IETF Logo Mail Archive

Re: [TLS] null auth ciphers for TLS 1.3?

Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Wed, 22 August 2018 08:40 UTC

Return-Path: <wang.haiguang.shieldlab@huawei.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 981C7130EBB for <tls@ietfa.amsl.com>; Wed, 22 Aug 2018 01:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NmXSxYdK22EZ for <tls@ietfa.amsl.com>; Wed, 22 Aug 2018 01:40:23 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F230130E09 for <tls@ietf.org>; Wed, 22 Aug 2018 01:40:23 -0700 (PDT)
Received: from lhreml708-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 23720174F3EC9; Wed, 22 Aug 2018 09:40:17 +0100 (IST)
Received: from SINEML705-CAH.china.huawei.com (10.223.161.55) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.399.0; Wed, 22 Aug 2018 09:40:18 +0100
Received: from SINEML521-MBX.china.huawei.com ([169.254.1.52]) by SINEML705-CAH.china.huawei.com ([10.223.161.55]) with mapi id 14.03.0399.000; Wed, 22 Aug 2018 16:40:14 +0800
From: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] null auth ciphers for TLS 1.3?
Thread-Index: AQHUOX2fzC3N3Ph/eEOQyNJiIP7/k6TKfWWAgADyBgA=
Date: Wed, 22 Aug 2018 08:40:13 +0000
Message-ID: <0AE05CBFB1A6A0468C8581DAE58A31309E0E98A7@SINEML521-MBX.china.huawei.com>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <64d23891-2f32-9bb8-1ec8-f4fad13cdfb9@cs.tcd.ie> <982363FD-A839-4175-BA53-7CA242F9ADA6@ll.mit.edu> <2D7F2926-6376-4B2C-BDE9-7A6F1C0FA748@gmail.com> <5B7C1571020000AC0015C330@gwia2.rz.hs-offenburg.de> <E6C9F0E527F94F4692731382340B337804AEFA24@DENBGAT9EH2MSX.ww902.siemens.net> <A51CF46A-8C5F-4013-A4CE-EB90A9EE94CA@akamai.com> <E6C9F0E527F94F4692731382340B337804AEFB10@DENBGAT9EH2MSX.ww902.siemens.net> <D5FF0E0E-F9C3-4843-AB77-19F45E3C00D5@akamai.com> <8A2746A8-6B41-45C3-9D77-6AF3536C6E2D@siemens.com> <DM5PR2201MB1433B9D7F9AA3B7B688CD33C99310@DM5PR2201MB1433.namprd22.prod.outlook.com> <CAPt1N1mm9FzGknCUTOVZH_S=AsjutXS8qM7Ksa8xWwsSKKAgAg@mail.gmail.com> <EC6705A4-A6CB-45B4-B006-FC0AE42FA6DD@dukhovni.org> <CABcZeBO8tBN4a4SZirxbwNdRyep705dNgGZiuKydg=xu1JT_uQ@mail.gmail.com>, <3321850E-D95E-457C-A574-2A1A3F7AC06C@dukhovni.org>, <1534902946308.39422@cs.auckland.ac.nz>
In-Reply-To: <1534902946308.39422@cs.auckland.ac.nz>
Accept-Language: en-SG, en-US
Content-Language: en-SG
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.165.94]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rTXWrbZf4CYnxFEHZFyxvn8Jyqk>
Subject: Re: [TLS] null auth ciphers for TLS 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Aug 2018 08:40:26 -0000

Hi, all.

Regarding the raw public, I would like to contribute a few words for you to think about it. 

Raw public key is useful for IoT networks due to the constraint of bandwidth and processing capability of devices. A normal certificate takes about a few hundred bytes while an raw public key can be less than one hundred bytes. 

The raw public with TLS can be used together with EAP framework to perform mutual authentication between device and server, i.e. raw public key with EAP-TLS. It not only saves transmission bandwidth, but also simplify the implementation at device side. 

Currently we are collaborate with some leading telecom operator on a solution of using raw public key with EAP-TLS. However, with the normal raw public, the server side need to maintain a table that maps the public key and identity at server side, which can be huge. 

To solve this issue, we are investigating of using identity-based cryptography (i.e. ECCSI in RFC 6507) to eliminate  the huge mapping table. So far it looks good. 

Authentication for IoT could be another huge usage scenarios for TLS, it is expected to have more than 50 billion iot devices deployed in the next 10 years. It is good opportunity to extend the usage of TLS.

Currently, 3GPP has already enable the support for using EAP-TLS in the 5G neworks. Please find the most recent 5G security specification http://www.3gpp.org/ftp/Specs/archive/33_series/33.501/. It has been specified in the Annex B. 

We hope the scope of raw public key with TLS can be extended in the future.  

Regards.

Haiguang Wang
________________________________________
From: TLS [tls-bounces@ietf.org] on behalf of Peter Gutmann [pgut001@cs.auckland.ac.nz]
Sent: Wednesday, 22 August, 2018 9:55:47 AM
To: <tls@ietf.org>
Subject: Re: [TLS] null auth ciphers for TLS 1.3?

Viktor Dukhovni <ietf-dane@dukhovni.org> writes:

>I've not yet seen raw public key support in any mainstream TLS libraries,
>though admittedly my focus is primarily on OpenSSL.  Do any of NSS, GnuTLS,
>BoringSSL, LibreSSL, ... support raw public keys?

I've never seen it either.  My code does actually support them, but not in the
way you think, for devices that don't have the ability to deal with certs
there's the memcpy()-into-send() certificate implementation I've mentioned
before, you memcpy() a pre-encoded cert chain onto the network, and for
receiving memcpy() the data in and pick out the SPKI.  So in effect it's raw
public keys, but to anyone watching it looks like it's certificates.  There
are other embedded implementations that do this too, it's a pretty obvious
optimisation (in other words I'm not trying to claim credit for inventing it).

>We'd need to invent some sort of special X.509 object that holds only a
>public key, but behaves in some sensible way when used with functions that
>expect X.509 certificates.

That's exactly what my code does, but with certificates
(CONFIG_USE_PSEUDOCERTIFICATES).  So there's no need for raw public keys, you
just treat certs as raw keys and everything works the way it already does with
certificates.

Is there any known actual use of raw public keys for TLS?

Peter.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email