Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
Martin Thomson <martin.thomson@gmail.com> Fri, 25 May 2018 00:54 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C2D212D864 for <tls@ietfa.amsl.com>; Thu, 24 May 2018 17:54:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VOnS6NkayCNZ for <tls@ietfa.amsl.com>; Thu, 24 May 2018 17:54:52 -0700 (PDT)
Received: from mail-ot0-x230.google.com (mail-ot0-x230.google.com [IPv6:2607:f8b0:4003:c0f::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80E0F128D2E for <tls@ietf.org>; Thu, 24 May 2018 17:54:52 -0700 (PDT)
Received: by mail-ot0-x230.google.com with SMTP id h8-v6so4205238otb.2 for <tls@ietf.org>; Thu, 24 May 2018 17:54:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=i8oLr1R/ynxH6egOpaN6m5eVIrYprtZjxH2HGjmK6I4=; b=SI8s2zm5uX/JsSFtlbyGI8YCNLWFWKE2p0EIsamt/sIXHmzyvGKhgmhwckw75Gr3Jf scTWh3qVFkWlxBF3rcL6N2d2Ih/GQILU8lnTQT6oqiPa5qi5oiD//uwlS2n92CeflWVu /L2JAzgMRTYIvKJYvxVkBtFeFVBAij/gNeKrSPh5gLi3zh4wC3QXE0RZpkwlfbCNb+00 8o7ciru9x97DOaKDAr1wCaVuvKrkn1FgSa51TIdzYPPlOx2Ue3ocjaZZkx3qFNuakg+b jeUZuqA8pYv8M88+UgpWJ3JqtaZba+SRtl8R+klWzi8zRW+IkV0mlBuWrssiF3NjF88y 6/DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=i8oLr1R/ynxH6egOpaN6m5eVIrYprtZjxH2HGjmK6I4=; b=GQPZ/Bmh5x1gedqA+t9LOO1gCvL+UznZGsiF06zL5v6c7HaoJmJz3xHaEUR6KUN26F sw+sgFF6mw1q0DANMhbT7T+R9oygCUyYlqkDA8xxlzgej5IAmwmk95mRNo4+4f7/VAAH 28x+eDKMqpE6x9JjNxSjIKvnxsBFlW6z9kWBgyZZd23ICpoQ3s26wopGoa7sT9lYGkhb BAA1UOfLvSB6/gWKMaJzXOkjd0iF7rrCvp7yolLlJEFGkB6W7kYjQfV6aZss7uy7BxDn BCY8OLlPIyVQ3UCiUmoJGGTR03j2CryeueUWtTR71/yBu0HlulX7Xgwe6FMnlMVUWmYU IiDQ==
X-Gm-Message-State: ALKqPweT01xbv1y8HNX5Z8QF7V4xQ32xlN7E3GEn7RottT7sP/wyoGiS wtrC1Q1jIawUFOIfmRabuvV/yy2BpLUC+W4MQmM=
X-Google-Smtp-Source: ADUXVKKY2ijShWJr1aEnFKwRN8pkfUiyag2Tl1vRJDqgEVfNUpZllyOvyLw4JZSiyKB3UTyU6q3XLWHliZpWEgjcZGQ=
X-Received: by 2002:a9d:3ea5:: with SMTP id b34-v6mr152037otc.283.1527209691793; Thu, 24 May 2018 17:54:51 -0700 (PDT)
MIME-Version: 1.0
References: <4E347898-C787-468C-8514-30564D059378@sn3rd.com> <1CBA2C18-DAB8-4751-B765-3BF76C7F170B@sn3rd.com> <19A28612-65CA-4667-9E4E-D47717AC9009@sn3rd.com> <CAOjisRypO2tSx4WEVqKCr7mzs2fnOTm9S5WqTLm9cGGjULVm1g@mail.gmail.com> <CAOjisRwUUjGXSanAh49aFo=DoFzuvKChD8G4150KNYF34Co3YQ@mail.gmail.com>
In-Reply-To: <CAOjisRwUUjGXSanAh49aFo=DoFzuvKChD8G4150KNYF34Co3YQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 25 May 2018 10:54:33 +1000
Message-ID: <CABkgnnWntHXGMK4dkWtUOJ9DD9wOme+fOCK7+ejCvHufUOXNGg@mail.gmail.com>
To: Nick Sullivan <nicholas.sullivan@gmail.com>
Cc: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>, Mike Bishop <mbishop@evequefou.be>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/w68RJALjWYNlj4xf7OP_88-HWJE>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2018 00:54:55 -0000
Mike just inadvertently (?) discovered a problem with exported authenticators. TLS post handshake authentication provides an authenticated refusal when a certificate can't be found. It turns out that the current design of the HTTP/2 CERTIFICATE frame might need to rely on the same capability here. The current draft doesn't really say anything about what happens. https://github.com/tlswg/tls-exported-authenticator/issues/25 On Sat, May 12, 2018 at 9:59 AM Nick Sullivan <nicholas.sullivan@gmail.com> wrote: > Thanks all for the comments on the draft. Let me try to summarize the comments and propose next steps. > Tim Hollebeek had a comment about 0 as the separator. I generally don’t think this is a big issue, and prefer 0 because it is a natural way to terminate a string. If anyone strongly disagrees, please reply to the list. > Roelof duToit raised a question about middlebox interoperability, specifically that the exporters will not match if the TLS connection is not end-to-end. There was a subsequent discussion about where to signal this property. Martin Thomson suggested a signaling mechanism at the application layer (https://github.com/httpwg/http-extensions/issues/617) and Eric Rescorla suggested that the fact that this could cause CertificateVerify failures should be called out in the document. I'll put a PR together to add some helpful text around debugging CertificateVerify failures to address Eric's suggestion. > Ben Kaduk had three points: > - The certificate_request_context is prone to collisions with post-handshake authentication and there are different spaces for the server and client context values. He suggested some text in Section 3 and maybe more explanation in Section 5.2 as well. I’ll put together a PR for this. > - Section 4.1 talks of the length of the exporter value in terms of the length of the > TLS PRF hash, adding that cipher suites not using TLS PRF have to define a hash function, but TLS 1.3 ciphersuites do not use the TLS PRF. I’ll put together a PR to clarify the text around this clarifying that for TLS 1.3 cipher suites, the HDKF hash is what is meant. > - The “signature_algorithms_cert” extension was not incorporated into the draft. I’ll put together a PR for 4.2.1., 4.2.2. and 5.1. to incorporate this extension. > I'll have the proposed changes for the above comments ready next week. > There were also some uncontroversial suggestions that I propose merging: > https://github.com/tlswg/tls-exported-authenticator/pull/21 > https://github.com/tlswg/tls-exported-authenticator/pull/22 > https://github.com/tlswg/tls-exported-authenticator/pull/23 > https://github.com/tlswg/tls-exported-authenticator/pull/24 > Nick > On Thu, May 3, 2018 at 1:16 PM Nick Sullivan <nicholas.sullivan@gmail.com> wrote: >> Does anyone have any comments about the draft, criticisms, or votes of support? >> Nick >> On Thu, May 3, 2018 at 1:12 PM Sean Turner <sean@sn3rd.com> wrote: >>> > On Apr 21, 2018, at 10:25, Sean Turner <sean@sn3rd.com> wrote: >>> > >>> > >>> >> On Apr 19, 2018, at 16:32, Sean Turner <sean@sn3rd.com> wrote: >>> >> >>> >> All, >>> >> >>> >> This is the working group last call for the "Exported Authenticators in TLS" draft available at https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. Please review the document and send your comments to the list by 2359 UTC on 4 April 2018. >>> > >>> > … 4 May 2018 ... >>> Just a reminder the WGLC ends tomorrow. >>> spt >>> _______________________________________________ >>> TLS mailing list >>> TLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] WGLC for draft-ietf-tls-exported-authentica… Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nikos Mavrogiannopoulos
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Tim Hollebeek
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Jonathan Hoyland
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Mike Bishop
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan