[TLS] Draft-22 and Post-Handshake Authentication

"Short, Todd" <tshort@akamai.com> Tue, 02 January 2018 17:07 UTC

Return-Path: <tshort@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0714D124319 for <tls@ietfa.amsl.com>; Tue, 2 Jan 2018 09:07:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7MHf7Uj1z2cQ for <tls@ietfa.amsl.com>; Tue, 2 Jan 2018 09:07:04 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E31E124207 for <tls@ietf.org>; Tue, 2 Jan 2018 09:07:04 -0800 (PST)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id w02H72Ev006060 for <tls@ietf.org>; Tue, 2 Jan 2018 17:07:02 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : mime-version; s=jan2016.eng; bh=goD8eT7tBqdKhp9n0D/A65nhDLZFI0d6px/td/H+zK4=; b=a+7631nPBiafKZZWy0jID7a+rhGJGRmDp4Q0PlTDwA1x8GARvDsKlsx3Xa8OoAgkGtJ9 Po99VSAqw3h28gb8i+w3UyDnROoOqZFdqptrTDOtMJmAPalIuWKV60ToANNRWVktkPzs 7pW9s7RoUCTZWnu+eG4jZQBrsYACHgsad5WJJZVDLvowCjCn68FQpXhIUDC0D1T1lriH 4mE/B6rXIwjxuiRSVIj+nJUyqvgk4fkliXEYEn5hAVZT4FPyul9HbE01J+yvr05X8v/d zqTWrJROh+snMRBnZx67a8T+lIBpV23rasSGcLTU30yxSvcc6dpFOQ0OljGB1sGDakO2 bg==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by mx0a-00190b01.pphosted.com with ESMTP id 2f62x8yv48-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Tue, 02 Jan 2018 17:07:02 +0000
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w02H5lct023434 for <tls@ietf.org>; Tue, 2 Jan 2018 12:07:01 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint2.akamai.com with ESMTP id 2f670ytaf1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Tue, 02 Jan 2018 12:07:01 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 2 Jan 2018 12:07:00 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Tue, 2 Jan 2018 12:07:00 -0500
From: "Short, Todd" <tshort@akamai.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Draft-22 and Post-Handshake Authentication
Thread-Index: AQHTg+wZTzn40m8IekqCxE+bMFdDSw==
Date: Tue, 2 Jan 2018 17:06:59 +0000
Message-ID: <401F3672-AF80-464B-9348-D91196E85E54@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.44.203]
Content-Type: multipart/alternative; boundary="_000_401F3672AF80464B9348D91196E85E54akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-02_13:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801020246
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-02_13:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801020247
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rdnHoRsHCMfqPU5bd2czNgPXcfs>
Subject: [TLS] Draft-22 and Post-Handshake Authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2018 17:07:06 -0000

Question on Post-Handshake Authentication (PHA):

PHA can occur multiple times over a connection. The description for the "Handshake Context” is as follows (4.4):


   |           |                            |                          |
   | Post-     | ClientHello ... client     | client_application_traff |
   | Handshake | Finished +                 | ic_secret_N              |
   |           | CertificateRequest         |                          |
   +-----------+----------------------------+--------------------------+

Now, PHA costs of:

S>C: CertificateRequest

followed by:

C>S: Certificate+CertificateVerify+client Finished

This could be interpreted to mean that these PHA messages are included in the Handshake Context. However, Section 4.4.1 states:


   For concreteness, the transcript hash is always taken from the
   following sequence of handshake messages, starting at the first
   ClientHello and including only those messages that were sent:
   ClientHello, HelloRetryRequest, ClientHello, ServerHello,
   EncryptedExtensions, server CertificateRequest, server Certificate,


   server CertificateVerify, server Finished, EndOfEarlyData, client
   Certificate, client CertificateVerify, client Finished.


I want to confirm that the PHA handshake context consists only of the messages listed in section 4.4.1 from the initial handshake, and do not include any of the messages from intermediate PHA exchanges.

Thank you,

--
-Todd Short
// tshort@akamai.com<mailto:tshort@akamai.com>
// "One if by land, two if by sea, three if by the Internet."