Re: [TLS] Fwd: AUTH48 [AR]: RFC 7250 <draft-ietf-tls-oob-pubkey-11.txt> changes
Viktor Dukhovni <viktor1dane@dukhovni.org> Tue, 27 May 2014 18:10 UTC
Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7D381A063A for <tls@ietfa.amsl.com>; Tue, 27 May 2014 11:10:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vcAiNvTwtiBk for <tls@ietfa.amsl.com>; Tue, 27 May 2014 11:10:22 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 487471A04F8 for <tls@ietf.org>; Tue, 27 May 2014 11:10:22 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 4F5AB2AB10A; Tue, 27 May 2014 18:10:17 +0000 (UTC)
Date: Tue, 27 May 2014 18:10:17 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20140527181017.GN27883@mournblade.imrryr.org>
References: <201405201629.s4KGTtoU021704@new.toad.com> <790AE3A2-37B2-4124-8093-69812232052C@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <790AE3A2-37B2-4124-8093-69812232052C@cisco.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/FnBSZvbufkBsuEVQiY4M2NMZnEc
Subject: Re: [TLS] Fwd: AUTH48 [AR]: RFC 7250 <draft-ietf-tls-oob-pubkey-11.txt> changes
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 May 2014 18:10:23 -0000
On Tue, May 27, 2014 at 05:24:09PM +0000, Joseph Salowey (jsalowey) wrote:
> > Section 4.3:
> >
> > OLD:
> > Authentication of the TLS client to the TLS server is supported only
> > through authentication of the received client SubjectPublicKeyInfo
> > via an out-of-band method.
> >
> > NEW:
> >
> > When the TLS server has specified RawPublicKey as the
> > client_certificate_type, authentication of the TLS client to the
> > TLS server is supported only through authentication of the received
> > client SubjectPublicKeyInfo via an out-of-band method.
> >
> > [...]
> >
> > Add Section 4.4. Server Authentication
> >
> > NEW:
> > When the TLS server has specified RawPublicKey as the
> > server_certificate_type, authentication of the TLS server to the
> > TLS client is supported only through authentication of the received
> > client SubjectPublicKeyInfo via an out-of-band method.
Some (as I did briefly, though I think I have finally figured out
what is meant) might find "authentication" here a bit confusing.
There are two parts to the traditional use of a public key in TLS for
authentication:
* The public key is used to sign the key exchange or decrypt
key transport. This proves that the counter-party possesses
the corresponding private key.
* The public key is delivered in the form of a certificate that
attests to a binding between the public key and some identity.
When I first read the quoted text out of context, I though it was
saying that both parts were out of band, which is surely not the
case. Rather it is merely the identity mapping that is out of
band, each side still verifies possession via appropriate signatures.
Is the use of raw public keys to sign the relevant bits of the
handshake that would otherwise have been signed by the public key
embedded in the certificate too obvious to have to state explicitly?
--
Viktor.
- [TLS] Fwd: AUTH48 [AR]: RFC 7250 <draft-ietf-tls-… Joseph Salowey (jsalowey)
- Re: [TLS] Fwd: AUTH48 [AR]: RFC 7250 <draft-ietf-… Viktor Dukhovni
- Re: [TLS] AUTH48 [AR]: RFC 7250 <draft-ietf-tls-o… Joseph Salowey (jsalowey)