IETF Logo Mail Archive

[TLS] draft-ietf-tls-rfc8446bis - Security propterites - Protection of endpoint identities

John Mattsson <john.mattsson@ericsson.com> Wed, 10 February 2021 09:19 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6ADE3A0F5E for <tls@ietfa.amsl.com>; Wed, 10 Feb 2021 01:19:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.351
X-Spam-Level:
X-Spam-Status: No, score=-2.351 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0PEoNW_v8J5J for <tls@ietfa.amsl.com>; Wed, 10 Feb 2021 01:19:18 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2088.outbound.protection.outlook.com [40.107.21.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 464AC3A0F49 for <TLS@ietf.org>; Wed, 10 Feb 2021 01:19:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QSy26NN8weRihqfcekvQTQgws1dU2i3Fmq98CJEV0J9h0MUFhKt3irZnaZmkLy1dBKty/kso0KHHSziNaoLiwfkNqC3q4ckNyqnXYV3mxnZNybW3TB5kN+A7KHSjbfMCU9x/7IWvgYPn3sFOQEfKcRzleVNwomtl0F0qQCyqXsu50NfnzDbxpXhU+buYVc+88cqFCc3PAGXfYMPIxSG9CKRFVn8MYbeVv7Cg86n3KWkr3oGjxEmMWNaqvV5eloxT8vCSg3NZAANaDMqxs6Ks1YZIyVSzVSvm2+oTG8xuDZ4rnEjJd1Z14GdbjbDzqvz/wHASkaW1VQl7Ce7I5nOGDg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sXm36rlLC2WYL+61Lpw0dI8UqohZmPh4SJm+TyXiNJo=; b=RYqRfrcVD5P+LVJAo1W2ZRMuYjQeQjk6b0R18mUtuFzVO9n5B3PXYWO/0lWS8tYFHZdvtGTDi55Apwx9qj012+jStLowiDXBRfQ90SfFAGiz0AocFFHysZ2TPfN6Z0QXn7kasmYo5chcePqAaS8uDL6KKpTSK5FdFWdWic50QIO1EGQM3dRSEQuXNUBHstwPGwDxBAoDMRLFFTAYeZ2jiYoztly3lXUkKY/tzwTbHSMpubLT+1VjOF5mvJBx8cXhhXAsJzpwMoJY6vA41r9vvTw3K8L5zdikt8bGB1hcxquMl3QRVC0k+yYFGPPP9dzCCPH9mAkXYsvDIjmxy2uWSw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sXm36rlLC2WYL+61Lpw0dI8UqohZmPh4SJm+TyXiNJo=; b=lfEDohel8mrilQG6pRMbXijUZjECpyaC+T6ebdD04PJTg/JBSs0dZRC2wgm5HXIKsec7uFefd9WqqkUMhqjX9Ee5ETXixUIikjsP1Vj+dx9WrHNi1XN4CM5B2ym1pHXuWXHrOFJ3ZnDlKjnSIs4MCbWr0j6OnSBZbWoZ3Nawy6c=
Received: from (2603:10a6:3:4b::8) by HE1PR0701MB2937.eurprd07.prod.outlook.com (2603:10a6:3:56::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.11; Wed, 10 Feb 2021 09:19:15 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c555:6e47:970c:1268]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c555:6e47:970c:1268%11]) with mapi id 15.20.3846.027; Wed, 10 Feb 2021 09:19:15 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "TLS@ietf.org" <TLS@ietf.org>
Thread-Topic: draft-ietf-tls-rfc8446bis - Security propterites - Protection of endpoint identities
Thread-Index: AQHW/43NdDjKffLd90a2SEyd7cXv7w==
Date: Wed, 10 Feb 2021 09:19:15 +0000
Message-ID: <2CBD606F-E391-47DD-AEBB-1673D57752D3@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2f025d23-a5d1-4d2d-e513-08d8cda4efbd
x-ms-traffictypediagnostic: HE1PR0701MB2937:
x-microsoft-antispam-prvs: <HE1PR0701MB29373BAB0A052F15244844C1898D9@HE1PR0701MB2937.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2TIueURplGOqm54wUNRd6BmqVNbb8/FGQveNTAKDU0sARTjrTRNHaUlCqNbrncwdAehkDIGNv6izbAFFUqEI+/xdmZ+cjoUDRbGn8YnhUBR7e6wfLJL7wu+Wi0J8ruc/Yja30c6MtuejfHk7wAmDMNuuIUIecPj9X8ZBWFBUXP61rkEFRPhjDQmdZt1b8aaKC+a4Vph/dZTKMfdYrHu3d+UDOWYfEVh2fkDBFsVsRDllqAgIHvbBbljmrnjOXC4imDe+6r/R6pqPsI193SY3rTrrc/TBFYly+mTbjqTtVO/DklSGMz/n67/+AdZa2WxpZ1I0OoHYPCATckzE+vWDguQB7Bv8nqY2y8TahUXtUBcGlvRuEJI1f4YAOY+ivn3oPhdNs6+MkX24dH5r58vrZKdD8LvPOzqn+TBYSNirUbDeAfzlxzxi01LwFbbCZmNY3WAwpPQntF3OZlAofZ/4fyep5R2uIQ3KaJ+2/4C9gHdOwhLuNGNtk06bxI9+3b3b1bgyybQy3hnBFvlAEJo+US0F8L5PiNH92ZZs541VzM2moMWPnZd0H/T9vKvK8ZqeZsqo1loNZqh/09NViU01eg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(136003)(376002)(366004)(39860400002)(4744005)(478600001)(6486002)(6506007)(2616005)(186003)(44832011)(26005)(36756003)(86362001)(33656002)(83380400001)(8676002)(2906002)(15650500001)(76116006)(6916009)(5660300002)(8936002)(6512007)(66476007)(66556008)(64756008)(66446008)(316002)(66946007)(71200400001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 4srvvdD5/sBEK9/4ko1YYg0OD4QGNxhcg6SxPDNDm9I8I+Do4a1REDAul0uUvz/YRfb+5gR9NcAoTuGkvbk60JMxUWCe8TbEtrpp4MQJ10/AFfD2xq7BCrapZz4zYaHQPX2tc2yoOlGqYWUXFP2Hzpr/9Tkng2teCpkuUu/QJSYHhO3tcedFKXsYHw0mFgvKpOBKDcGxDbKlMU0jcm0tzWKzrs2rbcPXiCAKTWLvItOqQGGB4HXUjIdFeqjLS26wM3ZlgA9+n8QpSolwNBpHJXl5s1lN8yjwqV42QUcHbmfi3ITnbYlJXFtDJ+IJyJBTp8WiUQYmUmqJ9yCIKsoKM513PC/E32WTW159DOK9BG0+LtMc8Y6lIhWAyUG5IgykZanyxXHZXkxDwIwDd7tLbv5sDhxZymOABpky/bS2bj2klfvfeGn3cgJJU5hSQTe7FPn/1jMMgqtuAVR/64XIkSAma85G3TU16ZBZx2kuUhsI00TXI6KH0IQyBdVzD67/+YHv/8YLz40Lbv7JZkC5ZiWgJZ5UV4fmKCn79U19T/JZTmJUZFc8iC7oGda9Q32yOd1+2BoKKQzp61OfMbYwkzG3xasfVFQpMAcLHjan9vsKJGbmJOJYuIMU5J8MdLUXhpfe+Rv6AUTvUoVV0PDEcF6HUHX3TcO28dk3H/XneOTGP3m9L5Abtfc7tlbya1Wi0pUTc2P+PFCfyCUtCBVtmjGVSXfDqHXwcuoKLCo2FI8Z6LlBhk+mm7ONeySmFww+nmcv49OLGQe6b/1mPBw0o0O23YQ0Ek22TnEzmVLyw4jSUQbb/nnwzXd1PRhnGZr6Yjbw44Bv4wiX8vrTuJ5aNpRaXNI6QxoxCZvQa4y24QbTxjSlpavnUzAwPHImwrNt71e+BfjxZGZI+wXRbP61D5AxQdoEE4tT6RESfOJZf3ln9gPwzhN+pf461j88IaIbgsKCxZ/07IaPJbkXcSfMPo9G+LlfTHm4bSbP0fSfhkddoWBlgJzKwdbvHvuuNGuDKvynr6CsJ0TNXx/8WPBq9CX4VZghGh03CRRhIybOheXod2A+F4CWsuE+5k1MxmpK0AtKWTUF4xB65YfdX5ivZ+kSstqWsw58qb5qoDNc+mNj9ct1N+vuOCSahkdb3gqlLUYGa9HTjvEU/SNx/LAYcJ3EsxEk+ahme3Ash4RR0DUMq3YSz5egfphT2eWg7dz7joLNQoLtc1SRO3idPBhwO0EtkykOvUUqfi0P0vbgIfaRnRWK9oz0jpbjay63YpOYXZYxqW+u54gzCA/VRyqwe/4PtUS0/ewiAdwlTfVirgtIaH/Hj9ndpPd+cocAAqEf
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <1498ECFC747D26498131C2628C4615DB@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2f025d23-a5d1-4d2d-e513-08d8cda4efbd
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Feb 2021 09:19:15.2205 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iPsMTTHG93V80X2pu5vwhsTH8qrwGV7JZjHgz4HhMyAs/r2oeZPjmyN9Nli9Vhfq8OV7gubdfwmNDaQERpjlShSjuwGojzEl9uBYPr5e6Mg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2937
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ELHa51xgYHF3X79_9NBDXXZS1U4>
Subject: [TLS] draft-ietf-tls-rfc8446bis - Security propterites - Protection of endpoint identities
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2021 09:19:20 -0000

Hi,

TLS 1.3 has several stated security properties. One of them is "Protection of endpoint identities". EAP-TLS 1.3 (up until version -13) was written with the assumption that this property holds. Other uses of TLS 1.3 might also rely on the property to hold. With draft-camwinget-tls-ts13-macciphersuites, the "Protection of endpoint identities" does no longer hold in general. I think RFC8446bis needs to state that this property only holds for cipher suites with confidentiality.

Cheers,
John

v2.23.0 | Report a Bug | By Email