IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Nick Sullivan <nicholas.sullivan@gmail.com> Thu, 31 May 2018 01:23 UTC

Return-Path: <nicholas.sullivan@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70C19126CD6 for <tls@ietfa.amsl.com>; Wed, 30 May 2018 18:23:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vAPJg58J6R-4 for <tls@ietfa.amsl.com>; Wed, 30 May 2018 18:23:39 -0700 (PDT)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7CFC12D947 for <tls@ietf.org>; Wed, 30 May 2018 18:23:38 -0700 (PDT)
Received: by mail-io0-x230.google.com with SMTP id u4-v6so184174iof.2 for <tls@ietf.org>; Wed, 30 May 2018 18:23:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lBr2shm9vwsyyL96WfyikxyFLtEMPnnRoavattrgQr4=; b=ZrL+h/0zLwphZrwQkgRZglIeUpQUBKLXWMue+Jp3XAcQRWgqiGZ99787eKZ3kRSTPS 7PjQUvGW5SRrn1zm5xUacfv7KX30ln3cryYRhI2DwymjbShMuo9uKLVv6tw3GpGMmeKn alq8KTSmRPWfdQMX5eB5VpJfB3QHeRuTDZrlxYrZXmSEvAju3DaSYGZjltyZNdp5DSS+ r3p7pkyiuiWp8yGU5jWMQZquF9MeeBKltbaxJYlLwq9WPPsIcfGCFcEVELcS2E1qOAw4 5RciE+lajbv7VZjI/MDiUzL6N+6iXpTNu65SmS4K7IN1XVAvmzLyZfDiVGxdN/PlNKOE DoPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lBr2shm9vwsyyL96WfyikxyFLtEMPnnRoavattrgQr4=; b=Chio4rR8MeA22mNdRJyPcuCCfw1Lp+6J/PXcUD36Vz7s4j6ngNNPjlwCVSqMQvPYF4 fwc7Cc4XHi5EJcGApoXw436GjVrT00lMyiO/igMf75U3LwNKL10KrXxwnQghS8TFmGBZ sNb9E30OZiqU8pPGSsw945KVxAgfttle061YAhEo+pT+hIZlMOeiPvSEhhFWzdk31a+n AAcfHmg6TLXMnKq9y17FBVI5m0BstjrP+6Obj9icYbJTdsot32NrKuB8wjLj4aOk6X5O BImJCmLVHYuingwuKgf960kywcjzt3SuCn/LGFPVFNvLDsxcMAXXtAVi7TosloDgA+CK Mgsg==
X-Gm-Message-State: ALKqPwezCJh+ptu8WpjayrD3uzbt881lub3kLvprgPcXuOPIedaFoV+C PMZBFQMkrpzJYitdgLWKTF9jozohV63julyPaII=
X-Google-Smtp-Source: ADUXVKJHjWy1Q9CbwgZFQ2NuEmMBwUSoZfj+i9Ft2oq0YqDLOraOsu8zWzQtv6fPyhTpilvZQfTMLW6qucnejZa3n3I=
X-Received: by 2002:a6b:2b10:: with SMTP id r16-v6mr4346851ior.204.1527729818201; Wed, 30 May 2018 18:23:38 -0700 (PDT)
MIME-Version: 1.0
References: <4E347898-C787-468C-8514-30564D059378@sn3rd.com> <1CBA2C18-DAB8-4751-B765-3BF76C7F170B@sn3rd.com> <19A28612-65CA-4667-9E4E-D47717AC9009@sn3rd.com> <CAOjisRypO2tSx4WEVqKCr7mzs2fnOTm9S5WqTLm9cGGjULVm1g@mail.gmail.com> <CAOjisRwUUjGXSanAh49aFo=DoFzuvKChD8G4150KNYF34Co3YQ@mail.gmail.com> <CABkgnnWntHXGMK4dkWtUOJ9DD9wOme+fOCK7+ejCvHufUOXNGg@mail.gmail.com>
In-Reply-To: <CABkgnnWntHXGMK4dkWtUOJ9DD9wOme+fOCK7+ejCvHufUOXNGg@mail.gmail.com>
From: Nick Sullivan <nicholas.sullivan@gmail.com>
Date: Wed, 30 May 2018 18:23:25 -0700
Message-ID: <CAOjisRwtxSQzVPfThanJ9w5T7DONEFDq--U7X-Jj7q5h80GdEQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>, Mike Bishop <mbishop@evequefou.be>
Content-Type: multipart/alternative; boundary="000000000000207575056d76515c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XM4nJ28LoGOdO3kYEyjpW0bGA6c>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2018 01:23:43 -0000

I've put together some PRs to address the comments from last call. Comments
welcome.

Failing CertificateVerify due to MITM text:
https://github.com/tlswg/tls-exported-authenticator/pull/28

Comments from Ben Kaduk:
https://github.com/tlswg/tls-exported-authenticator/pull/26

Authenticated Denial:
https://github.com/tlswg/tls-exported-authenticator/pull/27


Nick

On Thu, May 24, 2018 at 5:54 PM Martin Thomson <martin.thomson@gmail.com>
wrote:

> Mike just inadvertently (?) discovered a problem with exported
> authenticators.
>
> TLS post handshake authentication provides an authenticated refusal when a
> certificate can't be found.  It turns out that the current design of the
> HTTP/2 CERTIFICATE frame might need to rely on the same capability here.
>
> The current draft doesn't really say anything about what happens.
>
> https://github.com/tlswg/tls-exported-authenticator/issues/25
>
> On Sat, May 12, 2018 at 9:59 AM Nick Sullivan <nicholas.sullivan@gmail.com
> >
> wrote:
>
> > Thanks all for the comments on the draft. Let me try to summarize the
> comments and propose next steps.
>
> > Tim Hollebeek had a comment about 0 as the separator. I generally don’t
> think this is a big issue, and prefer 0 because it is a natural way to
> terminate a string. If anyone strongly disagrees, please reply to the list.
>
> > Roelof duToit raised a question about middlebox interoperability,
> specifically that the exporters will not match if the TLS connection is not
> end-to-end. There was a subsequent discussion about where to signal this
> property. Martin Thomson suggested a signaling mechanism at the application
> layer (https://github.com/httpwg/http-extensions/issues/617) and Eric
> Rescorla suggested that the fact that this could cause CertificateVerify
> failures should be called out in the document. I'll put a PR together to
> add some helpful text around debugging CertificateVerify failures to
> address Eric's suggestion.
>
> > Ben Kaduk had three points:
> > - The certificate_request_context is prone to collisions with
> post-handshake authentication and there are different spaces for the server
> and client context values. He suggested some text in Section 3 and maybe
> more explanation in Section 5.2 as well. I’ll put together a PR for this.
> > - Section 4.1 talks of the length of the exporter value in terms of the
> length of the
> > TLS PRF hash, adding that cipher suites not using TLS PRF have to define
> a hash function, but TLS 1.3 ciphersuites do not use the TLS PRF. I’ll put
> together a PR to clarify the text around this clarifying that for TLS 1.3
> cipher suites, the HDKF hash is what is meant.
> > - The “signature_algorithms_cert” extension was not incorporated into the
> draft. I’ll put together a PR for 4.2.1., 4.2.2. and 5.1. to incorporate
> this extension.
>
> > I'll have the proposed changes for the above comments ready next week.
>
> > There were also some uncontroversial suggestions that I propose merging:
> > https://github.com/tlswg/tls-exported-authenticator/pull/21
> > https://github.com/tlswg/tls-exported-authenticator/pull/22
> > https://github.com/tlswg/tls-exported-authenticator/pull/23
> > https://github.com/tlswg/tls-exported-authenticator/pull/24
>
>
> > Nick
>
>
> > On Thu, May 3, 2018 at 1:16 PM Nick Sullivan <
> nicholas.sullivan@gmail.com>
> wrote:
>
> >> Does anyone have any comments about the draft, criticisms, or votes of
> support?
>
> >> Nick
>
>
> >> On Thu, May 3, 2018 at 1:12 PM Sean Turner <sean@sn3rd.com> wrote:
>
>
>
> >>> > On Apr 21, 2018, at 10:25, Sean Turner <sean@sn3rd.com> wrote:
> >>> >
> >>> >
> >>> >> On Apr 19, 2018, at 16:32, Sean Turner <sean@sn3rd.com> wrote:
> >>> >>
> >>> >> All,
> >>> >>
> >>> >> This is the working group last call for the "Exported Authenticators
> in TLS" draft available at
> https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/.
> Please review the document and send your comments to the list by 2359 UTC
> on 4 April 2018.
> >>> >
> >>> > … 4 May 2018 ...
>
> >>> Just a reminder the WGLC ends tomorrow.
>
> >>> spt
> >>> _______________________________________________
> >>> TLS mailing list
> >>> TLS@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/tls
>
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email