Re: [Unbearable] New version of Attested TLS Token Binding

Andrei Popov <Andrei.Popov@microsoft.com> Fri, 20 July 2018 18:55 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 893AD130F72 for <unbearable@ietfa.amsl.com>; Fri, 20 Jul 2018 11:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SpByAgqL6LDW for <unbearable@ietfa.amsl.com>; Fri, 20 Jul 2018 11:55:15 -0700 (PDT)
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-co1nam05on0723.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe50::723]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3E69130EFA for <unbearable@ietf.org>; Fri, 20 Jul 2018 11:55:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zE1Vz6TRnbSHjKjpUAjEx/7IOiX0OkrqbYx4csWC10M=; b=ei33WjCl5oHa40PfFPQ2qaT4yzQ0JpncpTg8Vp0N0v6GrFFQa2ipO2oHIziKch8FYlIDd5mfFbHarK+MbqKz1GAWT55HxKVFs6dc4HbseA8pcjHp/PO1KtjmdZQOdttlF7q+V1x/TP5PyKe2zZnVOBR9L03UavnaEXQidTAOBnU=
Received: from CY4PR21MB0774.namprd21.prod.outlook.com (10.173.192.20) by CY4PR21MB0183.namprd21.prod.outlook.com (10.173.193.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.995.1; Fri, 20 Jul 2018 18:55:14 +0000
Received: from CY4PR21MB0774.namprd21.prod.outlook.com ([fe80::c1b7:ab2b:2d0a:ee27]) by CY4PR21MB0774.namprd21.prod.outlook.com ([fe80::c1b7:ab2b:2d0a:ee27%6]) with mapi id 15.20.1017.000; Fri, 20 Jul 2018 18:55:14 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "unbearable@ietf.org" <unbearable@ietf.org>
Thread-Topic: New version of Attested TLS Token Binding
Thread-Index: AdQeCA4vaugyxA+3Q+uESV6F+H/I7ACUkLjA
Date: Fri, 20 Jul 2018 18:55:14 +0000
Message-ID: <CY4PR21MB07744E1F14D233D185D926588C510@CY4PR21MB0774.namprd21.prod.outlook.com>
References: <7d26fe5e053944e48f5c35c2ba57f8f3@NASANEXM01C.na.qualcomm.com>
In-Reply-To: <7d26fe5e053944e48f5c35c2ba57f8f3@NASANEXM01C.na.qualcomm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=andreipo@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-07-20T18:55:12.6935784Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:67c:1232:144:9588:ba3e:2810:4148]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0183; 6:thD2AGEhIPIriztK4bvtFKc6TuzR0+GeOlSMh401liWq8EtUYqOkuifoI992Xsv2mpq7/4Ebtb6ClguSl+fVtuTnswZ3Q0/vSCWe1Macb2cy6PunoRzKZhuG2mmbo9Gu+c+Yds5YPHojVz9EPmuH+GavgVppqzjG8haTzxw67qX44nR3S6cts+UXLxLpmCMVDFCTqENi2mxCsXVE3Cs7hWdvOILrTCz36cQy2JGUBgXwxH6L/Bk0kU55ujGkl/lS7L2Mo9zR/De98bFHHhpJYfWuShSUU+dycJY5Njsa1VRKQFCzyArdKT8b6k+oK6JZkt4drUhx3CvGw1O3YgnP4gMftqTJbbSJVvT0XReMpnkDpBLoM5nwhrzvuWk6D1jEoZrcM8EMpvmV+Am62NZNSZUJIcnREFG4U2yeqraLj4Zxs1WoL6LQlHwEF8e9nEb1PoPykkR4z70PybWLeVBH8Q==; 5:qrsfHMhdJmgVl7ktkMJxmLfIQO+ASTBQIOos9RQK3Eagu+YE+gi48GwU/cuS3dBysadmhiFNOTvgkoSIhkHu8SSBHaOM7z4v5Hqw5BMkJMeFJ+1C+RSVqorW97LOekMKcq0q64M2BwPvq1HCJ10cD1Du9ilVOUYW7dU2L46+6pY=; 7:eMLnvUtmQG8ESjeWvR98yVWqpGbgve2k43T+dMeUw70AHbiJ8A64ndSpAP6wlAzQjbCf3se9NXFUhnq1dOtDMeMI2cfOIxC3ZCsVVVwSa701HEBL8FjNKZhydP+gr1iN1kSTgIJjJ91/eE218MY5Ozov27fpXF5sYmvTDY/37ekokVMgSPJcOF00RCLpwOHXFa6Jc5Gy836xc6L0KHjUhwpv9b51GbozR8N5E6sRXc5wWN89VSd1ZiYXkBOdlXid
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 0fcfd878-d7ca-44fa-eb1a-08d5ee7253c8
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600067)(711020)(4618075)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7193020); SRVR:CY4PR21MB0183;
x-ms-traffictypediagnostic: CY4PR21MB0183:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-microsoft-antispam-prvs: <CY4PR21MB018305BE5FC92D2862B552F88C510@CY4PR21MB0183.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(189930954265078)(219752817060721);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231311)(944501410)(52105095)(2018427008)(3002001)(10201501046)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:CY4PR21MB0183; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0183;
x-forefront-prvs: 073966E86B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(346002)(136003)(366004)(396003)(199004)(189003)(53754006)(13464003)(10090500001)(8990500004)(110136005)(6116002)(14454004)(256004)(14444005)(6246003)(476003)(2906002)(81156014)(6306002)(9686003)(8676002)(81166006)(486006)(8936002)(2900100001)(5660300001)(305945005)(561944003)(55016002)(7736002)(966005)(106356001)(86362001)(575784001)(10290500003)(74316002)(97736004)(99286004)(478600001)(6436002)(186003)(68736007)(105586002)(53936002)(446003)(11346002)(2501003)(72206003)(46003)(5250100002)(316002)(86612001)(7696005)(53546011)(229853002)(22452003)(76176011)(6506007)(25786009)(102836004)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0183; H:CY4PR21MB0774.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 9uaaPVZqCAecwxNo+vBoGY1rL4sfHzxPMBt6FypmyD0+HSlGwzcVAOOe0NEatbudQq7ebImxerow2oyD+AMyR5PIsGX1gbRG+BXEY+SgGBPPGB13DJ/7ZWnwlduumVFOK8hMVBeBZY7MFsK/Sd4duSFQwPpMPG0GuNGeZQoLCV0qvS6sgRkSIBnwFY1lh99IbmTgG2edS0Iyq+/vvzDzEIVquvgjFwmVQRpfmdlGUNG63nWTOj2lh6y1HMUuu8ccjL46n3Mfdpi8H06wMdKQ64un8735PxGFO6ogYTnCvSYpxftbiCfKi0L+KYXLvbOnyC5pPOkPg/YBlyQuxh6KmrCGQl/+R/lots7CR51I+vc=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0fcfd878-d7ca-44fa-eb1a-08d5ee7253c8
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2018 18:55:14.1091 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0183
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/4WpEDXduDjyF6QqJKakUmcFhTvI>
Subject: Re: [Unbearable] New version of Attested TLS Token Binding
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 18:55:21 -0000

In addition to the more fundamental issues we discussed:
- What are we attesting? 
- Should EKM be involved? 
- Should the extension be signed? 
- What needs to be negotiated and how?

here are some editorial issues I found while reading the spec:

> ...whereby servers can leverage cryptographically-
>	   bound authentication tokens to verify TLS connections.

I'm not sure we can say that TB or bound tokens help verify TLS connections. TB relies on TLS for negotiation and nonce.

>	This is useful for prevention of man-in-the-middle attacks on TLS sessions,...

TB does not prevent MITM attacks on TLS, because a MITM can either prevent parties from negotiating TB or mint bound tokens of its own.

>	2.1.  Token Binding Attestation Registry

This belongs in the IANA section, so that it can be easily found.

Cheers,

Andrei

-----Original Message-----
From: Unbearable <unbearable-bounces@ietf.org> On Behalf Of Giridhar Mandyam
Sent: Tuesday, July 17, 2018 5:02 PM
To: unbearable@ietf.org
Subject: [Unbearable] New version of Attested TLS Token Binding

Hello All,

I hope to discuss this during Friday's meeting.  Some of the major changes since ver. 0.4 and ver. 0.3:

a) Proposal of new TLS extensions codepoint for tokbind sessions that will involve tokbind.extensions
b) Proposal for negotiating use of extensions  as part of TLS handshake
c) Addition of two base attestation types:  Android Keystore and TPMv2, along with verification procedures (heavily leveraged from Webauthn).
d) Proposal of establishment of tokbind attestation registry.

There are some other issues that I would like to get guidance from the group on the topic of tokbind.extensions, including:

a) Should clients advertise supported extensions? 
b) Should servers select extensions that they are interested in, and have the client suppress other extensions?  
c) Should clients just send all extensions that they support?  If so, can servers just ignore extensions in which they have no interest?

And specific to the attestation extension,

d) Should clients advertise the attestation types they support (which may expose some fingerprinting surface)?  Should servers communicate the attestation roots that they support?

-Giri Mandyam

-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org> 
Sent: Tuesday, July 17, 2018 12:52 PM
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>om>; Jon Azen <jazen@qti.qualcomm.com>om>; Laurence Lundblade <llundbla@qti.qualcomm.com>
Subject: New Version Notification for draft-mandyam-tokbind-attest-05.txt


A new version of I-D, draft-mandyam-tokbind-attest-05.txt
has been successfully submitted by Giridhar Mandyam and posted to the IETF repository.

Name:		draft-mandyam-tokbind-attest
Revision:	05
Title:		Attested TLS Token Binding
Document date:	2018-07-17
Group:		Individual Submission
Pages:		10
URL:            https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-mandyam-tokbind-attest-05.txt&amp;data=02%7C01%7CAndrei.Popov%40microsoft.com%7C19470c8a07844450983008d5ec28a4a2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636674581665030439&amp;sdata=7iVbWDGYoGe7LqpC9IdqMl0hEtoBHjB97frVvHEX2Bk%3D&amp;reserved=0
Status:         https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-mandyam-tokbind-attest%2F&amp;data=02%7C01%7CAndrei.Popov%40microsoft.com%7C19470c8a07844450983008d5ec28a4a2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636674581665030439&amp;sdata=hWksFyxxMjGhq%2Fe57IEGyiiHpFKmUOxLGzm02eewpXU%3D&amp;reserved=0
Htmlized:       https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-mandyam-tokbind-attest-05&amp;data=02%7C01%7CAndrei.Popov%40microsoft.com%7C19470c8a07844450983008d5ec28a4a2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636674581665030439&amp;sdata=iR6RZq8MUwiyePBEgNhQi0MF3BQF92TKns8Ip255Gsc%3D&amp;reserved=0
Htmlized:       https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-mandyam-tokbind-attest&amp;data=02%7C01%7CAndrei.Popov%40microsoft.com%7C19470c8a07844450983008d5ec28a4a2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636674581665030439&amp;sdata=pr0ccS%2FMllsV5Cvrixl3oFJidNs%2BXs0ekRkoNFE0kBY%3D&amp;reserved=0
Diff:           https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-mandyam-tokbind-attest-05&amp;data=02%7C01%7CAndrei.Popov%40microsoft.com%7C19470c8a07844450983008d5ec28a4a2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636674581665030439&amp;sdata=CSRP9cMlllw1Xfn%2BAJI%2B9tfzm02hbvDctRNve3lb9Bs%3D&amp;reserved=0

Abstract:
   Token binding allows HTTP servers to bind bearer tokens to TLS
   connections.  In order to do this, clients or user agents must prove
   possession of a private key.  However, proof-of-possession of a
   private key becomes truly meaningful to a server when accompanied by
   an attestation statement.  This specification describes extensions to
   the existing token binding protocol to allow for attestation
   statements to be sent along with the related token binding messages.

                                                                                  


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
Unbearable mailing list
Unbearable@ietf.org
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Funbearable&amp;data=02%7C01%7CAndrei.Popov%40microsoft.com%7C19470c8a07844450983008d5ec28a4a2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636674581665040447&amp;sdata=oZPtCiwLy%2FctRkV4PmG6cS7SaiCG5PYWAnLFjTU5fVs%3D&amp;reserved=0