Re: [TLS] TLS Export Channel Binding
Jonathan Hoyland <jonathan.hoyland@gmail.com> Fri, 01 May 2020 18:09 UTC
Return-Path: <jonathan.hoyland@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF7B3A196A for <tls@ietfa.amsl.com>; Fri, 1 May 2020 11:09:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tBMdg1VbxWAp for <tls@ietfa.amsl.com>; Fri, 1 May 2020 11:09:21 -0700 (PDT)
Received: from mail-vs1-xe2f.google.com (mail-vs1-xe2f.google.com [IPv6:2607:f8b0:4864:20::e2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C2A83A19C9 for <tls@ietf.org>; Fri, 1 May 2020 11:09:09 -0700 (PDT)
Received: by mail-vs1-xe2f.google.com with SMTP id z1so6765368vsn.11 for <tls@ietf.org>; Fri, 01 May 2020 11:09:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Y3OnT5XqwxKb4OCKgqiX71hxFA7vXr8z9KHe+UStG/4=; b=RvnvrVCj55RaPTWwHgAWwpqy9/qdH8t/E6yme6wIpoRmAm4WIZCv6APh3wUxglJjIJ trLHrZNiCKpEseqnFPO/LEiRDrDerMhmFrNUhbEZHPgzLgj23zbylJsWbrAi7GwKGEHj 3mmMlfgTSV9PV5JGhiGH6B4jZdh4t1Ol/v84iklnIk6LY/I136tOsPfQUlfIU5TYp0g6 LSmeCsM6k2daTs85JyVDh4XaQKIzX5UkL9G7zBwDHSLYRi8OcoUUSo5m5DzPrhIiUeRU pMFMhcwDe2O5mvODTnU2x4pz3MJKzx4oTDU7t3SQ+AxawTulaOBa/8YEMCvojb1IHSZO xoag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Y3OnT5XqwxKb4OCKgqiX71hxFA7vXr8z9KHe+UStG/4=; b=aS5sa/b40o4j5ccJyBjonl2ISp6czI4iskvcxqxzsVJNpJn4kDpI9YFl59Tdggwv0b byTeX9/4vKfKfcIcVXlS3LDHWiVZaO2170g2EX/EvgmPEhPLnu+j+3x8bunKH9Cl0WTj KTjlEGG5ve0gXnRJmJvDPqIlpBbLRpd0TOq+E3aM69dMKPtNEaabS+pVw4CgW7CZ4i69 BxcQ7pt2IiJN8xSC94T3U7aC52W58NoiW7vM4CohsFQJbs82wkPgvehPOQNUIyqQVouS NCCk9aB6GVLty3/WAANxb9s9t0bpAQnfB+aS7voi2zJKq4725QZN+wEgTtOcHwIKcZsV ATsg==
X-Gm-Message-State: AGi0PubMqzp9oe41NSwUu6CEGzV9692iPueT+8+lEFU0JHPkQ92GmlFJ hVYD+H8YR4+7SsrRtM0xKgTlC8E4n4cwADUye3M=
X-Google-Smtp-Source: APiQypJ4NH+AbWCECFK9gQy4hexHq9qzz7fQ8u+HDqgv3UkM2hbV3krc6ZBrQSejfi8e0aMttu1RCASYTvJPS19NXHA=
X-Received: by 2002:a67:c20b:: with SMTP id i11mr4280586vsj.134.1588356548395; Fri, 01 May 2020 11:09:08 -0700 (PDT)
MIME-Version: 1.0
References: <0f20d1f6-56c1-4e01-813f-f8b3c57a5c9b@www.fastmail.com> <CACykbs3WDk7a0+0vCSDfCuib1Bex8SUJ-kvtZhjchvvm+5xc0g@mail.gmail.com> <13c2ff5e-f68e-45b5-bd64-085b9bdaf17e@www.fastmail.com>
In-Reply-To: <13c2ff5e-f68e-45b5-bd64-085b9bdaf17e@www.fastmail.com>
From: Jonathan Hoyland <jonathan.hoyland@gmail.com>
Date: Fri, 01 May 2020 19:08:57 +0100
Message-ID: <CACykbs3+G8DCwC3ZrCbmzoygGkz6nRoYWHVxKWw3BvJ8YwAv7Q@mail.gmail.com>
To: Sam Whited <sam@samwhited.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d8051105a49a13f7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/je7O1-3FdS1jU395gtPcMJ8vchQ>
Subject: Re: [TLS] TLS Export Channel Binding
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 18:09:29 -0000
Hi Sam, I think the idea is that any unique¹ exporter _is_ an RFC 5056-compliant channel binding. Maybe I'm missing something, but I don't see what your draft adds? If someone wants to construct a channel binding then they agree with their peer on a context and a label, and use that to construct an exporter key. If they mix that key into the key schedule of some other protocol then that second protocol is bound to the TLS session². If they want to pick the label "EXPORTER-Channel-Binding" and the empty context, then that's already covered by the spec. Is the idea to reserve the string for some specific use? If so, then the suggested string is far to general, as it describes _any_ use of the interface. What do you see as the difference between an Exporter key and a channel binding? Regards, Jonathan 1. I'm assuming an exporter is unique within a given TLS session iff the given label and context are unique. 2. Unless the second protocol does something stupid like leak the TLS session's master secret. On Fri, 1 May 2020 at 17:08, Sam Whited <sam@samwhited.com> wrote: > Hi Jonathan, > > On Fri, May 1, 2020, at 12:00, Jonathan Hoyland wrote: > > I believe TLS Exporters are what you are looking for. > > https://www.rfc-editor.org/rfc/rfc8446.html#section-7.5 > > Thanks for the follow up. That is indeed what the channel binding type > I've created uses. Would the TLS working group be interested in > standardizing such a document? > > I've gone ahead and uploaded my initial draft that I threw together here > in case you're interested: > > > https://datatracker.ietf.org/doc/draft-whited-tls-channel-bindings-for-tls13/ > > —Sam >
- [TLS] TLS Export Channel Binding Sam Whited
- Re: [TLS] TLS Export Channel Binding Sam Whited
- Re: [TLS] TLS Export Channel Binding Jonathan Hoyland
- Re: [TLS] TLS Export Channel Binding Jonathan Hoyland
- Re: [TLS] TLS Export Channel Binding Sam Whited
- Re: [TLS] TLS Export Channel Binding Jonathan Hoyland
- Re: [TLS] TLS Export Channel Binding Sam Whited
- Re: [TLS] TLS Export Channel Binding Alexey Melnikov
- Re: [TLS] TLS Export Channel Binding Alexey Melnikov
- Re: [TLS] TLS Export Channel Binding Alexey Melnikov
- Re: [TLS] TLS Export Channel Binding Sam Whited
- Re: [TLS] TLS Export Channel Binding Jonathan Hoyland
- Re: [TLS] TLS Export Channel Binding Sam Whited