[TLS] Re: TLS 1.3, Raw Public Keys, and Misbinding Attacks

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 19 November 2024 08:06 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58BF6C1DFD59 for <tls@ietfa.amsl.com>; Tue, 19 Nov 2024 00:06:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dukhovni.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OuXNtdg7qkFp for <tls@ietfa.amsl.com>; Tue, 19 Nov 2024 00:05:57 -0800 (PST)
Received: from chardros.imrryr.org (chardros.imrryr.org [144.6.86.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BD48C1DFD42 for <tls@ietf.org>; Tue, 19 Nov 2024 00:05:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dukhovni.org; i=@dukhovni.org; q=dns/txt; s=f8320d6e; t=1732003552; h=date : from : to : subject : message-id : reply-to : references : mime-version : content-type : in-reply-to : from; bh=krazAbpnOxzxy8Oe/Jb2B5q4RjM4nwGw7yORSk2Th6A=; b=RyjXFoVvKRAKged/zLeRT5EBLRCJXkA/4bViwYq66vgWxEvHNf2ZwYgnhzdXvfk6oLcJB fysoVIO9/Oz5DF0vKNDOs20hn+nqkmIZkAqQOsHrxQOe3tq3d9N+lfmUfVtZpDSqt/9rkD6 JGmo1NZyecl20fhBsfYJLEHmbpz8u08=
Received: by chardros.imrryr.org (Postfix, from userid 1000) id B05EE92B6F8; Tue, 19 Nov 2024 19:05:52 +1100 (AEDT)
Date: Tue, 19 Nov 2024 19:05:52 +1100
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: "TLS@ietf.org" <tls@ietf.org>
Message-ID: <ZzxG4KMGgXINsOOb@chardros.imrryr.org>
References: <GVXPR07MB9678DFD1EED3971606FB3DE6893B2@GVXPR07MB9678.eurprd07.prod.outlook.com> <AS8PR10MB7427BE068D9472C465A7392EEE082@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM> <5a79de00-2204-4e92-84bb-8b9b272a6ea6@iki.fi> <6aff1943-e896-4b00-8a61-d00c3b574953@gmx.net> <b986a11a-c00a-43a5-80d0-100dbd3f6fbf@iki.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <b986a11a-c00a-43a5-80d0-100dbd3f6fbf@iki.fi>
Mail-Followup-To: <tls@ietf.org>
Message-ID-Hash: UN54Q24UBEH5VVJ64FY56VH3NAUB3NOZ
X-Message-ID-Hash: UN54Q24UBEH5VVJ64FY56VH3NAUB3NOZ
X-MailFrom: ietf-dane@dukhovni.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: tls@ietf.org
Subject: [TLS] Re: TLS 1.3, Raw Public Keys, and Misbinding Attacks
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KuGUXwsrf6DJrwziOEYypiVh42k>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Tue, Nov 19, 2024 at 08:52:03AM +0200, Mohit Sethi wrote:
> Hi Achim, Viktor,
> 
> Answering to multiple posts in a single email.
> 
> > The provisioning is frequently done "out-of-band" and the trust is
> > based on that procedure.
> 
> As observed from the formal modeling exercise:
> https://arxiv.org/pdf/2411.09770, misbinding is possible even in the case
> where provisioning is "out-of-band".

The paper and the proposed changes to the RFC fail to state that
misbinding is often not *relevant*.  Who cares whether the client knows
some name for the holder of a public key, if (in essence) it is just
trying to to communicate with the holder of a particular key, and the
name is just a way to learn an IP address to reach that holder.

MX hostnames are just a way to *indirectly* learn the IP address of the
SMTP server, and validate its key, but the client had no prior intent
to reach a particular server, and "misbinding" is simply irrelevant.

Yes, there are of course signficant well known application domains where
the misbinding matters (and RPK has seen no use), but there are also
others where misbinding simply does not matter (and where RPK is
starting to get used).

> Viktor wrote:
> 
> >    So "misbinding" attacks are not
> >      "interesting" in this context.
>
> I fully agree with the assertion that the consequences of misbinding in
> different situations isn't always clear or even relevant. Our paper presents
> several potential attack scenarios of server (section 4) and client (section
> 5) misbinding when using RPKs for authentication. On a broader note, one
> example consequence of misbinding that Hugo Krawczyk gave in a lecture was:
> 
> > B and C are fighter jets, and A is their commander. B has been
> > compromised by the enemy. A tells B to self-destruct, but because B
> > mounted a misbinding attack, the command goes to C.

This is dramatic, but not useful.  The point is that scope matters, and
SMTP is NOT the fighter jet command application.  I have no objections
once the claims are not over-generalised to application domains where
they don't apply.  I'd like to see appropriate qualifiers that make it
clear that misbinding isn't always relevant, or may be only relevant
during key enrollment.

> For a long time, like Viktor, I thought all this to be very
> speculative and not "interesting". But maybe with drones etc., I think
> the example by Hugo Krawczyk now has practical relevance (for me).

I have never said that UKS attacks are always a non-issue.  Sometimes
they really matter, and other times they do not matter at all, or
are an issue only during enrollment.

There may be times when you need a sensitive device to display a
matching value derived from a key agreement authenticated by its
purported key, with handshake transcripts...  Securing device
registration to ensure that it is not just proxying the traffic
elsewhere, or just reporting some other key.

This is a registration security problem, once the keys are properly
bound, there's no need to subsequently modify RPK when communicating
with the (fighter plane) device.

> In any case, I think it doesn't hurt to provide guidance on detecting
> and preventing misbinding where possible. Obviously, the guidance
> should not deter the use of RPK altogether. The intention of the pull
> request to 8446bis is to suggest that endpoints should verify each
> other's identity when they are unique and meaningful (which is at
> least the case when servers use domain names as identities). We can
> modify the exact text accordingly.

Only, if the guidance is not so general as to give the misleading
impression that absent novel counter-measures, there is necessarily a
problem.

For example, replacing RPKs with self-signed certificates is not
necessarily a means to improve security.  There are some DANE SMTP
servers whose operators are not careful to make sure that the MX
hostnames they choose match the DNS names inside the deployed
certificates, and this is not a problem with "3 1 1" TLSA records,
for which the SAN is ignored!  But some of the same operators sadly
have "2 1 1" records, and their sloppiness leads to authentication
failure.

The "3 1 1" approach is more robust all around, avoids the need to ever
care about CRLs, hostnames in certificates, expired certificates, ...
and is compatible with RPKs.  One gets more security in practice by
keeping everything as simple as possible.  Introducing CAs, CRLs,
expiration dates, requirements on matching SANs, ... makes the
system both more vulnerable to misissuance (ACME is TOFU) and
more brittle.

-- 
    Viktor.