IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Issue

Eric Rescorla <ekr@rtfm.com> Wed, 11 July 2012 14:21 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEFE821F86B9 for <tls@ietfa.amsl.com>; Wed, 11 Jul 2012 07:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.787
X-Spam-Level:
X-Spam-Status: No, score=-102.787 tagged_above=-999 required=5 tests=[AWL=0.190, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tj9wYWuri6KQ for <tls@ietfa.amsl.com>; Wed, 11 Jul 2012 07:21:36 -0700 (PDT)
Received: from mail-vc0-f172.google.com (mail-vc0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7DA9221F86A7 for <tls@ietf.org>; Wed, 11 Jul 2012 07:21:36 -0700 (PDT)
Received: by vcqp1 with SMTP id p1so843470vcq.31 for <tls@ietf.org>; Wed, 11 Jul 2012 07:22:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:x-gm-message-state; bh=knDT4zsNumTp4w6b4mOIVlQ+EARJIhryStKjHtRc/LE=; b=e5rveGQaO1rPFZBwMslgvFmYX2lCjd75UYvN/7fp69jb04e/4STqLFLKC/yqO3fOmT Pf/aBoWg11OOWXF/ixurtaZJKaq47AQSOumfhWn0X9gIeeQotm+wPrKCijrGI5UH8UM1 4fBCZVl9WDqxPaLYKb+AcpnosOoLixYj6VztZYHLvbXncVXuXYssYsGfjYNPXjHUdT2r Uo9XimDUrKxeLbIck9qtZw7QQGZl7/fhAkXkuqNKuGc6ygB3t6UQ2mZIuMJAf6xf1xMc KmstDKqYEGKrXaVyHo0e3VOmU4hO4gScgMM7cGigDUmapbi8/g364I3kuYVZ7ESJN53Q SJMg==
Received: by 10.220.153.198 with SMTP id l6mr23136896vcw.2.1342016526233; Wed, 11 Jul 2012 07:22:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.35.209 with HTTP; Wed, 11 Jul 2012 07:21:25 -0700 (PDT)
X-Originating-IP: [74.95.2.173]
In-Reply-To: <1CA8C4CB-1FD8-4498-9988-41B6334F58FD@gmx.net>
References: <1CA8C4CB-1FD8-4498-9988-41B6334F58FD@gmx.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 11 Jul 2012 07:21:25 -0700
Message-ID: <CABcZeBOUzauWUzosjKB+TphvuJgCoY929zb_NezfypbmJv98gQ@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQk41kgTKh04t+QLs0VxZDc9pGCEEiOb3kC/Zb/eT6u1/cmXwsI8sqlF4nG3+ruskr1IYURK
Cc: tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-oob-pubkey: The Open Issue
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2012 14:21:38 -0000

On Wed, Jul 11, 2012 at 3:56 AM, Hannes Tschofenig
<hannes.tschofenig@gmx.net> wrote:
> Hi all,
>
> draft-ietf-tls-oob-pubkey specifies a new TLS certificate type for exchanging raw public keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) for use with out-of-band public key validation.
>
> Here is the latest draft:
> http://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-03
>
> I would be great to get your feedback on an open issue that concerns the semantic of the exchange. I believe there are three use cases we would like to support with this work. Below, I provide high level message exchanges to explain those:

It might help if you desscribe the actual open issue.


> I) Server uses Raw Public Keys (client authentication happens at some other layer)
> (the DANE use case)
>
> client_hello,
> raw-public-key-indicator="Server, when you send me your raw public key?

Is your suggestion that this is indicating ":I would not support X.509?


> I support this out-of-band key validation using DANE." ->

Wait, who said anything about indicating DANE here? The agreed upon
indication was
"I would support a public key", nothing about DANE.



>                           <-  server_hello,
>                               raw-public-key="OK. The certificate structure below contains my raw public key.",
>                               certificate, // with raw public key inside
>                               server_key_exchange,
>                               server_hello_done
>
> client_key_exchange,
> change_cipher_spec,
> finished                  ->
>
>                           <- change_cipher_spec,
>                              finished
>
> Application Data        <------->     Application Data
>
>
> II) Client and Server use Raw Public Keys
> (the smart object use case - CORE working group)
>
> client_hello,
> raw-public-key="Server, please send me your raw public key and I will then send you mine. Are you OK processing my raw public key for client authentication?" ->

This is not a semantic associated with the client. In TLS the server
requests client auth. At most the client could say "I could
send you a raw public key for auth if you asked for it"


>                           <-  server_hello,
>                               raw-public-key="Below you find my raw public key and please send me your raw public key for client
>                                                            authentication",
>                               certificate, // raw public key
>                               server_key_exchange,
>                               certificate_request,
>                               server_hello_done
>
> certificate, // with client's raw public key
> client_key_exchange,
> certificate_verify,
> change_cipher_spec,
> finished                  ->
>
>                           <- change_cipher_spec,
>                              finished
>
> Application Data        <------->     Application Data
>
>
> II) Hybrid Scenario
> (the OAuth Holder-of-the-Key Use case)
>
> client_hello,
> raw-public-key="I would like to use my raw public key for client authentication with OAuth. I also process X.509 for server-side authentication." ->

As above.


>                           <-  server_hello,
>                               raw-public-key="Please send me your raw public key.

This is in certreq, no?


>  I use X.509 for server-side authentication",

Why would this need an indication?

>                               certificate,  // with X.509 cert.
>                               server_key_exchange,
>                               certificate_request,
>                               server_hello_done
>
> certificate, // with client's raw public key
> client_key_exchange,
> certificate_verify,
> change_cipher_spec,
> finished                  ->
>
>                           <- change_cipher_spec,
>                              finished
>
> Application Data        <------->     Application Data
> --------
>
> QUESTION: Are these all the message exchanges we need? Are there some problems with the exchanges?
>
> Ciao
> Hannes
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email