Re: [TLS] Version pinning and indicating the signing algorithm in draft-ietf-tls-subcerts-02

Subodh Iyengar <subodh@fb.com> Thu, 14 February 2019 00:59 UTC

Return-Path: <prvs=7948a14f98=subodh@fb.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C7BB130E2B for <tls@ietfa.amsl.com>; Wed, 13 Feb 2019 16:59:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Level:
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=Gk1Vpofd; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=dWdbK7qA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wy7hi9BYw91j for <tls@ietfa.amsl.com>; Wed, 13 Feb 2019 16:59:49 -0800 (PST)
Received: from mx0a-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE0241310F4 for <tls@ietf.org>; Wed, 13 Feb 2019 16:59:49 -0800 (PST)
Received: from pps.filterd (m0001255.ppops.net [127.0.0.1]) by mx0b-00082601.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x1E0vYLW025291; Wed, 13 Feb 2019 16:59:48 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=4D2Dsqy6D5jRUUbwoErlUtiYXZGPtSuAM0bjKEnlT9Y=; b=Gk1VpofdfRoy3VdaSd9GPLq0w46BkPvh0ap9+0XoAq2wLH57E2VA0Zffm6te0G0yB5m5 0Ud3VH0GvzPd/hXJDU0RSeABBUoJbFz5/Lc8WhpylyY8wkUaCYO7BV9yKduSyp1HnscE sPz5OPCx7Mycglh5yJ5FonB9hlcceFuGmGw=
Received: from maileast.thefacebook.com ([199.201.65.23]) by mx0b-00082601.pphosted.com with ESMTP id 2qmw778631-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 13 Feb 2019 16:59:47 -0800
Received: from frc-mbx01.TheFacebook.com (2620:10d:c0a1:f82::25) by frc-hub04.TheFacebook.com (2620:10d:c021:18::174) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3; Wed, 13 Feb 2019 16:59:45 -0800
Received: from frc-hub06.TheFacebook.com (2620:10d:c021:18::176) by frc-mbx01.TheFacebook.com (2620:10d:c0a1:f82::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3; Wed, 13 Feb 2019 16:59:45 -0800
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (192.168.183.28) by o365-in.thefacebook.com (192.168.177.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3 via Frontend Transport; Wed, 13 Feb 2019 16:59:45 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4D2Dsqy6D5jRUUbwoErlUtiYXZGPtSuAM0bjKEnlT9Y=; b=dWdbK7qA+/p3PV230w6sWJXbvHsqUo5+6zWmPvClfKOXd3C+dY+15HzkBZzJtFncCPO5Bt5nKQuha5emWDVYTgNIjE/iCFSDOszr0vmVQPPML/y7y/Ey46BrFUWcegF7Hkj7nYMKin8P9xnHMN/BiDazM6B75pagCsa+QjS7aJ8=
Received: from MWHPR15MB1821.namprd15.prod.outlook.com (10.174.255.137) by MWHPR15MB1504.namprd15.prod.outlook.com (10.173.235.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1601.22; Thu, 14 Feb 2019 00:59:43 +0000
Received: from MWHPR15MB1821.namprd15.prod.outlook.com ([fe80::e4f1:9986:a3d:178b]) by MWHPR15MB1821.namprd15.prod.outlook.com ([fe80::e4f1:9986:a3d:178b%8]) with mapi id 15.20.1601.023; Thu, 14 Feb 2019 00:59:43 +0000
From: Subodh Iyengar <subodh@fb.com>
To: Nick Sullivan <nick@cloudflare.com>
CC: Martin Thomson <mt@lowentropy.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Version pinning and indicating the signing algorithm in draft-ietf-tls-subcerts-02
Thread-Index: AQHUrTjO5Xfdo/YFZ0WGZmDoo9VjL6WxKkyZgAAVfwCAAEa3kIANlqIAgB+JTzg=
Date: Thu, 14 Feb 2019 00:59:43 +0000
Message-ID: <MWHPR15MB18217D273246D69E0251EC76B6670@MWHPR15MB1821.namprd15.prod.outlook.com>
References: <CAN2QdAGyvhDG=PjqUjQ4OdjKvTtN_zGxdNf3iKGdN+tHeDRAkw@mail.gmail.com> <MWHPR15MB1821A7E45DDEED81D2018F03B6820@MWHPR15MB1821.namprd15.prod.outlook.com> <1547609984.2756240.1635793576.0E070413@webmail.messagingengine.com> <MWHPR15MB182109567671DFECA4539372B6820@MWHPR15MB1821.namprd15.prod.outlook.com>, <CAFDDyk81pe+g43hHCu0GpqAyJ28shFAmjq2Nv+rLr=q8ncS4yQ@mail.gmail.com>
In-Reply-To: <CAFDDyk81pe+g43hHCu0GpqAyJ28shFAmjq2Nv+rLr=q8ncS4yQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2620:10d:c090:200::5:6a51]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4ff8e66a-9101-4270-9310-08d69217b4f0
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605077)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:MWHPR15MB1504;
x-ms-traffictypediagnostic: MWHPR15MB1504:
x-ms-exchange-purlcount: 3
x-microsoft-exchange-diagnostics: 1; MWHPR15MB1504; 20:qy0jaHmubpmQNG2qhIPXzk8oApLmD0X8c2lXJR4uzhKA5DN4tejaOuEUs3CZmgka255o4CipJ9xLjIFz1yOM6GSWBoCCXL+A7V4uT53fK7aC7tqr9szAs5/pTPIcBIYTSMSBVh//VwRAGT4FssACAcAt0D2+tOD6Hvcc/zxltrA=
x-microsoft-antispam-prvs: <MWHPR15MB1504F05E77A5A894EC742A4CB6670@MWHPR15MB1504.namprd15.prod.outlook.com>
x-forefront-prvs: 09480768F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(396003)(39860400002)(136003)(346002)(189003)(199004)(19627405001)(33656002)(71200400001)(53546011)(486006)(46003)(93886005)(6346003)(105004)(71190400001)(966005)(6246003)(8936002)(6436002)(6916009)(733005)(14454004)(186003)(6506007)(6116002)(97736004)(53936002)(478600001)(54906003)(9686003)(86362001)(68736007)(229853002)(14444005)(99286004)(81166006)(4326008)(256004)(54896002)(7736002)(6306002)(76176011)(8676002)(74316002)(7696005)(25786009)(106356001)(11346002)(105586002)(446003)(476003)(606006)(236005)(102836004)(55016002)(2906002)(316002)(81156014); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR15MB1504; H:MWHPR15MB1821.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Nawuia8J3WVEgnRU8zZKvogLMrSt7nghgYChRRqrrUeA8IaFtKynbq6XTQXzNRxjoCPdEgqngJi/kLkbeZswALiQUfoqh/dl71ljeVwtUcp1nGyJP493yzh+4bTJUMj+gN7hPYZ4y+ydj/lPDQlXCG3iy8LnRtXv7X383a2UUGYwoahQ6lgyWFzf7sYd7NmHVaIIdVsWZg23Ci/LxWYJGAziYVgr87UZLqdGMKOdzljm4OfbI1Uw4ewFGOKgJJeqeTaJewpJpFfATY3itrBqNfWulQuN1thja0VhuSRL/MTNVWMZb2DAxeUdT9JYYBYu7a1uUQ0pwlNzbUzr/yPtsshEgVG6GeiClrJyITuBgKaJ95knTLtMnmzY9f0H/dS8jCgIfBdxDujeN40o0aCWMgdp8z9DRdGkvUK9QCf/rpE=
Content-Type: multipart/alternative; boundary="_000_MWHPR15MB18217D273246D69E0251EC76B6670MWHPR15MB1821namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 4ff8e66a-9101-4270-9310-08d69217b4f0
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2019 00:59:43.5150 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1504
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-02-14_01:, , signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aNtu7wBMQ8rF3qdMSshKbjjfqwY>
Subject: Re: [TLS] Version pinning and indicating the signing algorithm in draft-ietf-tls-subcerts-02
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 00:59:53 -0000

Watson put up a PR https://github.com/tlswg/tls-subcerts/pull/21. I'm going to merge it tomorrow if there's no other feedback on it.
[https://avatars3.githubusercontent.com/u/1123811?s=400&v=4]<https://github.com/tlswg/tls-subcerts/pull/21>

Remove protocol from the structure by wbl · Pull Request #21 · tlswg/tls-subcerts<https://github.com/tlswg/tls-subcerts/pull/21>
As discussed in https://mailarchive.ietf.org/arch/msg/tls/h6DiWQvw7Cc0TXUtc7fNfB0fFNg and subsequent.
github.com

Subodh
________________________________
From: Nick Sullivan <nick@cloudflare.com>
Sent: Thursday, January 24, 2019 3:23 PM
To: Subodh Iyengar
Cc: Martin Thomson; tls@ietf.org
Subject: Re: [TLS] Version pinning and indicating the signing algorithm in draft-ietf-tls-subcerts-02

I'm also fine with removing the field and would welcome a PR to that effect.

Putting in a version to protect a DC from future cross-protocol attacks that exploit TLS 1.3 smells a bit like over-engineering anyway.

Nick

On Tue, Jan 15, 2019 at 11:54 PM Subodh Iyengar <subodh@fb.com<mailto:subodh@fb.com>> wrote:

I don't feel too strongly about the tls version binding and I'd be fine with removing it to favor operational simplification.


Subodh

________________________________
From: TLS <tls-bounces@ietf.org<mailto:tls-bounces@ietf.org>> on behalf of Martin Thomson <mt@lowentropy.net<mailto:mt@lowentropy.net>>
Sent: Tuesday, January 15, 2019 7:39:44 PM
To: tls@ietf.org<mailto:tls@ietf.org>
Subject: Re: [TLS] Version pinning and indicating the signing algorithm in draft-ietf-tls-subcerts-02

On Wed, Jan 16, 2019, at 13:35, Subodh Iyengar wrote:
> Usually the negotiation happens during the processing of the client hello.

I don't think that the problem here is a code problem.  It's an operational one.

In many ways, the decision to use TLS 1.3 over TLS 1.2 is one that can be made in isolation.  You decide to flip the switch and flip it.  But if you are doing delegated credentials, deploying a new version depends on having a fallback in place for that version, or getting the vendor of delegated credentials to start supplying new credentials.  And that assumes that all the necessary stores are keyed correctly (though this highlights the case where that might not happen), and the code has been written.  It's not that it's impossible, but more that it complicates what was previously uncomplicated.

As you say, the decision to use a delegated credential is fairly simple.

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=h3Ju9EBS7mHtwg-wAyN7fQ&m=qOxPqAH-53XWS1ivRMVW5YPWzTYrcOjqXPcoImyDlnM&s=LwnVFi-5giNs_anA6DyKhcbiJ5NCSU5T1oZyDjx33Nw&e=
_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=h3Ju9EBS7mHtwg-wAyN7fQ&m=Q7cYq4juf3o-0YWxZtuLP7YJ8Kuwm-RSfp3YaF9dUn8&s=5P2RjQvDuXZivTnTQ3VNB0Gw49CwSQM97-EiDA9rmck&e=>