IETF Logo Mail Archive

[TLS] Revocation and authentication of raw public key (was: AD review of draft-ietf-tls-oob-pubkey)

Bert Greevenbosch <Bert.Greevenbosch@huawei.com> Tue, 23 April 2013 08:23 UTC

Return-Path: <Bert.Greevenbosch@huawei.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C7DB21F95F3 for <tls@ietfa.amsl.com>; Tue, 23 Apr 2013 01:23:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.498
X-Spam-Level:
X-Spam-Status: No, score=-4.498 tagged_above=-999 required=5 tests=[AWL=-2.102, BAYES_00=-2.599, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MdIHVG7cG7N2 for <tls@ietfa.amsl.com>; Tue, 23 Apr 2013 01:23:18 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id DC08921F95F0 for <tls@ietf.org>; Tue, 23 Apr 2013 01:23:15 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.5-GA FastPath queued) with ESMTP id ASC32271; Tue, 23 Apr 2013 08:23:14 +0000 (GMT)
Received: from LHREML406-HUB.china.huawei.com (10.201.5.243) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.1.323.7; Tue, 23 Apr 2013 09:22:42 +0100
Received: from SZXEML448-HUB.china.huawei.com (10.82.67.191) by lhreml406-hub.china.huawei.com (10.201.5.243) with Microsoft SMTP Server (TLS) id 14.1.323.7; Tue, 23 Apr 2013 09:23:09 +0100
Received: from szxeml558-mbx.china.huawei.com ([169.254.7.35]) by szxeml448-hub.china.huawei.com ([10.82.67.191]) with mapi id 14.01.0323.007; Tue, 23 Apr 2013 16:23:03 +0800
From: Bert Greevenbosch <Bert.Greevenbosch@huawei.com>
To: "Salz, Rich" <rsalz@akamai.com>, Sean Turner <turners@ieca.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Revocation and authentication of raw public key (was: [TLS] AD review of draft-ietf-tls-oob-pubkey)
Thread-Index: AQHOP/vF40lchfqJYku3e/BludfGHw==
Date: Tue, 23 Apr 2013 08:23:02 +0000
Message-ID: <46A1DF3F04371240B504290A071B4DB63D716CC2@szxeml558-mbx.china.huawei.com>
References: <516D5ADE.3050506@ieca.com> <46A1DF3F04371240B504290A071B4DB63D715C65@szxeml558-mbx.china.huawei.com> <2A0EFB9C05D0164E98F19BB0AF3708C7B311446B@USMBX1.msg.corp.akamai.com>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C7B311446B@USMBX1.msg.corp.akamai.com>
Accept-Language: en-GB, zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.66.162.63]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: [TLS] Revocation and authentication of raw public key (was: AD review of draft-ietf-tls-oob-pubkey)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2013 08:23:19 -0000

Hello Rich,

Thank you for your feedback. Please find my response below.

> Yes, O*CS*P light is a bad name. :)

Right, that should be changed.

> Have you looked at what SSH is doing for key management issues?

Thanks for your hint. Indeed SSH specifies something quite similar to a raw public key in RFC 4716.

I understand that SSH relies on the following methods for authentication:

(1) Pre-shared knowledge of public key. For example, after first registration the client knows the server public key, so if the public key changes in a later session it is suspect.
(2) Manual verification of the hash of the public key, which is delivered through a separate channel.
(3) Password verification -> after session setup the client sends a password to ensure the server it is legitimate.

The SSH specifications (e.g. RFC 4251) explicitly point out that for the sake of easy deployment, authentication of name-to-key association may be omitted, accepting the risk of a man-in-the-middle attack.

RFC 4251 also mentions the possibility to use a trusted certificate authority (CA) for the name-to-key association. It notes that this can be done through Kerberos or a secure DNS lookup.

I think name-to-key association is half of the problem, whereas revocation is the second half. SSH seems to focus on the first half, whereas OCSP-lite focuses mainly on the second half.

How do you envision using SSH for raw public keys?

Thanks and best regards,
Bert


-----Original Message-----
From: Salz, Rich [mailto:rsalz@akamai.com] 
Sent: 2013年4月22日 23:15
To: Bert Greevenbosch; Sean Turner; tls@ietf.org; draft-ietf-tls-oob-pubkey@tools.ietf.org
Subject: RE: [TLS] AD review of draft-ietf-tls-oob-pubkey

Yes, O*CS*P light is a bad name. :)

Have you looked at what SSH is doing for key management issues?

	/r$

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA

v2.23.0 | Report a Bug | By Email