Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Roelof duToit <> Mon, 07 May 2018 15:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 65BFF126CB6 for <>; Mon, 7 May 2018 08:06:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Y5hFhu4bY9Qx for <>; Mon, 7 May 2018 08:06:21 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A0945126CC4 for <>; Mon, 7 May 2018 08:06:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1525705574; s=zoho;;; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To; l=1431; bh=twBJrM8EBb8NtG8+vlK1GZfFBjwfPJBEeXeemdJCf5A=; b=ijx/9jn9KpNWmECWDAZK+5/7Y3lE7NkOOGCbYc7JJCxkpVoi88p3qN56x1EiGFIj kCxq13p9M45kb2oTpgIHBnuTdkezkMpwOanEtJ+Sd6ZHDF/1tqOgqCU1pByzKHNVmQa Jgv7UZXf6jDWRBX646KU0CrjDl3KLdUp2sV1Fb9I=
Received: from [] ( []) by with SMTPS id 1525705574518923.7374743472676; Mon, 7 May 2018 08:06:14 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Roelof duToit <>
In-Reply-To: <>
Date: Mon, 07 May 2018 11:06:10 -0400
Cc: TLS WG <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <>
To: Benjamin Kaduk <>
X-Mailer: Apple Mail (2.3273)
X-ZohoMailClient: External
Archived-At: <>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 07 May 2018 15:06:23 -0000

> On May 4, 2018, at 5:48 PM, Benjamin Kaduk <> wrote:
> On Fri, May 04, 2018 at 11:20:55AM -0400, Roelof duToit wrote:
>> How will this (and any mechanism built on top of RFC 5705 exported key material) interoperate with middleboxes?  This use of the mechanism is not negotiated on the TLS level, so there is no extension for the middlebox to strip that would warn the endpoints not to use exported authenticators.  Are application level proxies the only compatible middleboxes?
> I'm not sure I properly understand the question, in particular what kind of
> middlebox you're considering.  Note that application protocols will need to
> have some way to negotiate the use of this functionality, which presumably a
> middlebox could also inspect.

That is the problem.. some middleboxes are protocol agnostic and are used to strip the TLS layer before feeding the rest of the security stack - so called “Transport Layer Active Intercept” vs “Application Layer Intercept” (ignoring “Transport Layer Passive Intercept” for the moment).  Some middleboxes might also perform transport layer active intercept in combination with passive application detection, i.e. L7 analysis vs L7 termination.
In summary: the endpoints cannot assume that exported key material is identical in a middlebox environment.