Re: [TLS] Adoption call for TLS Flag - Request mTLS

Jonathan Hoyland <jonathan.hoyland@gmail.com> Thu, 04 April 2024 16:12 UTC

Return-Path: <jonathan.hoyland@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66C92C151539 for <tls@ietfa.amsl.com>; Thu, 4 Apr 2024 09:12:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rjVix_cSzSZK for <tls@ietfa.amsl.com>; Thu, 4 Apr 2024 09:12:48 -0700 (PDT)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39A29C14F748 for <tls@ietf.org>; Thu, 4 Apr 2024 09:12:01 -0700 (PDT)
Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-2a2c028b8a6so791548a91.1 for <tls@ietf.org>; Thu, 04 Apr 2024 09:12:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712247120; x=1712851920; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=3p6Kv4AbGwX3IEAPgC+YBm9xFFoUQsRiXPa6ElRaXms=; b=bRLO0uQphsG4u++vc1lrM1EHFjyPlrfAQe1rMgeU1XT8N0lpMYG6NnxRTJBjtJGQS0 vG4v/9upI0oZWOlQnPRI3TLcAjTMTh4f6M6tpQHlSntQS+IzyLp6jxUXgHM1mOC1ZBsF u9tJrDrpbEWl4PBZE3ms6yP6+UjSrfIeme1JQK8CrAWcDax1/pH5rPV3QiYZDWn+ydDo 47W9Vj5xN72mIIRYQFS11qzi53O9Btoo4RYcNoa25dkM5GCn+tSTJqNOZizq7JmdPij1 MbEM/nytciyr2dQSuWXJg/D+CzqRv42SY5Or7CkZVPFDSSRFZ5YAxCzfWDv/vNm70b09 8p0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712247120; x=1712851920; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3p6Kv4AbGwX3IEAPgC+YBm9xFFoUQsRiXPa6ElRaXms=; b=jlQi9LDWpwgyNBO1MfI1FFV/jk59E7P2HwjMtAjjle/mK8Q9688EA1NvCiPOvd3Mjk MpTuYG0NjlsSHu3abdwT6fFtyEQ/XXdkZALbloamwrePTH1G6CptUdTjc9/WQFH0We/i kh/5Cg3NWLT38kgiZnaCjUANZzR1fGDJDgZrP2i3/trY3IsPr5pMqMe0L7yepP1uZi+x Y2VNFpOTVah+htuJEpsyc7moSLhsTAr3L3vvUNqDJ9IUpJh5bIJRONxDq5sheSC7HS85 l0ZVxyTz9PZmL2WFR0S3Jpm4jCrRokQEaF4aW9xLbdaXsCR+H7g42J1tyS2VcALIrcHV WaaA==
X-Gm-Message-State: AOJu0YwGx+JxsHGgSFHSuhXcGEfZb2vdnbzURFQtXQMcqErSofEv4pV0 lfvl29mP3LhfNKf+h8h9bVqKx511RAzQgmRrxa1gw+1cHlnfB3on7oNsljptrVeEzgHJZl/Tog8 mtp69GFRyEEifTrFjwUxzWgQe9WQ=
X-Google-Smtp-Source: AGHT+IGjuELyEuWZL1QVHEEzH1x/WCGCFCNwi+n3MvhQmbipH8Q6ABjVVXocHBhXc2RD7dvxsbuENzH700nx2ax9v/4=
X-Received: by 2002:a17:90a:bf10:b0:2a2:7693:399e with SMTP id c16-20020a17090abf1000b002a27693399emr2751605pjs.4.1712247120248; Thu, 04 Apr 2024 09:12:00 -0700 (PDT)
MIME-Version: 1.0
References: <8957179A-14D2-4947-B196-B68988B0E3CA@sn3rd.com> <1c42a223-8abc-472a-bb8d-a7827f5b0f06@iki.fi> <CAG2Zi20=Azki7Qp2rgi+ixdCojTr8kbrP6wBiYX2J7Xy94b4Jg@mail.gmail.com> <CACykbs3V7huBGqUnh5=qcoqHftvdNTsk+Yyc0uJkcOPqZk5bMQ@mail.gmail.com> <3a32b9f5-ebe9-4e8e-9672-860324aaa8ac@dennis-jackson.uk>
In-Reply-To: <3a32b9f5-ebe9-4e8e-9672-860324aaa8ac@dennis-jackson.uk>
From: Jonathan Hoyland <jonathan.hoyland@gmail.com>
Date: Thu, 04 Apr 2024 17:11:47 +0100
Message-ID: <CACykbs3esuif1jqfJkTYaQ_ahH_PRS6zg9UgMXTXX0uBj1M9Kw@mail.gmail.com>
To: Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005ed18706154799de"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/t5jWD0U8fk0NpvZduTznjyD47c8>
Subject: Re: [TLS] Adoption call for TLS Flag - Request mTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 16:12:52 -0000

Hi Dennis,

RFC 7250 Section 4.1 says:

If the client has no remaining certificate types to send in
   the client hello, other than the default X.509 type, it MUST omit the
   client_certificate_type extension in the client hello.


That seems to explicitly exclude sending the single entry 0 to me.


Regards,


Jonathan



On Thu, 4 Apr 2024, 16:43 Dennis Jackson, <ietf=
40dennis-jackson.uk@dmarc.ietf.org> wrote:

> Hi Jonathan,
>
> My reading of RFC 7250 is the same as Mohits. Although the RFC talks about
> raw public keys and a new codepoint for them, it is building on RFC 6091
> which defined a similar extension and the X509 codepoint.
>
> It seems fine for you to send the client_certificate_type extension with
> the single entry 0 (X509). You also have the option of using a value
> assigned for private use (224 and up) for your specific use case of
> indicating a search engine crawler willing to provide a client cert.
>
> Best,
> Dennis
> On 04/04/2024 11:17, Jonathan Hoyland wrote:
>
> Hi all,
>
> Thanks for the feedback here.
>
> With respect to RFC 7250, as I mentioned earlier on list, there seen to be
> two issues. First it changes the semantics of the extension slightly, and
> second the RFC explicitly excludes x.509 certs.
>
> IIUC the semantics of the extension are "I have a weird client cert", not
> "I have a client cert".
>
> With respect to whether this needs to be a working group item, I'm not
> particularly averse to this being an independent document if that's where
> the WG thinks it should go.
> In my opinion, however, there are two things that it would be good to get
> input from the TLS WG on.
>
> One, this is a change from all previous versions of TLS in which the
> client cannot induce auth, does enabling this break anyone's assumptions?
>
> Two, I'd like a low flag number because it saves bytes on the wire, but
> there is a discussion to be had as to how common this flag will be versus
> other flags.
> (Non-attack) Bot traffic is very common, but it's not the majority of
> traffic by any means.
>
> Regards,
>
> Jonathan
>
>
>
> On Thu, 4 Apr 2024, 01:17 Christopher Patton, <cpatton=
> 40cloudflare.com@dmarc.ietf.org> wrote:
>
>> It would be great to here from Jonathan (the author) if RFC 7250 is
>> already sufficient for this use case.
>>
>> On Tue, Apr 2, 2024 at 10:23 PM Mohit Sethi <mohit@iki.fi> wrote:
>>
>>> Please see my earlier comment regarding this draft:
>>> https://mailarchive.ietf.org/arch/msg/tls/g3tImSVXO8AEmPH1UlwRB1c1TLs/
>>>
>>> In summary: the functionality of this draft is already achievable by
>>> using the client_certificate_type extension defined in RFC 7250:
>>> https://datatracker.ietf.org/doc/html/rfc7250 with certificate type
>>> value = 0:
>>>
>>> https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
>>> .
>>>
>>> The table in section 4.2 of RFC8446 even mentions that the extension can
>>> be included in the ClientHello:
>>> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2, thereby
>>> ensuring that the server sends a CertificateRequest message in response
>>> to the ClientHello received.
>>>
>>> OpenSSL already implements this extension since it was needed for
>>> support raw public keys (RPKs).
>>>
>>> As stated earlier: if it is indeed the case that the
>>> client_certificate_type extension is suitable for the use-case, then
>>> perhaps it is preferable to not have a separate flag. Otherwise, it
>>> would make the state machine at the server more complicated (for
>>> example: handling a ClientHello with both the mTLS flag and the
>>> client_certificate_type extension.
>>>
>>> Therefore, like Ekr, I am mildly negative on adopting this document but
>>> for different reasons.
>>>
>>> --Mohit
>>>
>>> On 4/3/24 00:52, Sean Turner wrote:
>>> > At the IETF 119 TLS session there was some interest in the mTLS Flag
>>> I-D (
>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-jhoyla-req-mtls-flag%2F&data=05%7C02%7Cmohit.sethi%40aalto.fi%7C42877de6d3d64135e49e08dc534a463b%7Cae1a772440414462a6dc538cb199707e%7C1%7C0%7C638476825681199391%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ERzWFcuBlAfobNyGCcgKDhCl9wex9LOQ%2F3yPYC7idfU%3D&reserved=0)
>>> also, see previous list discussions at [0]. This message is to judge
>>> consensus on whether there is sufficient support to adopt this I-D.  If you
>>> support adoption and are willing to review and contribute text, please send
>>> a message to the list.  If you do not support adoption of this I-D, please
>>> send a message to the list and indicate why.  This call will close on 16
>>> April 2024.
>>> >
>>> > Thanks,
>>> > Deirdre, Joe, and Sean
>>> >
>>> > [0]
>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Ftls%2F9e2S95H9YgtHp5HhqdlNqmQP0_w%2F&data=05%7C02%7Cmohit.sethi%40aalto.fi%7C42877de6d3d64135e49e08dc534a463b%7Cae1a772440414462a6dc538cb199707e%7C1%7C0%7C638476825681208049%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=eEU6ZPJ5cmfqLHQuM3UYXrFKCJuKaaJVc8Ssk5erRjk%3D&reserved=0
>>> > _______________________________________________
>>> > TLS mailing list
>>> > TLS@ietf.org
>>> >
>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=05%7C02%7Cmohit.sethi%40aalto.fi%7C42877de6d3d64135e49e08dc534a463b%7Cae1a772440414462a6dc538cb199707e%7C1%7C0%7C638476825681214744%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2B9CGIKB31GI9RMQG62I1rTnbHaDPfSynvlmwrkPn%2FpQ%3D&reserved=0
>>>
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>
> _______________________________________________
> TLS mailing listTLS@ietf.orghttps://www.ietf.org/mailman/listinfo/tls
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>