IETF Logo Mail Archive

Re: [TLS] Request mTLS Flag

David Benjamin <davidben@chromium.org> Mon, 23 October 2023 15:38 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B2E6C16F414 for <tls@ietfa.amsl.com>; Mon, 23 Oct 2023 08:38:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.258
X-Spam-Level:
X-Spam-Status: No, score=-9.258 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xvgvnfgpt-S3 for <tls@ietfa.amsl.com>; Mon, 23 Oct 2023 08:38:05 -0700 (PDT)
Received: from mail-yw1-x112e.google.com (mail-yw1-x112e.google.com [IPv6:2607:f8b0:4864:20::112e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DEBFC1AE9E7 for <tls@ietf.org>; Mon, 23 Oct 2023 08:36:24 -0700 (PDT)
Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-59b5484fbe6so35964327b3.1 for <tls@ietf.org>; Mon, 23 Oct 2023 08:36:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1698075383; x=1698680183; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=g6vLJO+QRgekZKt5k/UheD8Gd/JUmg5V7Ne5df1vzpI=; b=nVxGSu4iBvxYYuJsYZz0Mj+R9bkobpjnQfSigpkzeN9imoW1ziacy2ZO+K6bFY7hjr W8WYDpS4ejrbu3pob3BnsEzio1C9flTiOhHkIwMhp4I/RUQR5iH+Q3V1pxsiGlS8JcWD nvReSx3YZaddGByDfnTfbQkfss0EdhGUCnumQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698075383; x=1698680183; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=g6vLJO+QRgekZKt5k/UheD8Gd/JUmg5V7Ne5df1vzpI=; b=FgUUKEL/YxUq5NVoP+aYJfZRlNL8jjylMb4a+Rw3TbhewrxEmxTlH5kTDfQdep00ij Px3RJi7GGzz0dMKSabZ4XQpJ1kU3p6rx0eKM1LFVsvObGb/YwcjPkqkVHg0C1/SAgkTu y60J76PxfbHwo+8Q9X/N/7nKKLJTqR2iSE8U+h38MDSECusBJw59dR1DVgMh5cXYq3mg zKD302PuiA1vHrVet7NyTMdwPqACK801teRZEaAzSKmxsGMQaidm8AtMjdfvEDZ3F6Je 5Q/CNokxVNIQBq+s/x30hajq3fcLxJ9l7+3LGOib8F8fDpRyU9xtSzu2NRAe+KHzE2NQ tKWw==
X-Gm-Message-State: AOJu0YxWrIpOI2I6X5K9Cw2ZeAg5VM8SI5FUwTSQFKAZR8kPCLrJLzMm W+EdlZYc05v1L8OB1i8/jbLWOTI8P8GxzDLVvnLCbiXaDk19kSEsYw==
X-Google-Smtp-Source: AGHT+IFnPU/H/4FZQZU55PcOdndFr/AYzSnTA0SH36rr9pfpzdJcefbBbv3MvbmSo2AG0rpjOfWtrhs3bjB/J8ZJEiY=
X-Received: by 2002:a25:cb8e:0:b0:d9b:dc13:8c20 with SMTP id b136-20020a25cb8e000000b00d9bdc138c20mr11533144ybg.11.1698075383070; Mon, 23 Oct 2023 08:36:23 -0700 (PDT)
MIME-Version: 1.0
References: <CACykbs3TMM6W_K2zHnOjPwuuhxa8ZUnSz2BqvgSGfEpNs71Edg@mail.gmail.com>
In-Reply-To: <CACykbs3TMM6W_K2zHnOjPwuuhxa8ZUnSz2BqvgSGfEpNs71Edg@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Mon, 23 Oct 2023 11:36:10 -0400
Message-ID: <CAF8qwaDc_Moj_mXJHqRxzi995eA8T3uFNJmvHCfDboq5LG42mA@mail.gmail.com>
To: Jonathan Hoyland <jonathan.hoyland@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000036552060863fcf8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LFGS4gWva0DadyzS3XfaqwfBeQE>
Subject: Re: [TLS] Request mTLS Flag
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2023 15:38:09 -0000

Would you expect a browser user to send this flag? On the browser side, we
don't know until the CertificateRequest whether a client certificate is
configured. We have to do a moderately expensive query, dependent on
information on the CertificateRequest of the OS's cert and key stores to
get this information. This query may even call into things like 3p
smartcard drivers, which may do arbitrarily disruptive things like showing
UI.

And if we could somehow predict this information, this would leak into the
cleartext ClientHello when, starting TLS 1.3, the whole client certificate
flow is in the encrypted portion of the handshake.

So, practically speaking, I don't think browsers could do anything
meaningful with this extension. We'd either always send it, on grounds that
we have code to rummage for client certs on request, or never send it on
grounds that we're not preconfigured with a client cert at the time of
ClientHello. Either way, it seems likely to interfere with someone's
assumptions here.

The dedicated endpoint strategy seems more straightforward.

David


On Mon, Oct 23, 2023, 11:22 Jonathan Hoyland <jonathan.hoyland@gmail.com>
wrote:

> Hey TLSWG,
>
> I've just posted a new draft
> <https://www.ietf.org/archive/id/draft-jhoyla-req-mtls-flag-00.html> that
> defines a TLS Flag
> <https://www.ietf.org/archive/id/draft-ietf-tls-tlsflags-12.html> that
> provides a hint to the server that the client supports mTLS / is configured
> with a client certificate.
>
> Usually the server has no way to know in advance whether a given inbound
> connection is from a client with a certificate. If the server unexpectedly
> requests a certificate from a human user, most users wouldn’t know what to
> do. To avoid this many servers never send the CertificateRequest message in
> the server’s first flight, or set up dedicated endpoints used only by bots.
> If client authentication is necessary it can be negotiated later using a
> higher layer either through post-handshake auth or with an Exported
> Authenticator, but both of those options add round trips to the connection.
>
> At Cloudflare we’re exploring ways to quickly identify clients. Having an
> explicit signal from the client that it has an mTLS certificate on offer
> reduces round-trips to find out, avoids unnecessarily probing clients that
> have no certificate, etc. I think this would be an ideal use case for the
> TLS Flags extension.
>
> I have a pair of interoperable implementations (one based on boringssl and
> one based on Go TLS) which I plan to open source before Prague. Obviously
> these include implementations of the TLS Flags extension, which hopefully
> will help drive that work forward too.
>
> Regards,
>
> Jonathan
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>

v2.23.0 | Report a Bug | By Email