Re: [TLS] Regarding the identity bidding issue when using raw public key with TLS

Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 12 July 2018 12:17 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36CED130E71 for <tls@ietfa.amsl.com>; Thu, 12 Jul 2018 05:17:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5J_T-jD69wd for <tls@ietfa.amsl.com>; Thu, 12 Jul 2018 05:17:35 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A363130DF1 for <tls@ietf.org>; Thu, 12 Jul 2018 05:17:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 75DD24FBDA; Thu, 12 Jul 2018 15:17:32 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id 7CwGUxEcvf0K; Thu, 12 Jul 2018 15:17:32 +0300 (EEST)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id E9B9527F; Thu, 12 Jul 2018 15:17:29 +0300 (EEST)
Date: Thu, 12 Jul 2018 15:17:29 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Message-ID: <20180712121729.GA3925@LK-Perkele-VII>
References: <0AE05CBFB1A6A0468C8581DAE58A31309E0B122F@SINEML521-MBX.china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <0AE05CBFB1A6A0468C8581DAE58A31309E0B122F@SINEML521-MBX.china.huawei.com>
User-Agent: Mutt/1.10.0 (2018-05-17)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HwxGjDehmRp4FRo_rBM-6azgPh0>
Subject: Re: [TLS] Regarding the identity bidding issue when using raw public key with TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2018 12:17:39 -0000

On Thu, Jul 12, 2018 at 09:30:40AM +0000, Wang Haiguang wrote:
> Hello, everyone,
> 
> To solve the complex issue caused by the certification, in RFC 7250,
> it is recommended to use raw public for authentication.
> However, when using RAW public directly for authentication,
> identity and public key binding is required. That is, server need
> to maintain a large table to map the public key and identity.
> For networks with huge amount of IoT devices, the maintenance of
> such a huge database might be a challenge issue.

It seems to me that getting the information to provisioning to the
database is the biggest issue. Any semi-decent database program should
not even be breaking sweat with million row table on quite low-end
server hardware (if the indexing is even remotely sane).

> Currently we are thinking to use identity-base public key to solve
> the issue.  Is there any better solution to solve the identity binding
> issue?

If you do not want to use server-side database, create an internal
CA and issue as compact certificates as possible. The overhead should
be in low two hundred bytes.

But this does not save you from having to figure out what those IoT
devices actually are!

> Can anyone give us some comments regarding using IBC as raw public
> key for TLS for massive IoT authentication?

I do not think there is any way currently to do that. The only defined
signature algorithms are ([*] means removed from TLS 1.3):

- RSA PKCS#1 v1.5[*]
- DSA[*]
- ECDSA
- EdDSA2 (Ed25519 and Ed448)

These are also the only algorithms that can be used with raw public
key authentication. None of these is IBC algorithm..

Also, the way the raw public keys work is the same in both TLS 1.2 and
1.3 (the precise messages are different, but it still works the same).


-Ilari