[TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 29 July 2024 17:08 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2715BC15107A for <tls@ietfa.amsl.com>; Mon, 29 Jul 2024 10:08:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KO57XLRDm793 for <tls@ietfa.amsl.com>; Mon, 29 Jul 2024 10:08:07 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1b.welho.com [83.102.41.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8725C14F6BC for <tls@ietf.org>; Mon, 29 Jul 2024 10:08:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id C331A1CF03 for <tls@ietf.org>; Mon, 29 Jul 2024 20:08:02 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id 4H4LeanVQJNj for <tls@ietf.org>; Mon, 29 Jul 2024 20:08:02 +0300 (EEST)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 8AB36230A for <tls@ietf.org>; Mon, 29 Jul 2024 20:08:01 +0300 (EEST)
Date: Mon, 29 Jul 2024 20:08:01 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: tls@ietf.org
Message-ID: <ZqfMcdieFaJxizJi@LK-Perkele-VII2.locald>
References: <d1589f89-35cb-489f-b195-30feb3e7e40f@dennis-jackson.uk> <SN7PR14MB6492663C2AE4A15639D62F5583AA2@SN7PR14MB6492.namprd14.prod.outlook.com> <e7aee41a-0df4-4048-8692-6805d06cfadd@dennis-jackson.uk> <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com> <37483eb9-baed-468e-94d0-bf5054f878e1@dennis-jackson.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <37483eb9-baed-468e-94d0-bf5054f878e1@dennis-jackson.uk>
Sender: ilariliusvaara@welho.com
Message-ID-Hash: FDF763KUNYSXMGHJWORZOK3DYZGJ4LS2
X-Message-ID-Hash: FDF763KUNYSXMGHJWORZOK3DYZGJ4LS2
X-MailFrom: ilariliusvaara@welho.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_2R7X4EZGG1OMhrbqpuBXc5-mbQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Sat, Jul 27, 2024 at 06:56:17PM -0700, Dennis Jackson wrote: > On 26/07/2024 15:24, Sophie Schmieg wrote: > > > I don't think trust anchor negotiation needs a lot more discussion, over > > what has happened already. All in all, I think it's a good mechanism > > that is fairly well defined and it's not clear to me how it would > > benefit from an interim. > > The Trust Anchor Identifiers draft was first published only 4 weeks ago, > received less than 10 minutes of discussion in the meeting and has a lot of > unaddressed issues. > > As I noted, many participants in the meeting expressed a preference for an > interim so I would be surprised if there was support for adoption. > Especially as the concerns I want to present are fundamental to the design > rather than about issues which could be addressed later. Another concern with TAI is its interaction with ECH. - Currently, the draft retries the entire connection on failure. The worst-case number of connection attempts required is exponential in number of extensions that do whole-connection retries. Since ECH does that, TAI+ECH can require up to four connection attempts. - For another correction mechanism, only HRR seems feasible. All the others would require modifying very sensitive places in TLS, which would require very careful analysis. Worse, such mechanisms would also alter handshake state machine, which could have severe impact on implementations. However, using HRR might not resolve the whole problem, because ECH might have some residual issues with anything that triggers HRR. Another major concern with retrying entire connection on failure is requiring major API changes on client side, in turn requiring major application changes (outside things like HTTP client libraries, which could encapsulate the changes). In comparison, interface to give advice from DNS (even if it requires application changes) is much more minor modification. Even minor-looking things (e.g., asynchronous handshake signing) can have major API implications. -Ilari
- [TLS]Discussions on Trust Anchor Negotiation at I… Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ilari Liusvaara
- [TLS]Re: Discussions on Trust Anchor Negotiation … Tim Hollebeek
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Sophie Schmieg
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ryan Hurst
- [TLS]Re: Discussions on Trust Anchor Negotiation … Watson Ladd
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Salz, Rich
- [TLS]Re: Discussions on Trust Anchor Negotiation … Andrei Popov
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Tim Hollebeek
- [TLS]Re: Discussions on Trust Anchor Negotiation … Eric Rescorla
- [TLS]Re: [EXTERNAL] Re: Re: Discussions on Trust … Andrei Popov
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ilari Liusvaara