[TLS] TLS-OBC proposal
Dirk Balfanz <balfanz@google.com> Mon, 22 August 2011 17:52 UTC
Return-Path: <balfanz@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C8D421F8BC5 for <tls@ietfa.amsl.com>; Mon, 22 Aug 2011 10:52:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.976
X-Spam-Level:
X-Spam-Status: No, score=-105.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1I+6HsTB3qN9 for <tls@ietfa.amsl.com>; Mon, 22 Aug 2011 10:52:03 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by ietfa.amsl.com (Postfix) with ESMTP id 1386421F8B17 for <tls@ietf.org>; Mon, 22 Aug 2011 10:52:03 -0700 (PDT)
Received: from wpaz17.hot.corp.google.com (wpaz17.hot.corp.google.com [172.24.198.81]) by smtp-out.google.com with ESMTP id p7MHr8Wa003765 for <tls@ietf.org>; Mon, 22 Aug 2011 10:53:08 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1314035588; bh=TccDs5IiFC/qk0VJGTFuTfPNgXg=; h=MIME-Version:Date:Message-ID:Subject:From:To:Content-Type; b=PY4JZ+b+WcHplckqvx0ntRUdIqVRgPZzY1dzRUud5qiP6XmDDyOSLzBtVmGwvPebb Eqm7RMJfX9nSo2gs+me7Q==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:date:message-id:subject:from:to: content-type:x-system-of-record; b=fIzQHTEtiG1zCvV0l6eCcIHtvg1zb0cNNA9YUnLhJ662LhCcC0Yn0C7W4/hbyWxOy +5YG6DOHXOKwjt4go1FXg==
Received: from yib2 (yib2.prod.google.com [10.243.65.66]) by wpaz17.hot.corp.google.com with ESMTP id p7MHr7J7006731 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <tls@ietf.org>; Mon, 22 Aug 2011 10:53:07 -0700
Received: by yib2 with SMTP id 2so3628431yib.28 for <tls@ietf.org>; Mon, 22 Aug 2011 10:53:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:date:message-id:subject:from:to:content-type; bh=gaQj7US4nfbP2UA2r+vpvzWBoZkZv7/gSRfwBoORwAo=; b=jk0G+yss/GI3xzeyyRWwiyYbR1OUELd628ikyv5DcpdiepBzD7gVwqqwOHW5ZOmNe5 8mC+2l8RIxh1LE/b+xMA==
Received: by 10.91.160.39 with SMTP id m39mr2616496ago.17.1314035586909; Mon, 22 Aug 2011 10:53:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.91.160.39 with SMTP id m39mr2616472ago.17.1314035585841; Mon, 22 Aug 2011 10:53:05 -0700 (PDT)
Received: by 10.90.56.4 with HTTP; Mon, 22 Aug 2011 10:53:05 -0700 (PDT)
Date: Mon, 22 Aug 2011 10:53:05 -0700
Message-ID: <CADHfa2AMOeShxH_k5ZEB3DUVJAnOqvZmLMg5Yz8smtBDGkQsNg@mail.gmail.com>
From: Dirk Balfanz <balfanz@google.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="0016e6407cd651481b04ab1bc013"
X-System-Of-Record: true
Subject: [TLS] TLS-OBC proposal
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 17:52:04 -0000
Dear TLS-WG, I few weeks ago I presented a proposal for an "origin-bound certificates" TLS extension at IETF 81. It's much easier to understand what this extension is trying to accomplish when presented in a broader context of web authentication (which I tried to give in Quebec), so I put together a little web site that is supposed to do just that for those who couldn't be at the IETF meeting: http://browserauth.net (This took me a little while, hence the delay in sending out the I-D). Anyway, here is the I-D: http://tools.ietf.org/html/draft-balfanz-tls-obc, which I submit for your comments/feedback. (Again, remember to read http://browserauth.net for some context.) All feedback is welcome, of course, but if you can't think of anything to comment on, I have a couple particular questions: - in Section 2.1.1 we currently stipulate that the client include the origin of the origin-bound cert as part of the OBC X.509 extension. When we implemented this, we didn't really know what to do with that data on the server side. If the client also uses TLS-SNI, then we could imagine comparing the SNI and OBC origins in some manner on the server side, but there isn't really a vehicle to signal an error back to the client saying "your SNI and OBC origins don't match". Similarly, we could perhaps at some higher layer compare the HTTP "Host" header with the OBC origin, but then again - what do you do when they don't match? Respond with a 400 at the HTTP layer? An alternative to the current language in the I-D would be to simply mark the cert as origin-bound, but without putting the origin itself into the cert. Any thoughts? - What do you think of the privacy-enhancing power of using per-origin certs? The idea there is that different domains see different "identities" (public keys) for the same client. Of course, if two domains choose to collaborate, they can probably find a way to correlate the two identities they see for the same client. This is similar to cookies, where normally "identities" (cookies) for one domain are not revealed to another domain unless, of course, they choose to collaborate. How much privacy would we really lose if we just used one certificate for all origins? It would certainly make the design and implementation simpler. (I tend to favor per-origin certs, but I'm curious as to what other people think.) Thanks for your consideration! Dirk.
- [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Anders Rundgren
- Re: [TLS] TLS-OBC proposal Chris Richardson
- Re: [TLS] TLS-OBC proposal Wan-Teh Chang
- Re: [TLS] TLS-OBC proposal Chris Newman
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Nikos Mavrogiannopoulos
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Nikos Mavrogiannopoulos
- Re: [TLS] TLS-OBC proposal Anders Rundgren
- Re: [TLS] TLS-OBC proposal Nikos Mavrogiannopoulos
- Re: [TLS] TLS-OBC proposal Anders Rundgren
- Re: [TLS] TLS-OBC proposal Martin Rex
- Re: [TLS] TLS-OBC proposal Nico Williams
- Re: [TLS] TLS-OBC proposal Nico Williams
- Re: [TLS] TLS-OBC proposal Nico Williams