Re: [TLS] Better TLS Client Authentication
Anders Rundgren <anders.rundgren.net@gmail.com> Tue, 24 May 2022 04:59 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6657C07512F for <tls@ietfa.amsl.com>; Mon, 23 May 2022 21:59:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.954
X-Spam-Level:
X-Spam-Status: No, score=-3.954 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrvGc6Xof3SI for <tls@ietfa.amsl.com>; Mon, 23 May 2022 21:59:13 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F3B9C07512D for <tls@ietf.org>; Mon, 23 May 2022 21:59:13 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id h14so23999736wrc.6 for <tls@ietf.org>; Mon, 23 May 2022 21:59:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to:content-transfer-encoding; bh=slVAuXLxWvUlno7sCCBGc2fXa7IA6NSQh0LfqMcDVBM=; b=kamVVg0sipBne3NS7omBZYi3jOZc80F8BEo2vXxKehEUNroGfB4vON6xhbzzBvPJHG Kh1kdgpJJ5em/50grndIoeoDueE5FUdvQpc4yZzC9xoFYbQvgWwAsiCd9E11NTK+UnUn KB0CkwXlQI9zEh9+Nnu3XZRY6wAykYKA8o5DSz73jnT0n7KPKnuCeUPqcxgJpbdkwOFi /XQ1AsBdzC2yoBgQqcGhqHvPFVGaSEgFFgpKwy/lJGzwTbkqGVRWNlNQJsrUHnNKsZ6Y gWPbcVKFaqkAf6hPDol/mI+NbXiWRWgCQAL62Frsr6rKG4GvLSwMl1R5gIZdfp6+M4dD UDXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=slVAuXLxWvUlno7sCCBGc2fXa7IA6NSQh0LfqMcDVBM=; b=ftcjhS1MXyBjQ9dDTK3gPcar5Q5AwYp1wbjMeZ1iww5I8wuzLKYxvLaOJQ+IDOn6eV XhXb1VO9go2nuFvUaYHW1djFb5CDk2QBaG3UR3IrtvoIO37LWYpumrY2J9nJ/Sx5YwQi YRJg/FMGtkKDBRvVQSm9dQl9gqbefSDBWssf4UwmYu+rXmOZEJTOfVbu3RWAOXq/tD8m P0CoWNVU2JgUtb9o6KatOJxx4qgtnzLRVejnPCpPn1uAcMgEEWMfUsXEXeFvEXjq+6Aa iOww7TNPwt8xWEGzDiV3akACBXIyiuy037InHYMTcIGaYiasxAf9sxKmhV+tJrewBLal jfOA==
X-Gm-Message-State: AOAM531LK//gbhhwXbawbPS9pULm7d+auv9H//5jt0SqqodOgSw/znAo aPAhT5j1W0BzZSI9mVAcnTHGWSNS65M=
X-Google-Smtp-Source: ABdhPJyjxym97fOSiMalQP7JBMk1QUSHbaL7dL/FLo4vmuOazI4LoGZ43QfXWyWBnyWAXiM0Kpf+6g==
X-Received: by 2002:adf:f152:0:b0:20d:740:beba with SMTP id y18-20020adff152000000b0020d0740bebamr21768744wro.512.1653368351090; Mon, 23 May 2022 21:59:11 -0700 (PDT)
Received: from [192.168.1.67] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id w24-20020a7bc758000000b0039747cf8354sm950253wmk.39.2022.05.23.21.59.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 23 May 2022 21:59:10 -0700 (PDT)
Message-ID: <515c6c4f-4b3a-3145-9e45-e62908e1eaf4@gmail.com>
Date: Tue, 24 May 2022 06:59:09 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: Phillip Hallam-Baker <phill@hallambaker.com>, tls@ietf.org
References: <CAMm+LwiWnpZ7R3X_FvZijwK=WEcSnTZNEEkX19GdKvkmXwt0NA@mail.gmail.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
In-Reply-To: <CAMm+LwiWnpZ7R3X_FvZijwK=WEcSnTZNEEkX19GdKvkmXwt0NA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TZOqzCAN1gxNeKUHkFP-p4qRjgY>
Subject: Re: [TLS] Better TLS Client Authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2022 04:59:14 -0000
Hi Phillip, I'm not able to figure out the merits of your proposal, but I see one major obstacle: Google have a de-facto monopoly (80%) on browser technology and your proposal seems to require a rather substantial upgrade. That is, unless Google buys into whatever you propose, it simply put gets nowhere. As an example Google recently launched a payment authorization system which in spite of using state-of-the-art technology like FIDO, still requires you to handover card numbers in CLEAR to merchants (who do not need card numbers, but receipts from the payment network that they are/will be paid). I early proposed that Google should consider using encryption and a "wallet" to keep virtual cards in (for getting away from physical cards altogether), like Apple Pay, but they did not even respond to this request. Anders https://github.com/mozilla/standards-positions/issues/570#issuecomment-972578433 On 2022-05-22 23:28, Phillip Hallam-Baker wrote: > I am looking for people interested in discussing the following proposal to create a profile of TLS Client Authentication certificates to enable transparent Web Site authentication in Philadelphia: > > I have a three step plan for eliminating Password Authentication > > 1) Deploy an open standards based, E2E secure password vault > 2) Transition Web sites to use of public key authentication > 3) Deploy a 2FA type scheme to address 'ceremony' use cases > > I don't want to get into detail here, but I believe the trick to eliminating passwords is to deploy a password management solution in phase 1 that creates a sufficiently large base of users whose devices are provisioned with the necessary private keys to make use of public key auth practical. > > So, I had assumed that this was all about enabling FIDO. But when I look at what I want to achieve and what legacy deployments provide, I suddenly realized I can do everything I need using TLS client auth. The only question is what the BEST way to do it is going to be. > > > So I have running code that can provision key pairs and credentials to every device Alice owns: > > https://www.youtube.com/watch?v=zrBv717w8yY <https://www.youtube.com/watch?v=zrBv717w8yY> > > It would not take a great deal of extra effort to provision certificates into the Windows/MAC/etc keystores so that IE, Edge, Firefox, Chrome, Safari, etc. etc. can all make use of the certificates. Its just a question of writing a script. > > > I am pretty sure I can get 'something' to work. But I would appreciate some help from folk who are closer to the real-world implementations. > > Reading through the specs, I think we can make it so that after an (optional) one time registration, Alice can just use the Web site without the need to ever log in ever again. > > The only reason Alice would ever need to repeat registration is if the Web Site had some policy requiring Alice to affirm that yes, this really is her device and she agrees to terms. That is what I call 'ceremony' and it is not an authentication issue. I have another way of addressing that issue. > > > As far as I can tell, all that I really need is to write a certificate profile for BTCA certificates. > > The thing that I am dropping here is the notion that certificates are bound to anything other than a key. So all this is telling the site is that this is the same person who came to the site before. It is not providing the user credential PKIX is really all about. > > I do have some questions though. In particular whether using X.448/Ed448 certs is practical. > > The big downside to my current approach is that the certs that are used are going to be super-linking identifiers. But we are currently losing that fight. > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Better TLS Client Authentication Phillip Hallam-Baker
- Re: [TLS] Better TLS Client Authentication Anders Rundgren
- Re: [TLS] Better TLS Client Authentication Tim Cappalli
- Re: [TLS] Better TLS Client Authentication Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Better TLS Client Authentication Jonathan Hoyland
- Re: [TLS] Better TLS Client Authentication Phillip Hallam-Baker
- Re: [TLS] Better TLS Client Authentication Phillip Hallam-Baker
- Re: [TLS] Better TLS Client Authentication Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Better TLS Client Authentication Phillip Hallam-Baker