IETF Logo Mail Archive

Re: [TLS] Enforcing Protocol Invariants

"Salz, Rich" <rsalz@akamai.com> Sun, 18 November 2018 21:34 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3288D128766 for <tls@ietfa.amsl.com>; Sun, 18 Nov 2018 13:34:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.172
X-Spam-Level:
X-Spam-Status: No, score=-1.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=1.999, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4P5Bznt6kNYM for <tls@ietfa.amsl.com>; Sun, 18 Nov 2018 13:34:31 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3DBE130DC5 for <tls@ietf.org>; Sun, 18 Nov 2018 13:27:21 -0800 (PST)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id wAILRDbm019170 for <tls@ietf.org>; Sun, 18 Nov 2018 21:27:21 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=ukP+QYpBUgbQkB7OLJqZr6uSSHsyZO4ltyNDPB0/Xrs=; b=fp6sO/qSZbshiOUUoQNcfjkHLr7tXyHlaDmHAyCyqR71nChnUK3lnSq4yTbqEXjXORpp tKrWYP7CCvQB5GTazsjVfpAIvLLrKSYdhHCcMn7wKQg/tLPX9R6xQWQI5Kpy90q/HQWU 6fFDszuymYZ6nljJn1grRFfFoC6X7k2DdquVjK+XHcDnr4MIFldl0Tqm5hbKpeGS7xho qvymLgehQpBrOPc653d28xXlSQbyNDhQXh6q0PlCWd8RJyWsdkmDnLvoWQUFIWkYppN6 XvPtfs3IzP5nqBkWUErelh8qRDd9OvxqTZ0zaAh+Ok3ezNnoQHkIVU3mwGg8pdVW3HpD /Q==
Received: from prod-mail-ppoint4 (a96-6-114-87.deploy.static.akamaitechnologies.com [96.6.114.87] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2ntbwkw98d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Sun, 18 Nov 2018 21:27:21 +0000
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id wAILJXJr026699 for <tls@ietf.org>; Sun, 18 Nov 2018 16:27:20 -0500
Received: from email.msg.corp.akamai.com ([172.27.27.25]) by prod-mail-ppoint4.akamai.com with ESMTP id 2ntf7ge3ce-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Sun, 18 Nov 2018 16:27:18 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb5.msg.corp.akamai.com (172.27.27.105) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Sun, 18 Nov 2018 15:27:17 -0600
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1365.000; Sun, 18 Nov 2018 15:27:17 -0600
From: "Salz, Rich" <rsalz@akamai.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Enforcing Protocol Invariants
Thread-Index: AQHUdz9GESLPHjpeoUu9qsmfgtttFaVUQZsAgAChfYCAANXLgIAAs/4A///AWAA=
Date: Sun, 18 Nov 2018 21:27:17 +0000
Message-ID: <C684D079-58AD-4B3B-AD02-F87CBA7A0D4D@akamai.com>
References: <CAO7N=i0g9d9x5RdF_guKm3GDAxVRHSV+eHffs6kiJm6dWO7tvw@mail.gmail.com> <CANLjSvXD9_u1UDkRkaNc8fnr=iQYKq73c8j9huMEPnH0XzuU0Q@mail.gmail.com> <D880B51B-ECAB-4158-A0EE-8FF67F9247EC@dukhovni.org> <AF08DB30-144B-427E-9B3E-AC90C4B7E7DB@akamai.com> <20181118201506.GC4122@straasha.imrryr.org>
In-Reply-To: <20181118201506.GC4122@straasha.imrryr.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.13.0.181109
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.43.145]
Content-Type: text/plain; charset="utf-8"
Content-ID: <580D2F72A43BE1478F4BA7C845CDCF61@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-11-18_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1811180202
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-11-18_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1811180203
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/snCF-Mj7U4cGxySyi5IZGRwHUF0>
Subject: Re: [TLS] Enforcing Protocol Invariants
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Nov 2018 21:34:32 -0000

>    [ I don't know why you would choose to argue this point, let's not
      confuse TLS with the CA/B forum WebPKI in browsers.  My post was
      about TLS.
  
I am not.  You say TLS is CA/B WebPKI. I say TLS favors X509 CA-trust model, and in fact has it as its default.  For example, in TLS 1.3 page 44 (text format):
   "The signatures on certificates that are self-signed or certificates
   that are trust anchors are not validated, since they begin a
   certification path (see [RFC5280], Section 3.2)."

Section D.3, implementation notes in SSLv3 RFC 6101
   "Certificates should always be verified to ensure proper
   signing by a trusted certificate authority (CA).  The selection and
   addition of trusted CAs should be done very carefully.  Users should
   be able to view information about the certificate and root CA."
The glossary says this about certificates:
   "As part of the X.509 protocol (a.k.a.  ISO
      Authentication framework),"

>  However, since bashing
      DNSSEC is a popular sport, I may for the record, now and then
      post corrections to messages that mischaracterize DNSSEC. ]
  
I said nothing about DNSSEC, certainly nothing that could remotely be taken as bashing.
  
>    The X.509 trust-anchors are NOT specified in TLS, and need not be
    used.

They are specified, and if provided, how they are used is also specified and has been from the beginning, through and including TLS 1.3, as I showed via the excerpts above.

>   The existing X.509 encapsultion
    works just fine, and makes it possible to transparently interoperate
    with both DANE and CA/B forum WebPKI or other PKIX peers.

The existing encoding could be used just fine, just indicate that this is a DANE-validated cert.  Then it will be clear and obvious to everyone how to validate it. Complex combinations are hard to reason about, cannot be intuited by the protocol but must be done by reading code and configuration, etc.  A DANE client could specify DANE in the acceptable cert-type, which is encoded as X509. I believe this approach was considered, but rejected. I was trying to offer advice on how that draft might be edited and brought forward more productively if the authors want to try again in the general sense of enabling DANE-style trust within TLS generally.  I don't care, I have no horse in that race.

	/r$

v2.23.0 | Report a Bug | By Email