgzCXNCzlULWqC1XLcJCCQVqHa8eZOaw9ocO8qLUeGJTwSFtZNvrQbIS+7ZT2nXFkJ3ui7svBPlxuB0g/40VeihMZTNllFWMd8heKvJ0JL+KwpyKsifEG2LO69K/kMdm+5nUWIiNH0FuMWE2FFfE6BR/iYN+ITIAR/0GHcwofzQSi2Xzc/VrX3EHm0pF9+H6nNjHE4MoXCH756IskGizoegnQizTsW6mH5E36rrfGvTjYxM0RJgWmp+E+eB1yfLzV99Ov4Qwy4ZQMDUDYO4L9diAYh9afVutK6Ey3VY7Gwr893c8PHY76yy8sIjVL3HhKtXvKtqcyXMJxzG874aIaD1SS8Ckz0bOa8Bl+joUOQ=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <47EEA9E773668842A459D0D30A0097FE@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ebb3a4ad-ccba-4044-e408-08d73d93d562
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2019 06:29:04.4659 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: z5myOQSxwvE3x9XxXPtft+IlrROkvJmJM+P5Zv9dr2d0CypSYJGcrMhosGRwmzU3wneVeZogBbcKs9AzUA6qiYzK/2QjOLw49GjiC7zE0JM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3419
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9yLLDEo2mpnjVPC2dEiEBi5Sc-A>
Subject: Re: [TLS] Genart last call review of draft-ietf-tls-exported-authenticator-09
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Sep 2019 06:29:10 -0000

Hi,

>Some answers to your questions inline. I'm not sure further changes along the lines suggested here are needed, but I'm open to arguments that point in that direction.

I am mostly fine with your answers. Just a couple of comments inline still.

---

MIN_2:

>>>> Can the mechanism be used also for DTLS?
>>>
>>> I think the answer is yes. I don't see any reason to disallow the use of Exported Authenticators in DTLS.
>>
>> Would it be useful to clarify that?
> 
> Going through what the modified text would look like, it seems like a substantial amount of re-writing (even the title!) for what amounts to an unclear use case. 
> Keeping in mind that DTLS 1.3 hasn't been finalized and doesn't directly define exporters, I'm disinclined to define how EAs would work with DTLS. If someone 
> has a strong use case for EA in DTLS, it may be worth considering it. 
 
Would it then be useful with a statement saying that it might be possible to use exporters also with DTLS, but that such usage is outside the scope of the document and needs to be specified in a separate document?

---

MIN_3:

>>>> The documents talk about additional certificates. If I only have one additional
>>>> certificate, can I use that for multiple authenticators throughout the TLS
>>>> session?
>>>
>>> Yes, there is nothing disallowing the creation of multiple exported authenticators with the same certificate.
>>
>> Would it be useful to clarify that?
>
> I'm not convinced this is a realistic use case. Since exported authenticators are based on the exporter, there is no inherent ordering. 
> If you re-authenticate with the same certificate, there's nothing asserting freshness of the second certificate. Is there something in 
> the text that suggests that using a certificate multiple times is disallowed? If there's no suggestion that this is not possible that 
> needs to be corrected, I don't see the benefit of calling out this specific use case.

I don't think there is any text suggesting that it is disallowed. But, if you don't think it is a realistic use case I'll take your word for it :)

---

ED_2:

>>>> Section 3 says: "The authenticator request is a structured message that can be
>>>> created..." Section 4 says: "The authenticator is a structured message that can
>>>> be exported..."
>>>>
>>>> In the 2nd paragraph of Section 4 it is stated that "authenticator" is sent
>>>> based on an "authenticator request". I wonder if that could be stated already
>>>> in the beginning of Section 4, to further clarify the difference between them.
>>>> E.g.,
>>>>
>>>> "The authenticator is a structured message, triggered by an authenticator
>>>> request, that can be exported from either party of a TLS connection."
>>>
>>> The issue is that servers can generate spontaneous exported authenticators without
>>> an authenticator request. 
>>
>> Where is this written? Did I miss it?
>
> Section 4:
>   An authenticator message can be constructed by either the client or
>   the server given an established TLS connection, a certificate, and a
>   corresponding private key.  Clients MUST NOT send an authenticator
>   without a preceding authenticator request; for servers an
>   authenticator request is optional.  For authenticators that do not
>   correspond to authenticator requests, the certificate_request_context 
>   is chosen by the server.
 
Ok. Looks good.

Regards,

Christer