Re: [TLS] TLS-OBC proposal
Dirk Balfanz <balfanz@google.com> Thu, 25 August 2011 06:30 UTC
Return-Path: <balfanz@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E50921F8AF4 for <tls@ietfa.amsl.com>; Wed, 24 Aug 2011 23:30:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.976
X-Spam-Level:
X-Spam-Status: No, score=-105.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uf2gevS552c3 for <tls@ietfa.amsl.com>; Wed, 24 Aug 2011 23:30:14 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by ietfa.amsl.com (Postfix) with ESMTP id 573DD21F8AF2 for <tls@ietf.org>; Wed, 24 Aug 2011 23:30:14 -0700 (PDT)
Received: from hpaq6.eem.corp.google.com (hpaq6.eem.corp.google.com [172.25.149.6]) by smtp-out.google.com with ESMTP id p7P6VOsd028799 for <tls@ietf.org>; Wed, 24 Aug 2011 23:31:24 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1314253884; bh=VFiOOswkuK45IYI1RuVeogQL0l0=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=XonMBsvYDBAhOdE5uBna4TdKM3Jsii4kWRiUmlOWaPSaexOWuUpQyvlgeXoY3GH9j vKBEoGhEzJ2o41kfmtpDw==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:in-reply-to:references:date: message-id:subject:from:to:cc:content-type:x-system-of-record; b=nFC2XpjFr1kgkFdIG00tf+kiKYod8C55KAIKL5dwlM6TFAb6HazxWFDvzNUkGrghY RVBDk3fdiiqEtjDXpXPMQ==
Received: from gyc15 (gyc15.prod.google.com [10.243.49.143]) by hpaq6.eem.corp.google.com with ESMTP id p7P6VL0Z009548 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <tls@ietf.org>; Wed, 24 Aug 2011 23:31:22 -0700
Received: by gyc15 with SMTP id 15so2960161gyc.25 for <tls@ietf.org>; Wed, 24 Aug 2011 23:31:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tIkOpka2XLt2oBzOYc+u5PCoTjAYkRgk1AaKpfSzAaw=; b=Io0L5wDGwaAaK1sWjBdDR7QUBkSFjpK2r7Z+j7aFZa0Rdrl+Y8DadcKzvEMTKJBQy4 7ON037QSRWVtGIJOyp2Q==
Received: by 10.91.47.27 with SMTP id z27mr1600606agj.98.1314253881244; Wed, 24 Aug 2011 23:31:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.91.47.27 with SMTP id z27mr1600602agj.98.1314253881015; Wed, 24 Aug 2011 23:31:21 -0700 (PDT)
Received: by 10.90.56.4 with HTTP; Wed, 24 Aug 2011 23:31:20 -0700 (PDT)
In-Reply-To: <7BAD42FE4F789E2903A528D5@nifty-silver.local>
References: <CADHfa2AMOeShxH_k5ZEB3DUVJAnOqvZmLMg5Yz8smtBDGkQsNg@mail.gmail.com> <7BAD42FE4F789E2903A528D5@nifty-silver.local>
Date: Wed, 24 Aug 2011 23:31:20 -0700
Message-ID: <CADHfa2CaLaY3QaRHheiWkvQgT1ovtFj4rnhXk0F5sFiYi1x7Vw@mail.gmail.com>
From: Dirk Balfanz <balfanz@google.com>
To: Chris Newman <chris.newman@oracle.com>
Content-Type: multipart/alternative; boundary="001485f91e0eb8fdac04ab4e93b1"
X-System-Of-Record: true
Cc: tls@ietf.org
Subject: Re: [TLS] TLS-OBC proposal
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 06:30:15 -0000
On Tue, Aug 23, 2011 at 9:58 PM, Chris Newman <chris.newman@oracle.com>wrote: > TLS client certificate authentication is used sometimes with email. Indeed > it's a significant reason this draft is needed: > draft-melnikov-pop3-over-tls-**01.txt. > > Some mail clients associate a single TLS client certificate with a "mail > account" and would not benefit from OBC. Some mail clients store TLS client > certificates in a pool and one has to be selected for a given account when > the server requests a client certificate. Such mail clients would benefit > from OBC. However, the two most widely deployed open source TLS stacks > (OpenSSL & NSS) are changing very slowly. I'm skeptical that OBC provides > enough benefit to actually get implemented and deployed in such TLS stacks. > Do you know of implementers sufficiently interested in the feature that they > would be willing to contribute code to OpenSSL and NSS? > As a proof-of-concept, we're putting support for TLS-OBC both into OpenSSL and NSS. Whether that will ever land in the main branches depends on whether our proof-of-concept is successful (demonstrates acceptable utility and performance), and I guess also to a degree on whether groups like this one find the proposal worthwhile. As you point out, there is a bit of a chicken-and-egg problem going on here, but we _are_ writing the code for this as we speak both for OpenSSL and NSS. Dirk. > > - Chris > > > --On August 22, 2011 10:53:05 -0700 Dirk Balfanz <balfanz@google.com> > wrote: > > Dear TLS-WG, >> >> I few weeks ago I presented a proposal for an "origin-bound certificates" >> TLS extension at IETF 81. It's much easier to understand what this >> extension is trying to accomplish when presented in a broader context of >> web authentication (which I tried to give in Quebec), so I put together a >> little web site that is supposed to do just that for those who couldn't >> be at the IETF meeting: http://browserauth.net (This took me a little >> while, hence the delay in sending out the I-D). >> >> Anyway, here is the I-D: http://tools.ietf.org/html/** >> draft-balfanz-tls-obc <http://tools.ietf.org/html/draft-balfanz-tls-obc>, >> which I submit for your comments/feedback. (Again, remember to read >> http://browserauth.net for some context.) >> >> All feedback is welcome, of course, but if you can't think of anything to >> comment on, I have a couple particular questions: >> >> - in Section 2.1.1 we currently stipulate that the client include the >> origin of the origin-bound cert as part of the OBC X.509 extension. When >> we implemented this, we didn't really know what to do with that data on >> the server side. If the client also uses TLS-SNI, then we could imagine >> comparing the SNI and OBC origins in some manner on the server side, but >> there isn't really a vehicle to signal an error back to the client saying >> "your SNI and OBC origins don't match". Similarly, we could perhaps at >> some higher layer compare the HTTP "Host" header with the OBC origin, but >> then again - what do you do when they don't match? Respond with a 400 at >> the HTTP layer? An alternative to the current language in the I-D would >> be to simply mark the cert as origin-bound, but without putting the >> origin itself into the cert. Any thoughts? >> >> - What do you think of the privacy-enhancing power of using per-origin >> certs? The idea there is that different domains see different "identities" >> (public keys) for the same client. Of course, if two domains choose to >> collaborate, they can probably find a way to correlate the two identities >> they see for the same client. This is similar to cookies, where normally >> "identities" (cookies) for one domain are not revealed to another domain >> unless, of course, they choose to collaborate. How much privacy would we >> really lose if we just used one certificate for all origins? It would >> certainly make the design and implementation simpler. (I tend to favor >> per-origin certs, but I'm curious as to what other people think.) >> >> Thanks for your consideration! >> >> Dirk. >> >> > > > >
- [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Anders Rundgren
- Re: [TLS] TLS-OBC proposal Chris Richardson
- Re: [TLS] TLS-OBC proposal Wan-Teh Chang
- Re: [TLS] TLS-OBC proposal Chris Newman
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Nikos Mavrogiannopoulos
- Re: [TLS] TLS-OBC proposal Dirk Balfanz
- Re: [TLS] TLS-OBC proposal Nikos Mavrogiannopoulos
- Re: [TLS] TLS-OBC proposal Anders Rundgren
- Re: [TLS] TLS-OBC proposal Nikos Mavrogiannopoulos
- Re: [TLS] TLS-OBC proposal Anders Rundgren
- Re: [TLS] TLS-OBC proposal Martin Rex
- Re: [TLS] TLS-OBC proposal Nico Williams
- Re: [TLS] TLS-OBC proposal Nico Williams
- Re: [TLS] TLS-OBC proposal Nico Williams