[TLS]Re: Trust Expressions Update

Dennis Jackson <ietf@dennis-jackson.uk> Tue, 23 July 2024 15:27 UTC

Return-Path: <ietf@dennis-jackson.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF88C1D6215 for <tls@ietfa.amsl.com>; Tue, 23 Jul 2024 08:27:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dennis-jackson.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Io7JEjuzrq9n for <tls@ietfa.amsl.com>; Tue, 23 Jul 2024 08:27:37 -0700 (PDT)
Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [80.241.56.171]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F490C1D4A93 for <tls@ietf.org>; Tue, 23 Jul 2024 08:27:35 -0700 (PDT)
Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4WT1H730Hfz9snk for <tls@ietf.org>; Tue, 23 Jul 2024 17:27:31 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dennis-jackson.uk; s=MBO0001; t=1721748451; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0IyvyGR9YZtptdm+LP3l2cjei1KBHHQkuFyLtAquYgQ=; b=MMeC17MgxSu+/yeC9Spmx4+R2FcvdHgSKGMomkAByZyxbOMJg22+cucrnecpmYwqxyRut4 dzcFBVq+382Emr2XM4iaGv2F0pYzwUMALx4ikpNvFPAVS3gZP8Wc6+THSi+Eou8139Mcl4 K7+TRVqZvtz2ONeXnL4NzTOqOfuKt9jHCM9eN2o/ixotktkvngMH0ZtiXwPG4OgGXb+b9U 73kLk2XjHF7YWHrhNoz2uEwNdB2aO5/cfXOE3oe/Bhhc3ZtrJV+gIMW4eV6hBR/5hhB8O+ YMmaV9dORytAKtfRRCa2pLLQlXpH/BOyFIBC8LXLLS9Jv6oUqJ52wHPqeIbzfg==
Content-Type: multipart/alternative; boundary="------------BcM0vRiVpPnimMa4JK52yqOd"
Message-ID: <0b84da07-79be-4cfb-9baa-ca1298fda390@dennis-jackson.uk>
Date: Tue, 23 Jul 2024 08:27:28 -0700
MIME-Version: 1.0
To: tls@ietf.org
References: <CAF8qwaAZ6QeyO9TcbmDgO5mkeixc11pzDgEF=7-KdLWzCp_qWA@mail.gmail.com> <51545883-30f5-4735-b237-e2c48df2b1dd@dennis-jackson.uk> <SJ2PR15MB567121783E3A9ADD2B1215ECB6A82@SJ2PR15MB5671.namprd15.prod.outlook.com>
Content-Language: en-US
From: Dennis Jackson <ietf@dennis-jackson.uk>
In-Reply-To: <SJ2PR15MB567121783E3A9ADD2B1215ECB6A82@SJ2PR15MB5671.namprd15.prod.outlook.com>
Message-ID-Hash: RYDX6EDM2RTUTPPT46E7CZWIL37PZAP5
X-Message-ID-Hash: RYDX6EDM2RTUTPPT46E7CZWIL37PZAP5
X-MailFrom: ietf@dennis-jackson.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Trust Expressions Update
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DfRVo8pYPQEIZWhZKx0yTi1yBaw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On 21/07/2024 18:09, Kyle Nekritz wrote:

> Do you see differences with trust negotiation, or in the specific negotiation mechanisms that are being proposed? Or would you have similar concerns if, say, we didn't already have named group negotiation, and were discussing adding that right now?

My concerns are about deploying a mechanism for negotiating which 
certificate the server sends that can scale to the divergent 
requirements of many different parties.

Right now, servers are pretty much forced into choosing between being 
available on the WebPKI or being available on some other PKI. There are 
limited mechanisms which do allow servers to select alternative 
certificates (e.g. based on the client's IP or which interface it is 
accessing in corporate environments), but these mechanisms cannot be 
used at scale without causing massive incidental breakage without some 
signal from the client as to which server certs it trusts.

Trust Expression's 'fixes' that restriction and allows servers to 
participate in multiple PKIs simultaneously. Importantly, Trust Labels 
are not limited to some fixed set like signature_algorithms registered 
with IANA. Trust Expression's design requires that TLS libraries accept 
any trust_label conveyed by the CA via the provisioned certificate chains.

Trust labels are basically opaque user-agent strings which can negotiate 
arbitrary things about the contents of the certificate message in TLS. 
This makes it easy for good actors like Chrome to deploy a new 
experiment or new security policies via a new trust label, but also 
empower actors trying to establish their own PKIs with less noble 
intentions (explained further in [1]).

Does that clarify the technical difference between introducing something 
like Trust Expressions and other more limited negotiation mechanisms?

Best, Dennis

[1] 
https://github.com/dennisjackson/trust-negotiation-comments/blob/main/concerns-and-risks.md#root-programs-and-mass-surveillance