Re: [TLS] draft-sullivan-tls-exported-authenticator-00

William Whyte <wwhyte@securityinnovation.com> Tue, 01 November 2016 08:41 UTC

Return-Path: <wwhyte@securityinnovation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0786612954B for <tls@ietfa.amsl.com>; Tue, 1 Nov 2016 01:41:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=securityinnovation.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TyyQqdhqnCEA for <tls@ietfa.amsl.com>; Tue, 1 Nov 2016 01:41:47 -0700 (PDT)
Received: from mail-ua0-x22e.google.com (mail-ua0-x22e.google.com [IPv6:2607:f8b0:400c:c08::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50D39129549 for <TLS@ietf.org>; Tue, 1 Nov 2016 01:41:47 -0700 (PDT)
Received: by mail-ua0-x22e.google.com with SMTP id 12so123600345uas.2 for <TLS@ietf.org>; Tue, 01 Nov 2016 01:41:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=securityinnovation.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=hWzRYSF+ByizQ1W5+2W/GXsrgX2/W086d4InnQDhstY=; b=YtwqeUAbfZ9yw+NaX12lSz7LxE51MSrzelX4mknhn3l82KMSnKYqAi0NrmgnRwrMbR uF4hY9FXvEULRzxYNQWwJ9UvSSy3Cm+QGQNAsYWTlTY6AvddzooXDJkPs4LufK3IGW1Z EAMj0JDAeylIQnkCDCwjOqpE50iK2w7ewb+eI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hWzRYSF+ByizQ1W5+2W/GXsrgX2/W086d4InnQDhstY=; b=PEIW70+617vGryrSOAKeTfC9i2iMt49xBIXsYCdbLakI1AR5OY+Mv2ySlO7vv6xItv 6ukoj6jWvhvtHiGn9uKnFuLou4ImD3RF8Uesjxr7eQ4K8SCoPsgvek7kgNbDnIgSntg5 q9D/a1chxYqyzpdUeVK3IpQYAmYLF+SnBkxbu9R+NyneyYRbn/iBuXvmpERDc3ggXVnY kUpl1hgCwBmReeSRHxGzqyWmTmBPJBRhKL7wos1tuic694hNHZ8MPHhOPvs2qNIQ7Y+e irl+F3mgsSxG5hztzg+PDq8y/geGEJVgd5fpgmwTE2caCofQDjUCraPtHM/yNJqwMcJW MyNQ==
X-Gm-Message-State: ABUngvdweWvV1GdgGmcnFiSqoXI4C8gQPoLeKmzzDmMGTPjjmXIBFCxz5Th8NbvGUEjjCqiCztNjGINX8O6ms1mY
X-Received: by 10.159.35.129 with SMTP id 1mr26476072uao.33.1477989706278; Tue, 01 Nov 2016 01:41:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.80.122 with HTTP; Tue, 1 Nov 2016 01:41:44 -0700 (PDT)
In-Reply-To: <CAOjisRyWyON1FXghU09GTJYmvKpjgztFr_9wL=U6yV0-9DkcgA@mail.gmail.com>
References: <CAOjisRyWyON1FXghU09GTJYmvKpjgztFr_9wL=U6yV0-9DkcgA@mail.gmail.com>
From: William Whyte <wwhyte@securityinnovation.com>
Date: Tue, 1 Nov 2016 04:41:44 -0400
Message-ID: <CACz1E9qngj_726exoA4p57h63UaQB_JUokbaZ=fk1M2TF-JpXw@mail.gmail.com>
To: Nick Sullivan <nicholas.sullivan@gmail.com>
Content-Type: multipart/alternative; boundary=94eb2c03ec286cbd850540394b64
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rYr7IBXId23EVnqGNOL7UFrt7TI>
Cc: "tls@ietf.org" <TLS@ietf.org>
Subject: Re: [TLS] draft-sullivan-tls-exported-authenticator-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 08:41:49 -0000

I'm confused by the line "These messages are not encrypted", because on a
plain reading it could mean that the authenticator is sent outside the
encrypted TLS session. That would be bad because it would mean that clients
that wanted to authenticate themselves but to the server only wouldn't be
able to use this mechanism. I assume that's not the intent? If that isn't
the intent, suggest rephrasing as "These messages are not encrypted, other
than the encryption provided on transmission by the TLS session".

Cheers,

William

On Mon, Oct 31, 2016 at 5:29 PM, Nick Sullivan <nicholas.sullivan@gmail.com>
wrote:

> <https://tools.ietf.org/html/
> <https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00>
> draft-sullivan-tls-exported-authenticator-00>
> <https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00>
>
> I just posted a new Internet-Draft called "Exported Authenticators in TLS"
> in the TLS working group.
>
> The intent of this draft is to enable participants in a TLS connection to
> prove ownership of additional certificates. This differs from previous
> proposals (https://tools.ietf.org/html/draft-sullivan-tls-post-
> handshake-auth-00) in that these proofs are not sent as part of the TLS
> connection, but instead exported so that they can be sent out of band (as
> part of an application layer message, for example).
>
> This proposal should enable a radical simplification of the Secondary
> Certificate Authentication in HTTP/2 proposal (
> https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs-01),
> and should generally be a useful tool for binding a certificate ownership
> proof to a TLS connection.
>
> Nick Sullivan
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>