Re: [TLS] Update on Origin-Bound Certificates: Now called "Channel ID"
Adam Langley <agl@google.com> Thu, 08 November 2012 22:46 UTC
Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E37321F849C for <tls@ietfa.amsl.com>; Thu, 8 Nov 2012 14:46:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.976
X-Spam-Level:
X-Spam-Status: No, score=-102.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ql93FXzjtSKa for <tls@ietfa.amsl.com>; Thu, 8 Nov 2012 14:45:56 -0800 (PST)
Received: from mail-ie0-f172.google.com (mail-ie0-f172.google.com [209.85.223.172]) by ietfa.amsl.com (Postfix) with ESMTP id E189921F8495 for <tls@ietf.org>; Thu, 8 Nov 2012 14:45:49 -0800 (PST)
Received: by mail-ie0-f172.google.com with SMTP id 9so5614337iec.31 for <tls@ietf.org>; Thu, 08 Nov 2012 14:45:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=/o0dFC9YyCMbwjM/A3Q6HCXnptmz/VFDYYdKmeIu82M=; b=OURAsU9VuC7kSt2hRwZVjplOgVdDryUdMKZ/GAEOhyuiOfTBYRxB+CLn9oV85PZAMO KvIDYHGloYz+QmYHPnbQyS69SfgfqLOtvutLc/3loxTDmV2TGDxQYVYouKMT+WsjYbUJ U06iLhWz7TFwTSxIBYk6cNuieV3DYFEwC1/rdok6jEM8DH9RGJDFjOtqBpgD7YeuNAOJ X9tyVFbsp8OKbpr8SheAzPlGCUWbI2oBMotothJ0PhEQ/ENj3JYV4qd0AuILqzeQzwPk Wc1NE2L/62eMwy9aM2LuKp8bBhIxnfTaE4OAjAn/Hkkm10PS3IKyHiXh45uAQ9jA6QpC bckg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=/o0dFC9YyCMbwjM/A3Q6HCXnptmz/VFDYYdKmeIu82M=; b=DFEgGBUbq/sJDCqzNpuA8AlvWYAiRpNaHWjT99lZQqM3n+lt6oUYgOtG8G2ca1996x v1zbmbqdvkxNaW5CCa4U3k5yGeSHveayL2S9VLIhSI+JIpJrEvEkz9Kv4HjD1S1ZiVn+ XN9Z5GMQRZKZ2/Ky1tm08AS5CDjpnwHcfZUIzzNI3R5ssJBlWe4CqaodtftxX2XVEiiD 2GZ22cOwn94Xds7MVfnwpwENh5orOj3OLkFzDOZGIgFYNz0imkAqjptS6hAcsQIAL4co uRIybBpYMrV/+oBnqX1HMtPNTFjV4XrR/5eUqTOERZ16f24eidD07q84kH45KwLAblfy Ksmw==
MIME-Version: 1.0
Received: by 10.50.40.166 with SMTP id y6mr9603636igk.57.1352414748387; Thu, 08 Nov 2012 14:45:48 -0800 (PST)
Received: by 10.231.56.89 with HTTP; Thu, 8 Nov 2012 14:45:48 -0800 (PST)
Received: by 10.231.56.89 with HTTP; Thu, 8 Nov 2012 14:45:48 -0800 (PST)
In-Reply-To: <509C2C71.8070100@gnutls.org>
References: <CADHfa2BHTfpWQ5ZdWrTppv2iPg0EfUtaRj7Btr9uGdAuvk2Hbw@mail.gmail.com> <509C2C71.8070100@gnutls.org>
Date: Thu, 08 Nov 2012 17:45:48 -0500
Message-ID: <CAL9PXLz20sh_O1K5LEuyS4FoGY=vHo-AfnCd97k4WKZnAS=7zQ@mail.gmail.com>
From: Adam Langley <agl@google.com>
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Content-Type: multipart/alternative; boundary="14dae934045baaa9c304ce0398b4"
X-Gm-Message-State: ALoCoQnK1gSiOJhmNdXCqD+QhCOKW2jsLjKIjKYoSwDVHeszcgc3Ltk8zyz0yxBPUDYjD7/mKDPAgFIwY3WN8pk9hV/z8Oip3kg+SnMr7VVlAh3CSImyHQtUgJSnO1CLPEXEH9JjBZjR+X/G4s9hoidUncQCDmej58KFEe6itlc/VUKzOIQkxCgJjFQYq8+ozJhQiDVdx8W6
Cc: tls@ietf.org
Subject: Re: [TLS] Update on Origin-Bound Certificates: Now called "Channel ID"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2012 22:46:01 -0000
On Nov 8, 2012 5:04 PM, "Nikos Mavrogiannopoulos" <nmav@gnutls.org> wrote: > > On 11/08/2012 10:22 PM, Dirk Balfanz wrote: > > > Hello everybody, > > > Hello, > Some comments/questions inline. > > > (TLS-OBC: http://tools.ietf.org/id/draft-balfanz-tls-obc-01.txt) draft > > > expire. The reason for this is that we (i.e., Google) had implemented > > TLS-OBC as described in the draft (in Chrome and server-side), and we > > weren't too happy with it. There were a few of problems: > > > > (1) Client certificates are part of the session state. Not only does that > > mean that the session state is now considerably bigger than it used to be, > > it also means that anyone that can steal session secrets (malware on the > > client) can make it look to the server as if they were in possession of the > > client's private key, even if that private key sits in a TPM on the client. > > > How is that? Do you mean by session resumption? Isn't it the same on the > current draft ChannelIDs are not part of the session state and need to be sent in an abbreviated handshake. (The draft may be unclear on that point.) > > > This spec is silent on the scope of the keys (but in practice we expect > > browsers to use eTLD+1 now instead of more fine-grained origins), and > > addresses all the other issues explicitly: the Channel IDs are not part of > > the TLS session state, and are exchanged after encryption is turned on. > > > > A comment on the new name: One of the ways the new spec is simpler than the > > old one is that there are no more X.509 certs involved in proving > > possession of the client key - so there goes the "C(ert)" in the "OBC" > > acronym. Because of the agnosticism of the new spec toward the scope of the > > client keys, there is also no "O(rigin)" anymore. Hence, we needed a new > > name. > > > The approach actually looks like a prime user of the > draft-ietf-tls-oob-pubkey extension that allows to send the > SubjectPublicKeyInfo. Why not use send a SubjectPublicKeyInfo which > allows any type of client public key, instead of sticking to a fixed > ECDSA curve? No additional extension would be required. That was suggested in the meeting. The reasons why that wouldn't work without modification are that: it's part of the session state, it's unencrypted in the handshake and we cannot also have a client cert if we do that. One of our reasons for doing something else rather than modifying client certs was our experience that doing so turned into a bit of a mess when we did it last time. Cheers AGL > > regards, > Nikos > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Update on Origin-Bound Certificates: Now ca… Dirk Balfanz
- Re: [TLS] Update on Origin-Bound Certificates: No… Nikos Mavrogiannopoulos
- Re: [TLS] Update on Origin-Bound Certificates: No… Adam Langley
- Re: [TLS] Update on Origin-Bound Certificates: No… Nikos Mavrogiannopoulos
- Re: [TLS] Update on Origin-Bound Certificates: No… Adam Langley
- Re: [TLS] Update on Origin-Bound Certificates: No… Chris Richardson
- Re: [TLS] Update on Origin-Bound Certificates: No… Adam Langley
- Re: [TLS] Update on Origin-Bound Certificates: No… Nikos Mavrogiannopoulos
- Re: [TLS] Update on Origin-Bound Certificates: No… Chris Richardson
- Re: [TLS] Update on Origin-Bound Certificates: No… Paul Hoffman
- Re: [TLS] Update on Origin-Bound Certificates: No… Ben Laurie
- Re: [TLS] Update on Origin-Bound Certificates: No… Ben Laurie
- Re: [TLS] Update on Origin-Bound Certificates: No… Daniel Kahn Gillmor
- Re: [TLS] Update on Origin-Bound Certificates: No… Adam Langley
- Re: [TLS] Update on Origin-Bound Certificates: No… Adam Langley
- Re: [TLS] Update on Origin-Bound Certificates: No… Adam Langley
- Re: [TLS] Update on Origin-Bound Certificates: No… Martin Rex
- [TLS] illegal alert [was: Update on Origin-Bound … Nikos Mavrogiannopoulos
- Re: [TLS] illegal alert [was: Update on Origin-Bo… Martin Rex