[TLS] draft-sullivan-tls-post-handshake-auth-00

Nick Sullivan <nicholas.sullivan@gmail.com> Sat, 06 August 2016 01:38 UTC

Return-Path: <nicholas.sullivan@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F220212D73B for <tls@ietfa.amsl.com>; Fri, 5 Aug 2016 18:38:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.799
X-Spam-Level:
X-Spam-Status: No, score=-0.799 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jLZxNqkxL4qn for <tls@ietfa.amsl.com>; Fri, 5 Aug 2016 18:38:55 -0700 (PDT)
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AE8A12D17A for <TLS@ietf.org>; Fri, 5 Aug 2016 18:38:52 -0700 (PDT)
Received: by mail-it0-x22b.google.com with SMTP id f6so39235031ith.0 for <TLS@ietf.org>; Fri, 05 Aug 2016 18:38:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=vWB6ua8g51cu+etztsoIN4giPHxN06hFtP3JLxItBCk=; b=CRxBfTae/arUPVBrIyCqS7wrfFCMWsergI2x6eBBamg7wCGSCH0UowsTz2BD7Jd7gp dA1Vq6V2BvvaHmBzJ0QhmapkZPxG7vXplSN/Yr8HKpto5+dimOtiCn1EZILo7w0Kg3Rj yZJMsksXepmfhJZISH5LT9rOzG0zIBwClm96ZOWK1YtWazgKzvleMmbqR58C3o76ghU8 f23CUlBH1YJSSR8MrOGB9yAYjSpACcIJpHptNr5eFvzqBx+yfna5HUZXc1wno2hOQzn4 rrOiqlKWeXLL8btB0/nI0sElZRfXSULNbvO7EdoYcISCxlIhN37+YIoeff/+1Dl35S5d YU9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=vWB6ua8g51cu+etztsoIN4giPHxN06hFtP3JLxItBCk=; b=WkbBrJ25Rt64TQeLUKiKhiOgYhpfh5rcEkngOBZF5813MvXmBRVstBF/F/5LWAkNzi sG16My8ccQoif26h41ftTm59mJao96hqpdUhkXtTeevYOCVh319MWjoyd/vWaUQkCgWc U164SlWTYAE7RSg6qKlBmBUCdEPXByk4KKSYCHDvczuBTrd6x0llsRhTtLcNyZKIPFis T8y86f24ij/EmmfaMcg0sYg4RZm18ckg/nCZ49nlMvSmJdLGNAsYTUFOoX30QK+ZGyER 1aBXzQpzspQtq6xr7F7YIaVc1tKp4nrrd3gA/hrXSa9/1JFiqhtjPSFQh/T+LsLlLG9J b1fw==
X-Gm-Message-State: AEkooutZOkWMvle8HsdlOGucvm1rmi3XPNnr2V+UF3SJt9a3FgBvyJBTGFcihPAPGOTaXAgIge+jwYgQS5FBpQ==
X-Received: by 10.36.246.8 with SMTP id u8mr7538711ith.23.1470447531419; Fri, 05 Aug 2016 18:38:51 -0700 (PDT)
MIME-Version: 1.0
From: Nick Sullivan <nicholas.sullivan@gmail.com>
Date: Sat, 06 Aug 2016 01:38:40 +0000
Message-ID: <CAOjisRyH6Fz-_FbOaE7gMK-WXQetP=R6hJwAevRdsMYVBv95uw@mail.gmail.com>
To: "tls@ietf.org" <TLS@ietf.org>
Content-Type: multipart/alternative; boundary=94eb2c0551a4c56d9f05395d3ecc
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Bbz0302G16rqw7GfLogNsvfXFp0>
Subject: [TLS] draft-sullivan-tls-post-handshake-auth-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2016 01:38:57 -0000

<https://tools.ietf.org/html/draft-sullivan-tls-post-handshake-auth-00>

We discussed on this list a proposal to allow secondary certificate
authentication in HTTP/2 (https://tools.ietf.org/html/draft-bishop-httpbis-
http2-additional-certs). In that discussion, some questions were raised
around whether or not certificate authentication should be handled in the
HTTP/2 layer or at the TLS layer. This draft is our attempt to create a
more complete mechanism for post-handshake authentication in TLS 1.3 that
supports standard use cases like in-browser client certificate
authentication as well as new use cases like secondary certificate
authentication in HTTP/2.

This draft takes the post-handshake client authentication mechanism from
TLS 1.3 (Section 4.4.2.) and generalizes it to allow four types of
post-handshake authentication:
* solicited client authentication
* spontaneous client authentication
* solicited server authentication
* spontaneous server authentication
Support for these modes is negotiated in a new TLS extension.

As written, this draft is complementary to the current TLS 1.3 draft,
however, it makes use of modified versions of the Certificate and
CertificateRequest structures instead of those from TLS 1.3. If the working
group agrees that a separate draft is a reasonable approach for
post-handshake authentication, it may make sense to merge the structure
changes from this draft into the TLS 1.3 specification and remove
post-handshake authentication from TLS 1.3. Doing so would likely make both
TLS 1.3 and this draft smaller, simpler to analyze, and easier to implement.

This draft comes with the caveat that the new post-handshake flows still
need formal a security proof.

Nick Sullivan