[TLS] (bonus) AD review draft-ietf-tls-subcerts
Paul Wouters <paul.wouters@aiven.io> Tue, 10 May 2022 01:03 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AAFFC159A26 for <tls@ietfa.amsl.com>; Mon, 9 May 2022 18:03:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a9FCHfPhXkee for <tls@ietfa.amsl.com>; Mon, 9 May 2022 18:03:36 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F6C8C157B3E for <tls@ietf.org>; Mon, 9 May 2022 18:03:36 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id bu29so26731515lfb.0 for <tls@ietf.org>; Mon, 09 May 2022 18:03:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4ZkaKxgd2ghA9bd6BoO46efIjzE3C5+H4f65QMUMWjY=; b=bPUBBd38fx1+bG1RolhkdmTrkHluaUks8ZssrduM9o2AXhOnRcktE+rGpr5jlRgQDP zU3kJ8RYTYzxBkvUkyHgnLV67feJs9tnxo06IqndzHD4ravwEfY67CnaUCNI6O6EzYOB hhvoKhNQJcxdyKWCmCv6jyiRhYvEDPr5sD10E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4ZkaKxgd2ghA9bd6BoO46efIjzE3C5+H4f65QMUMWjY=; b=F4rb/DpFUA97eNg4udoekFl7pTuOx/mAbXRCpuQ8S+fsATfPPRNSGWuvTYy5mbYL+J hlz8F7PYxj9S21FWAzqtLBcOKAfADQXw7zmZM7bXDR2J/hyHcyfrm9a9SpAaG4xf+2ou 9ccmb1lS/4EFGLs+QN2vB1A/HexFewgZGnlxH/rshwLU/hEeQcGnBVHxAGh9mcHd4O0T AgF2l27AeUi6+IlF3D9jZ2JOuEt0xhdqaFUsUUCc64clj/MjmKWisBn21RBWra7IRJUT H5QgO1Gj/bbu+CSmH5VtwH3p4kaVWFk2LE7FjwkTJF/3bpkVYUq10Ehvo/ORQnePZJI4 DEwA==
X-Gm-Message-State: AOAM532pZMoLedMMq+Htv2dha4DCiqDuY5i3RBfyr1JylbL88Yfp35D2 78QpN/WaztqVhgCWA332RvgBOIbllf1vikOgpA1XEg==
X-Google-Smtp-Source: ABdhPJzHg2kJbTIffvZKU+73Zj03mbcCGPsyqlZFcTdG1SDWP0tqWvLK3q0Gs5T/ySEo1ziSTMStdqjJ8PaETnEVYMo=
X-Received: by 2002:a05:6512:3b0b:b0:473:3590:2872 with SMTP id f11-20020a0565123b0b00b0047335902872mr14532646lfv.581.1652144613867; Mon, 09 May 2022 18:03:33 -0700 (PDT)
MIME-Version: 1.0
References: <441CE2E2-3955-4BE9-A308-F2D43FD94A49@sn3rd.com> <E4C1226C-91B1-435C-8697-31887656A170@aiven.io> <79C39374-40CD-42D0-954C-C27F80788ED6@sn3rd.com>
In-Reply-To: <79C39374-40CD-42D0-954C-C27F80788ED6@sn3rd.com>
From: Paul Wouters <paul.wouters@aiven.io>
Date: Mon, 09 May 2022 21:03:23 -0400
Message-ID: <CAGL5yWZjb-yvaJJ_+sTe6sn3g5-Midq6CR6h3iJzJSy3g6Uigw@mail.gmail.com>
To: draft-ietf-tls-subcerts.authors@ietf.org
Cc: tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d3f01805de9de4db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Qr4lA2JFEqHA1VrNwnQOOISABL0>
X-Mailman-Approved-At: Tue, 10 May 2022 03:18:19 -0700
Subject: [TLS] (bonus) AD review draft-ietf-tls-subcerts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2022 01:03:40 -0000
As this document already saw an AD review by Ben Kaduk, I will not further hold up this document. Ben's write up can be found at: https://mailarchive.ietf.org/arch/msg/tls/qa908s0dMNxbUOZhnUel0qEVBSg/ Please treat the below as you would treat any other comments. Test vectors available but still not included - did these get verified ? Can these be included? expected_cert_verify_algorithm - why is this not called dc_cert_verify_algorithm or dc_verify_algorithm ? As in, why is there an "expected" prefix? We talk about signature_algorithms and not expected_signature_algorithms ? algorithm: The signature algorithm used to verify DelegatedCredential.signature. This reads weird. If the signature algorithm is "used", it was to create the signature. The verification is in the future though. Perhaps say "The signature algorithm used to create the DelegatedCredential.signature" 1. A string that consists of octet 32 (0x20) repeated 64 times. - Why is there a 64 spaces prefix ? - Should it say a non-null terminated string? Or perhaps "octet stream" instead of "string" ? 2. The context string "TLS, server delegated credentials" for server authentication and "TLS, client delegated credentials" for client authentication. - Same here, non-null terminated string? 3. A single 0 byte, which serves as the separator. a few lines up it used hex notation for 0x20 and named it octet. Should this be called a single octet of value 0x00 ? A client which supports this specification SHALL send a "delegated_credential" extension in its ClientHello. This oddly means that a client that supports this cannot really choose to not use it. Normally, this is more written as "A client that is willing to use DC includes a "delegated_credential" extension in its ClientHello" If the client receives a delegated credential without having indicated support in its ClientHello According to the above, this "SHALL" not happen because to recognise the extension it needs to support it and if it supports it, it SHALL send it :) The server MUST ignore the extension unless (D)TLS 1.3 or a later version is negotiated. That is oddly phrased as a MUST with an exception (which is really a SHOULD) Perhaps: "When a (D)TLS version negotiated is less than 1.3, the server MUST ignore this extension" The client MUST ignore the extension unless (D)TLS 1.3 or a later version is negotiated. Same here. The server MUST send the delegated credential Should that be "delegated_credential", eg underscore instead of space? Or use DC ? the server SHOULD ignore delegated credentials sent as extensions to any other certificate. Why is the case a "SHOULD ignore" where all the other cases of unexpected DC uses "MUST <some fatal error>" ? I'm a little confused by Section 7.4. Interactions with Session Resumption. The session resumption uses a seperate continue mechanism that omits needing to re-authenticate the peer. It has its own session ticket lifetimes to keep its state. Why is that mechanism on its own not enough? If the server still has the session state why would a valid DC be a requirement to use an existing ticket? Or phrased differently, one could say that a session resumption ticket lifetime should never fall outside the DC validity period (if that is what you want to enforce, but I'm not sure that is what you want or should do). NITS: Please fix nits as per genart review: https://datatracker.ietf.org/doc/review-ietf-tls-subcerts-12-genart-lc-davies-2022-04-08/ Paul
- [TLS] (bonus) AD review draft-ietf-tls-subcerts Paul Wouters
- Re: [TLS] (bonus) AD review draft-ietf-tls-subcer… Nick Sullivan
- Re: [TLS] (bonus) AD review draft-ietf-tls-subcer… Paul Wouters
- Re: [TLS] (bonus) AD review draft-ietf-tls-subcer… Nick Sullivan
- Re: [TLS] (bonus) AD review draft-ietf-tls-subcer… Sean Turner