IETF Logo Mail Archive

Re: [TLS] Request mTLS Flag

Mohit Sethi <mohit@iki.fi> Thu, 16 November 2023 19:01 UTC

Return-Path: <mohit@iki.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01B4DC14CE38 for <tls@ietfa.amsl.com>; Thu, 16 Nov 2023 11:01:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dmumko9wvsAk for <tls@ietfa.amsl.com>; Thu, 16 Nov 2023 11:01:01 -0800 (PST)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [IPv6:2a0b:5c81:1c1::37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2A7EC14F748 for <tls@ietf.org>; Thu, 16 Nov 2023 11:00:59 -0800 (PST)
Received: from [10.40.74.95] (85-76-3-43-nat.elisa-mobile.fi [85.76.3.43]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: mohit) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4SWTrl4QkTz49PwQ; Thu, 16 Nov 2023 21:00:52 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1700161255; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=jfoXZr+Lz/izuLMP8CLmIGxtIYLWyAXHRcNdioS3NC0=; b=iSpsNvwjEGid4A8AHfLmelsFxoSIRNhFGdtM5n1SiBuFLbeqdzHB190esSlhOzsnUI94J+ TMkMTdx6OOX4nQSx5hWiLm2honsHWjW69S4dfzDLyWTKoUnsBLUXzzWdjBeMWZ583N421I 5RJyPPoU5Q/SN7LLlYPFVrpBk02Yekc7P0jqlGdIuOegawfJL/zGIDHN3Gyd1zQCIvGvrA XCgi4MNfDlgyOVula/cpuKDR2Xod3Zt0UwEYKV84zAPaTe0qw6eGgqAvIOiCH0muj5j3n2 1lAmSUOWmbSKkXIWeo3E2s+hHEpuY1cHDDolyBykKQEK0Tm7VqNgaMorlT3NNg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1700161255; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=jfoXZr+Lz/izuLMP8CLmIGxtIYLWyAXHRcNdioS3NC0=; b=nugFt6Pi51vJYsEjRRM7//igKNP2FMJ15VLBACixJj0Z7qYvxXTNjyS35dvwbIHA9LBxSV GLAkOdUqx3hM6iMHRfCoy4gIbsziJXp3jjJj16Fd+R5lMDWXo+OqWxhx3fH5VTymjo9R5T Q0mUBxHia0Jhp6qgEPIVsKj090EMKGZtmWk5PUSGZ0Ft5i2EUpcTib1gO/HEQBPB3LnkiV o2fK3QyUcBgjqZ2cy5nyYkmBfSayG5J5mkyMhLf3rj3nJ831ply+LAqPhOIsds4mn0Ewl2 cfxsUzuZ159U1DTVPd2gYIjKxtukDvjxAEJszNmQLKM1OqKqYf0hZSy6bGFZAA==
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1700161255; a=rsa-sha256; cv=none; b=vjfgI7FH2EuZV2zRri9/vEFRxA4aCWYpZzWn2TkU5hYWNEwcs0JGKRmmrP7CGPlQ/5cwwX 7Caa/0+cgsUjekCsMLUFWvcUZbGIGier++WHu9SGHWttyI+IOAKfb8mQuK3x+Jc2vCQy15 LT/EMOJdnXiEYsb7JeH0xUoavGPq9n08F1qmTlWY0uSqBrydU92DZmTSW81UksPzmSKQ32 fVRumcDqkgG7SOAtYjaespALpvq5Xuu21gAvfwmCDtXD4soRx2EOMnCJKgtN4U5f0+F7Q5 1GnGoIjbrk393s1db4Q1/pDwY2g38d8ArCEioJ20zQDKyoZNm2U+LErAOfg9cg==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=mohit smtp.mailfrom=mohit@iki.fi
Content-Type: multipart/alternative; boundary="------------0VeuRK0hVHYQjKO0dn9DbBoC"
Message-ID: <1090f0e5-96ec-47d8-9291-0cf43ab3dfc8@iki.fi>
Date: Thu, 16 Nov 2023 21:00:52 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Jonathan Hoyland <jonathan.hoyland@gmail.com>, tls@ietf.org
References: <CACykbs3TMM6W_K2zHnOjPwuuhxa8ZUnSz2BqvgSGfEpNs71Edg@mail.gmail.com>
From: Mohit Sethi <mohit@iki.fi>
In-Reply-To: <CACykbs3TMM6W_K2zHnOjPwuuhxa8ZUnSz2BqvgSGfEpNs71Edg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/g3tImSVXO8AEmPH1UlwRB1c1TLs>
Subject: Re: [TLS] Request mTLS Flag
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2023 19:01:06 -0000

Hi TLSWG,

I have read draft-jhoyla-req-mtls-flag-00 and the ensuing mailing list 
discussion. I also watched the recording from IETF 118. I fully under 
the use-case where trusted client bots need a mechanism to indicate to 
the server that mutual certificate based authentication is desired.

Unless I am mistaken, it has probably slipped under the radar of the WG 
that this indication is already achievable by using the 
client_certificate_type extension defined in RFC 7250: 
https://datatracker.ietf.org/doc/html/rfc7250 with certificate type 
value = 0: 
https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3.

The table in section 4.2 of RFC8446 even mentions that the extension can 
be included in the ClientHello: 
https://datatracker.ietf.org/doc/html/rfc8446#section-4.2, thereby 
ensuring that the server sends a CertificateRequest message in response 
to the ClientHello received.

If it is indeed the case that the client_certificate_type extension is 
suitable for the use-case, then perhaps it is preferable to not have a 
separate flag. Otherwise, it would make the state machine at the server 
more complicated (for example: handling a ClientHello with both the mTLS 
flag and the client_certificate_type extension).

--Mohit

On 10/23/23 18:22, Jonathan Hoyland wrote:
>
> Hey TLSWG,
>
>
> I've just posted a new draft 
> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-jhoyla-req-mtls-flag-00.html&data=05%7C01%7Cmohit.sethi%40aalto.fi%7Cb1134d8723b640fe8bd608dbd3dc0418%7Cae1a772440414462a6dc538cb199707e%7C1%7C0%7C638336714142818762%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XqLqd8JkVfEKN4xcdZqKAUUwnOgCXufkLJV8XERYILo%3D&reserved=0>that 
> defines a TLS Flag 
> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-tls-tlsflags-12.html&data=05%7C01%7Cmohit.sethi%40aalto.fi%7Cb1134d8723b640fe8bd608dbd3dc0418%7Cae1a772440414462a6dc538cb199707e%7C1%7C0%7C638336714142818762%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6yU2bDzoyiKFhySa3kiVgSvNS5MgZkaYmZlVhBu83KI%3D&reserved=0>that 
> provides a hint to the server that the client supports mTLS / is 
> configured with a client certificate.
>
>
> Usually the server has no way to know in advance whether a given 
> inbound connection is from a client with a certificate. If the server 
> unexpectedly requests a certificate from a human user, most users 
> wouldn’t know what to do. To avoid this many servers never send the 
> CertificateRequest message in the server’s first flight, or set up 
> dedicated endpoints used only by bots. If client authentication is 
> necessary it can be negotiated later using a higher layer either 
> through post-handshake auth or with an Exported Authenticator, but 
> both of those options add round trips to the connection.
>
>
> At Cloudflare we’re exploring ways to quickly identify clients. Having 
> an explicit signal from the client that it has an mTLS certificate on 
> offer reduces round-trips to find out, avoids unnecessarily probing 
> clients that have no certificate, etc. I think this would be an ideal 
> use case for the TLS Flags extension.
>
>
> I have a pair of interoperable implementations (one based on boringssl 
> and one based on Go TLS) which I plan to open source before Prague. 
> Obviously these include implementations of the TLS Flags extension, 
> which hopefully will help drive that work forward too.
>
>
> Regards,
>
>
> Jonathan
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email