IETF Logo Mail Archive

Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)

Eric Rescorla <ekr@rtfm.com> Mon, 01 February 2021 16:27 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B8123A12BB for <tls@ietfa.amsl.com>; Mon, 1 Feb 2021 08:27:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mRRJC8Y7yXT1 for <tls@ietfa.amsl.com>; Mon, 1 Feb 2021 08:26:59 -0800 (PST)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAF833A12B5 for <tls@ietf.org>; Mon, 1 Feb 2021 08:26:58 -0800 (PST)
Received: by mail-lf1-x12b.google.com with SMTP id f1so23606431lfu.3 for <tls@ietf.org>; Mon, 01 Feb 2021 08:26:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tOkspO8AjteI+I6TZ9dxCW6txswDGUe1d5cJyJyrufA=; b=AcYD6ot/SJEUYQmB8+9tzb5iGX1R5WuPer1/PV7D+XFFpCPwPNETlnz/VzcQDN5Zan u7cfaVmTMABq2l7n72A3KOXifdv7ZqPP89hr5+pB99pWTWpFXzAKweqsY9cmGwpBqg+7 yl2wU/B8YrHUKd3ez39ybmRprs1BtxDqz09psLiVJQhf/FK4bJB06oDhRX7fU7ihC/Az wnol9FPDn1TWx6Ez80QJIFsGRNu8MwbMsJds8fgboVVcMl8bMp6e0X4PCfJZkmZzFtym QoDaUn5krm1QgCJy/UDHmXUr9UNsL19CDhin6DjZbMvb3bQDibbv03jQroME1wT2QcGq sldg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tOkspO8AjteI+I6TZ9dxCW6txswDGUe1d5cJyJyrufA=; b=AxeuOWSsds4z1Y1Vg2lKSRS1j7sQWBjwPi+hZ2kydqIT9kkOmzUSfx83mIUOL/+DvT GnwD5UMdSMvdMTkQra6yObrRm6xgxDZ2iDPcDY+09c6Qm0Eja4gygEu/zrF2VSFVdGII uI+DyZkMfO02jUEKx0/UxyNXKnoAh3YCh1aoupR1yLXCo0i00pBbGkls1OfNkZmsmswK Y9iB+xpNvJghN/7bCa8e2hQfzYQ25qj2cycnvBtRi/QP6jCjM5p25gqWeeH3Y/NRsZlF wK0lBS8Uskd4EGb65Yv5GADKEK7bEhZEyAcg0FtKIXlzVzJaJ/uqh6024cBeB1AAxh0F qloQ==
X-Gm-Message-State: AOAM531Lm44Nv30Ga9v9sZn5igabl4w3FGmRY5j7WqpqM98dRuML2r+t jHyJ+lboQ6hQDIRP6veQPMRT9VjEk309nfYdUviO0g==
X-Google-Smtp-Source: ABdhPJxv8xRSo/JdjphXytywk1IWcTL+AtS97kz1QRAmcEpEviCFjA8P3M5OnnoZEUilyS0wZLxhKKaY3SZMiZ1EydI=
X-Received: by 2002:a19:c519:: with SMTP id w25mr8739763lfe.16.1612196816783; Mon, 01 Feb 2021 08:26:56 -0800 (PST)
MIME-Version: 1.0
References: <e669002f-caff-1e6e-e28b-d09157eb0c07@ericsson.com> <6241F0B6-C722-449E-AC3A-183DE330E7B5@deployingradius.com> <9ddd1593-3131-f5cc-d0db-74bf3db697bf@ericsson.com> <3CB58153-8CCA-4B1E-B530-BA67A6035310@deployingradius.com> <CAOgPGoA3U+XpZMY7J+KGovNx6MtAdEzRaGW33xVJdQNWSi4LVg@mail.gmail.com> <770e6a49-52fc-4e8b-91af-48f85e581fbb@www.fastmail.com> <CAOgPGoBGOMXH-kMhQSujWxnACdmBL845u0ouE0fUYc4rWtUrZg@mail.gmail.com> <ca4c526e-79a0-4fa7-abda-2b626795f068@www.fastmail.com> <3409F71E-4CE4-46BB-8079-BFBE9BE83C9A@deployingradius.com> <66157321-55DC-4831-8EF2-D75934D9024C@deployingradius.com> <20210129183220.GI21@kduck.mit.edu> <1A830492-3404-4BCC-844B-D7D950458BD9@deployingradius.com> <CABcZeBMAtmPfG0rctvO8UvnhPqY1etk=SxnonP_t6ysNxH7hVA@mail.gmail.com> <D6AAF668-86C8-4C5D-AF1E-B37F106A4D1C@deployingradius.com> <CABcZeBPES99+xo16=aSDJQbGpzM_Q+k-pWtg424Gu4UAcFbo9Q@mail.gmail.com> <FFE1B807-B055-45DF-84FA-A0D63C058729@deployingradius.com>
In-Reply-To: <FFE1B807-B055-45DF-84FA-A0D63C058729@deployingradius.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 01 Feb 2021 08:26:19 -0800
Message-ID: <CABcZeBMeR-kH_P_Lq9X8sOCvZ=u8_tGEOE2QErKX--Tk3cEg=Q@mail.gmail.com>
To: Alan DeKok <aland@deployingradius.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, "<tls@ietf.org>" <tls@ietf.org>, Martin Thomson <mt@lowentropy.net>, EMU WG <emu@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000929dee05ba48d2e0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iEf9D7R7QFO82FzvXXY0R-_v6O8>
Subject: Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 16:27:01 -0000

On Mon, Feb 1, 2021 at 8:22 AM Alan DeKok <aland@deployingradius.com> wrote:

> On Feb 1, 2021, at 11:09 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> > That's not what I'm proposing. I'm only talking about the case where the
> server says this after flight (2).
>
>   OK, my misreading of the text.
>
> > Right. But close_notify is the message that more matches the TLS
> semantics.
>
>   I agree.
>
> > Ignoring the protocol mechanics, let's just talk about what signals you
> think the client ought to want to receive. The two I am aware of are:
> >
> > 1. From the server's perspective, the TLS handshake is complete.
> > 2. The server will not be sending any more handshake messages to the
> client.
> >
> > When client authentication is being used, then for obvious reasons (1)
> cannot be delivered prior to the server receiving and processing the
> client's certificate. Agreed?
>
>   Yes.
>
> > Indeed, this seems like a problem with the flow shown in Figure 1,
> because the server sends Commitment prior to reading the client's cert.
>
>   Yes.
>
> > ISTM that the relevant question is when one might want to receive (2).
> In particular, when would the client want to learn that the server will not
> send any more handshake messages when the client has second flight
> handshake messages still outstanding? Can you explain to me how this is
> useful?
>
>   I'm just trying to summarize the discussion so far, and get
> clarification on exactly what we're trying to do. So take what I say with a
> grain of salt... I didn't write the text in the current draft.
>
>   The main issue I can see where (2) might be useful is to deal with TLS
> 1.3's separation of "TLS finished" from other handshake messages.  If the
> SessionTicket message comes *after* "TLS finished", then it might be in a
> separate EAP packet.  The client doesn't know that there's an additional
> handshake until it receives that message.
>
>   So an explicit CloseNotify sent by the server *after* receiving the
> client certificate would seem useful.  It's an authenticated message saying
> "yes, I agree we're done".
>
>   If the client cert has issues, the server can send TLS alerts *before*
> the CloseNotify.  So the client has to either wait for those, OR an
> explicit CloseNotify, to see if it's (a) rejected, or (b) authenticated
>

Yes, this is what I have in mind. So, maybe there's never any need for the
server to say "I won't say anything more" after just one round trip?

-Ekr

  Alan DeKok.
>
>

v2.23.0 | Report a Bug | By Email