[TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
Ryan Hurst <ryan.hurst@gmail.com> Sun, 28 July 2024 17:50 UTC
Return-Path: <ryan.hurst@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1765C15153F for <tls@ietfa.amsl.com>; Sun, 28 Jul 2024 10:50:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bb2GxuWVLZrB for <tls@ietfa.amsl.com>; Sun, 28 Jul 2024 10:50:15 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0410C14CE24 for <tls@ietf.org>; Sun, 28 Jul 2024 10:50:14 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2ef2d582e31so33732001fa.2 for <tls@ietf.org>; Sun, 28 Jul 2024 10:50:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722189012; x=1722793812; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=hc98UncaRwg4PZNGSgOYrLnz0Kq5QM3JZkUX7x2jZpk=; b=NKmqsjxKryeg3+Ynj5pPIdHJ1cOEvXcZI9i04r9L6PiKy2gOSNOMfi/Z4CVqMStlR3 aGTIRNKnp0zJXP6mnmixQYeuH+zhPkEdd1ReJkzKGBP7/BoDCbGUNEihByGj+RtqELol UrOCVeI1xJWN9dukc+wECsld5C1gEV0Q18jt2Mwcop8B26DzkV2eZSTUIQISRx1Cf2it rIWIAwZkeaDXNbfwdrmxYpB6/62FAhQ+7kEyDmN082CrGk/keGwHTrXHwOOQVlkg2HR+ EqkngsEyWfxUfXQJPWCVuKhXke8OXdrtSK5bJ4VTY2uWqyHsbDgNoZcgotMJwJb0p85R OCRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722189012; x=1722793812; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hc98UncaRwg4PZNGSgOYrLnz0Kq5QM3JZkUX7x2jZpk=; b=np0ClXR0xm7MZQ8T7Tq3mSbzFknEvUnZ5yW05z8KPtEfmeQcH+2hdGm5AnN80UXGTL SnEvOdhhwCTYlG+egw3dzVbmlkq/b/tWn0t4Rb7GWJRsThrXmUkyZXOL/fGHY4TPM2ll Xui6jLWfJ6mVfaM/8q+5pLVSjanyvUwly+Pr6PZ0aiZ7+0W5tzI8cZri8gU8r//cFVQR NzAH1aoTukHKjEiXebBiwTH9yyMfe+ZRLU9J6WnoblGsirkZqZXBUJ3N8W9vcd4aPILG vyblbOJmpDGHX0kcXE1g3Cssyq5ovnEd5KOGVjFW0/Z0A5W+dcitYNGi9Xt0gGVgnKj/ Enuw==
X-Forwarded-Encrypted: i=1; AJvYcCUTTQeF38ZNoNLejxWcNzFJi2oVC9faJKMF2zng6NfnAFXlgUBR/aQsegVH7ormGYG4/+3Hu8ft1pK/Eso=
X-Gm-Message-State: AOJu0Yy2oJNJTx4hHG6QCXgb9YJs6/v9j6O1B7PwTqQNfL+NeDagOZkW UzYP6tllcZJCPNw6p6rO+O1hFfHVkbVPVCC150WrzV1HzxhgjQVbX80zG96r86QJOydZ6EhPYuH psgYEsK9k8TY2E7niwFGzEsPftnWgYQ==
X-Google-Smtp-Source: AGHT+IFsn7GdBzBDkqrzlrMg00E+K3tT/SbYJCd+JHUQQQdr9FX6IKqY1uskI/Ma5CsLYHGMoWEoZkPLKYJfu7BsIJ8=
X-Received: by 2002:a2e:b52a:0:b0:2ef:243b:6dce with SMTP id 38308e7fff4ca-2f12edfb5aemr30216281fa.10.1722189011556; Sun, 28 Jul 2024 10:50:11 -0700 (PDT)
MIME-Version: 1.0
References: <d1589f89-35cb-489f-b195-30feb3e7e40f@dennis-jackson.uk> <SN7PR14MB6492663C2AE4A15639D62F5583AA2@SN7PR14MB6492.namprd14.prod.outlook.com> <e7aee41a-0df4-4048-8692-6805d06cfadd@dennis-jackson.uk> <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com>
In-Reply-To: <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com>
From: Ryan Hurst <ryan.hurst@gmail.com>
Date: Sun, 28 Jul 2024 10:50:00 -0700
Message-ID: <CALVZKwYVh8H4q3zoreyTezzTPZg0UZXfumh+5RCiDE3gVK=MvQ@mail.gmail.com>
To: Sophie Schmieg <sschmieg=40google.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004520f6061e5260be"
Message-ID-Hash: YMA7PYLVYNFHSQ3FO6RSEIGB5OUYIYGZ
X-Message-ID-Hash: YMA7PYLVYNFHSQ3FO6RSEIGB5OUYIYGZ
X-MailFrom: ryan.hurst@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>, TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gyMXEFzoy2YsLWXzrBu1_JC0SLg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
For what it is worth, agree with Sophie, trust anchor negation is needed regardless of PQC, and tying the two topics together artificially would not make either problem domain easier to solve. Ryan On Fri, Jul 26, 2024 at 3:28 PM Sophie Schmieg <sschmieg= 40google.com@dmarc.ietf.org> wrote: > I don't think trust anchor negotiation needs a lot more discussion, over > what has happened already. All in all, I think it's a good mechanism that > is fairly well defined and it's not clear to me how it would benefit from > an interim. > PQ TLS on the other hand has a lot of open questions about things like > different variants of Merkle Tree Certificates that I would love to flesh > out further. If we want an interim, we should focus on that question, and > leave trust anchors out of the discussion, in my opinion, moving them > towards adoption instead of drawing out the process even longer. > > On Fri, Jul 26, 2024 at 11:38 AM Dennis Jackson <ietf= > 40dennis-jackson.uk@dmarc.ietf.org> wrote: > >> On 24/07/2024 12:59, Tim Hollebeek wrote: >> >> I think this is a good summary. I want to support this sort of effort, in part because it's very similar to some other ideas my boss and I were pushing about five years ago. Something similar to this would solve, but also cause, lots of problems. It's not clear whether the net result is better or worse. >> >> But I find it difficult or impossible to evaluate for exactly the reasons Dennis mentions: there's no context explaining how it will be used, or any discussion of the impact on the many other things that would need to change for this draft to be useful. >> >> We need to have open and honest discussions about how roots and root management will work going forward, if we want things to work differently in the future. >> >> -Tim >> >> Thanks Tim and Ilari! >> >> In the meeting on Wednesday, there was only a few minutes for discussion >> at the end of the session. >> >> However, the chairs did propose a vote on 'If we were to adopt T.E. or >> T.A.I, which draft would you prefer?' (to be clear, there was no way for >> participants to indicate 'adopt neither draft'). That vote showed a strong >> preference for the new Trust Anchor Indicators draft over the older Trust >> Expressions draft which really helps narrow the discussion going forwards. >> >> Watson proposed an interim which was supported by 10+ people in the >> meeting [1] and I think is a clear signal that folks feel further >> discussion is necessary. If the chairs can facilitate either an interim or >> a dedicated session for this topic at the next IETF meeting, I would be >> very happy to give a presentation to explain the concerns about both the >> risks and the practicality of the proposal. I hope the authors would also >> be willing present their answers to some of the questions below, including >> their vision for delivering (fully) Post-Quantum TLS and their >> proposal's role in within that. >> >> I look forward to reading the author's updated draft when they've had a >> chance to integrate the feedback from this meeting and will be happy to >> adjust my own comments once the new draft is ready. >> >> In the meantime, I think the mailing lists (and my keyboard) could >> certainly use the rest. >> >> Safe Travels, Dennis >> >> [1] >> https://drive.google.com/file/d/1lgGb3htLz0cO__tnEJPk_ga5X64RsMB6/view?usp=sharing >> >> Original: >> https://zulip.ietf.org/#narrow/stream/140-tls/topic/ietf-120/near/128259 >> >> -----Original Message----- >> From: Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org> <ietf=40dennis-jackson.uk@dmarc.ietf.org> >> Sent: Tuesday, July 23, 2024 9:51 PM >> To: TLS List <tls@ietf.org> <tls@ietf.org> >> Subject: [TLS]Discussions on Trust Anchor Negotiation at IETF 120 >> >> There has been a lot of discussion over the past few days, both in person and >> on the mailing list. I want to share some thoughts on those discussions before >> the meeting tomorrow. >> >> My impression is that there is little consensus on which problems we want to >> solve as a WG. Resolving this is critical for making progress. >> It is almost impossible to have sensible conversations about new drafts >> without agreeing on and understanding the problems we want to solve. >> >> The vast majority of folks I've spoken with have said they're interested in >> solving the challenges around deploying fully PQ TLS, but don't feel that we >> are currently close to a shared understanding of those challenges or the >> tradeoffs around the drafts on the table today. >> >> A smaller number of folks are interested in tackling other problems around >> root store management. I fear this aspect of the problem space is even less >> clearly understood and I heard very little agreement on what the key >> challenges are or how they might be addressed. >> >> I hope tomorrow we can focus our discussion on figuring out as a WG the >> problem(s) that we want to tackle and where we differ in our understanding >> of those problems. I am sure that 20 minutes will not be enough time to >> resolve these complex issues, but I hope we can find a way to continue the >> conversation constructively. >> >> Ahead of the meeting tomorrow, I want to highlight some of the questions >> which I think we need to find and agree on answers for: >> >> - What are the problems that we solving? >> >> - Who are we solving these problems for? Browsers or everyone? >> >> - Are we proposing a hard requirement on this negotiation mechanism for >> anyone wanting to do fully PQ TLS? >> >> - Can the proposed mechanism be enabled by default in TLS Libraries without >> requiring application changes? >> >> - Can the proposed mechanism support use in a private PKI? How about in a >> private PKI that runs over the public Internet (in the now-classic zero-trust >> networking model)? >> >> - What is the long-term vision for TLS and the WebPKI? Are we moving >> forward together or fragmenting? >> >> - How do the proposed mechanisms affect TLS Client Hello fingerprinting or >> other tracking vectors? >> >> - How would the proposed system work in practice? What happens when >> actors follow their own interests rather than the requirements of RFCs? >> >> - Are less popular clients incentivized to lie in their Trust Expressions about >> which root stores they have? The history of browser HTTP User Agent >> spoofing [1] highlights how minority clients are forced to spoof the signals of >> other browsers to maximize site compatibility (even though it violates >> protocol requirements). >> >> - How would versioning root programs work in practice when security >> requirements change? If the same root CAs are in version N and version >> N+1 of a root store and version N+1 adopts a stricter security policy - >> can these root CAs still issue certificates for version N? >> >> - What are the consequences of making it easier to establish new root >> programs? For governments that have previously tried to build domestic >> root programs, would solve some of the problems they faced and encourage >> them to try again? >> >> Ultimately, these are two complex drafts which propose substantial >> changes to TLS and the WebPKI. Besides evaluating the technical details >> in the draft themselves, we also have to tackle the nitty gritty >> operational questions about how a new system would work in practice—in >> particular, considering the incentives of the stakeholders to adopt the >> system and or to deliberately deviate from the intended protocol for >> self-benefit. >> >> Finally, in any proposal which alters the power dynamics of a system, >> there will be difficult questions of a political nature, especially when >> the system in question is depended upon by billions of people. >> >> Naturally, good people will often disagree on the nuances of these >> complex topics. However, we owe it to each other to communicate >> constructively, arrive at a shared understanding and find a path >> forwards that as much of the community as possible can support. >> >> Best, >> >> Dennis >> >> >> [1] https://en.wikipedia.org/wiki/User-Agent_header#User_agent_spoofing >> >> >> _______________________________________________ >> TLS mailing list -- tls@ietf.org >> To unsubscribe send an email to tls-leave@ietf.org >> >> >> _______________________________________________ >> TLS mailing list -- tls@ietf.org >> To unsubscribe send an email to tls-leave@ietf.org >> >> _______________________________________________ >> TLS mailing list -- tls@ietf.org >> To unsubscribe send an email to tls-leave@ietf.org >> > > > -- > > Sophie Schmieg | Information Security Engineer | ISE Crypto | > sschmieg@google.com > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS]Discussions on Trust Anchor Negotiation at I… Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ilari Liusvaara
- [TLS]Re: Discussions on Trust Anchor Negotiation … Tim Hollebeek
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Sophie Schmieg
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ryan Hurst
- [TLS]Re: Discussions on Trust Anchor Negotiation … Watson Ladd
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Salz, Rich
- [TLS]Re: Discussions on Trust Anchor Negotiation … Andrei Popov
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Tim Hollebeek
- [TLS]Re: Discussions on Trust Anchor Negotiation … Eric Rescorla
- [TLS]Re: [EXTERNAL] Re: Re: Discussions on Trust … Andrei Popov
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ilari Liusvaara