Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
Nick Sullivan <nicholas.sullivan@gmail.com> Thu, 31 May 2018 18:44 UTC
Return-Path: <nicholas.sullivan@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5538D126BF3 for <tls@ietfa.amsl.com>; Thu, 31 May 2018 11:44:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qiLNZ9h94Mx4 for <tls@ietfa.amsl.com>; Thu, 31 May 2018 11:44:45 -0700 (PDT)
Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7CDA12EAFC for <tls@ietf.org>; Thu, 31 May 2018 11:44:34 -0700 (PDT)
Received: by mail-it0-x22f.google.com with SMTP id c3-v6so29293273itj.4 for <tls@ietf.org>; Thu, 31 May 2018 11:44:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+cxGiuDpAJsrC2YB6i8y8PNKpA3c+myNYs7XMt6w7vo=; b=aauoMI4s12iySpuFCYTlYJfuP5TikXZMyGlAi33yXnu7DtKeGbreGUZkagbd+1dObO 7HLbR2chHdQ7bOXfXtry6ChVVlSeXUcsffu1TuCSEvxZRC7deUf+AoGqvnmb2lDuct3z BLmGxK1pcq1CTOzOcnMlRFZGDAjaC+n6VE4sCupm5RHWJe8SssV8RbrnvBs9Y64G7/nS r7jxYBUkT3dLo9/RqI2IpkDbZfTWGK4GYdb6DSOKMnJAFKDZqoIuWy5zXWiasDVzs6zk HKrj1jEHcvqXbeUWy7Bynsgv1l2uNtmom7i5ARB6e9XSR8OEX6fFJ9/4Z3hIYvATXnH3 X1Gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+cxGiuDpAJsrC2YB6i8y8PNKpA3c+myNYs7XMt6w7vo=; b=AQIokBZ8tE93zRGNFwhFuPoA/1+2ARMjMUV5ALxyLx0k9yzndPKK/WTnBS/r8apUbY m2ZtH85NpLBYZhnPLdmNv1541fbI3WMFxVdkYfBoEBUk3sF2HCnJybb0xg/H2vX1854H cAnvE2999emH5xMhfmq/2ZboBZ+ByUPt0VvpU052rbOE9EC2FqtcGWI6wiFUAO7to23m q9PSYwla9HDJFid4C1nP7+F5GCjYcTi4XR2f9YmPwBqHkpKekBmbSOBa0OxeeAFkiIg8 2EAY26cZ9gta7CVR6Z5NX8ZofCrn44dBlIinn/yTFhtGyK3CdunMPihW1+lm89SU3XJr MdXA==
X-Gm-Message-State: ALKqPwf6I3aoCWxSWbSoI5WKFut34mA/ikzggYRuWjQzKe5p6gwK80/q GNAc8MzdYTeJ+PU2mCvysj1gJfLeAGmrkDdoG+Q=
X-Google-Smtp-Source: ADUXVKL3E7o7DbvLL4+Z5E0suBwN7OaHrPQclJoLEoGg+rqmdVkTk1PZaRt/Is3v7povl1cehgdWgAHYN1Zqa51uWjw=
X-Received: by 2002:a24:b510:: with SMTP id v16-v6mr1178170ite.87.1527792274025; Thu, 31 May 2018 11:44:34 -0700 (PDT)
MIME-Version: 1.0
References: <4E347898-C787-468C-8514-30564D059378@sn3rd.com> <1CBA2C18-DAB8-4751-B765-3BF76C7F170B@sn3rd.com> <19A28612-65CA-4667-9E4E-D47717AC9009@sn3rd.com> <CAOjisRypO2tSx4WEVqKCr7mzs2fnOTm9S5WqTLm9cGGjULVm1g@mail.gmail.com> <CAOjisRwUUjGXSanAh49aFo=DoFzuvKChD8G4150KNYF34Co3YQ@mail.gmail.com> <CABkgnnWntHXGMK4dkWtUOJ9DD9wOme+fOCK7+ejCvHufUOXNGg@mail.gmail.com> <CAOjisRwtxSQzVPfThanJ9w5T7DONEFDq--U7X-Jj7q5h80GdEQ@mail.gmail.com> <CABkgnnVm=iiYnmfPvT3LW0rqgSd_qLD6-bwcv7A7H-fAQQonzQ@mail.gmail.com>
In-Reply-To: <CABkgnnVm=iiYnmfPvT3LW0rqgSd_qLD6-bwcv7A7H-fAQQonzQ@mail.gmail.com>
From: Nick Sullivan <nicholas.sullivan@gmail.com>
Date: Thu, 31 May 2018 11:44:21 -0700
Message-ID: <CAOjisRwXBGQNNfwXJStU56JNYbRQA6XLwAA-wsMg7wK3aeR_4A@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>, Mike Bishop <mbishop@evequefou.be>
Content-Type: multipart/alternative; boundary="000000000000c8bd8f056d84db8c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/zMerHeZLI4OFX7rGGSuudtPT5ys>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2018 18:44:49 -0000
Martin, Thanks for the corrections, and thank you others who have reviewed the patches. I've updated the PRs appropriately. Nick On Wed, May 30, 2018 at 6:48 PM Martin Thomson <martin.thomson@gmail.com> wrote: > I've reviewed changes. Thanks for writing them up Nick. > > Two concerns: > > On #26, I think that there is a misunderstanding of how > signature_algorithms and signature_algorithms_cert work. My > understanding is that the former applies to the entire chain, unless > the latter is present, in which case the latter applies to all > signatures produced by certificates in the chain other than the end > entity certificate. Thus, signature_algorithms entirely governs the > choice of signature algorithm that is used in TLS itself, whereas > signature_algorithms_cert (if present) governs the use of signatures > that are used in building the certification path. > > #26 switches to signature_algorithms_cert exclusively. That's an > error, I think. > > In #27, I think that dropping Certificate entirely isn't a good idea. > TLS 1.3 sends it, but leaves it empty. There are a few reasons I > mention in the PR comments. > On Thu, May 31, 2018 at 11:23 AM Nick Sullivan > <nicholas.sullivan@gmail.com> wrote: > > > > I've put together some PRs to address the comments from last call. > Comments welcome. > > > > Failing CertificateVerify due to MITM text: > > https://github.com/tlswg/tls-exported-authenticator/pull/28 > > > > Comments from Ben Kaduk: > > https://github.com/tlswg/tls-exported-authenticator/pull/26 > > > > Authenticated Denial: > > https://github.com/tlswg/tls-exported-authenticator/pull/27 > > > > > > Nick > > > > On Thu, May 24, 2018 at 5:54 PM Martin Thomson <martin.thomson@gmail.com> > wrote: > >> > >> Mike just inadvertently (?) discovered a problem with exported > >> authenticators. > >> > >> TLS post handshake authentication provides an authenticated refusal > when a > >> certificate can't be found. It turns out that the current design of the > >> HTTP/2 CERTIFICATE frame might need to rely on the same capability here. > >> > >> The current draft doesn't really say anything about what happens. > >> > >> https://github.com/tlswg/tls-exported-authenticator/issues/25 > >> > >> On Sat, May 12, 2018 at 9:59 AM Nick Sullivan < > nicholas.sullivan@gmail.com> > >> wrote: > >> > >> > Thanks all for the comments on the draft. Let me try to summarize the > >> comments and propose next steps. > >> > >> > Tim Hollebeek had a comment about 0 as the separator. I generally > don’t > >> think this is a big issue, and prefer 0 because it is a natural way to > >> terminate a string. If anyone strongly disagrees, please reply to the > list. > >> > >> > Roelof duToit raised a question about middlebox interoperability, > >> specifically that the exporters will not match if the TLS connection is > not > >> end-to-end. There was a subsequent discussion about where to signal this > >> property. Martin Thomson suggested a signaling mechanism at the > application > >> layer (https://github.com/httpwg/http-extensions/issues/617) and Eric > >> Rescorla suggested that the fact that this could cause CertificateVerify > >> failures should be called out in the document. I'll put a PR together to > >> add some helpful text around debugging CertificateVerify failures to > >> address Eric's suggestion. > >> > >> > Ben Kaduk had three points: > >> > - The certificate_request_context is prone to collisions with > >> post-handshake authentication and there are different spaces for the > server > >> and client context values. He suggested some text in Section 3 and maybe > >> more explanation in Section 5.2 as well. I’ll put together a PR for > this. > >> > - Section 4.1 talks of the length of the exporter value in terms of > the > >> length of the > >> > TLS PRF hash, adding that cipher suites not using TLS PRF have to > define > >> a hash function, but TLS 1.3 ciphersuites do not use the TLS PRF. I’ll > put > >> together a PR to clarify the text around this clarifying that for TLS > 1.3 > >> cipher suites, the HDKF hash is what is meant. > >> > - The “signature_algorithms_cert” extension was not incorporated into > the > >> draft. I’ll put together a PR for 4.2.1., 4.2.2. and 5.1. to incorporate > >> this extension. > >> > >> > I'll have the proposed changes for the above comments ready next week. > >> > >> > There were also some uncontroversial suggestions that I propose > merging: > >> > https://github.com/tlswg/tls-exported-authenticator/pull/21 > >> > https://github.com/tlswg/tls-exported-authenticator/pull/22 > >> > https://github.com/tlswg/tls-exported-authenticator/pull/23 > >> > https://github.com/tlswg/tls-exported-authenticator/pull/24 > >> > >> > >> > Nick > >> > >> > >> > On Thu, May 3, 2018 at 1:16 PM Nick Sullivan < > nicholas.sullivan@gmail.com> > >> wrote: > >> > >> >> Does anyone have any comments about the draft, criticisms, or votes > of > >> support? > >> > >> >> Nick > >> > >> > >> >> On Thu, May 3, 2018 at 1:12 PM Sean Turner <sean@sn3rd.com> wrote: > >> > >> > >> > >> >>> > On Apr 21, 2018, at 10:25, Sean Turner <sean@sn3rd.com> wrote: > >> >>> > > >> >>> > > >> >>> >> On Apr 19, 2018, at 16:32, Sean Turner <sean@sn3rd.com> wrote: > >> >>> >> > >> >>> >> All, > >> >>> >> > >> >>> >> This is the working group last call for the "Exported > Authenticators > >> in TLS" draft available at > >> https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/ > . > >> Please review the document and send your comments to the list by 2359 > UTC > >> on 4 April 2018. > >> >>> > > >> >>> > … 4 May 2018 ... > >> > >> >>> Just a reminder the WGLC ends tomorrow. > >> > >> >>> spt > >> >>> _______________________________________________ > >> >>> TLS mailing list > >> >>> TLS@ietf.org > >> >>> https://www.ietf.org/mailman/listinfo/tls > >> > >> > _______________________________________________ > >> > TLS mailing list > >> > TLS@ietf.org > >> > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] WGLC for draft-ietf-tls-exported-authentica… Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nikos Mavrogiannopoulos
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Tim Hollebeek
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Jonathan Hoyland
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Mike Bishop
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Roelof duToit
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-exported-authen… Nick Sullivan