Re: [TLS] draft-ietf-tls-oob-pubkey: My summary
Robert Cragie <robert.cragie@gridmerge.com> Thu, 12 July 2012 12:53 UTC
Return-Path: <robert.cragie@gridmerge.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2273521F87C8; Thu, 12 Jul 2012 05:53:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GT9ctxycE2uT; Thu, 12 Jul 2012 05:53:43 -0700 (PDT)
Received: from mail78.extendcp.co.uk (mail78.extendcp.co.uk [79.170.40.78]) by ietfa.amsl.com (Postfix) with ESMTP id 72D4221F8701; Thu, 12 Jul 2012 05:53:42 -0700 (PDT)
Received: from client-82-26-85-222.pete-bam-1.adsl.virginmedia.com ([82.26.85.222] helo=[192.168.0.2]) by mail78.extendcp.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) id 1SpIuJ-0001wS-CB; Thu, 12 Jul 2012 13:54:13 +0100
Message-ID: <4FFEC9C3.8050108@gridmerge.com>
Date: Thu, 12 Jul 2012 13:57:39 +0100
From: Robert Cragie <robert.cragie@gridmerge.com>
Organization: Gridmerge Ltd.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: tls@ietf.org, core <core@ietf.org>
References: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net>
In-Reply-To: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms090709070801060205030409"
X-Authenticated-As: robert.cragie@gridmerge.com
Subject: Re: [TLS] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert.cragie@gridmerge.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2012 12:53:44 -0000
Hi Hannes,
The only one thing I am not sure about is the necessity for cert-send.
This is because traditionally the server makes the decision on whether
to request a certificate from the client and would not know a priori
whether the client supports it. That's not to say it isn't a good idea
though.
On that basis, I would modify the exchange slightly - see below.
Robert
I use three types of indications in the message exchange below for
improved clarity, namely:
(a) 'cert-receive=(value-1, value-2, ..., value-n)' with the meaning: "I
accept certificate of the following types (value-1, ..., value-n) if you
send them to me." The list is ordered by preference.
(b) 'cert-info=value' with the meaning: "The certificate payload in this
message contains a certificate of the following type".
I) Server uses Raw Public Keys (client authentication happens at some
other layer) (the DANE use case)
client_hello,
cert-receive=(Raw, X.509) -> // (1)
<- server_hello,
cert-info=Raw, // (2)
certificate, // (3)
server_key_exchange,
server_hello_done
client_key_exchange,
change_cipher_spec,
finished ->
<- change_cipher_spec,
finished
Application Data <-------> Application Data
Legend:
(1) The client accepts reception of X.509 certs and raw public keys,
preferring raw public keys.
(2) The server decides to sends his raw public key and indicates this in
the cert-info field.
(3) The server certificate payload contains the raw public key.
II) Client and Server use Raw Public Keys (the smart object use case -
CORE working group)
client_hello,
cert-receive=(Raw) -> // (1)
<- server_hello,
cert-info=Raw,// (2)
certificate, // (3)
certificate_request, // (4)
cert-receive=(Raw) // (5)
server_key_exchange,
server_hello_done
cert-info=Raw, // (6)
certificate, // (7)
client_key_exchange,
change_cipher_spec,
finished ->
<- change_cipher_spec,
finished
Application Data <-------> Application Data
Legend:
(1) The client accepts reception of raw public keys.
(2) The server decides to sends his raw public key and indicates this in
the cert-info field.
(3) The server certificate payload contains the raw public key.
(4) The server wants to use client authentication and and sends a
certificate-request.
(5) The server accepts reception of raw public keys.
(6) The client indicates that the certificate payload contains a raw
public key.
(7) The client certificate payload contains the raw public key.
III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case)
client_hello,
cert-receive=(X.509, Raw) -> // (1)
<- server_hello,
cert-info=X.509,// (2)
certificate, // (3)
certificate_request, // (4)
cert-receive=(Raw) // (5)
server_key_exchange,
server_hello_done
cert-info=Raw, // (6)
certificate, // (7)
client_key_exchange,
change_cipher_spec,
finished ->
<- change_cipher_spec,
finished
Application Data <-------> Application Data
Legend:
(1) Client accepts to receive X.509 certs and raw public keys,
preferring X.509 certs. (Could also be X.509 only in this example)
(2) The server decides to sends his X.509 cert and indicates this in the
cert-info field.
(3) The server certificate payload contains the X.509 cert.
(4) The server wants to use client authentication and sends a
certificate-request.
(5) The server accepts reception of raw public keys.
(6) The client indicates that the certificate payload contains a raw
public key.
(7) The client certificate payload contains the raw public key.
On 12/07/2012 8:54 AM, Hannes Tschofenig wrote:
> Hi Erk, Hi Robert, Hi Nikos,
>
> thanks for your quick response. Here is an attempt to summarize your input.
>
> --------
>
> I use three types of indications in the message exchange below for improved clarity, namely:
>
> (a) 'cert-receive=(value-1, value-2, ..., value-n)' with the meaning: "I accept certificate of the following types (value-1, ..., value-n) if you send them to me." The list is ordered by preference.
>
> (b) 'cert-send=(value-1, value-2, ..., value-n)' with the meaning: "I could send you certificate of the following types (value-1, ..., value-n) if you ask." The list is ordered by preference.
>
> (c) cert-info=(value) with the meaning: "The certificate payload in this message contains a certificate of the following type".
>
> I) Server uses Raw Public Keys (client authentication happens at some other layer) (the DANE use case)
>
> client_hello,
> cert-receive=(Raw, X.509) // (1)
> cert-send=() -> // (2)
>
> <- server_hello,
> cert-info=(Raw),// (3)
> certificate, // (4)
> server_key_exchange,
> server_hello_done
>
> client_key_exchange,
> change_cipher_spec,
> finished ->
>
> <- change_cipher_spec,
> finished
>
> Application Data <-------> Application Data
>
> Legend:
>
> (1) Client accepts to receive two types of certificates, preferring raw public keys.
> (2) The client does not have a raw public key nor an X.509 certificate for client authentication.
> (3) The server decides to sends his raw public key and indicates this in the cert-info field.
> (4) The certificate payload contains the raw public key.
>
> II) Client and Server use Raw Public Keys (the smart object use case - CORE working group)
>
>
> client_hello,
> cert-receive=(Raw) // (1)
> cert-send=(Raw) -> // (2)
>
> <- server_hello,
> cert-info=(Raw),// (3)
> certificate, // (4)
> certificate_request, // (5)
> cert-receive=(Raw) // (6)
> server_key_exchange,
> server_hello_done
>
> cert-info=(Raw), // (7)
> certificate, // (8)
> client_key_exchange,
> change_cipher_spec,
> finished ->
>
> <- change_cipher_spec,
> finished
>
> Application Data <-------> Application Data
>
>
> Legend:
>
> (1) Client accepts to receive raw public keys.
> (2) The client does have a raw public key for client authentication.
> (3) The server decides to sends his raw public key and indicates this in the cert-info field.
> (4) The certificate payload contains the raw public key.
> (5) The server wants to use client authentication and and sends a cert-request.
> (6) The certificate request asks for a certificate of type 'raw' (knowing that the client supports it from (2)).
> (7) The client indicates that the certificate payload contains a raw public key
> (8) Here is the payload of the certificate itself.
>
> III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case)
>
> client_hello,
> cert-receive=(X.509, Raw) // (1)
> cert-send=(Raw) -> // (2)
>
> <- server_hello,
> cert-info=(X.509),// (3)
> certificate, // (4)
> certificate_request, // (5)
> cert-receive=(Raw) // (6)
> server_key_exchange,
> server_hello_done
>
> cert-info=(Raw), // (7)
> certificate, // (8)
> client_key_exchange,
> change_cipher_spec,
> finished ->
>
> <- change_cipher_spec,
> finished
>
> Application Data <-------> Application Data
>
> Legend:
>
> (1) Client accepts to receive X.509 certs and raw public keys, in this order of preference. (Could also be X.509 only in this example)
> (2) The client does have a raw public key for client authentication.
> (3) The server decides to sends his X.509 cert and indicates this in the cert-info field.
> (4) The certificate payload contains the X.509 cert.
> (5) The server wants to use client authentication and sends a cert-request.
> (6) The certificate request asks for a certificate of type 'raw' (knowing that the client supports it from (2)).
> (7) The client indicates that the certificate payload contains a raw public key.
> (8) Here is the payload of the certificate itself.
>
> --------
>
> Do these indications clarify the semantic?
> I personally believe so.
>
> Ciao
> Hannes
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
- [TLS] draft-ietf-tls-oob-pubkey: My summary Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey: My summary Robert Cragie
- Re: [TLS] draft-ietf-tls-oob-pubkey: My summary Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey: My summary Robert Cragie