Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Jonathan Hoyland <jonathan.hoyland@gmail.com> Fri, 04 May 2018 13:16 UTC

Return-Path: <jonathan.hoyland@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF456124E15 for <tls@ietfa.amsl.com>; Fri, 4 May 2018 06:16:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QphZxMAh95ql for <tls@ietfa.amsl.com>; Fri, 4 May 2018 06:16:09 -0700 (PDT)
Received: from mail-ua0-x22b.google.com (mail-ua0-x22b.google.com [IPv6:2607:f8b0:400c:c08::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E54E120724 for <tls@ietf.org>; Fri, 4 May 2018 06:16:09 -0700 (PDT)
Received: by mail-ua0-x22b.google.com with SMTP id f3so13999095uan.9 for <tls@ietf.org>; Fri, 04 May 2018 06:16:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=72NFZMwJ2ncgAedfHPmmvFvZzmxHMSSdejtr9h4PfNI=; b=vaWlOhLSx/RVY8fBdgXJOCTmuj0dJTEbY0Oj+AowDi/vTNuaWAg/zUxxlgpB6uf6X3 q+A9CyGRdXtQ5LfhWtA7LwFww3YrPBqaLpYtdj5oC/VyZuNXKtfSMUXrirj5aOu1P+bU BCweMaMYmForvKqW8zVUzXCjkZSUCIYQCdo36F+Ql8Z3jEobfbvtidOIbwqiQspZQ1fZ hlzrwz9DRHnwEWBO7Xp/hJmGd8a/ibAOldEZqlrn2E+N6WDbNmBMvaIxJ7dptfZ8BOoN N3oBjCWFdQt1vgrw7PIu2AeWlFah8fI3XDR+og23htgUB0mTE73vKUX72P1BDK672fHZ Q0sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=72NFZMwJ2ncgAedfHPmmvFvZzmxHMSSdejtr9h4PfNI=; b=a+AIK0ySmadSUf70TnDutybXV8DNPZeoTqLzvH+4mnVpJJos5qIW+8YYzUwrB6Ewkd O8C2Myf2To3+KPHx+JuOzpSq0LhnQU3E9REHdjGhqgAdKp8ijB7yFradF4Xv7kngXYcR s40njEj01F3zrAMAh8GQ6WhAMKG6T0TFTb3qi/E6MaEHR41S4lPYBRx5JfojweRRXCSf hq1FXHrUyI2HzbZI7sqLdAqy1leuwR2yvrdsh5xMI0ASVZ/kC4s94+8Y0/90hOb1VTYe 7XjM2YuZH2BtcTYpzFT7N5uFESAOHhvqrSFlhUk52oCqru1HI1lEO9F8DLAo6IkZDInB JNzA==
X-Gm-Message-State: ALQs6tB4V9mtuGWNUtYZ4AJNfmZl48ku8KQuTzJ5RHEWpPvKQnvgLED/ GuLFIqNR/Im2bbWRkZ9RP/NnGQG85lTcZ2uRNfA=
X-Google-Smtp-Source: AB8JxZrz5XlqjKqHaz5prBk15RJqn072iO19ui6sOJtjJVKFC9vwPF4CqprKV3k1gG/FGehh7qB01lO14NZfA0pMUo4=
X-Received: by 10.159.49.199 with SMTP id w7mr24918951uad.176.1525439768303; Fri, 04 May 2018 06:16:08 -0700 (PDT)
MIME-Version: 1.0
References: <4E347898-C787-468C-8514-30564D059378@sn3rd.com> <1525424456.3094.14.camel@redhat.com>
In-Reply-To: <1525424456.3094.14.camel@redhat.com>
From: Jonathan Hoyland <jonathan.hoyland@gmail.com>
Date: Fri, 04 May 2018 13:15:57 +0000
Message-ID: <CACykbs1jRkc7yAzKLa7XcyAXcMbmg05fj9K31bWCp6K2kCVcow@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Cc: Sean Turner <sean@sn3rd.com>, TLS WG <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1144fb12841c7e056b611f6f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VYVkEZP9SYk7B3tAsW9guQFKdA0>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 13:16:12 -0000

Hi Nikos,

The problems post-handshake authentication has with HTTP/2 are described in
draft-ietf-httpbis-http2-secondary-certs-00
<https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-00#section-1.2.3>
 a.k.a. draft-Bishop. See Section 1.2.3 in particular.

In brief, the problem is that requests and responses are multiplexed in
HTTP/2, and threfore there is not a tight coupling between TLS frames and
HTTP/2 streams.

With post-handshake authentication, the authentication happens in band, and
so the HTTP/2 layer doesn't have visibility into whether or not specific
data was sent before or after the authentication.

Regards,

Jonathan

On Fri, 4 May 2018 at 10:01 Nikos Mavrogiannopoulos <nmav@redhat.com> wrote:

> On Thu, 2018-04-19 at 16:32 -0400, Sean Turner wrote:
> > All,
> >
> > This is the working group last call for the "Exported Authenticators
> > in TLS" draft available at https://datatracker.ietf.org/doc/draft-iet
> > f-tls-exported-authenticator/.  Please review the document and send
> > your comments to the list by 2359 UTC on 4 April 2018.
>
> I have not checked the mechanism, but I have few questions based on the
> description in the introduction.
>    "Post-handshake authentication is defined in TLS 1.3, but it has the
>    disadvantage of requiring additional state to be stored in the TLS
>    state machine and it composes poorly with multiplexed connection
>    protocols like HTTP/2.  It is also only available for client
>    authentication.  This mechanism is intended to be used as part of a
>    replacement for post-handshake authentication in applications."
>
> * Was this proposed to be included in TLS 1.3 as post-handshake
> authentication mechanism instead?
>
> * What are the actual problems that post-handshake authentication has
> with HTTP/2?
>
> regards,
> Nikos
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>