Re: [TLS] draft-ietf-tls-oob-pubkey: My summary
Robert Cragie <robert.cragie@gridmerge.com> Fri, 13 July 2012 14:06 UTC
Return-Path: <robert.cragie@gridmerge.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78C0921F8786; Fri, 13 Jul 2012 07:06:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BtDSo9aCEDLP; Fri, 13 Jul 2012 07:06:04 -0700 (PDT)
Received: from mail78.extendcp.co.uk (mail78.extendcp.co.uk [79.170.40.78]) by ietfa.amsl.com (Postfix) with ESMTP id B828121F8783; Fri, 13 Jul 2012 07:06:03 -0700 (PDT)
Received: from client-86-23-114-225.brhm.adsl.virginmedia.com ([86.23.114.225] helo=[192.168.0.2]) by mail78.extendcp.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) id 1SpgVx-0005Z3-J8; Fri, 13 Jul 2012 15:06:38 +0100
Message-ID: <50002B6E.6090806@gridmerge.com>
Date: Fri, 13 Jul 2012 15:06:38 +0100
From: Robert Cragie <robert.cragie@gridmerge.com>
Organization: Gridmerge Ltd.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net> <4FFEC9C3.8050108@gridmerge.com> <D8ED2501-D008-43DB-91D9-56411AE41968@gmx.net>
In-Reply-To: <D8ED2501-D008-43DB-91D9-56411AE41968@gmx.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms090703010805090806080408"
X-Authenticated-As: robert.cragie@gridmerge.com
Cc: tls@ietf.org, core <core@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert.cragie@gridmerge.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2012 14:06:05 -0000
Hi Hannes, Agreed, but you are changing the knowledge the server has prior to the request; I was simply questioning whether this was necessary. The server can present a list of certificate types it accepts and the client chooses one, so it is the same mechanism as the client uses initially when (implicitly) requesting a certificate from the server (according to cipher suite) and thus more balanced. Robert On 13/07/2012 12:44 PM, Hannes Tschofenig wrote: > Hi Robert, > > I am not changing the paradigm that the server asks the client for a certificate. It still does. > > What I had proposed is to include information that allows the server to ask for something that the client actually has given that we now include support for different certificate types, a feature that was not previously available. > > So, in your example below a client cannot say that he has a raw public key for client authentication but not an X.509 certificate. > > Ciao > Hannes > > On Jul 12, 2012, at 3:57 PM, Robert Cragie wrote: > >> Hi Hannes, >> >> The only one thing I am not sure about is the necessity for cert-send. This is because traditionally the server makes the decision on whether to request a certificate from the client and would not know a priori whether the client supports it. That's not to say it isn't a good idea though. >> >> On that basis, I would modify the exchange slightly - see below. >> >> Robert >> >> I use three types of indications in the message exchange below for improved clarity, namely: >> >> (a) 'cert-receive=(value-1, value-2, ..., value-n)' with the meaning: "I accept certificate of the following types (value-1, ..., value-n) if you send them to me." The list is ordered by preference. >> >> (b) 'cert-info=value' with the meaning: "The certificate payload in this message contains a certificate of the following type". >> >> I) Server uses Raw Public Keys (client authentication happens at some other layer) (the DANE use case) >> >> client_hello, >> cert-receive=(Raw, X.509) -> // (1) >> >> <- server_hello, >> cert-info=Raw, // (2) >> certificate, // (3) >> server_key_exchange, >> server_hello_done >> >> client_key_exchange, >> change_cipher_spec, >> finished -> >> >> <- change_cipher_spec, >> finished >> >> Application Data <-------> Application Data >> >> Legend: >> >> (1) The client accepts reception of X.509 certs and raw public keys, preferring raw public keys. >> (2) The server decides to sends his raw public key and indicates this in the cert-info field. >> (3) The server certificate payload contains the raw public key. >> >> II) Client and Server use Raw Public Keys (the smart object use case - CORE working group) >> >> >> client_hello, >> cert-receive=(Raw) -> // (1) >> >> <- server_hello, >> cert-info=Raw,// (2) >> certificate, // (3) >> certificate_request, // (4) >> cert-receive=(Raw) // (5) >> server_key_exchange, >> server_hello_done >> >> cert-info=Raw, // (6) >> certificate, // (7) >> client_key_exchange, >> change_cipher_spec, >> finished -> >> >> <- change_cipher_spec, >> finished >> >> Application Data <-------> Application Data >> >> >> Legend: >> >> (1) The client accepts reception of raw public keys. >> (2) The server decides to sends his raw public key and indicates this in the cert-info field. >> (3) The server certificate payload contains the raw public key. >> (4) The server wants to use client authentication and and sends a certificate-request. >> (5) The server accepts reception of raw public keys. >> (6) The client indicates that the certificate payload contains a raw public key. >> (7) The client certificate payload contains the raw public key. >> >> III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case) >> >> client_hello, >> cert-receive=(X.509, Raw) -> // (1) >> >> <- server_hello, >> cert-info=X.509,// (2) >> certificate, // (3) >> certificate_request, // (4) >> cert-receive=(Raw) // (5) >> server_key_exchange, >> server_hello_done >> >> cert-info=Raw, // (6) >> certificate, // (7) >> client_key_exchange, >> change_cipher_spec, >> finished -> >> >> <- change_cipher_spec, >> finished >> >> Application Data <-------> Application Data >> >> Legend: >> >> (1) Client accepts to receive X.509 certs and raw public keys, preferring X.509 certs. (Could also be X.509 only in this example) >> (2) The server decides to sends his X.509 cert and indicates this in the cert-info field. >> (3) The server certificate payload contains the X.509 cert. >> (4) The server wants to use client authentication and sends a certificate-request. >> (5) The server accepts reception of raw public keys. >> (6) The client indicates that the certificate payload contains a raw public key. >> (7) The client certificate payload contains the raw public key. >> >> >> >> >> On 12/07/2012 8:54 AM, Hannes Tschofenig wrote: >>> Hi Erk, Hi Robert, Hi Nikos, >>> >>> thanks for your quick response. Here is an attempt to summarize your input. >>> >>> -------- >>> >>> I use three types of indications in the message exchange below for improved clarity, namely: >>> >>> (a) 'cert-receive=(value-1, value-2, ..., value-n)' with the meaning: "I accept certificate of the following types (value-1, ..., value-n) if you send them to me." The list is ordered by preference. >>> >>> (b) 'cert-send=(value-1, value-2, ..., value-n)' with the meaning: "I could send you certificate of the following types (value-1, ..., value-n) if you ask." The list is ordered by preference. >>> >>> (c) cert-info=(value) with the meaning: "The certificate payload in this message contains a certificate of the following type". >>> >>> I) Server uses Raw Public Keys (client authentication happens at some other layer) (the DANE use case) >>> >>> client_hello, >>> cert-receive=(Raw, X.509) // (1) >>> cert-send=() -> // (2) >>> >>> <- server_hello, >>> cert-info=(Raw),// (3) >>> certificate, // (4) >>> server_key_exchange, >>> server_hello_done >>> >>> client_key_exchange, >>> change_cipher_spec, >>> finished -> >>> >>> <- change_cipher_spec, >>> finished >>> >>> Application Data <-------> Application Data >>> >>> Legend: >>> >>> (1) Client accepts to receive two types of certificates, preferring raw public keys. >>> (2) The client does not have a raw public key nor an X.509 certificate for client authentication. >>> (3) The server decides to sends his raw public key and indicates this in the cert-info field. >>> (4) The certificate payload contains the raw public key. >>> >>> II) Client and Server use Raw Public Keys (the smart object use case - CORE working group) >>> >>> >>> client_hello, >>> cert-receive=(Raw) // (1) >>> cert-send=(Raw) -> // (2) >>> >>> <- server_hello, >>> cert-info=(Raw),// (3) >>> certificate, // (4) >>> certificate_request, // (5) >>> cert-receive=(Raw) // (6) >>> server_key_exchange, >>> server_hello_done >>> >>> cert-info=(Raw), // (7) >>> certificate, // (8) >>> client_key_exchange, >>> change_cipher_spec, >>> finished -> >>> >>> <- change_cipher_spec, >>> finished >>> >>> Application Data <-------> Application Data >>> >>> >>> Legend: >>> >>> (1) Client accepts to receive raw public keys. >>> (2) The client does have a raw public key for client authentication. >>> (3) The server decides to sends his raw public key and indicates this in the cert-info field. >>> (4) The certificate payload contains the raw public key. >>> (5) The server wants to use client authentication and and sends a cert-request. >>> (6) The certificate request asks for a certificate of type 'raw' (knowing that the client supports it from (2)). >>> (7) The client indicates that the certificate payload contains a raw public key >>> (8) Here is the payload of the certificate itself. >>> >>> III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case) >>> >>> client_hello, >>> cert-receive=(X.509, Raw) // (1) >>> cert-send=(Raw) -> // (2) >>> >>> <- server_hello, >>> cert-info=(X.509),// (3) >>> certificate, // (4) >>> certificate_request, // (5) >>> cert-receive=(Raw) // (6) >>> server_key_exchange, >>> server_hello_done >>> >>> cert-info=(Raw), // (7) >>> certificate, // (8) >>> client_key_exchange, >>> change_cipher_spec, >>> finished -> >>> >>> <- change_cipher_spec, >>> finished >>> >>> Application Data <-------> Application Data >>> >>> Legend: >>> >>> (1) Client accepts to receive X.509 certs and raw public keys, in this order of preference. (Could also be X.509 only in this example) >>> (2) The client does have a raw public key for client authentication. >>> (3) The server decides to sends his X.509 cert and indicates this in the cert-info field. >>> (4) The certificate payload contains the X.509 cert. >>> (5) The server wants to use client authentication and sends a cert-request. >>> (6) The certificate request asks for a certificate of type 'raw' (knowing that the client supports it from (2)). >>> (7) The client indicates that the certificate payload contains a raw public key. >>> (8) Here is the payload of the certificate itself. >>> -------- >>> >>> Do these indications clarify the semantic? >>> I personally believe so. >>> >>> Ciao >>> Hannes >>> >>> _______________________________________________ >>> TLS mailing list >>> TLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/tls >>> >> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >
- [TLS] draft-ietf-tls-oob-pubkey: My summary Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey: My summary Robert Cragie
- Re: [TLS] draft-ietf-tls-oob-pubkey: My summary Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey: My summary Robert Cragie