Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
Nico Williams <nico@cryptonector.com> Fri, 05 March 2021 17:35 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C2933A28C4 for <tls@ietfa.amsl.com>; Fri, 5 Mar 2021 09:35:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6U0tpSS1lDYu for <tls@ietfa.amsl.com>; Fri, 5 Mar 2021 09:35:27 -0800 (PST)
Received: from antelope.elm.relay.mailchannels.net (antelope.elm.relay.mailchannels.net [23.83.212.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFD273A28C3 for <tls@ietf.org>; Fri, 5 Mar 2021 09:35:26 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 3516E10178A; Fri, 5 Mar 2021 17:35:25 +0000 (UTC)
Received: from pdx1-sub0-mail-a60.g.dreamhost.com (100-96-13-44.trex.outbound.svc.cluster.local [100.96.13.44]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id A4DF2102A7C; Fri, 5 Mar 2021 17:35:24 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a60.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.13.44 (trex/6.0.2); Fri, 05 Mar 2021 17:35:25 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Plucky-Irritate: 5d5565574b878596_1614965724943_2310439730
X-MC-Loop-Signature: 1614965724943:1052677496
X-MC-Ingress-Time: 1614965724942
Received: from pdx1-sub0-mail-a60.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a60.g.dreamhost.com (Postfix) with ESMTP id 289438559B; Fri, 5 Mar 2021 09:35:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=2BS0NYE1yfYCLh uBbagDluJ8sVY=; b=J63IrGmLHAdNbT7cweb8ytcUF+KIKlC2OuuLgjG3dIVcQG 21f2MssobwGDvrPPBKk1+0vU6zovV14N9/9kz9CWHX2WnwAKI2tCXryddkFe+Xh+ 4StGxl94FcVumq15JQaAmwtT9RnX2nKQtgWZofjN93LV5igE0yvXCd52+5g/8=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a60.g.dreamhost.com (Postfix) with ESMTPSA id D7C887E672; Fri, 5 Mar 2021 09:35:20 -0800 (PST)
Date: Fri, 05 Mar 2021 11:35:17 -0600
X-DH-BACKEND: pdx1-sub0-mail-a60
From: Nico Williams <nico@cryptonector.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Cc: "Fries, Steffen" <steffen.fries@siemens.com>, "tls@ietf.org" <tls@ietf.org>
Message-ID: <20210305173516.GV30153@localhost>
References: <DE27E5E0-4AB9-4B53-92F6-1057015A8F6C@ericsson.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <DE27E5E0-4AB9-4B53-92F6-1057015A8F6C@ericsson.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/r0NCVltug2dKnYXgJZbikx1y5Zg>
Subject: Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2021 17:35:28 -0000
On Fri, Mar 05, 2021 at 05:01:04PM +0000, John Mattsson wrote: > On Friday, 5 March 2021 at 15:02, Fries, Steffen wrote: > > I've got a question regarding application of TLS 1.3 to protect long > > lasting connections. Specifically on the trigger to perform a > > revocation check for the utilized certificates in the handshake. You can perform OCSP or CRL checks on the RPs at any time. You don't need a protocol trigger for it. You can use a timer. The issue is that the EE certificate (or intermediates in the chain perhaps) could expire or be replaced before the connection ends, and then you might want the EE to present a new certificate and, if for a new key, then also a proof of possession. One could use session renegotiation back when it existed, but it does not now. > > Hence the question if there is a feature in TLS 1.3, which would > > provide the functionality to invoke a mutual certificate based > > authentication. While renegotiation will never be re-added, there is post-handshake authentication (RFC 8446, section 4.6.2), and while that is currently about authenticating the _client_ to the server, it should be trivial to extend the protocol to support re-authenticating the server to the client as well. Authenticating the client to the server and vice-versa would be independent, at least when using certificates, though not so much when using PSK. Each relying party would send a CertificateRequest message on a timer based on local configuration of certificate freshness policy and/or the peer's certificate's expiration time, or whatever you like. Nico --
- [TLS] Question to TLS 1.3 and certificate revocat… Fries, Steffen
- Re: [TLS] Question to TLS 1.3 and certificate rev… John Mattsson
- Re: [TLS] Question to TLS 1.3 and certificate rev… Salz, Rich
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… John Mattsson
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Watson Ladd
- Re: [TLS] Question to TLS 1.3 and certificate rev… Eric Rescorla
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Peter Gutmann
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Hannes Tschofenig
- Re: [TLS] Question to TLS 1.3 and certificate rev… Peter Gutmann
- Re: [TLS] Question to TLS 1.3 and certificate rev… Graham Bartlett
- Re: [TLS] Question to TLS 1.3 and certificate rev… Deb Cooley
- Re: [TLS] Question to TLS 1.3 and certificate rev… Graham Bartlett
- Re: [TLS] Question to TLS 1.3 and certificate rev… Hannes Tschofenig
- Re: [TLS] Question to TLS 1.3 and certificate rev… Hannes Tschofenig
- Re: [TLS] Question to TLS 1.3 and certificate rev… Benjamin Kaduk
- Re: [TLS] Question to TLS 1.3 and certificate rev… Graham Bartlett
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Question to TLS 1.3 and certificate rev… Nico Williams
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Question to TLS 1.3 and certificate rev… Peter Gutmann
- Re: [TLS] Question to TLS 1.3 and certificate rev… Benjamin Kaduk
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Peter Gutmann
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Olle E. Johansson
- Re: [TLS] Question to TLS 1.3 and certificate rev… Fries, Steffen
- Re: [TLS] Question to TLS 1.3 and certificate rev… Salz, Rich
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Fries, Steffen
- Re: [TLS] Question to TLS 1.3 and certificate rev… Viktor Dukhovni
- Re: [TLS] Question to TLS 1.3 and certificate rev… Jonathan Hoyland
- Re: [TLS] Question to TLS 1.3 and certificate rev… Fries, Steffen
- Re: [TLS] Question to TLS 1.3 and certificate rev… Fries, Steffen
- Re: [TLS] Question to TLS 1.3 and certificate rev… Jonathan Hoyland