IETF Logo Mail Archive

Re: [TLS] [Emu] Protected Result Indicators in EAP-TLS 1.3

John Mattsson <john.mattsson@ericsson.com> Wed, 10 February 2021 10:48 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88A893A0B93; Wed, 10 Feb 2021 02:48:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.351
X-Spam-Level:
X-Spam-Status: No, score=-2.351 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jwKVFSpQSKWO; Wed, 10 Feb 2021 02:48:15 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20067.outbound.protection.outlook.com [40.107.2.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E6EC3A0B53; Wed, 10 Feb 2021 02:48:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Cupn1+1rm14nblADBUvbx1J4dY6ZrgyloDezmU1iGhxbmBm3Q7Gx0vFmK9elZXm5dHRAlfD8H1giKqxxIspnKpyNwHBgORMKWSdXD8D/apnJEFNnHsMGHoW22pGxf+K+3ioEWtgjCbsDucDvgu6R4rJJpHDaWmtPajmLDBV7ih659YTf64qCqshaCux8uamDmXwX10vbkMkhCdyNZ5I6gsCitIvi/MXqHui7wRuS+f+C8x2DrtPcRRLt0cYS0emMA22DTfm6bpWB4q4O2q9GlqqsZtatUe1k1aAS5h4gF+3hV+z5REFBqW9ygNzUFzrlirxcA/iSoVMk5PZC2TWwVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k77Y0C7jNTBj5dLXB6fQU/M5xWtb0EV8i+XuvojvEX0=; b=GPL/kkKtphm48TpE09ktAv9lwLQguEMg1fb5j2aXBYRbrCnrgH6zxC2rBVisx3fKqwdbg+ReGo95WWNRgo0U++2LLb8yd7KwCdUdJrAIKg87MRe6tfv+/Jpb/xWzTQoKGRPL7kByFn/EPZAi0X7FFtlDQY0ErA2RsddMrLHKsmR04BZRUxUblfEx3FeALEYonQQ3UfqqLwAoFXB8kIBHpeBHdIpzituQF6AYpzcoonH1P9CTmMcxJ9gDNtgtZ0Lht5dh+7WbVaOsgWEdzo4rx/a6lzEs4RzLIKvIm7mUxupo57xB4GEc0XKG5xosZt4MTirTbyj2rvWTRXRG3p3urQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k77Y0C7jNTBj5dLXB6fQU/M5xWtb0EV8i+XuvojvEX0=; b=J1Q/enF23pNDTK+fLi1Uw4BGdFJds15rJkLcwhgpyVsAUarvmtXbmUQqOnBYX6fymwDb2ju0mkPrXw4LRod10GNX60A676ptq1AOT0ldYfGSX3YV6ZSZiBFANxzr9Vdf7LaninxoNz/H0PNgqZr2pDxPm5yzOrOJt0zi/9y2xVo=
Received: from (2603:10a6:3:4b::8) by HE1PR0702MB3612.eurprd07.prod.outlook.com (2603:10a6:7:80::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.8; Wed, 10 Feb 2021 10:48:11 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c555:6e47:970c:1268]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c555:6e47:970c:1268%11]) with mapi id 15.20.3846.027; Wed, 10 Feb 2021 10:48:11 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: EMU WG <emu@ietf.org>, "TLS@ietf.org" <TLS@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Thread-Topic: [Emu] Protected Result Indicators in EAP-TLS 1.3
Thread-Index: AQHW/5o5gwGl1AfKsEaq722YigUC1g==
Date: Wed, 10 Feb 2021 10:48:10 +0000
Message-ID: <5AC5852A-118A-4FF5-9754-7693AC505F0C@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c5b3d482-12a6-4b95-a170-08d8cdb15c1c
x-ms-traffictypediagnostic: HE1PR0702MB3612:
x-microsoft-antispam-prvs: <HE1PR0702MB3612D080EC274EDDDFC3CF2D898D9@HE1PR0702MB3612.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RGRP676Q9HDk5Aut+WVn5uD60gpjc1jcSAneEzRzCrW16vYY2WN59C2wD7pZD3rmJZcva2T5U8mkMVWmhG/u6OTItwYPEYPieS6JnhQ9X/2Ir+er70tcOSssjv4Rgd/+Qvk3Yxbua7dESFSec+1tx14r7MBHahLWCNsWRbXu8QeogE76snr7W030c7vhyX1FqYQRCSERAP1PZjhxB+JvYS2xLZyRoK4v3P12FXNBiHEbCqnKiOJNiMzCymbvoVJ8O37/0NQ5mflonl0HefH88n9keXVF1+tQWkCFGRxNTazEo5U2GC59qWzN+LWEMJcUCCJFIiD6d8TVNVuS02ZGiHHnnbmMpCxCyqG/qumQ7guuuYN0VrYU2y4aBEXibbpeRMox1RQCFqqDQ6kSD+56xwF8rdNF5QQzOyIh8kpkyNi9n2PhQBKxcIhjvYVmp/PGH0bSO4hM6Qc1KjIB2d+w7YqXran16VRomASzcuX+IE2hm5ikgchMyMZn8mtRsmPhA6jKFbVkCRRTNLoTEQZcvTGb/F2zeWH5vsZV5rcIuTj95pzF8cgndAoWhIz9LC4NH3kkcoQqS7pNCir2lnbp/g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(39860400002)(346002)(396003)(136003)(64756008)(26005)(53546011)(6506007)(76116006)(186003)(66476007)(66446008)(66946007)(33656002)(66556008)(110136005)(86362001)(316002)(6512007)(44832011)(2616005)(83380400001)(71200400001)(5660300002)(6486002)(2906002)(478600001)(8936002)(36756003)(8676002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: AIqY54kn67G0qkGAfrGyhHsUlFMpeXF4p1Jm5tah1jLoSGDEReKYbs+YCCD2Gldx8Um2hEZEzTFM9iDuA+o0IhhHJYmsKMv7bR5rCaqK8zCEJbP4TukX2mHcRMEaFdwRUZRf4Lpxd39ANaPPlNssVXuloHxNn8w6Ch3iNCLLlNq1LtnVPLQVefekI/O7AU33w9hKYJa9yLQa6hDi0ZbDsbPsgKUQ0UnFizMIZNYGPI6O0j7LYLXuVxbQnEwsKXnSHWajjRVxUfoaz968NFirN6bJZ/UHZ5mfJpdZHaaJJ87hC8LCwP+3qJ8PetUBuQIQovexumY8uj3q/qzgt6ZT3tQeD76xZdN4lENIiSCVag+Pk6wB2WxTBGbzSbmKbLdKcoy2RFBw4rNXagSR/rE7HdcE6Yz44NPtBVx/HvfzHdArZEZDCpTX+fn6FgHUBJaslGeQVRlJlscGWAbdjnXTngqzBYOmjpk80Gv2p0uPFctKXBpEfJM3OU4Cw4c99ECHdFlKpJblsCAa3IttYr/qBvP1s7G6VUS92+9tRKnfEYOsJH06eqTNCaav48DckJip4ZU1effgpewchH54ikQirala8GZ2wiVbtwNHk5p8No3gnx3gIn5IxsvM5+wHin73NdkvyjitKOX4/dB4AS/+1QyU1GuOotdyb8hoWgCTgkLAi2YJvL7RyQeeYEx/9LEEstZA/IUhpPfaIlQQ5EgxV1b/vV2x3VPO1Tq96ZkO3U9vpJoZx/bc7g49l1XsBPBS/8JADWE0k2Ldd0bBtOy4oUpqxSJhqT2vdNmxLLs77NpMK/vlVwWqtCX9rQR1S8FtVrOLd3pVgvehdLxa13XDYEhE/ENC7ShG9wDSBakryqE++pOkzYEQfNxsPcOOmdgy4bJIOBWyhkMuaiZJXpW9M3mVRO1P0YpWaXiUaZOqWzAlCfY6022s960J/5OZb6k3OBBIqme6QL2QfQfZFxtNCpIbDRbIRIDlxrJizIFUVDtp1TJ6zsj7kTQlXDtLyN07x6yDRdDfltoAcUHTQZO1oWX9wXdEB+XbH5ls8zcdVDZQ3KcH76P6I4p7w+OwtVgwIiDOnTh2wm7gKMAYq08vW4lC4hPzZZ5g2V6NnjrsjxxUuKyfMCbC5MwX6/XtmTRVkdFFPUHgCeUhvBHkJFNykjelWnFKP7zURDw5t7zIumm1y6l2fGXyNHg/z0qDNRvtPh10y94uE1b1YPtvFZbFY7zEQruO8PPZEmD080Iu8JVUS8SciuhivJGCVM9CyMzQopfQwvhPtXxWjKzIQ6IDSNjaEpTJDFPZ3v5xfcvYH4d7QQpx7CJPt4zmIosimxea
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <E6C9C79FAE6FD040BA15C6B0BE1DE91A@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c5b3d482-12a6-4b95-a170-08d8cdb15c1c
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Feb 2021 10:48:11.0211 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oIZ4e1pMuaY7SMpTTr//MvnQ2mqyzyjavoLSX5SFasEWtU8rdS7hSeSpSfBUV9gaQfNLcBWCelpzr1o76j41RSOnAoLEmPbOpsemIL/1MM0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3612
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/C8TaRyBiu8W0kUD79vDdR0hZFT0>
Subject: Re: [TLS] [Emu] Protected Result Indicators in EAP-TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2021 10:48:17 -0000

With Alan's comments, I think we are down to 3 alternatives:

(1a). Use close_notify alert as protected success.
      Use error alerts as protected failure.

     - Forbid close_notify except as success indication
     - Mandate Error alert before EAP-Failure
     - Forbid all use of user_cancelled

(1b). Use close_notify alert as protected success.
      Use all other alerts as protected failure.

      - Forbid close_notify except as success indication
      - Mandate Error alert or user_cancelled before EAP-Failure

(2). Use application data as protected success.
     Use all alerts as protected failure.

    - After sending application data in an EAP-Request the EAP-TLS server MUST send only EAP-Success.
    - Mandate alert (closure, error) before EAP-Failure

I think it is important to discuss what the ongoing EMU consensus call will mean in practice. Previous discussions was mostly about not sending more handshake messages. Protected result indicators are quite different.

It would we very good with early feedback from Ben and the TLS WG if they see problems with any of the alternatives.

Cheers,
John

-----Original Message-----
From: Alan DeKok <aland@deployingradius.com>
Date: Tuesday, 9 February 2021 at 15:22
To: John Mattsson <john.mattsson@ericsson.com>
Cc: EMU WG <emu@ietf.org>
Subject: Re: [Emu] Protected Result Indicators in EAP-TLS

On Feb 9, 2021, at 5:00 AM, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> wrote:
> 
> Below is my summary of the situation:
> 
> - It seems like there will be consensus to have protected result indicators in EAP-TLS 1.3.
> - No one has objected to mandate Error alert on fatal error condition.
> - Optional protected result indicators are different from mandatory result indicators,
>  recent suggestion is that protected failure result indicators shall be mandatory.
> - Success indicators and failure indicators need to be discuss together.

  Yes.

> Below is my summary of the alternatives:

  I think whatever the altAccept notice is used, the altReject needs to be a TLS alert.  This alert is secured and authenticated.

> 1. Use close_notify alert as protected success. Use other alerts as protected failure.
> 
>  To make it work I think EAP-TLS 1.3 needs to profile TLS 1.3 as:
> 
>  - Forbid close_notify except as success indication
>  - Mandate Error alert before EAP-Failure
>  - Forbid all use of user_cancelled

  If we use close_notify, yes.

> 2. Use application data for protected result indicators. Mandate alert (closure or error) before EAP-Failure.
> 	
> 	TLS people has stated that this might be reordered and that it is a layer violation.

  Unlike many other uses of TLS, EAP is *not* handing control of the transport protocol over to the TLS layer.  i.e. TLS libraries often implement TCP (or even HTTP) wrappers.  None implement EAP.

  This limitation means that there are no ordering issues with use of application data.  In packet N, the EAP-TLS server asks the TLS layer for data, and encodes it into EAP, and then sends it out.  Some packet M>N, the EAP-TLS server has verified the client certificate.  At that point, it can write application data to TLS.

  The other benefit of using application data is that it is needed for other TLS-based EAP methods.  i.e. there is little reason to have complex code paths when a more unified approach will do.  This protocol choice helps to simplify implementations.

> 	I think the worries can be overcome by writing things as requirements on
> 	the EAP-TLS layer, e.g.
> 
> 	"After sending application data in a EAP-Request the EAP-TLS server MUST not send
>      any more EAP-Request"

  The EAP-TLS server MUST send only EAP-Success.

> 3. Success and failure indication on the EAP-TLS layer
> 
>   This was never discussed beyond that using an uprotected flag bit was not acceptable.
> 
> 	Things at the EAP-TLS layer can quite easily be made protected.
> 
> 	- Use one of the reserved bit in the EAP-TLS pakcet to indicate success.
> 	- Append TLS-Exporter("EXPORTER_EAP_TLS_SUCCESS_" + Type-Code, "", 16) to the packet
> 
> 	- Use another of the reserved bit in the EAP-TLS pakcet to indicate failure.
> 	- Append TLS-Exporter("EXPORTER_EAP_TLS_FAILURE_" + Type-Code, "", 16) to the packet
> 
> 	A solution at the EAP-TLS layers would not be dependant on profiling TLS 1.3

  Appending data to the EAP-TLS packets is problematic.  We already have a secured tunnel inside of the TLS layer.  Using that is *significantly* easier than mangling packets.

> 4. Success on EAP-TLS layer, Mandate alert (closure or error) before EAP-Failure.
> 
> 5. Failure on EAP-TLS layer. Application data for success, 

  I'm not sure what those mean.

> I think 1. seems like the most complicated solution. It is also kind of ugly as it use an alert as indication for success. That said, I can live with any solution that are acceptable for implementors and TLS people.

  (1) and (2) have essentially simpler complexity.  (3) is by far and aware more complex to implement.

  For us, the code changes to support TLS 1.3 are maybe a few hundred lines of C.  The difference between (1) and (2) is maybe 50 lines.  Having multiple TLS exporters is maybe 100 lines.  (3) is much larger, and much more error prone.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email