IETF Logo Mail Archive

Re: [TLS] AD Review of draft-ietf-tls-tls13

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 16 May 2017 16:54 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 001A0129427 for <tls@ietfa.amsl.com>; Tue, 16 May 2017 09:54:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xDEj7UTtovpW for <tls@ietfa.amsl.com>; Tue, 16 May 2017 09:54:30 -0700 (PDT)
Received: from mail-pg0-x236.google.com (mail-pg0-x236.google.com [IPv6:2607:f8b0:400e:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 682481200F3 for <tls@ietf.org>; Tue, 16 May 2017 09:50:20 -0700 (PDT)
Received: by mail-pg0-x236.google.com with SMTP id u187so79080560pgb.0 for <tls@ietf.org>; Tue, 16 May 2017 09:50:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=xbS/GNEn3cARmbBElQab0Lepx/zi66BHdcze1XNKGHM=; b=F1RJAaUvkdz6RUIWeL5S5xOMwsDd84qF3cn8qIFitZkJkEP6x69lR0sDr1Zlgh8961 opql8fvWEd05EidjtjuE1IZOqb5YKYfaGGgCqDE9OccL/PsGIsFxH7UEMgh/ZpIzEUqi Tiyo5psJHDkHzUYN7NflZAOdR1i/YiDpz2f/hIvfDaiB5zFiuJzGhYiq/TpZPaZ0W74s jG0EXfL19KaprbDrsh7ZaXPwRH7R1+rQ/aCAm3XIPz2l6cyQSDzjV75RZr6te3RBgmM6 pOPIpDAWswOILi0s4rrMrfNoJ5SZCxypMso9SD3L+/nrSZ/35B0A6jm/ywsErdZaiSVP 9G6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=xbS/GNEn3cARmbBElQab0Lepx/zi66BHdcze1XNKGHM=; b=CFhNNeOXIa5Sen0YQi7b+WUzJFpjcF2wFK9XRQ7g+dqceYow9F9FyJjU31Zrlc3AaO en6ypUB74xQ/kF8539OstLpvpjHBCkTqzg8nYO00TE+Thfg5qbNVxO6npmuJ4UcdvZZl 8MrKLrWBDpWADJ++dlalhWiySwiqVUQbxwgSO9OLRzhZiliE8sbRdlM9uPY6qB5Iiwmz MBZ6jtq/9j9ihjoXy0Fgg/nxdtjb6wz/1+9VlZRIlLgy72EPC5yPMuadJnRPQh9Y3VZd u+vV1gyG2I49KUM2n+H3m4UlVXHEG9JTVvyp93sPUayKUNN/JjW5OfcuI0S64GIOdRV9 fSWQ==
X-Gm-Message-State: AODbwcCQi216TXkvYBKKvVtLVYDYw5wTx8xg28zDGOR/x9mec3DVsnbI 8M2kFdrGUKBjtkfD0wPhbBlwk1GIGtl5
X-Received: by 10.84.193.129 with SMTP id f1mr17400602pld.129.1494953419912; Tue, 16 May 2017 09:50:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.186.135 with HTTP; Tue, 16 May 2017 09:49:39 -0700 (PDT)
In-Reply-To: <854FCD7A-B4C7-4E7A-A45E-7EECAA5E856C@dukhovni.org>
References: <CAHbuEH4PXU5569RYJ1uPcriQruCewmRrXUU3MVBZ+GtpyceiAw@mail.gmail.com> <CABcZeBMMQ8kNWUA4Y6ssMw7h54fPbBxrLbgZtxSkYc7-fzypSA@mail.gmail.com> <9C0E15E5-E852-47E0-B9A6-F807034ECFB8@vigilsec.com> <CABcZeBPGK9BguF6OJo=QT3Sx1mLwBQJhh4JiBkAmws5umvctSg@mail.gmail.com> <0ED5F216-365D-432E-B390-D95014ED5676@vigilsec.com> <CABcZeBPnLSbNySpRoGd8gQNBDf9jAEzX8eG6WC96MTmoqdpJHA@mail.gmail.com> <45BECF9F-0BBD-4E2D-B517-77709C0EAC9F@vigilsec.com> <CAHbuEH7djXnZv-SvOFyLxTb6UWCKj8Hn0ZMS3ccgvviuPuPFKQ@mail.gmail.com> <854FCD7A-B4C7-4E7A-A45E-7EECAA5E856C@dukhovni.org>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 16 May 2017 12:49:39 -0400
Message-ID: <CAHbuEH5AxUkT_Q5mJ6SrEWkY+GG3P1XNuD_QJX8kR9CfSWw+Xg@mail.gmail.com>
To: TLS WG <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Bld8RXSWQ-WfTIn1SwtsxYcw7sY>
Subject: Re: [TLS] AD Review of draft-ietf-tls-tls13
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 16:54:34 -0000

On Tue, May 16, 2017 at 12:37 PM, Viktor Dukhovni
<ietf-dane@dukhovni.org> wrote:
>
>> On May 16, 2017, at 11:36 AM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
>>
>> OK, does that put us back to the suggested wording:
>>
>>    "TLS depends on certificate path validation, and a conformant
>>     TLS implementation MUST implement certificate paths validation
>>     in a manner that achieves the same result as [RFC5280]. This
>>     section provides TLS-specific requirements.”
>>
>> For any developers following, does this help enough with any
>> interoperability questions?
>
> TLS does not depend on certificate path validation.  Many TLS
> *applications* rely PKIX certificate path validation (along with
> RFC 6125 server identity verification), but TLS itself supports
> various alternative authentication (and non-authentication) modes.
>
>    * PSK or SRP without certificates
>    * Opportunistic unauthenticated TLS (perhaps anon-(EC)DH with TLS <= 1.2)
>    * TOFU public key pinning
>    * Static leaf key or leaf cert matching
>    * RFC7250 raw public keys
>    * DANE-EE(3) leaf certificate/key verification, without expiration
>      or server name checks
>    * DANE-EE(3) ... with name checks (where UKS attack are relevant)
>    * DANE-TA(2) with RFC5280 chain verification, but the trust-anchor
>      is part of the chain, and identified via DNS TLSA records.
>    * PKIX-EE(1) which is RFC5280 + DANE leaf cert "constraint"
>    * PKIX-TA(0) which is RFC5280 + DANE CA "constraint"
>
> Keeping in mind that many implementations of RFC5280 violate that specification
> by interpreting EKUs in CA certificates to constrain the kinds of certificates
> that the CA may issue.  That de-facto usage is I think much more widely implemented
> than the far too complex X.509 policy constraints (RFC5280 4.2.1.11).

Sorry, I grabbed the wrong text as I was ineffective at multi-tasking.
I think we are back to the following text and would like to confirm
that and make sure it is agreeable to the WG and implementers:

    "In general detailed certificate validation procedures are out of
    scope for TLS. [RFC5280] provides general procedures for
    certificate validation. This section provides TLS-specific
    requirements."

There's also a thread that was discussing some interoperability
problems related to validation and I'd like to see the resolution for
that as well.

Thanks,
Kathleen

>
> --
>         Viktor.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email