IETF Logo Mail Archive

Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-00.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 11 October 2015 21:17 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 418E11B2C19 for <tls@ietfa.amsl.com>; Sun, 11 Oct 2015 14:17:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.23
X-Spam-Level:
X-Spam-Status: No, score=-1.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hkvebh5J6bSK for <tls@ietfa.amsl.com>; Sun, 11 Oct 2015 14:17:12 -0700 (PDT)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 993741B2C13 for <tls@ietf.org>; Sun, 11 Oct 2015 14:17:12 -0700 (PDT)
Received: by wiclk2 with SMTP id lk2so130049177wic.1 for <tls@ietf.org>; Sun, 11 Oct 2015 14:17:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=ndE16uk3TPTRGIv8K32J9RshIbUUEvR/wNat9wYelnE=; b=PJEn+pawqxGKeG7rUE2PXkchDxcz3dhMeOPQ9rR8/co/S50ob2WhrCq0PWYfWOXycR oBHm4DIgrpzKqotCMiTNf/vVPn9GzazhgrJodeMAVgN7yUQWNua9LQSc0knbkjv2hrcK EfU+DaMSNUatqot82Xl/tmzUwClk5t6WndBKIURs6Mjz6K9duclwYzDn7OWfZdXsONNc 9mtKsYHI5lWHKlUELxkg34xGtYYaw68MfPQivmgc0tVndoUdNBXzpwnVScO2sn04qiYH o9IbkQyl3cLbeeBx9/ZpGZtdyX2K3cxFeMhD8baAljAAzBbhCNEn7rXt4skfPIMkRErQ iLNQ==
X-Received: by 10.194.113.67 with SMTP id iw3mr11706234wjb.66.1444598231178; Sun, 11 Oct 2015 14:17:11 -0700 (PDT)
Received: from [10.0.0.5] (bzq-79-178-5-101.red.bezeqint.net. [79.178.5.101]) by smtp.googlemail.com with ESMTPSA id o3sm8180665wif.22.2015.10.11.14.17.09 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Oct 2015 14:17:10 -0700 (PDT)
To: Dave Garrett <davemgarrett@gmail.com>, tls@ietf.org
References: <20151011193517.30413.36864.idtracker@ietfa.amsl.com> <561ABF32.20008@gmail.com> <201510111621.32854.davemgarrett@gmail.com>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <561AD1D3.7030100@gmail.com>
Date: Mon, 12 Oct 2015 00:17:07 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <201510111621.32854.davemgarrett@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/NQE2uu5s2DVbnOByiUYp7zi3Xvc>
Subject: Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Oct 2015 21:17:14 -0000

Hi Dave,

Thanks for correcting my notation. The text in TLS 1.2 and 1.3 is 
confusing and I misunderstood it. This sentence is absolutely opaque to 
me: "The length will be in the form of a number consuming as many bytes 
as required to hold the vector's specified maximum (ceiling) length."

Regards,
	Yaron

On 10/11/2015 11:21 PM, Dave Garrett wrote:
> https://tools.ietf.org/html/draft-sheffer-tls-pinning-ticket-00#section-3
>
> Your notation is incorrect. Please read the section on vectors carefully, as it *is* confusing and the notation is not what is usually assumed. I'll cite the TLS 1.2 spec as it has not changed:
> https://tools.ietf.org/html/rfc5246#section-4.3
>
> For "type name<n..m>;", the range [n,m] is always in _bytes_, not entry count. In particular, note the second example at the end of the vectors section:
>        uint16 longer<0..800>;
>              /* zero to 400 16-bit unsigned integers */
>
> All 3 of your arrays of strings are listed with "<0..1>", which actually notates zero or one byte, not zero or one element. There is no way to explicitly state a range of allowed sizes by entry count with variable length entries, within this notation. Yes, this is not great and yes, this is often misunderstood. You'll have to mandate entry count with a "MUST" in the body of the text.
>
> No, it's probably not going to be changed any time soon, as that would contradict past specifications' notation. Maybe something like "type name<min_bytes..max_bytes>[min_count..max_count];" could work, but that's probably not worth the confusion of introducing a new and more complex notation.
>
> On the actual topic of the proposal, I haven't looked into it in detail yet, but I am glad to see pinning being worked on at the TLS level.
>
>
> Dave
>
>
> On Sunday, October 11, 2015 03:57:38 pm Yaron Sheffer wrote:
>> We have a standard for certificate pinning (RFC 7469), but it is rather
>> hard to use and as a result is rarely deployed. This draft proposes a
>> lightweight alternative that allows TLS clients to authenticate the
>> server they're connecting to, even if a rogue CA can generate fake
>> certificates for that server.
>>
>> The draft is currently TLS 1.3-only, and is based on the previous draft
>> of 1.3 so some minor details may have changed.
>>
>> Comments are of course most welcome.
>>
>> Thanks,
>> 	Yaron
>>
>>
>> -------- Forwarded Message --------
>> Subject: New Version Notification for
>> draft-sheffer-tls-pinning-ticket-00.txt
>> Date: Sun, 11 Oct 2015 12:35:17 -0700
>> From: internet-drafts@ietf.org
>> To: Yaron Sheffer <yaronf.ietf@gmail.com>
>>
>>
>> A new version of I-D, draft-sheffer-tls-pinning-ticket-00.txt
>> has been successfully submitted by Yaron Sheffer and posted to the
>> IETF repository.
>>
>> Name:		draft-sheffer-tls-pinning-ticket
>> Revision:	00
>> Title:		TLS Server Identity Pinning with Tickets
>> Document date:	2015-10-11
>> Group:		Individual Submission
>> Pages:		14
>> URL:
>> https://www.ietf.org/internet-drafts/draft-sheffer-tls-pinning-ticket-00.txt
>> Status:
>> https://datatracker.ietf.org/doc/draft-sheffer-tls-pinning-ticket/
>> Htmlized:
>> https://tools.ietf.org/html/draft-sheffer-tls-pinning-ticket-00
>>
>>
>> Abstract:
>>      Fake public-key certificates are an ongoing problem for users of TLS.
>>      Several solutions have been proposed, but none is currently in wide
>>      use.  This document proposes to extend TLS with opaque tickets,
>>      similar to those being used for TLS session resumption, as a way to
>>      pin the server's identity.  That is, to ensure the client that it is
>>      connecting to the right server even in the presence of corrupt
>>      certificate authorities and fake certificates.  The main advantage of
>>      this solution is that no manual management actions are required.
>>
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> The IETF Secretariat
>>
>>
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>

v2.23.0 | Report a Bug | By Email