Re: [TLS] Review of draft-wouters-tls-oob-pubkey-00.txt
Paul Wouters <paul@xelerance.com> Thu, 28 July 2011 18:00 UTC
Return-Path: <paul@xelerance.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11E9F21F8588 for <tls@ietfa.amsl.com>; Thu, 28 Jul 2011 11:00:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.538
X-Spam-Level:
X-Spam-Status: No, score=-6.538 tagged_above=-999 required=5 tests=[AWL=0.061, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nKxD-Ehz3Yxf for <tls@ietfa.amsl.com>; Thu, 28 Jul 2011 11:00:40 -0700 (PDT)
Received: from newtla.xelerance.com (newtla.xelerance.com [193.110.157.143]) by ietfa.amsl.com (Postfix) with ESMTP id BC80F21F8584 for <tls@ietf.org>; Thu, 28 Jul 2011 11:00:39 -0700 (PDT)
Received: from newtla.xelerance.com (newtla.xelerance.com [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by newtla.xelerance.com (Postfix) with ESMTP id 4A2DD57124; Thu, 28 Jul 2011 14:01:38 -0400 (EDT)
Date: Thu, 28 Jul 2011 14:01:38 -0400
From: Paul Wouters <paul@xelerance.com>
To: Martin Rex <mrex@sap.com>
In-Reply-To: <201107281658.p6SGwpYY017791@fs4113.wdf.sap.corp>
Message-ID: <alpine.LFD.1.10.1107281346130.2289@newtla.xelerance.com>
References: <201107281658.p6SGwpYY017791@fs4113.wdf.sap.corp>
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: tls@ietf.org
Subject: Re: [TLS] Review of draft-wouters-tls-oob-pubkey-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 18:00:41 -0000
On Thu, 28 Jul 2011, Martin Rex wrote: > The trusted_ca_keys TLS extension itself is a simple/lightweight extension > in that it does _not_ modify the syntax or semantics of any other > TLS handshake messages (besides the TLS extensions container in > ClientHello and ServerHello). trusted_ca_keys changes sending the CA bundle with EE-cert PKIX blob with only the EE-cert PKIX blob. I am proposing to send only the subjectPublicKeyInfo PKIx blob. It's not different a change of semantics. > In TLS WG we definitely need to keep an eye on TLS extension not > duplicating each other resulting in conflicts an interop problems. Hency my method that is suitable not just for DANE, but for any non-PKIX out of band authentication. > The TLS WG had previously adopted a work item (currently dormant, > primarily because of fights over hash algorithm agility that haven't > been settled) to do caching in a generic fashion, so caching > of data from TLS handshake messages, and in particular _existing_ > TLS handshake messages should IMO not be duplicated in any newly > proposed TLS extension. cached PKIX objects is quite different from not using PKIX. Currently in saag there was also the interesting point of PKIX needing to send duplicate certs in the CA bundle for SHA1/SHA2/SHA3 because you don't know what hashing algo the TLS client can support. The non-PKIX authentication of the TLS server public key could just publish different DANE records with the different hashes of the public key, and the TLS client can pick the one it supports. Please don't suggest that it is perfectly reasonable to keep mandating ever larger PKIX containers that are just scrap around the public key. >> "something better" only works with your other assumption of "sending >> and signing cruft in PKIX is fine". I strongly disagree with that. > > You seem to be thinking purely about a niche area > > 1) that does not have TLS at all today > 2) where you want to implement TLS newly from scratch and having > to implement _all_ of ASN.1-ladden PKIX as a huge burden > 3) and where you do not care the slighest about interop with the > installed base of TLS. Not at all. I am also thinking of a browser supporting non-pkix alongside pkix authentication. > it might be worthwile thinking about implementing > the subset "X.509v1 self-signed cert" as an alternative to inventing > a new bare key format, because that is still fairly trivial to > implement and fully interoperable with the existing installed base We've been carrying PKIX containers for too long already. Suggestions we continue to do so for another twenty years are simply not good enough in my opinion. I know not everyone agrees with me, and I'm not asking people to switch. I'm just asking for the opportunity for everyone to make their own decision on using PKIX or not. > (OK, newer browsers have a braindead nag-ware warning page, but > I haven't lost hope yet that they grok it one day and offer sensible > cert pinning -- and having to regularly update bug-ridden web browsers > is a sad fact of life we've all become used to, it's not nearly as bad > with TLS implementations used by programmatic TLS clients and servers). I'm not sure how this paragraph supports cached pkix objects over non-pkix. > I see not having to modify syntax and semantics of existing TLS handshake > messages in order to implement a TLS extension as a big plus. See the start of this email and the comparison with trusted_ca_keys. We are not forcing TLS servers to change anything like a requirement to support TLS version 1.42. We suggest giving TLS implementations the *option* to implement a non-PKIX extension. cached-objects is not good enough for this case. Paul
- [TLS] Review of draft-wouters-tls-oob-pubkey-00.t… Eric Rescorla
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Paul Wouters
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Eric Rescorla
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Paul Wouters
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Eric Rescorla
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Paul Wouters
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Paul Wouters
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Eric Rescorla
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Paul Wouters
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Eric Rescorla
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Martin Rex
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Paul Wouters
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Martin Rex
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Nikos Mavrogiannopoulos
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Martin Rex
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Paul Wouters
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Nikos Mavrogiannopoulos
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Paul Wouters
- Re: [TLS] Review of draft-wouters-tls-oob-pubkey-… Martin Rex