[TLS] Re: Transparent TLS Client Auth (t2CA)
Eric Rescorla <ekr@rtfm.com> Thu, 22 May 2025 17:04 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id DD5DD2BEAC9A for <tls@mail2.ietf.org>; Thu, 22 May 2025 10:04:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ESo-n17zINcx for <tls@mail2.ietf.org>; Thu, 22 May 2025 10:04:57 -0700 (PDT)
Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id EF7C82BEAC93 for <tls@ietf.org>; Thu, 22 May 2025 10:04:56 -0700 (PDT)
Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-70dec158cbcso28592977b3.2 for <tls@ietf.org>; Thu, 22 May 2025 10:04:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1747933496; x=1748538296; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=gWcSwNFxGJx/FIxyArByNRKzjSHs4dB3P8Rf3fnug2s=; b=NZ9Q+WhX/QOFVVQjIeG7wv+A8L2x48q+P/koVptCbiviJMP3WHrqdrkKcJM4MUqp2a 4+H5zEexTGMVQDXQYYDoPnoxn/28S+o+zGXZNmlJQQ7l/6uUzRE06IvViEKVGOb8rhhK ovfzp2cNLz/BgaPrthUDOjOLcSQQfU/w378qocOQccGWuMYclR497E+8XM6TjTHE97dh bNAqK5mgDpMD/x5D7HBEqx9cnyd7lvPQkt31Uk9ofMCLgLOh82TFU5d5kgLrtnNcPahV weq4sawSCoEgLbwTCF6nAX3yCYXMMXA1nWfJ6QkWpCycYUoe5ADTeiFkHHBIc+ePHjuU TynQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747933496; x=1748538296; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gWcSwNFxGJx/FIxyArByNRKzjSHs4dB3P8Rf3fnug2s=; b=hC7DASgRTxg2HSx17sF41OIId59iUAkykEk0ynSzVXj7Ver95/u7cr04xqHI82czcl 0lI2O/0hv7MvZoB5w0RcEldANNu/k0PsFm2I636CjXpc6quD5QDDgGNa0oC+zCJyrxxK vNbdGf/W3K3Gs5YT5pFN4LWJ5kCoWYxpWpUNkWv0hKcDEES0ZyNvfpk6W/bH9TcHmYAN P62xehmTC4rI0f+Jp52OkuQQ5UHbzTM2K6f1VfSsskrMMUlTm6pBkloPJ3HMlRKEfu5Z 9gAhvezqIcT+mvLd0RCS1K673gqWz7iXGBVf2sfZ/CR63DN4eEnN3lbcHw+nP0W+quC2 /+tA==
X-Gm-Message-State: AOJu0YyTRbcvX9H3cz3uYTsrNcFWFTustoBrocW8Qh0pIUAvMG89i3/P 9ABMy1dhLrEz89s3/g870dHIxRt3g7O3/FzL0zAt4wmHen5NTGTfpUcT0nbAliXxAdNc6/63C+n vkH3SQkNyR3s9ahn7w/vI5EX/D9KgaZyFNcN0uTI5tzN5P+o5NDsd
X-Gm-Gg: ASbGncv6K3Ti7i7wMdRVmRfhDvECL4VUiBYJo3CsPfZeACu0d75mtbSZqExyp6T2hD0 LbMlY2Eesx0ZBSQcyPTgdb8ihp8kpwDIp5HojDnWOmDWwWdRWPu3dK1wVqzOphQ3Qkm31mKnXVI OiY9A5c49u/1JBTiJmtbSJ3FblYQdyMKG9ovqxWDcezw==
X-Google-Smtp-Source: AGHT+IEYuiq8bSxAzmgmZLnkwNqHVyxFlNZchHd08C/19xg8TkWYh+WUQr6SzCDPqcicja5JGViStEPLNmCFOpVDPtk=
X-Received: by 2002:a05:690c:ed4:b0:700:b007:a33e with SMTP id 00721157ae682-70caafa8ad6mr358238667b3.16.1747933496253; Thu, 22 May 2025 10:04:56 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+LwgUckd7M4J1wop9srwxaFkfenmibLJ1=-dJb-pfEkXxLg@mail.gmail.com> <CABcZeBMkNs=Uhe5Wv49P8OquN8rn0z_p4cXgB51gS879RFxBZA@mail.gmail.com> <CAMm+LwgszwpdfB5k0ETEfg2cYyestZtq0y5pS7=Y7kzdyoBPbw@mail.gmail.com>
In-Reply-To: <CAMm+LwgszwpdfB5k0ETEfg2cYyestZtq0y5pS7=Y7kzdyoBPbw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 22 May 2025 10:04:20 -0700
X-Gm-Features: AX0GCFvTm63z11C-youoCr3Wu9-JMnCQp8rwL5A28oQiXrbyITLerTuz_bz9aLA
Message-ID: <CABcZeBPgxDhqroAUO+fW4Sp6qvSHugd2pym5C2_+jNcQUXaqxw@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: multipart/alternative; boundary="00000000000022d6f00635bc7b35"
Message-ID-Hash: CLC2H65WD2T3VURFK7HTDHWTYNM56CNS
X-Message-ID-Hash: CLC2H65WD2T3VURFK7HTDHWTYNM56CNS
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Transparent TLS Client Auth (t2CA)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HWDCe-5BjfvwyKpm-_hoMvq5xZY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Thu, May 22, 2025 at 9:56 AM Phillip Hallam-Baker <phill@hallambaker.com> wrote: > > > On Thu, May 22, 2025 at 11:50 AM Eric Rescorla <ekr@rtfm.com> wrote: > >> A few observations here. >> >> I generally agree that a signature-based scheme has superior privacy >> properties to something like OAuth, though the details really matter >> here. For example, if the system requires having a TXT record at the >> leaf node (e.g., ekr.<something>.gmail.com) then the end result is >> similar because the DNS server will get a query from the relying party >> for your specific identity, allowing the server to track you [0] >> > > The idea here is that you have your own personal DNS name that is yours > and only you use for authentication. It is a different approach but one > that has some surprising effects. > > A traditional Internet account is a delegation to a service. so > ekr@example.com. To resolve that name, a client first locates the auth > server for rtfm.com and then sends it a query. > > In the Blue Sky model, your account has its own DNS name and can be > queried independently of any account discovery service: @ekr.example.com. > Yes, I understand this, but as a practical matter, people don't have their own DNS names, and I don't think it's likely they are going to get them. Rather, they are likely to have them subordinated under some provider, exactly as they do now, in which case it will be `alice@gmail.com` which maps to `alice.gmail.com`, hence the privacy point I am making. > > * Allowing the site to control the timing of the authentication >> (e.g., offering you connect unauthenticated and then upgrading). >> * Allowing the site to offer multiple authentication options. >> * Allowing the site to control the look and feel of the interaction. >> > > I don't want the site to be doing any of that. I want there to be a single > consistent authentication experience across everything. Without > consistency, users have no idea what they are doing and the scheme is > vulnerable to social engineering attacks. > What matters here is not what you want but rather what the site wants, and in my experience they want these properties. So, again, I ask: which major players in the current ecosystem are interested in this. -Ekr > >> >> >> >> >> On Tue, May 20, 2025 at 7:45 PM Phillip Hallam-Baker < >> phill@hallambaker.com> wrote: >> >>> I have floated parts of this scheme in OAUTH and DANE. >>> >>> As we all know, TLS does Client auth in theory but the implementations >>> are unusable for two reasons: >>> >>> 1) Issue of client side certs is a pain >>> 2) The user interface asking the user to select a certificate. >>> >>> Both problems could potentially be addressed by the emerging DNS handles >>> infrastructure. At present, the authentication is OAUTH2 based. But TLS >>> Client Authentication under a certificate validated under the DNS handle >>> would be cleaner. >>> >>> So, I am looking for people interested in a side meeting in Madrid. >>> >>> Here is my current sketch: >>> >>> User gets handle from DNS Handle provider who (usually) also runs an >>> OAUTH2 service under the ATprotocol profile and a private CA for the user. >>> >>> The root of the private CA is bound to the DNS zone by a TXT or TLSA >>> record. >>> >>> Each device the user wants to use with their DNS handle gets issued its >>> own client cert. >>> >>> Users can have multiple personas and the browser selects the certificate >>> the user has assigned to the site asking for authentication. >>> >>> >>> Net is that the user gets to authenticate to any site (supporting T2CA) >>> under the DNS Handle and persona they have selected for their site without >>> any additional hassle. >>> >>> >>> _______________________________________________ >>> TLS mailing list -- tls@ietf.org >>> To unsubscribe send an email to tls-leave@ietf.org >>> >>
- [TLS] Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Ben Schwartz
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Shumon Huque
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Eric Rescorla
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Eric Rescorla
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Eric Rescorla
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker
- [TLS] Re: Transparent TLS Client Auth (t2CA) Eric Rescorla
- [TLS] Re: Transparent TLS Client Auth (t2CA) Phillip Hallam-Baker