IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Nick Sullivan <nicholas.sullivan@gmail.com> Fri, 11 May 2018 23:58 UTC

Return-Path: <nicholas.sullivan@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7778F12D7E2 for <tls@ietfa.amsl.com>; Fri, 11 May 2018 16:58:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KYjgHCPm2rmD for <tls@ietfa.amsl.com>; Fri, 11 May 2018 16:58:54 -0700 (PDT)
Received: from mail-wr0-x232.google.com (mail-wr0-x232.google.com [IPv6:2a00:1450:400c:c0c::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9118129C5D for <tls@ietf.org>; Fri, 11 May 2018 16:58:53 -0700 (PDT)
Received: by mail-wr0-x232.google.com with SMTP id q3-v6so6807435wrj.6 for <tls@ietf.org>; Fri, 11 May 2018 16:58:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PHsP/fveUIR/LhP/zlsOAuMiVe6Lg0Z6oLkEZymAdZA=; b=nRArqhUMzuZNTHRxKruMbFGCTMgFE4hgZTDujq8DwK7OIrjB67z1t7qDwXv4WLV1Cr CStlxKczKV32BqAgZH8AfJktyTnGy9zpoCLWzqcD1u0PPQnbzFbbCFKyX2tbcQoR82D2 IB8ABFpgI7EPj8akQVvoyz3d6zqocl6s7HMKBO7jtuaJGDpmfqL5zNO29jBuLe0m+4RE d5ENMApsbM9fzM9A28LWTw5qnZDDmhfv9rv9wTkZPgwAMh6QmPMKZ6drqiKX7DDuFCDe LJOJsGOHdJH76R9J7vXVGDE1O3mBJ9KKOR21ycw2PeM3LptGkrDgSaiWqxMwA9HKtmm8 LmPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PHsP/fveUIR/LhP/zlsOAuMiVe6Lg0Z6oLkEZymAdZA=; b=i1+wyBQ4N+2ZX04vw6dk1H1sokLXWpUTv6ObgzhhokZI9sm62qAI6A3EfgVWpbACVy bnIdt8Mld7wzAeZaC0oejoYterdIu/b0xQYVtzwuFKorcrNgwVhgOuVD5E/tWpFtFVEB 4Xn5QmRCUPo6/YABzul5FoJIULg+gtwPkwHHpUTCNrJ8CRlNMsADf90wbNU3c1lxjnYJ +zTmpO59bZn4irMiIvKSmdm8gZZ4j9XCoi0Vt/LgwBM3oRil/TGX+vi6kn76LSgWm4bc A2jBuXcsJMf2TGYWsDY+NbQ/OTT3MPS9mQJINJNJkA94YY/nPvE/6fg0H7e1XAPISHzw PT3w==
X-Gm-Message-State: ALKqPwfvzZrV9XNRXtlOSa5ENkdKW7Rq4muUqOWq/qVBzxFrxulUSkjd 9nR8aCcaaAWrsKPtAUs9Cr3xHtpNcDpwQr0uznY=
X-Google-Smtp-Source: AB8JxZrHh14ewHzTIxO8loi9HWyBrvhXcxQ3HjSzwhV9woyio4+4Yb83niuO1aOY7XasKQS0uGtgExEpltfqydmXG3U=
X-Received: by 2002:adf:b00f:: with SMTP id f15-v6mr723078wra.254.1526083132090; Fri, 11 May 2018 16:58:52 -0700 (PDT)
MIME-Version: 1.0
References: <4E347898-C787-468C-8514-30564D059378@sn3rd.com> <1CBA2C18-DAB8-4751-B765-3BF76C7F170B@sn3rd.com> <19A28612-65CA-4667-9E4E-D47717AC9009@sn3rd.com> <CAOjisRypO2tSx4WEVqKCr7mzs2fnOTm9S5WqTLm9cGGjULVm1g@mail.gmail.com>
In-Reply-To: <CAOjisRypO2tSx4WEVqKCr7mzs2fnOTm9S5WqTLm9cGGjULVm1g@mail.gmail.com>
From: Nick Sullivan <nicholas.sullivan@gmail.com>
Date: Fri, 11 May 2018 16:58:35 -0700
Message-ID: <CAOjisRwUUjGXSanAh49aFo=DoFzuvKChD8G4150KNYF34Co3YQ@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Cc: TLS WG <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fc6ceb056bf6ea2f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oJCMuiu5y6GaK_YAAgfU6cimKCg>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 23:58:56 -0000

Thanks all for the comments on the draft. Let me try to summarize the
comments and propose next steps.

Tim Hollebeek had a comment about 0 as the separator. I generally don’t
think this is a big issue, and prefer 0 because it is a natural way to
terminate a string. If anyone strongly disagrees, please reply to the list.

Roelof duToit raised a question about middlebox interoperability,
specifically that the exporters will not match if the TLS connection is not
end-to-end. There was a subsequent discussion about where to signal this
property. Martin Thomson suggested a signaling mechanism at the application
layer (https://github.com/httpwg/http-extensions/issues/617) and Eric
Rescorla suggested that the fact that this could cause CertificateVerify
failures should be called out in the document. I'll put a PR together to
add some helpful text around debugging CertificateVerify failures to
address Eric's suggestion.

Ben Kaduk had three points:
- The certificate_request_context is prone to collisions with
post-handshake authentication and there are different spaces for the server
and client context values. He suggested some text in Section 3 and maybe
more explanation in Section 5.2 as well. I’ll put together a PR for this.
- Section 4.1 talks of the length of the exporter value in terms of the
length of the
TLS PRF hash, adding that cipher suites not using TLS PRF have to define a
hash function, but TLS 1.3 ciphersuites do not use the TLS PRF. I’ll put
together a PR to clarify the text around this clarifying that for TLS 1.3
cipher suites, the HDKF hash is what is meant.
- The “signature_algorithms_cert” extension was not incorporated into the
draft. I’ll put together a PR for 4.2.1., 4.2.2. and 5.1. to incorporate
this extension.

I'll have the proposed changes for the above comments ready next week.

There were also some uncontroversial suggestions that I propose merging:
https://github.com/tlswg/tls-exported-authenticator/pull/21
https://github.com/tlswg/tls-exported-authenticator/pull/22
https://github.com/tlswg/tls-exported-authenticator/pull/23
https://github.com/tlswg/tls-exported-authenticator/pull/24


Nick


On Thu, May 3, 2018 at 1:16 PM Nick Sullivan <nicholas.sullivan@gmail.com>
wrote:

> Does anyone have any comments about the draft, criticisms, or votes of
> support?
>
> Nick
>
>
> On Thu, May 3, 2018 at 1:12 PM Sean Turner <sean@sn3rd.com> wrote:
>
>>
>>
>> > On Apr 21, 2018, at 10:25, Sean Turner <sean@sn3rd.com> wrote:
>> >
>> >
>> >> On Apr 19, 2018, at 16:32, Sean Turner <sean@sn3rd.com> wrote:
>> >>
>> >> All,
>> >>
>> >> This is the working group last call for the "Exported Authenticators
>> in TLS" draft available at
>> https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/.
>> Please review the document and send your comments to the list by 2359 UTC
>> on 4 April 2018.
>> >
>> > … 4 May 2018 ...
>>
>> Just a reminder the WGLC ends tomorrow.
>>
>> spt
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>

v2.23.0 | Report a Bug | By Email