Re: [TLS] TLS identity protection using Signaling Cipher Suite Value
Martin Rex <mrex@sap.com> Wed, 30 November 2011 19:23 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5EA521F8A71 for <tls@ietfa.amsl.com>; Wed, 30 Nov 2011 11:23:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.692
X-Spam-Level:
X-Spam-Status: No, score=-9.692 tagged_above=-999 required=5 tests=[AWL=0.558, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmleHas84a8l for <tls@ietfa.amsl.com>; Wed, 30 Nov 2011 11:23:10 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 2900421F8AF9 for <tls@ietf.org>; Wed, 30 Nov 2011 11:23:09 -0800 (PST)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id pAUJN6YQ023908 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 30 Nov 2011 20:23:06 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201111301923.pAUJN6VR022639@fs4113.wdf.sap.corp>
To: mbadra@gmail.com
Date: Wed, 30 Nov 2011 20:23:06 +0100
In-Reply-To: <CAOhHAXy=4vTRxO13=xkSQ9i3qcAa=TxRSt15hVBv85juu0xkUw@mail.gmail.com> from "Badra" at Nov 17, 11 10:49:47 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] TLS identity protection using Signaling Cipher Suite Value
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2011 19:23:11 -0000
Badra wrote: > > I posted a document that defines a pecial Signaling Cipher Suite Value to > enable the negotiation of the client identity protection. This approach had > been initially proposed by Francisco Corella, to the TLS mailing list > during August 2000. > > http://www.ietf.org/id/draft-badra-tls-identity-protection-00.txt A signaling cipher suite value is certainly *MUCH* better than the other proposal for a cartesian product of common ciphersuites. Although performing negotiation of this capability through ciphersuite values instead of a TLS extension would protect against a very simplistic DoS attack against a TLS handshake between the rightful client and rightful server using TLS extension (but only in case the client is capable and willing to perform a reconnect fallback with an extension-less ClientHello), this approach can *NOT* protect against an active attacker that is determined to learn the client's identity and does not care about causing a failed TLS handshake while doing so. As I previously mentioned, the only reliable protection during the handshake would be an indication from the server that is authenticated by the server credential an can *not* be stripped from the handshake. Basically, it would need to be hardwired into the server's credential, like an additional certificate extension or a new EKU OID. The Finished MAC protection of the handshake contents can only protect the application from using the resulting connection, it can not protect the negotiation and use of protocol features _during_ the TLS handshake because modifications of the handshake by an active MitM can only reliably be detected *after* the handshake when verifying the finished messages. -Martin
- [TLS] TLS identity protection using Signaling Cip… Badra
- Re: [TLS] TLS identity protection using Signaling… Martin Rex
- Re: [TLS] TLS identity protection using Signaling… Badra
- Re: [TLS] TLS identity protection using Signaling… Martin Rex
- Re: [TLS] TLS identity protection using Signaling… Mohamad Badra