Re: [TLS] Draft TLS Extension for Path Validation
Ashley Kopman <akopman@conceptsbeyond.com> Thu, 26 May 2022 23:43 UTC
Return-Path: <akopman@conceptsbeyond.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CD02C159526 for <tls@ietfa.amsl.com>; Thu, 26 May 2022 16:43:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.898
X-Spam-Level:
X-Spam-Status: No, score=-6.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=conceptsbeyond-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q9pcU5CnBHzy for <tls@ietfa.amsl.com>; Thu, 26 May 2022 16:43:43 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BC59C1594BF for <tls@ietf.org>; Thu, 26 May 2022 16:43:43 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id q203so3224473iod.0 for <tls@ietf.org>; Thu, 26 May 2022 16:43:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=conceptsbeyond-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Xzdr/XQPG1//YZuVNjRRybkIYTc2Z2fLrvgjKHSxs4U=; b=EnfkGdmwTh3o1K0IQs0XQqhCg0r917JrhPBLEPjfLJZugxeCCHZQJ0gLeNtdr3pOCk f8c9fSjW+BKQaTV6gOFR+hR16Tq3F6xS7mxcAhFaNJYI1Hw/RQHxW2LpXobxYj1MTmFX OjlwSXm4kig5KvfEVcLcu7mgQkyjYSXAXURYZncKx/pTVrnbs1xQrHAqp4WMuBI7bIWh dqZK9IW+7w50Ii0PK+izxup7+Widolke+fK5ab5rke15hIdLGQxcKVzoz9DiQnSUNcgw 2N7/oKP2LPWORE2KFQFJ0/+Um7Y4rQEBeoFSLZU7NUnFTNIIKVP08fykjWiFq3sDu5on zUNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Xzdr/XQPG1//YZuVNjRRybkIYTc2Z2fLrvgjKHSxs4U=; b=K7V1zX86v1kq08Z6MNPGCFBNQUYE0hRqjTRkwol+jUT9QgbTZb1txpaPFEEXz98Ztm BvpFUk4SDpuqUTeqkCD2MK7wLUbcFepuaDNdp+xRvwyu70AtU9SOlFACASm1JGcSYO+6 Zz+i/9mNuAcYWzL3/xWH5JiKcbNu53QP25w6YcqAwjcJei4m/2toyPVDpu1vxxYtsd56 akMqdmnjlQNgw7xk+vamUFOmt2KleExyQp+Q5VIk4yQSUuyefX/8c+GE2WUcav124bv/ imMZCAC85AgGXJiCFdWUhZMnskC7mN9ryA9Tm2YuBoPqRCDdEbDPMggW3Zz/xx+NG04U txYg==
X-Gm-Message-State: AOAM533lOXXmILfy26xV2xsU8U7Fzv8kwi2aOc+Er0koUCLSDoDHVg8d 8l2HpiwMkfb11juwL7FXMLt0NjTU0l7qSrxBd6frEfbsHIGU6w==
X-Google-Smtp-Source: ABdhPJz7XNyLpSImfsjmBj/DUcvUXVCQq51YnQFjJRR5TOZ2Xiwe/K2o2zP+RLvXdAzE4We/B5BciKIocvvbAoehWFQ=
X-Received: by 2002:a05:6638:3c44:b0:32e:b7ad:b47d with SMTP id bg4-20020a0566383c4400b0032eb7adb47dmr13221259jab.4.1653608620975; Thu, 26 May 2022 16:43:40 -0700 (PDT)
MIME-Version: 1.0
References: <2790C640-0841-43BC-94CA-0890ECEA672A@conceptsbeyond.com> <Yo50IQhyJM/VABlL@LK-Perkele-VII2.locald> <3107A6D9-BF01-48D7-9626-4E6C00A4E1A6@conceptsbeyond.com>
In-Reply-To: <3107A6D9-BF01-48D7-9626-4E6C00A4E1A6@conceptsbeyond.com>
From: Ashley Kopman <akopman@conceptsbeyond.com>
Date: Thu, 26 May 2022 19:43:26 -0400
Message-ID: <CA+n4P2oNax-=SBharnuxuY99C6RTgOQyi3tABEbZgkRnAVybew@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="0000000000007380df05dff2c2c6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DVRE4XlBRpcA0wG-whmAMByzyvU>
Subject: Re: [TLS] Draft TLS Extension for Path Validation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2022 23:43:47 -0000
The use case for the D(TLS) Path Validation extension in civil aviation has been submitted https://www.ietf.org/archive/id/draft-segers-tls-cert-val-ext-use-case-00.txt there is also referenced slide deck available http://conceptsbeyond.com/resources/SCVPValidationRequest_UseCase_CB.pdf Thank you, Ashley Kopman On May 26, 2022, at 8:36 AM, Ashley Kopman <akopman@conceptsbeyond.com> wrote: Ilari, Thank you for your feedback. You are correct in assuming that this was designed after the OCSP status_request extension. It is a valid point that the extension can likely be omitted from the server hello. The intent was to communicate to the client that the server supports the extension and will respond with the path validation information. However, since it is allowed for the server to respond with the extension and then not supply the path validation, it is not very useful overhead. I will remove the extension from the server hello. You are also correct that sending the certificate chain becomes unnecessary. It was my intent to communicate that, but looking back at the draft, I don’t think I made it clear. I will add it. Thank you, Ashley On May 25, 2022, at 2:23 PM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: On Wed, May 25, 2022 at 12:40:13PM -0400, Ashley Kopman wrote: Hi TLS, I have just submitted a draft TLS Extension for Path Validation https://www.ietf.org/archive/id/draft-segers-tls-cert-validation-ext-00.txt <https://www.ietf.org/archive/id/draft-segers-tls-cert-validation-ext-00.txt > The proposal is for a Path Validation Extension to provide a new protocol for TLS/DTLS allowing inclusion of certificate path validation information in the TLS/DTLS handshake. Specifically, it covers the use of Server-based Certificate Validation Protocol (SCVP) for path validation. Looking at how this is integrated to (D)TLS: For (D)TLS 1.2, the server extension does not seem to be technically necressary, and omitting it could simplify things. Yes, this design is the same as one used for OCSP stapling (status_request), but I found the server hello extension in OCSP to be seemingly unnecressary extra complexity. For (D)TLS 1.3, why there are seemingly two server extensions, one in server hello, which is usually only used for low-level crypto stuff, which this is not, and another in certificate message (which makes sense for certificate-related thing. And this is maybe a stupid question, but I didn't find an answer by quickly looking at the draft nor the SCVP RFC, does the server need to send the certificate chain to the client if it sends the SCVP response, or just the end-entity certificate? Omitting the chain could save quite a bit of handshake size. -Ilari
- [TLS] Draft TLS Extension for Path Validation Ashley Kopman
- Re: [TLS] Draft TLS Extension for Path Validation Robert Moskowitz
- Re: [TLS] Draft TLS Extension for Path Validation Ilari Liusvaara
- Re: [TLS] Draft TLS Extension for Path Validation Peter Gutmann
- Re: [TLS] Draft TLS Extension for Path Validation Robert Moskowitz
- Re: [TLS] Draft TLS Extension for Path Validation Robert Moskowitz
- Re: [TLS] Draft TLS Extension for Path Validation Ashley Kopman
- Re: [TLS] Draft TLS Extension for Path Validation Salz, Rich
- Re: [TLS] Draft TLS Extension for Path Validation Ashley Kopman
- Re: [TLS] Draft TLS Extension for Path Validation Robert Moskowitz
- Re: [TLS] Draft TLS Extension for Path Validation Eric Rescorla
- Re: [TLS] Draft TLS Extension for Path Validation Ashley Kopman
- Re: [TLS] Draft TLS Extension for Path Validation Ira McDonald
- Re: [TLS] Draft TLS Extension for Path Validation Ashley Kopman