IETF Logo Mail Archive

Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections

Jonathan Hoyland <jonathan.hoyland@gmail.com> Fri, 12 March 2021 11:38 UTC

Return-Path: <jonathan.hoyland@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE18B3A18E9 for <tls@ietfa.amsl.com>; Fri, 12 Mar 2021 03:38:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pUSjppUsKNAX for <tls@ietfa.amsl.com>; Fri, 12 Mar 2021 03:38:05 -0800 (PST)
Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE84E3A18E4 for <tls@ietf.org>; Fri, 12 Mar 2021 03:38:05 -0800 (PST)
Received: by mail-qk1-x72c.google.com with SMTP id n79so23856143qke.3 for <tls@ietf.org>; Fri, 12 Mar 2021 03:38:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tFi23TNHIW06H5RrMfdIsxZK0glXKDW0yO+OTy33NUY=; b=kAoxnF1jzbvy7k9W74Rgm4vPah686FD4F12pcw3FQz4ec6CwWOB+/B5zprNcEDJAZe oXR9y+Q0rMpDFLWxkBi5aEwq0T8bzerUhOCIjii4Kmu/t3c1+JVDNaew7I8NzOZ9DE78 s8UhPCqJNx5ObuXEEgdUhRBN2e5ovEOME8U2ACOM4VOxsrc7Mx/cO4Br7Jvw4yyMXnPn Ahjlopq+6YpX0Tx3Wfaax9MJmsJYnoUd7S5eeLRw2xEZJaf67JhTPihqfpt9OZhXu1sM A/Ufp7raf0AGXfLLWPFc9XaoIqHesMMSUlLSOJMaKYAL6xVMRCbO5L0DZTjVEAwv2LH7 pPrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tFi23TNHIW06H5RrMfdIsxZK0glXKDW0yO+OTy33NUY=; b=MrurmiV8osNLoqLS1EPEiIpyxyMoIaU/3+H+wU0bbol1dg7dT8i0ToUG1l2AwzHIDP SsVBFK/Ecv7GH2dQ0TRrvneQROjkh9AKDds7gxgxPe5yxc2sYudchf1GJSeW69XNHC41 H+OgXAkfNhvSwFiexcUXV5lNWtn4bvuII3CsV27AY8A+PG6UtqyZYAFzoy9gNXifw/p+ UvqTm366ypGNKgzB99EY9s5LvyTHq/nEL5qtz7V6/x5ZkYtKMeFyd+uLofnS10RmrfsN B1V3DTqNYzCTmXOFI9MgW7cwgiU2XFy3PBWEhHtVUWH2Q2Evi9TO1ZN0imrppRp2atk5 D7Ag==
X-Gm-Message-State: AOAM530izdpV12xIVgtCusXJKqlLCW3v6FYn2uO4Bg5IyN7tEAAN6MFA ZtPEr5+SZknkCjCZl/WoaXdFPVBQcCrirgitqVw=
X-Google-Smtp-Source: ABdhPJwUTNPA3mUraOvBfuGclCfItLkusIgvh1tYSA1m59akvo8b1iaYvngN39HMPBd1PxXBCNOdM/JZbUTwD5hHq3E=
X-Received: by 2002:a05:620a:22b7:: with SMTP id p23mr12363802qkh.365.1615549083527; Fri, 12 Mar 2021 03:38:03 -0800 (PST)
MIME-Version: 1.0
References: <DE27E5E0-4AB9-4B53-92F6-1057015A8F6C@ericsson.com> <20210305173516.GV30153@localhost> <701E874C-EA40-47FD-A4E4-C4C595E96337@ericsson.com> <20210305193502.GW30153@localhost> <AM0PR08MB3716A4C8D0F9BB007F9A0CBCFA949@AM0PR08MB3716.eurprd08.prod.outlook.com> <40166b1968e04cc392c16e2de559e684@siemens.com> <YEZnS1Fi6GRxBMH5@straasha.imrryr.org> <02f23fa168b64d7d9294cf986bc56717@siemens.com> <YEcng7+1iL4jLOu2@straasha.imrryr.org> <CACykbs3R6rQ1+wb4Aq8_j7GaMnxW5e7LwpeBk=5UvTMUFuD6Lw@mail.gmail.com> <08166ec1525648568276e05bc4da6dc6@siemens.com> <69d2caee6e194f5a9477ce4d008a1053@siemens.com>
In-Reply-To: <69d2caee6e194f5a9477ce4d008a1053@siemens.com>
From: Jonathan Hoyland <jonathan.hoyland@gmail.com>
Date: Fri, 12 Mar 2021 11:40:12 +0000
Message-ID: <CACykbs2H+=ps0k8VdGS+LuqXcGPDbguUP5bmRLa6_Sw23-3cNg@mail.gmail.com>
To: "Fries, Steffen" <steffen.fries@siemens.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>, "john.mattsson=40ericsson.com@dmarc.ietf.org" <john.mattsson=40ericsson.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003daf3a05bd55558f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ii-eyyu_x5hVnepytg3U-t8oN3A>
Subject: Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 11:38:08 -0000

I don't believe so, but that would seem like a configuration issue.

I guess if you really wanted you could define an extension that goes in the
Certificate Request message (which the AR is based on), assuming there
isn't one already, that requests a specific serial number.
Although that of course makes the system completely brittle if that
certificate gets revoked, expires, or even just becomes unavailable because
of disk failure.
It would be great to see all the potential use cases broken down so the
best solutions can be considered.

Regards,

Jonathan



On Fri, 12 Mar 2021 at 11:00, Fries, Steffen <steffen.fries@siemens.com>
wrote:

> Hi Jonathan,
>
> Maybe a further question to the draft you referenced (exported
> authenticators). Is there a way to request a distinct certificate in the
> AuthenticatorRequest? Can I ask for the certificates used in the initial
> handshake from both sides? I saw in the extension that in the
> ClientCertificateRequest that the server_name may be provided as extension
> but this may not be sufficient.
>
> Best regards
> Steffen
>
> > -----Original Message-----
> > From: TLS <tls-bounces@ietf.org> On Behalf Of Fries, Steffen (T RDA CST)
> > Sent: Donnerstag, 11. März 2021 13:31
> > > One option that I haven't seen mentioned in the thread is
> > https://tools.ietf.org/html/draft-ietf-tls-exported-authenticator-14.
> > Thank you for the pointer to the draft.
> >
> > > EAs let you send a certificate from either side of the connection at
> any point
> > after the handshake is complete.
> > > I'm not sure what the behaviour is if the certificate itself is
> expired at the time
> > the EA was sent, but valid at the time the connection was established,
> but I'm
> > sure that could be nailed down.
> > > Would something like the client (and equivalently the server)
> requesting an EA
> > every 24 hours and hard failing if it didn't get one meet your needs?
> > It may help here. From an integration standpoint it is important that
> the same
> > certificate would be used with EA as used in the handshake to ensure the
> one
> > used to authenticate in the first place would be verified. That may mean
> that
> > one would have to store the initially used certificate or at least the
> fingerprint or
> > serial number and issuer to be able to request the right one in the
> authenticator
> > request.
> > This would be handled on application layer if I understood it right. As
> the goal
> > would be to have a trigger to verify the certificate against a (new)
> CRL, the
> > approach of having a timer or a trigger by the newly arrived CRL may be
> more
> > suitable. But I will have a closer look.
> >
> > Best regards
> > Steffen
> >
> > > Regards,
> >
> > > Jonathan
> >
> > On Tue, 9 Mar 2021 at 07:45, Viktor Dukhovni <mailto:
> ietf-dane@dukhovni.org>
> > wrote:
> > On Tue, Mar 09, 2021 at 07:28:26AM +0000, Fries, Steffen wrote:
> >
> > > > My take is such measures are much too complicated.  Just keep the
> > connection
> > > > lifetime short, and make a new one from time to time.  Also keep
> certificate
> > > > lifetimes short.  Where DNSSEC is an option on both ends, you can
> also use
> > > > DANE TLSA records instead of CRLs, just publish a
> > > > "1 1 1" (PKIX + DANE) or "3 1 1" (DANE only) record that validates
> the server's
> > > > public key, and give it a short-enough TTL that it can be replaced
> quickly.
> > > > Presto-magic, no need for OCSP, CRLs, ...
> > >
> > > While this may be a solution in general, it may not fit for power
> systems (like a
> > substation).
> > > The application of DNSSEC or DANE is not very common and may not be
> used.
> > Also due to
> > > Existing deployments, which do not feature these services (yet).
> >
> > I am not trying to suggest that DANE is currently a mainstream option
> > outside of SMTP (primarily in Northern and Central Europe for now, with
> > some signs of life in the USA, Canada and Brazil).  The above was more
> > of an aside for the record.  DANE may be a more realistic choice a few
> > years from now.  DNSSEC adoption is starting to grow faster, and if this
> > continues and accelerates, DANE may become more common, time will tell.
> >
> > Early adopters can of course choose to use it now, but it is far from
> > mainstream today.
> >
> > --
> >     Viktor.
> >
> > _______________________________________________
> > TLS mailing list
> > mailto:TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email