IETF Logo Mail Archive

Re: [TLS] Call for adoption of draft-sullivan-tls-exported-authenticator

Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 19 April 2017 05:47 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E29C131513 for <tls@ietfa.amsl.com>; Tue, 18 Apr 2017 22:47:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ulkOi-Dr9Plh for <tls@ietfa.amsl.com>; Tue, 18 Apr 2017 22:47:56 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id A00F013151D for <tls@ietf.org>; Tue, 18 Apr 2017 22:47:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 95C8C24110; Wed, 19 Apr 2017 08:47:53 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id FpalrVUYqk-Z; Wed, 19 Apr 2017 08:47:53 +0300 (EEST)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 3D7FFC4; Wed, 19 Apr 2017 08:47:53 +0300 (EEST)
Date: Wed, 19 Apr 2017 08:47:52 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Nick Sullivan <nicholas.sullivan@gmail.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Message-ID: <20170419054752.GA13952@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAOgPGoCvpjoexe0u2bT+P5eO75L2UbAtmCOx_1x+WxWvv8ktPA@mail.gmail.com> <20170414114425.GA3649@LK-Perkele-V2.elisa-laajakaista.fi> <20170415134152.GA7893@LK-Perkele-V2.elisa-laajakaista.fi> <CAOjisRx7rbhdWDgpbmv_sKebVBygqDfVJ4pQD7wsS6SF8Fws8g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAOjisRx7rbhdWDgpbmv_sKebVBygqDfVJ4pQD7wsS6SF8Fws8g@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hZTsEKE4eWiG_QurYchlqIMoFHo>
Subject: Re: [TLS] Call for adoption of draft-sullivan-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 05:47:59 -0000

On Tue, Apr 18, 2017 at 10:18:03PM +0000, Nick Sullivan wrote:
> On Sat, Apr 15, 2017 at 6:42 AM Ilari Liusvaara <ilariliusvaara@welho.com>
> wrote:
> >
> > How do certificate type extensions (#9, #19 and #20) work with exported
> > authenticators?
> >
> > Where other extensions are either meaningless or are edditional info,
> > certificate types actually change the format of the first certificate,
> > which the library needs to understand in order to extract the SPKI for
> > validating the following CertificateVerify.
> >
> 
> I think it would be fair to only support server-generated exported
> authenticators with the certificate_type negotiated by the TLS handshake.
> If the client sent a list of server_certificate_types in its client hello,
> then only authenticators of that type can be used (with the chosen type
> included an extension to the certificate message). Similarly, if the
> server's EE message contains a single client_certificate_type, that would
> be the only type supported by client-generated exported authenticators. I
> can add text to this effect (
> https://github.com/grittygrease/tls-exported-authenticator/issues/12).

There are two bad problems with this:

- The certificate types in TLS 1.3 are a bad hack just for bare minimum
  support for RPK. Using the thing for client post-handshake auth is
  completely unworkable. And adding new certificate types is pretty
  much only workable in special applications[1].

- Relying on TLS capability negotiation is fundamentally problematic.
  There capabilties may not match. And things get downright unworkable
  when things like signature algorithms are considered.


[1] The recent ITS stuff might be one of these applications. Basically,
you can only handle one certificate per type, any more and one gets
issues. And one certificate per type impiles that one does not need
post-handshake authentication.


-Ilari

v2.23.0 | Report a Bug | By Email