RE: [TLS] Application state binding with TLS session state
<Pasi.Eronen@nokia.com> Fri, 07 September 2007 09:36 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITaGn-0008BB-GF; Fri, 07 Sep 2007 05:36:57 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITaGl-00081y-MT for tls@ietf.org; Fri, 07 Sep 2007 05:36:55 -0400
Received: from smtp.nokia.com ([131.228.20.172] helo=mgw-ext13.nokia.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ITaGk-0003r1-7T for tls@ietf.org; Fri, 07 Sep 2007 05:36:55 -0400
Received: from esebh107.NOE.Nokia.com (esebh107.ntc.nokia.com [172.21.143.143]) by mgw-ext13.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l879amYK001278; Fri, 7 Sep 2007 12:36:49 +0300
Received: from esebh103.NOE.Nokia.com ([172.21.143.33]) by esebh107.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Sep 2007 12:36:24 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh103.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Sep 2007 12:36:24 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Application state binding with TLS session state
Date: Fri, 07 Sep 2007 12:36:24 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F24048B0E06@esebe105.NOE.Nokia.com>
In-Reply-To: <46531FFA79FDBFFC04403B38@[10.0.1.3]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Application state binding with TLS session state
Thread-Index: AcfwvtTNlyvO/yB6RMeu+JYXClm4kgAcSa9Q
References: <46531FFA79FDBFFC04403B38@[10.0.1.3]>
From: Pasi.Eronen@nokia.com
To: Chris.Newman@Sun.COM, tls@ietf.org
X-OriginalArrivalTime: 07 Sep 2007 09:36:24.0469 (UTC) FILETIME=[8E7EEC50:01C7F132]
X-Nokia-AV: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Binding of application state to TLS session applies not only to 4507bis, but ordinary TLS session resumption as well. Current TLS implementations usually have some kind of APIs that allow applications to store application-specific data in the TLS session cache entry (e.g., SSL_SESSION_set_ex_data() in OpenSSL and SSLSession.putValue() in Java JSSE), but this is not really mentioned anywhere in the TLS RFCs. As long as this is purely a local implementation detail, maybe it even doesn't need to be mentioned in protocol standards... But if some application protocols would start assuming that this feature exists (in a way that has to be implemented in TLS layer, and can't be implemented by the application calling TLS), then things become more complicated... Best regards, Pasi > -----Original Message----- > From: ext Chris Newman [mailto:Chris.Newman@Sun.COM] > Sent: 06 September, 2007 22:48 > To: tls@ietf.org > Subject: [TLS] Application state binding with TLS session state > > During IESG review of draft-salowey-tls-rfc4507bis, I raised > this issue: > > --- > If an application performs user-level authentication subsequent to > initiation of the TLS tunnel (e.g. via GSSAPI or SASL), it would be > possible for the application to trigger a TLS-level renegotiation > that includes a NewSessionTicket embedding information about the > app-level authentication. Alternatively, the application could have > a mechanism to bind the user-level authentication to a given session > ticket (although this would involve server state). Then on > re-connection, the application could use app-level mechanisms to > automatically resume the user session (e.g. IMAP PREAUTH or SASL > EXTERNAL). It's not clear to me if this is a good/bad idea, what > the security risks would be, or if TLS stacks should be advised to > include APIs to facilitate such use of the mechanism. This document > is silent on such interaction with applications. Were this a first > version, I'd ask for this issue to be considered and addressed if > there was consensus. But I don't want to delay an obvious bugfix to > an already published RFC. > --- > > We felt this issue would require significant WG discussion to > address and it was more important to get the 4507 bugfix out > promptly. > > However, I do want the working group to consider this and decide > what to do about it. As there's a general issue of binding > application state to a TLS session, some text in the TLS 1.2 > specification addressing this might be appropriate. > > What do others think about this topic? > > - Chris _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Application state binding with TLS session … Chris Newman
- RE: [TLS] Application state binding with TLS sess… Pasi.Eronen
- Re: [TLS] Application state binding with TLS sess… Eric Rescorla