Re: [TLS] draft-sullivan-tls-exported-authenticator-00

Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 31 October 2016 21:57 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79522129B53 for <tls@ietfa.amsl.com>; Mon, 31 Oct 2016 14:57:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.397
X-Spam-Level:
X-Spam-Status: No, score=-3.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b1vm7Q6cECkc for <tls@ietfa.amsl.com>; Mon, 31 Oct 2016 14:57:20 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id 9082E1299BE for <TLS@ietf.org>; Mon, 31 Oct 2016 14:57:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 4D00D163FA; Mon, 31 Oct 2016 23:57:19 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id O6NSe_7SraNW; Mon, 31 Oct 2016 23:57:18 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 8A9A6C4; Mon, 31 Oct 2016 23:57:18 +0200 (EET)
Date: Mon, 31 Oct 2016 23:57:16 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Nick Sullivan <nicholas.sullivan@gmail.com>
Message-ID: <20161031215716.GA23781@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAOjisRyWyON1FXghU09GTJYmvKpjgztFr_9wL=U6yV0-9DkcgA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAOjisRyWyON1FXghU09GTJYmvKpjgztFr_9wL=U6yV0-9DkcgA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vQYFWhUP9jg2NHIGamB-FpquoXw>
Cc: "tls@ietf.org" <TLS@ietf.org>
Subject: Re: [TLS] draft-sullivan-tls-exported-authenticator-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 21:57:24 -0000

On Mon, Oct 31, 2016 at 09:29:19PM +0000, Nick Sullivan wrote:
> <https://tools.ietf.org/html/
> <https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00>
> draft-sullivan-tls-exported-authenticator-00>
> <https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00>
> 
> I just posted a new Internet-Draft called "Exported Authenticators in TLS"
> in the TLS working group.
> 
> The intent of this draft is to enable participants in a TLS connection to
> prove ownership of additional certificates. This differs from previous
> proposals (https://tools.ietf.org/html/draft
> -sullivan-tls-post-handshake-auth-00) in that these proofs are not sent as
> part of the TLS connection, but instead exported so that they can be sent
> out of band (as part of an application layer message, for example).
> 
> This proposal should enable a radical simplification of the Secondary
> Certificate Authentication in HTTP/2 proposal (
> https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs-01),
> and should generally be a useful tool for binding a certificate ownership
> proof to a TLS connection.

This looks A LOT saner than the current post-handshake stuff in TLS 1.3
draft. Looks implementable even.

One comment about API: There should be a method to query the TLS library
capabilities with CertificateVerify algorithm verification.

The result could e.g. be list of algorithm numbers (e.g. 0403, 0503,
0603, 0804, 0805, 0806, 0807, 0808).

Also one bit unclear thing: Is RSA-PKCS1#v1.5 allowed if negotiated
TLS version is 1.2?


-Ilari