[TLS] AD review of draft-ietf-tls-exported-authenticator-13
Roman Danyliw <rdd@cert.org> Fri, 02 October 2020 16:50 UTC
Return-Path: <rdd@cert.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D52373A118C for <tls@ietfa.amsl.com>; Fri, 2 Oct 2020 09:50:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqYVphKfQHpc for <tls@ietfa.amsl.com>; Fri, 2 Oct 2020 09:50:10 -0700 (PDT)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B1A43A11EC for <tls@ietf.org>; Fri, 2 Oct 2020 09:50:09 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 092Go8IP031765 for <tls@ietf.org>; Fri, 2 Oct 2020 12:50:08 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu 092Go8IP031765
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1601657408; bh=DFM9BUBV5jf0fb3tZxhMBC0BOxjRgdBHxyEjYePCzX8=; h=From:To:Subject:Date:From; b=UU5075DgOd1x2rOLh4DvdMeNCtIJcBrfeQnbl1RDh+zt+DgTCURGN5HbWt0tCJck+ K4rXDnuXLoGaf/KH81pu1/cwTfzc96+rGxi1/rsA6rt90TDNYWAlHXxnijq/0qxwM5 an9aErdayK8dpbBIdGft5MUWQFtvtjX8RfI2csGk=
Received: from MURIEL.ad.sei.cmu.edu (muriel.ad.sei.cmu.edu [147.72.252.47]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 092Go47C027399 for <tls@ietf.org>; Fri, 2 Oct 2020 12:50:04 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MURIEL.ad.sei.cmu.edu (147.72.252.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Fri, 2 Oct 2020 12:50:04 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.1979.003; Fri, 2 Oct 2020 12:50:04 -0400
From: Roman Danyliw <rdd@cert.org>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: AD review of draft-ietf-tls-exported-authenticator-13
Thread-Index: AdaY21G9H9pWbGwkTCiEpqCBTCyDiQ==
Date: Fri, 02 Oct 2020 16:50:02 +0000
Message-ID: <9747477ee4724e939d17d7a44a9368ae@cert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.177]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/zX0aay5kCNDJkpMEImtFupOYPLQ>
Subject: [TLS] AD review of draft-ietf-tls-exported-authenticator-13
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2020 16:50:13 -0000
Hi! I've assumed the role of responsible AD on this document. As such, I performed an AD review of draft-ietf-tls-exported-authenticator-13. This document has seen a few WG LCs and reviews. Thanks for working out the details for this feedback. I have a few questions and suggestions for process and editorial clarity described below. Given that, I'm going to advance this document to IETF LC and the feedback below can be discussed/addressed concurrently. ** Section 1. Editorial. Provide a reference to TLS 1.3 when it is first mentioned. OLD Post-handshake authentication is defined in TLS 1.3 NEW Post-handshake authentication is defined in Section 4.6.2 of TLS 1.3 [TLS13] ** Section 1. Editorial. Provide references to for (D)TLS 1.2 OLD TLS (or DTLS) version 1.2 or later are REQUIRED NEW TLS (or DTLS) version 1.2 [RFC5246][RFC6347] or later are REQUIRED. ** Section 5. The application layer protocol used to send the authenticator SHOULD use TLS or a protocol with comparable security properties as its underlying transport I saw the additional text added here after the LC on -09 (and the discussion that this can't be MUST-use-TLS because of use cases like QUIC). However, what is the envisioned flexibility by using SHOULD (instead of MUST) given the addition of the "or a protocol with comparable security properties"? When would I want to use a protocol with reduced security properties? ** Section 5.1. Editorial. These values are derived using an exporter as described in [RFC5705] (for TLS 1.2) or Sec. 7.5 of [TLS13] (for TLS 1.3). -- Please provide the relevant section in RFC5705 (just like was done for [TLS13]) -- s/Sec. 7.5/Section 7.5/ ** Section 5.2.2. Editorial. Per "The definition for TLS 1.3 is:" begs the question of what that format might be for TLS 1.2. Can you please make it clearer that the format is the same. ** Section 5.2.2. Otherwise, the signature algorithm used should be chosen from the "signature_algorithms" sent by the peer in the ClientHello of the TLS handshake. -- Editorial. For clarity, s/ Otherwise, the signature algorithm used .../Otherwise, with spontaneous server authentication, the signature algorithm used .../ -- Would it make sense to make this "should" and normative "SHOULD"? ** Section 5.2.4. When validating an authenticator, a constant-time comparison SHOULD be used. What's the concern here? IMO, this guidance seems better in Section 7.4 ** Section 7.*. As Section 7 states that 7.* is informative: -- Section 7.3. Downgrade the single normative "RECOMMENDED" to be "recommended". -- Section 7.4. Downgrade the single normative "SHOULD" to be "should" ** Section 8.1. Why shouldn't this document also be added to the "Reference" column to explain the addition of "CR" to the "TLS 1.3" column? ** Section 8.2. With these additions to "Exporter Labels" registry, please describe the values of the other fields: -- How should the "DTLS-OK" and "Recommended" columns be set? -- The obvious text that this document should be the "Reference" Regards, Roman
- [TLS] AD review of draft-ietf-tls-exported-authen… Roman Danyliw
- Re: [TLS] AD review of draft-ietf-tls-exported-au… Sean Turner