Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Benjamin Kaduk <bkaduk@akamai.com> Fri, 04 May 2018 21:37 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44B8012DA13 for <tls@ietfa.amsl.com>; Fri, 4 May 2018 14:37:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L5f6bPfmreaQ for <tls@ietfa.amsl.com>; Fri, 4 May 2018 14:37:25 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AA7B12DA12 for <tls@ietf.org>; Fri, 4 May 2018 14:37:25 -0700 (PDT)
Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w44LRlxo007321; Fri, 4 May 2018 22:37:24 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=jan2016.eng; bh=Akvj6dMqg7N+zfOkUU3p9ANBbu+GWBkjr9928xcPOvQ=; b=mQd/6Z042ewHO+LZiNRUqQum5C1iG4HSk01MvYH5aNklSle4FBwvFhx/zd1hRsBEPSrv OnWhVWFKyNvQyjP7SIrYuagcVZpsUXpAmStZrgImz9MOdiQivia0AT+y+xBLvcBa2rOi saDPgVMPM8ecjd6AgEcBX1FoThVJhD/lKUJGvDVYrY3jD7MJ3/vYRpmBLg7PvgQgysPY Fr00xWDTuxxNpXcf2Etw8bupAKc3wwm7PG6ys16xXLMRU/rXsqvLq5SlTR5dYmQUu4WQ pc+KWlu9uk3O9F9sbC9b+ip02rv/cqxtMQYdmP+OnrL0wRZw+BE4Mp6MeBhT5OUDAWGM BQ==
Received: from prod-mail-ppoint3 ([96.6.114.86]) by mx0b-00190b01.pphosted.com with ESMTP id 2hqyfpcbmp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 04 May 2018 22:37:24 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w44LQWOj007478; Fri, 4 May 2018 17:37:23 -0400
Received: from prod-mail-relay14.akamai.com ([172.27.17.39]) by prod-mail-ppoint3.akamai.com with ESMTP id 2hmm9ws6cb-1; Fri, 04 May 2018 17:37:23 -0400
Received: from bos-lpczi.kendall.corp.akamai.com (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay14.akamai.com (Postfix) with ESMTP id 8402982A0C; Fri, 4 May 2018 21:37:23 +0000 (GMT)
Received: from bkaduk by bos-lpczi.kendall.corp.akamai.com with local (Exim 4.86_2) (envelope-from <bkaduk@akamai.com>) id 1fEiOI-0002p0-Pk; Fri, 04 May 2018 16:37:22 -0500
Date: Fri, 4 May 2018 16:37:22 -0500
From: Benjamin Kaduk <bkaduk@akamai.com>
To: Sean Turner <sean@sn3rd.com>
Cc: TLS WG <tls@ietf.org>
Message-ID: <20180504213722.GR5742@akamai.com>
References: <4E347898-C787-468C-8514-30564D059378@sn3rd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4E347898-C787-468C-8514-30564D059378@sn3rd.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805040194
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805040194
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WmAw9q_5b4PlEQ9_UM4uBElg77Y>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 21:37:27 -0000

On Thu, Apr 19, 2018 at 04:32:55PM -0400, Sean Turner wrote:
> All,
> 
> This is the working group last call for the "Exported Authenticators in TLS" draft available at https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/.  Please review the document and send your comments to the list by 2359 UTC on 4 April 2018.

Are we using values in the same certificate_request_context space as those that
in-TLS post-handshake authentication would use?  If so, we should probably have
some text in Section 3 (and maybe more explanation in Section 5.2 as well?)
about the application coordinating with the TLS stack to avoid conflicts (since
just from a data structure point of view the application could send a
CertficiateRequest without checking with the TLS stack).  We may also need the
TLS stack to accound for context values chosen arbitrarily for spontaneous
authentications.  The API considerations might also be more clear that there
are different spaces for the context values for server auth and client auth.

Section 4.1 talks of the length of the exporter value in terms of the length of the
TLS PRF hash, adding that cipher suites not using TLS PRF have to define a hash function.
But TLS 1.3 ciphersuites do not use the TLS PRF and we say nothing about them...

It doesn't look like we adapted to the addition of the signature_algorithms_cert
extension in TLS 1.3.

-Ben (with no hats)