IETF Logo Mail Archive

Re: [TLS] new version of draft-dthakore-tls-authz

Darshak Thakore <d.thakore@cablelabs.com> Mon, 28 January 2013 01:40 UTC

Return-Path: <d.thakore@cablelabs.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F7F321F8809 for <tls@ietfa.amsl.com>; Sun, 27 Jan 2013 17:40:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.463
X-Spam-Level:
X-Spam-Status: No, score=-0.463 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RFN9vP3A17bZ for <tls@ietfa.amsl.com>; Sun, 27 Jan 2013 17:40:45 -0800 (PST)
Received: from ondar.cablelabs.com (ondar.cablelabs.com [192.160.73.61]) by ietfa.amsl.com (Postfix) with ESMTP id BA39921F87FA for <tls@ietf.org>; Sun, 27 Jan 2013 17:40:44 -0800 (PST)
Received: from kyzyl.cablelabs.com (kyzyl [10.253.0.7]) by ondar.cablelabs.com (8.14.5/8.14.5) with ESMTP id r0S1ehxS019303 for <tls@ietf.org>; Sun, 27 Jan 2013 18:40:43 -0700
Received: from exchange.cablelabs.com (10.5.0.19) by kyzyl.cablelabs.com (F-Secure/fsigk_smtp/407/kyzyl.cablelabs.com); Sun, 27 Jan 2013 18:40:43 -0700 (MST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/407/kyzyl.cablelabs.com)
Received: from EXCHANGE.cablelabs.com ([fe80::797a:96d1:3c53:18ee]) by EXCHANGE.cablelabs.com ([fe80::797a:96d1:3c53:18ee%11]) with mapi id 14.02.0328.009; Sun, 27 Jan 2013 18:40:43 -0700
From: Darshak Thakore <d.thakore@cablelabs.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] new version of draft-dthakore-tls-authz
Thread-Index: AQHN+lww1j1ydBJL9UG687qxsPpFQJhaVf6AgAOmPgA=
Date: Mon, 28 Jan 2013 01:40:43 +0000
Message-ID: <0E515E8C52A54F4DBDF51AB79386333517F3FCA1@EXCHANGE.cablelabs.com>
In-Reply-To: <510264F5.1090301@gnutls.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.5.121010
x-originating-ip: [10.5.0.27]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <811EEA5E6612084A8FA4CE183B6BA4B7@cablelabs.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Approved: ondar
Subject: Re: [TLS] new version of draft-dthakore-tls-authz
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jan 2013 01:40:46 -0000

Hi Nikos,

On #1, Yes the intent of the [[]] was to make the certificate optional.
Thanks for the suggestion, i've changed that and will get reflected in the
next draft.

On #2, In my earlier response to Mark's comments, i provided a sample TLS
exchange that shows how the nonce is used. The reason a separate nonce is
specified is because an application that is generating the
SupplementalData payload may not have access to the TLS nonces. The server
generates the nonce and the client will include it in its dtcp_authz_data
payload. With the update mentioned in the earlier email, the signature
that the client includes in its SupplementalData message will cover the
nonce also along with its DTCP Cert and the optional X.509 cert.

On #3, I can include a figure that demonstrates the example exchange i
included earlier. Should something like that go into the appendix?

On #4, When a client sends a SupplementalData payload like [(Nonce, DTCP
Cert, X.509 Cert) Signature covering the three elements] followed by a
Certificate message that includes the same X.509 Cert used above, a server
can verify that the possessor of the X.509 Certificate also posseses the
DTCP Cert (proven by the Signature above generated using the private key
associated with the DTCP Cert).


Regards,
Darshak 

On 1/25/13 3:56 AM, "Nikos Mavrogiannopoulos" <nmav@gnutls.org> wrote:

>On 01/24/2013 06:56 PM, Darshak Thakore wrote:
>
>> Hello all,
>> 
>> I have uploaded a new version of the draft that specifies a new
>>SupplementalData authorization extension to exchange DTCP Certificates.
>> This version addresses a number of comments that were received during
>>the IETF-85 meeting and subsequently on the mailing list.
>> 
>> The following points are addressed in the new draft
>> 
>>   1.  Added details about the format of DTCP Certificates and provided
>>section references to the DTCP Specs. This should help readers navigate
>>to the relevant parts of the DTCP Spec more easily since most of the
>>information in the DTCP Specs is irrelevant to this I-D (besides the
>>actual DTCP certificate details)
>>   2.  Added a section to explain the use cases for this TLS extension
>>and how it allows devices with existing DTCP Certificates to leverage it
>>for different uses (besides its use and independent of its use for
>>content protection)
>>   3.  Provided clarification that this extension is only meant to
>>exchange DTCP certificates as additional authorization information
>>during a TLS exchange. It is *not* meant to tunnel any secondary
>>protocol within TLS, nor does it replace the role of X.509 certificates
>>in the TLS protocol
>>   4.  Provided clarification in Section 3.2 about the dtcp_authz_data
>>stuct
>> 
>> I would greatly appreciate any comments/feedback on it.
>
>
>Some comments:
>1. What is the [[]] notation?
>
>You use it in:
>         struct {
>             opaque DTCPCert<1..2^24-1>;
>             [[opaque ASN.1Cert<1..2^24-1>]];
>             opaque signature<1..2^16-1>;
>         } DigitallySigned;
>and later you mention that the certificate is optional. If you want to
>make the certificate optional you do:
>         struct {
>             opaque DTCPCert<1..2^24-1>;
>             opaque ASN.1Cert<0..2^24-1>;
>             opaque signature<1..2^16-1>;
>         } DigitallySigned;
>
>Otherwise your structure cannot be parsed (TLS structures are different
>from ASN.1).
>
>2. How does the random nonce protect from replay attacks? My I
>understanding is that it isn't used at all. What kind of replay attacks
>are you considering at? Why use a new nonce and not the TLS nonces?
>
>3. One cannot get an overview of your additions. I'd suggest another
>figure, similar to figure 1, that will focus on the exchange that is
>relevant only for your extension (that way it would be apparent what you
>are protecting with the nonce).
>
>e.g.
>        ClientHello (with client_authz) -------->
>
>                                       ServerHello(with server_authz)
>                                             SupplementalData (with ???)
>
>4. You say "cryptographically tie its dtcp_authz_data with the TLS
>session being established."
>
>How do you mean by cryptographically tie? (usually such a phrase implies
>a commitment - e.g., a signature))
>
>regards,
>Nikos
>_______________________________________________
>TLS mailing list
>TLS@ietf.org
>https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email