Re: [TLS] SAS extension?
"Dan Wing" <dwing@cisco.com> Tue, 05 August 2008 15:44 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CB78328C2BD; Tue, 5 Aug 2008 08:44:54 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A15928C29E for <tls@core3.amsl.com>; Tue, 5 Aug 2008 08:44:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.578
X-Spam-Level:
X-Spam-Status: No, score=-6.578 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4pbBuqH8vGeh for <tls@core3.amsl.com>; Tue, 5 Aug 2008 08:44:53 -0700 (PDT)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by core3.amsl.com (Postfix) with ESMTP id 0173328C2BD for <tls@ietf.org>; Tue, 5 Aug 2008 08:44:38 -0700 (PDT)
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-1.cisco.com with ESMTP; 05 Aug 2008 15:44:12 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id m75FiCKm007487; Tue, 5 Aug 2008 08:44:12 -0700
Received: from dwingwxp01 ([10.32.240.194]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id m75FiBD3021624; Tue, 5 Aug 2008 15:44:11 GMT
From: Dan Wing <dwing@cisco.com>
To: Peter Saint-Andre <stpeter@stpeter.im>
Date: Tue, 05 Aug 2008 08:44:10 -0700
Message-ID: <038301c8f712$1b4c33f0$c2f0200a@cisco.com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
thread-index: Acj3EhqPJ9RIC7CQR12IiZybDDlkiw==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=3344; t=1217951052; x=1218815052; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20Re=3A=20[TLS]=20SAS=20extension? |Sender:=20; bh=6G8h0uqSwz/tbW6R0oEK9Y1r7BFWWUUGt0t5AU9AkD4=; b=LZxFMWg+wvXsgd2fWtx7FekyWg5IQo/hmMVHYN8+Ba/WKgF7fd0qWivL2m emEDqV68G+SyLoAv4H7Cri7uaGmtyuN+ADU6AgYMd7EuHhWttRZkfwTv+OgC D/8CzXg+gp;
Authentication-Results: sj-dkim-4; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc: tls@ietf.org
Subject: Re: [TLS] SAS extension?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
Peter Saint-Andre wrote: > In the XMPP community we are defining a way to use TLS for > end-to-end encryption. We'd love to use short authentication > strings (SAS) for identity verification. As far as I can see no one > has worked on a TLS extension for SAS. Is there interest in doing > so? I'd be happy to help write an I-D on this topic, but I'm not a > TLS or security expert so it might not be appropriate for me to > lead the effort. Yes, I'm interested in this, primarily from the perspective of DTLS-SRTP. Such a scheme could be helpful as an out-of-band validator of end-to-end identity in the presence of SBCs which destroy signature scheme (RFC4474). There have been active discussions on SIP about this for over a year, but no forward progress. In another message, Peter Saint-Andre wrote: > The more I read about SAS, the more I wonder about applicability, > too. > > In the XMPP community we have worked on a technology for end-to-end > encryption of messaging sessions (a.k.a. encryption sessions, see > [1]), and it has a SAS feature, but it's not clear to me if that > feature is well-specified with regard to the channel in which the > SAS could be communicated (we can't use the XMPP channel, because > we're trying to bootstrap that channel). In any case we have now > begun investigating more seriously the use TLS for end-to-end > encryption of XMPP traffic, both in the link-local case and over > the typical XMPP client-server architecture (see [2], [3], and > [4]). Those developers who have implemented the encrypted sessions > technology think its SAS feature is nifty and would like to have > that feature in the TLS-based technology as well. But as you say, > the SAS would need to be communicated at least via a different > channel and preferably via a trustworthy channel. Developers seem > to think that communicating it via PSTN is sufficient, but doing so > would mean only that an attacker would need to control two > channels, not that the second channel is trustworthy. So we need to > research what might function as a trustworthy channel (e.g., > encrypted email). > > Whether Aunt Tillie would even check the SAS (or any other > credential) properly is another matter, but that's a separate > topic... That inability to audit is a significant hurdle for commercial deployment, of course. The problem isn't just Aunt Tillie, it is the "busy" CxO who can't be bothered to verify they are really talking to accounting versus talking to a social engineer that wants to turn a profit prior to the release of a company's end-of-quarter financial results. Similar risks exist with drug researchers or any other portion of a company that deals with sensitive information or the company's intellectual property. > Peter > > [1] http://www.xmpp.org/extensions/xep-0116.html > [2] http://www.xmpp.org/extensions/xep-0246.html > [3] http://www.xmpp.org/extensions/xep-0174.html > [4] http://www.xmpp.org/extensions/xep-0247.html An approach that some SIP folks considered for end-to-end TLS is to re-use HTTP's CONNECT (which is how you proxy HTTPS through an HTTPS proxy). This might also be helpful for XMPP. The SIP approach is described in http://tools.ietf.org/html/draft-gurbani-sip-sipsec-01 (now expired). -d _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] SAS extension? Eric Rescorla
- Re: [TLS] SAS extension? Pasi.Eronen
- [TLS] SAS extension? Peter Saint-Andre
- Re: [TLS] SAS extension? Peter Saint-Andre
- Re: [TLS] SAS extension? Dan Wing
- Re: [TLS] SAS extension? Peter Saint-Andre
- Re: [TLS] SAS extension? Dan Wing
- Re: [TLS] SAS extension? Peter Saint-Andre
- Re: [TLS] SAS extension? Yaron Sheffer
- Re: [TLS] SAS extension? Peter Saint-Andre
- Re: [TLS] SAS extension? Yaron Sheffer
- Re: [TLS] SAS extension? Peter Saint-Andre