Re: [TLS] Genart last call review of draft-ietf-tls-exported-authenticator-09

Christer Holmberg <> Fri, 20 September 2019 06:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9C3D912008A; Thu, 19 Sep 2019 23:29:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3mNsfxHNGtJ9; Thu, 19 Sep 2019 23:29:07 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0979A12006F; Thu, 19 Sep 2019 23:29:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=flT4W7O+mobzpUVJgBmeLPqk3+pu90ljLbbQSKqpkLT3I6yZtLaIujMVXNOu2Gyi2IK2cIOvsrXTVDEO1hG9UxX6KJidS1m3P+xSk0G0Kua8Xk0qiVQyaEMYQl0V++VCVUlWLA9ZyR2INk127782j6O/7ur0PukXDiPQcIYPBgFlWGYFQLqu5JDt1Wopy8g34OzDBJiBezwMtPdeia8zb2DDnKUBne13lqkWoyEtZbe3LsrS1/Xm5SYNqhhwdOFAIqnPjGkokXnM6q7PQWUMpA4iGDWEdshPeyQ6qF3QCuROkvRvscLAfOAWm5C7sx9xUjK2u/TiaSrN603YdEYE/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b9ncPhIt5jwtL6AuewqXWRjvomVx2I+uFUH2VOTOLBY=; b=HWlDXz7YHCmYQ4RJgoFTHSGyeUpnTxJTqEo1bNt+bLScEJBAUyORLKNrced1ZV0imVT8VIgMk4G62cNJzp1CEupmvF+KtbUnAusjWVsqbGp9jc8egJZ7C8W64FkL2qtJc3+yvdTz7DPwuY1SVkDFK0Al8duYt8PwjKoVTgrNBg1ry56uAXXoy09QHTw7uMnctsjigm020ItMVK6UIcNRo0Bmi52dkY1qNTPIcEI+KsrDcqllFTh9CoaCGLZ2JMpCQctWM9k1X6e46TjU3LFxJUo6J/WW+7+qgyfGMxlHvbLJFekfLp0H91sWyER9ajnHHJR9POoecLtEsjE9ZU4/zw==
ARC-Authentication-Results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b9ncPhIt5jwtL6AuewqXWRjvomVx2I+uFUH2VOTOLBY=; b=fHbLExmiEFdTc6TUoGC1MLjBmtsOib5WNqxdzua/iqoPmlO/OYfbX42wdsGCZsscmPiyy9+HE5kprBfeMNOC8WRSfgPHRU3r0TFjkebd+rEuYWj2oQTnMcRAea+LZzCAKgi4JP3TgkAHUOlLL34mdqJa8UN+beXD7UHmtWWmovY=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.17; Fri, 20 Sep 2019 06:29:04 +0000
Received: from ([fe80::f0a1:2199:7816:ff8d]) by ([fe80::f0a1:2199:7816:ff8d%6]) with mapi id 15.20.2284.009; Fri, 20 Sep 2019 06:29:04 +0000
From: Christer Holmberg <>
To: Nick Sullivan <>
CC: "" <>, "" <>, "" <>, "<>" <>
Thread-Topic: Genart last call review of draft-ietf-tls-exported-authenticator-09
Thread-Index: AQHVbmsQQiMh+1FWRUS8h+cw2bI1hKcy5WaAgAC48gCAALCBAA==
Date: Fri, 20 Sep 2019 06:29:04 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-GB
user-agent: Microsoft-MacOutlook/10.1b.0.190715
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ebb3a4ad-ccba-4044-e408-08d73d93d562
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR07MB3419;
x-ms-traffictypediagnostic: HE1PR07MB3419:
x-microsoft-antispam-prvs: <>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0166B75B74
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(366004)(376002)(346002)(396003)(54094003)(189003)(199004)(44832011)(11346002)(99286004)(2616005)(66066001)(476003)(81166006)(305945005)(186003)(8676002)(6486002)(86362001)(6436002)(25786009)(7736002)(8936002)(81156014)(26005)(71200400001)(66556008)(66476007)(64756008)(6512007)(2906002)(71190400001)(5660300002)(229853002)(54906003)(446003)(66446008)(14444005)(102836004)(6916009)(256004)(6116002)(36756003)(76116006)(6506007)(3846002)(58126008)(76176011)(478600001)(6246003)(66946007)(4326008)(33656002)(316002)(14454004)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3419;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: rAQVxTwkAaAOY5z8RFgRuN5qVGp0JTjs2L5ua/gSbuwaWiG//32OZTgfhT4PuOcp6YgzCXNCzlULWqC1XLcJCCQVqHa8eZOaw9ocO8qLUeGJTwSFtZNvrQbIS+7ZT2nXFkJ3ui7svBPlxuB0g/40VeihMZTNllFWMd8heKvJ0JL+KwpyKsifEG2LO69K/kMdm+5nUWIiNH0FuMWE2FFfE6BR/iYN+ITIAR/0GHcwofzQSi2Xzc/VrX3EHm0pF9+H6nNjHE4MoXCH756IskGizoegnQizTsW6mH5E36rrfGvTjYxM0RJgWmp+E+eB1yfLzV99Ov4Qwy4ZQMDUDYO4L9diAYh9afVutK6Ey3VY7Gwr893c8PHY76yy8sIjVL3HhKtXvKtqcyXMJxzG874aIaD1SS8Ckz0bOa8Bl+joUOQ=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ebb3a4ad-ccba-4044-e408-08d73d93d562
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2019 06:29:04.4659 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: z5myOQSxwvE3x9XxXPtft+IlrROkvJmJM+P5Zv9dr2d0CypSYJGcrMhosGRwmzU3wneVeZogBbcKs9AzUA6qiYzK/2QjOLw49GjiC7zE0JM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3419
Archived-At: <>
Subject: Re: [TLS] Genart last call review of draft-ietf-tls-exported-authenticator-09
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 20 Sep 2019 06:29:10 -0000


>Some answers to your questions inline. I'm not sure further changes along the lines suggested here are needed, but I'm open to arguments that point in that direction.

I am mostly fine with your answers. Just a couple of comments inline still.



>>>> Can the mechanism be used also for DTLS?
>>> I think the answer is yes. I don't see any reason to disallow the use of Exported Authenticators in DTLS.
>> Would it be useful to clarify that?
> Going through what the modified text would look like, it seems like a substantial amount of re-writing (even the title!) for what amounts to an unclear use case. 
> Keeping in mind that DTLS 1.3 hasn't been finalized and doesn't directly define exporters, I'm disinclined to define how EAs would work with DTLS. If someone 
> has a strong use case for EA in DTLS, it may be worth considering it. 
Would it then be useful with a statement saying that it might be possible to use exporters also with DTLS, but that such usage is outside the scope of the document and needs to be specified in a separate document?



>>>> The documents talk about additional certificates. If I only have one additional
>>>> certificate, can I use that for multiple authenticators throughout the TLS
>>>> session?
>>> Yes, there is nothing disallowing the creation of multiple exported authenticators with the same certificate.
>> Would it be useful to clarify that?
> I'm not convinced this is a realistic use case. Since exported authenticators are based on the exporter, there is no inherent ordering. 
> If you re-authenticate with the same certificate, there's nothing asserting freshness of the second certificate. Is there something in 
> the text that suggests that using a certificate multiple times is disallowed? If there's no suggestion that this is not possible that 
> needs to be corrected, I don't see the benefit of calling out this specific use case.

I don't think there is any text suggesting that it is disallowed. But, if you don't think it is a realistic use case I'll take your word for it :)



>>>> Section 3 says: "The authenticator request is a structured message that can be
>>>> created..." Section 4 says: "The authenticator is a structured message that can
>>>> be exported..."
>>>> In the 2nd paragraph of Section 4 it is stated that "authenticator" is sent
>>>> based on an "authenticator request". I wonder if that could be stated already
>>>> in the beginning of Section 4, to further clarify the difference between them.
>>>> E.g.,
>>>> "The authenticator is a structured message, triggered by an authenticator
>>>> request, that can be exported from either party of a TLS connection."
>>> The issue is that servers can generate spontaneous exported authenticators without
>>> an authenticator request. 
>> Where is this written? Did I miss it?
> Section 4:
>   An authenticator message can be constructed by either the client or
>   the server given an established TLS connection, a certificate, and a
>   corresponding private key.  Clients MUST NOT send an authenticator
>   without a preceding authenticator request; for servers an
>   authenticator request is optional.  For authenticators that do not
>   correspond to authenticator requests, the certificate_request_context 
>   is chosen by the server.
Ok. Looks good.