Re: [TLS] Call for adoption of draft-sullivan-tls-exported-authenticator
Victor Vasiliev <vasilvv@google.com> Tue, 18 April 2017 15:29 UTC
Return-Path: <vasilvv@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1530312EC7C for <tls@ietfa.amsl.com>; Tue, 18 Apr 2017 08:29:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.691
X-Spam-Level:
X-Spam-Status: No, score=-2.691 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hu7Ybm5D94IM for <tls@ietfa.amsl.com>; Tue, 18 Apr 2017 08:29:35 -0700 (PDT)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D9AB12EC69 for <tls@ietf.org>; Tue, 18 Apr 2017 08:29:32 -0700 (PDT)
Received: by mail-qk0-x231.google.com with SMTP id f133so133296715qke.2 for <tls@ietf.org>; Tue, 18 Apr 2017 08:29:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rbrDptPk35wNgqUHDXEl4kV7d3f1QTZlJWTodkrkBoc=; b=jGTzqdu8/uyUYVC4lLdHMzn1TExmdaCTxr6ki/ehXKVKlfYRFC2w9UwmwfXzX1wrbu XNVtVBLuHO4D9U9huXaD7iW7AX/uLBMbG1qPYM9Jz+AA6wTVID7FFAqxfDY3LKb5MLg/ lkD0ZdhefyO3qx3ECkBEcVbeIjhCYwcGeg+aD2dgKY8TAL+lXI0J7oRNuQcA57kUXJuX W5QbKdl+yi6/PMSYoZ/yunQBaktYkaDBHqT7gAS2tEmpJ0udmAT6AtmpVuNzf8P0h5sr uwTJQjqtORP4omUdcdHy4wdVWunuKymaOMo8DERLAHeRuqtX0XhnGbPhsR91EVSkpEEF GhLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rbrDptPk35wNgqUHDXEl4kV7d3f1QTZlJWTodkrkBoc=; b=nM46s7MBS2AFIatwRyXz/vb7FKtse3wNl5+eljujZlhwLRgPNOityTmkrCP4mwL8Lf Y7keizaXlGJ30anUgYpZjUcSSSw794zJKbhKTTQbGC8Cmgrgz77cKt6Z1wG20TukOrad 3SBKS3/byT6VcHdwh1VbRZ/doH+yypXK7lyKKL9Z+5TjjN5NDIYJoAcDWAZChMWseCJj xSOwTAqVoG1XIVZx8ARkFO6PlqFz4pOLeP/n+NhqVogcVildKWh9NKK5bQUnta8xT3ue vQwIT1TYHD7Ogt6laTtGQMPkLeKWqHy8dz7QynNqdqBG12sxILq0CJuOtCuUw8zK1VNQ xpJw==
X-Gm-Message-State: AN3rC/4mRufYcuN9WYNTIq6ohheNUTSvodTUdLx7moGnw7kzUg61Cg+k plluTjaOlGyVNio0hXLcwklni8bvd/3lI+g=
X-Received: by 10.55.43.219 with SMTP id r88mr15038389qkr.143.1492529371476; Tue, 18 Apr 2017 08:29:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.76.81 with HTTP; Tue, 18 Apr 2017 08:29:31 -0700 (PDT)
In-Reply-To: <CAOgPGoCvpjoexe0u2bT+P5eO75L2UbAtmCOx_1x+WxWvv8ktPA@mail.gmail.com>
References: <CAOgPGoCvpjoexe0u2bT+P5eO75L2UbAtmCOx_1x+WxWvv8ktPA@mail.gmail.com>
From: Victor Vasiliev <vasilvv@google.com>
Date: Tue, 18 Apr 2017 11:29:31 -0400
Message-ID: <CAAZdMacfsaMK+=ZNgm--_ejyW_fEgquDDiCFxsq+uiL9KiBLHg@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11493ed80175d1054d72931e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kdfGI2uATP2X5QCok18MeOEvWJQ>
Subject: Re: [TLS] Call for adoption of draft-sullivan-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2017 15:29:37 -0000
I've read the draft, and I support its adoption. I believe that the mechanism is sound for its stated use. I have some minor concerns about the wording in the draft, though. First, the draft describes the authenticators as sent "out-of-band", while my understanding is that they are always intended to be sent in-band as application data. If they were truly sent out-of-band, there would be some questions about the security analysis, because that would imply those could be sent unprotected. Hence, I suggest the draft to adapt the premise that exported authenticators MUST be sent as application data within the same connection. This might simplify your security proofs too. The second issue I have is with the question of when does authentication succeed. In TLS, by the time any party can send application data, normally (with exception of server-to-client data in client auth case) both parties know that the other side has authenticated them. Here, a new identity is introduced while application data can be already in flight, and it's not clear to me when the sender of the exported authenticator can act assuming the peer has accepted its new identity. My current understanding is that this issue is deferred to the application layer, but it would be nice to discuss those considerations explicitly. The last question I have is how does this interact with the state of TLS connection. Does accepting a new identity mean that the entire connection now has that identity too? Does this mean that the session tickets issued after the library receives the authenticator are valid for the new identity? Does it make the tickets sent previously on that connection valid for the new identity? Also, what is the distinction between "jointly authoritative for A and B" and "individually authoritative for A and individually authoritative for B"? -- Victor. On Fri, Apr 14, 2017 at 12:29 AM, Joseph Salowey <joe@salowey.net> wrote: > Hey Folks, > > At the IETF 98 meeting in Chicago there was support in the room to adopt > draft-sullivan-tls-exported-authenticator [0]. We are looking for > feedback on adopting this draft form the list. Please respond if you > support the draft and are willing to review it. If you object to its > adoption, please let us know why. Please respond to the list by 20170501 > > Cheers, > > J&S > > [0] https://datatracker.ietf.org/doc/html/draft-sullivan-tls > -exported-authenticator > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
- [TLS] Call for adoption of draft-sullivan-tls-exp… Joseph Salowey
- Re: [TLS] Call for adoption of draft-sullivan-tls… Ilari Liusvaara
- Re: [TLS] Call for adoption of draft-sullivan-tls… Patrick McManus
- Re: [TLS] Call for adoption of draft-sullivan-tls… Benjamin Kaduk
- Re: [TLS] Call for adoption of draft-sullivan-tls… Andrei Popov
- Re: [TLS] Call for adoption of draft-sullivan-tls… Ilari Liusvaara
- Re: [TLS] Call for adoption of draft-sullivan-tls… Nico Williams
- Re: [TLS] Call for adoption of draft-sullivan-tls… Ilari Liusvaara
- Re: [TLS] Call for adoption of draft-sullivan-tls… Victor Vasiliev
- Re: [TLS] Call for adoption of draft-sullivan-tls… Nick Sullivan
- Re: [TLS] Call for adoption of draft-sullivan-tls… Nick Sullivan
- Re: [TLS] Call for adoption of draft-sullivan-tls… Nick Sullivan
- Re: [TLS] Call for adoption of draft-sullivan-tls… Ilari Liusvaara
- Re: [TLS] Call for adoption of draft-sullivan-tls… Joseph Salowey