IETF Logo Mail Archive

Re: [TLS] Draft TLS Extension for Path Validation

Ashley Kopman <akopman@conceptsbeyond.com> Thu, 26 May 2022 12:36 UTC

Return-Path: <akopman@conceptsbeyond.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B44BC183FB3 for <tls@ietfa.amsl.com>; Thu, 26 May 2022 05:36:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=conceptsbeyond-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t2wEzYYCLBMM for <tls@ietfa.amsl.com>; Thu, 26 May 2022 05:36:39 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2403AC183FAD for <tls@ietf.org>; Thu, 26 May 2022 05:36:38 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id x7so1403814qta.6 for <tls@ietf.org>; Thu, 26 May 2022 05:36:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=conceptsbeyond-com.20210112.gappssmtp.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=jsbuXm6L+a4gzm236dD1cXtUNY1qQsYiTAumT0Y3lX4=; b=H61EJ6tRO+rILwoAGBYvIjTH8J145srPUJbLtWioqk8VAATU85HbGmmAcGR5fq8GSI Y7L1wbD1R9u78V5CjzG5eI2IPC1shpudgw1dcfu5mmAyvcby0CdPHHTLYd39P2qYOr4E IC9q3aYP7feVcNVEtkzoTUtJw187wX2QxgLgZzqh6FcMbMUYqJFyyjPBNeYn7TOsbbKy 47fU7QbR85ykC2FMmqKKerTP6+WiYSjcHKE8i0GTPeNoXY5N51uUHzIjZt9y1AzSZymk kcKPZHcom+qci0xHmjkCbph0+HSLI4e4U5EKAnH16gDpbo05nQhMLup+wYjRC42hKbLV F+uQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=jsbuXm6L+a4gzm236dD1cXtUNY1qQsYiTAumT0Y3lX4=; b=EUz5RkxePB1jFKYLPeYDS3IhxJu9oXZgFIBpP0S84FT85iVTp+6wDGarkWp/K7fE7+ udqBGFIzJZ048QaluQPVl3YFgLwltq5bRcGXfTUzMisH9rSzlY+tCLwP6/y4UhpH0soR +LeUkJWFHFFUemg7oZ3XAgKKALeR+pDMOO/YhU/3psPlRPNK5mbkrUaN3KcJ3WnIyvqh 2UD58mqZ5Om9cacc4KXKFAayQ85SisMiSZCY+cqvatie+L4WMnieZi7KlFgO7YLQLSZa BX01CnGcY+jqmSGnzPP6JFtLnoWLJfxgIy0VPHpFc5H/TV7T+KKQQ/XdyUCmJz7kCiTc +68g==
X-Gm-Message-State: AOAM533k69T2rPSBe4cJ+owJLqV+rVlR7ZjTogGa5WpzRdmA/MpBONCB 6V4i78VqIEmFw0JBZ8EL6Vo5BUwJxe/MkA==
X-Google-Smtp-Source: ABdhPJy3LwAwssh0xScOhQ8kgVZY5spLC7qwgUfp3ZXJajP4/5PRTjoSjbHLhyxfVOPGNrcrqra/Jw==
X-Received: by 2002:ac8:598a:0:b0:2f3:cbf4:7b4e with SMTP id e10-20020ac8598a000000b002f3cbf47b4emr28840410qte.449.1653568597523; Thu, 26 May 2022 05:36:37 -0700 (PDT)
Received: from smtpclient.apple (071-047-208-038.res.spectrum.com. [71.47.208.38]) by smtp.gmail.com with ESMTPSA id d3-20020ac80603000000b002fc8a2c14c0sm604095qth.66.2022.05.26.05.36.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 May 2022 05:36:37 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Ashley Kopman <akopman@conceptsbeyond.com>
In-Reply-To: <Yo50IQhyJM/VABlL@LK-Perkele-VII2.locald>
Date: Thu, 26 May 2022 08:36:34 -0400
Cc: tls@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3107A6D9-BF01-48D7-9626-4E6C00A4E1A6@conceptsbeyond.com>
References: <2790C640-0841-43BC-94CA-0890ECEA672A@conceptsbeyond.com> <Yo50IQhyJM/VABlL@LK-Perkele-VII2.locald>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mLz0vO_EGBHcU-fImRa1FA3Wd0Q>
Subject: Re: [TLS] Draft TLS Extension for Path Validation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2022 12:36:40 -0000

Ilari,

Thank you for your feedback.

You are correct in assuming that this was designed after the OCSP status_request extension. It is a valid point that the extension can likely be omitted from the server hello. The intent was to communicate to the client that the server supports the extension and will respond with the path validation information. However, since it is allowed for the server to respond with the extension and then not supply the path validation, it is not very useful overhead. I will remove the extension from the server hello.

You are also correct that sending the certificate chain becomes unnecessary. It was my intent to communicate that, but looking back at the draft, I don’t think I made it clear. I will add it.

Thank you,

Ashley


> On May 25, 2022, at 2:23 PM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
> 
> On Wed, May 25, 2022 at 12:40:13PM -0400, Ashley Kopman wrote:
>> Hi TLS,
>> 
>> I have just submitted a draft TLS Extension for Path Validation 
>> https://www.ietf.org/archive/id/draft-segers-tls-cert-validation-ext-00.txt <https://www.ietf.org/archive/id/draft-segers-tls-cert-validation-ext-00.txt>
>> 
>> The proposal is for a Path Validation Extension to provide a new
>> protocol for TLS/DTLS allowing inclusion of certificate path
>> validation information in the TLS/DTLS handshake. Specifically, it
>> covers the use of Server-based Certificate Validation Protocol
>> (SCVP) for path validation.
> 
> Looking at how this is integrated to (D)TLS:
> 
> 
> For (D)TLS 1.2, the server extension does not seem to be technically
> necressary, and omitting it could simplify things. Yes, this design
> is the same as one used for OCSP stapling (status_request), but I
> found the server hello extension in OCSP to be seemingly unnecressary
> extra complexity.
> 
> For (D)TLS 1.3, why there are seemingly two server extensions, one in
> server hello, which is usually only used for low-level crypto stuff,
> which this is not, and another in certificate message (which makes
> sense for certificate-related thing.
> 
> 
> And this is maybe a stupid question, but I didn't find an answer by
> quickly looking at the draft nor the SCVP RFC, does the server need to
> send the certificate chain to the client if it sends the SCVP response,
> or just the end-entity certificate? Omitting the chain could save
> quite a bit of handshake size.
> 
> 
> 
> -Ilari

v2.23.0 | Report a Bug | By Email