Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
Nico Williams <nico@cryptonector.com> Sat, 06 March 2021 06:07 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 678113A1378 for <tls@ietfa.amsl.com>; Fri, 5 Mar 2021 22:07:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PGtpHdzcrL8W for <tls@ietfa.amsl.com>; Fri, 5 Mar 2021 22:07:08 -0800 (PST)
Received: from antelope.elm.relay.mailchannels.net (antelope.elm.relay.mailchannels.net [23.83.212.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB62C3A1377 for <tls@ietf.org>; Fri, 5 Mar 2021 22:07:07 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DE333362001; Sat, 6 Mar 2021 06:07:05 +0000 (UTC)
Received: from pdx1-sub0-mail-a60.g.dreamhost.com (100-96-16-25.trex.outbound.svc.cluster.local [100.96.16.25]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 61B18361949; Sat, 6 Mar 2021 06:07:05 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a60.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.16.25 (trex/6.0.2); Sat, 06 Mar 2021 06:07:05 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Trouble-Stop: 41d5cb012395e6d9_1615010825697_1842284480
X-MC-Loop-Signature: 1615010825697:1456498520
X-MC-Ingress-Time: 1615010825697
Received: from pdx1-sub0-mail-a60.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a60.g.dreamhost.com (Postfix) with ESMTP id 214F0855BC; Fri, 5 Mar 2021 22:07:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to; s=cryptonector.com; bh=zOh/U8JWyABzSgUkGN3O90adM9c =; b=ZqiV47NNpSaOxoPbaZGaaiUye9QzEfMBvaXI4EnRMb0S0s5P8sA1EaE9NvD eGknQcQ6GWRUE85OWx+CIA+U99WbNhkZSDHj0zFctkppXFBLd//3zD65Y1qhR0fk Bi5k54U74bKyqQ2lFCNT836eZKckJ8+wEm7pI74+ppCMl/FU=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a60.g.dreamhost.com (Postfix) with ESMTPSA id BD7AD83677; Fri, 5 Mar 2021 22:07:03 -0800 (PST)
Date: Sat, 06 Mar 2021 00:07:01 -0600
X-DH-BACKEND: pdx1-sub0-mail-a60
From: Nico Williams <nico@cryptonector.com>
To: tls@ietf.org
Message-ID: <20210306060700.GX30153@localhost>
References: <f3afdea307594d4f8cf1a81f09c57aa9@siemens.com> <YEJ05QPD7pwP8yFE@straasha.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <YEJ05QPD7pwP8yFE@straasha.imrryr.org>
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/glvCg3It6ggRDcY80TlmSVGhmR8>
Subject: Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Mar 2021 06:07:10 -0000
On Fri, Mar 05, 2021 at 01:13:57PM -0500, Viktor Dukhovni wrote: > This harks back to another recent thread where it was noted that one > needs to make a distinction between authentication and authorisation. > > The integrity of a TLS 1.3 session (which always performs ephemeral key > agreement that offers forward-secrecy) is not compromised if later the > signing keys of one of the parties is compromised. So there is no need > to check CRLs or renegotiate to just to maintain a secure connection. > > On the server side, if the client's identity is used as a key into an > authorisation table, one just needs to periodically (or even at each > logical request) to revalidate the client's authorisation, there is > generally no need to "re-authenticate" the client. Yes, authorization is probably getting conflated here. Suppose the authorization is local and slow to be updated. E.g., when an employee separates from their employer, local authorization may not get updated with much celerity, so if the subject's certificate expires sooner than local authz could get updated, then re-authenticating the subject would help. (This assumes credentials do expire with celerity, but that is good practice.) That might seem weird, but consider a stateful file server, something like NFSv4, say, and suppose that a client connects, authenticates, successfully opens some file to which they were authorized and... maybe now they can use that open file reference forever, much as one expects in POSIX. Except NFSv4 will require reauthentication though, so the client cannot in fact use that open file reference forever. But the NFSv4 server (I think) will not re-evaluate ACLs for existing open file handles as the ACLs change (per POSIX). Re-authenticating the client does serve something of an authorization purpose in the file server example. (Of course, a file server doesn't need to hew to POSIX on this, and could re-evaluate ACLs for open file references, and/or it could have a revocation feature like BSD's revoke(2) that lets users forcibly close open file references.) > If there is a concern that a server may somehow mid-session cease to be > [...] +1
- [TLS] Question to TLS 1.3 and certificate revocat… Fries, Steffen
- Re: [TLS] Question to TLS 1.3 and certificate rev… John Mattsson
- Re: [TLS] Question to TLS 1.3 and certificate rev… Salz, Rich
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… John Mattsson
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Watson Ladd
- Re: [TLS] Question to TLS 1.3 and certificate rev… Eric Rescorla
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Peter Gutmann
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Hannes Tschofenig
- Re: [TLS] Question to TLS 1.3 and certificate rev… Peter Gutmann
- Re: [TLS] Question to TLS 1.3 and certificate rev… Graham Bartlett
- Re: [TLS] Question to TLS 1.3 and certificate rev… Deb Cooley
- Re: [TLS] Question to TLS 1.3 and certificate rev… Graham Bartlett
- Re: [TLS] Question to TLS 1.3 and certificate rev… Hannes Tschofenig
- Re: [TLS] Question to TLS 1.3 and certificate rev… Hannes Tschofenig
- Re: [TLS] Question to TLS 1.3 and certificate rev… Benjamin Kaduk
- Re: [TLS] Question to TLS 1.3 and certificate rev… Graham Bartlett
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Question to TLS 1.3 and certificate rev… Peter Gutmann
- Re: [TLS] Question to TLS 1.3 and certificate rev… Benjamin Kaduk
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Peter Gutmann
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Olle E. Johansson
- Re: [TLS] Question to TLS 1.3 and certificate rev… Fries, Steffen
- Re: [TLS] Question to TLS 1.3 and certificate rev… Salz, Rich
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Fries, Steffen
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Jonathan Hoyland
- Re: [TLS] Question to TLS 1.3 and certificate rev… Fries, Steffen
- Re: [TLS] Question to TLS 1.3 and certificate rev… Fries, Steffen
- Re: [TLS] Question to TLS 1.3 and certificate rev… Jonathan Hoyland