[Unbearable] TLS 1.3 support for Token Binding
Nick Harper <nharper@google.com> Wed, 28 June 2017 22:37 UTC
Return-Path: <nharper@google.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C905612EC2A for <unbearable@ietfa.amsl.com>; Wed, 28 Jun 2017 15:37:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CnvZ84pdQgOt for <unbearable@ietfa.amsl.com>; Wed, 28 Jun 2017 15:37:47 -0700 (PDT)
Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41337129C2B for <unbearable@ietf.org>; Wed, 28 Jun 2017 15:37:47 -0700 (PDT)
Received: by mail-lf0-x229.google.com with SMTP id b207so43011119lfg.2 for <unbearable@ietf.org>; Wed, 28 Jun 2017 15:37:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=bTmD+5BxWBdNBbUxK1QBF9mrQISqPfFLjRclmQ/DXRU=; b=YLt/7zu12dGy5IL9YcmtpK1mDC9CCmiXcPDz9gXd1CeELWAb8UC2oq6P+2FvrC9K/T vQt8AlMwiJYv6YQgNnaq8YjRTSycH2LZp7c0qFskfM2ANuTtWp5cgIu9wmM5jL4bD0ou A3QxefUCXZAYmKYX1zhNvU6a/mvD+xnRqe3tw/qC8Jp23hlb/EF/kk0OdB6oeYFpb3tT 7pkoNX23t0SWLLbtx+1CaD3WLXojwMfX3O2DWRQ/Zbluq0/AZZ5KqjliuodlGdo/7pj4 A8aBiYdbeyr67TOZ29hl5R0q764Zunff7oMLHyqBEtFudgnPpf3sqhZjrMZ4BLGG96J1 LVYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=bTmD+5BxWBdNBbUxK1QBF9mrQISqPfFLjRclmQ/DXRU=; b=DVdqIVjIZbLFr02aEhDZfJpdg6JwLx+BDRrAzTcFXsriqBMFR0MNVal9qdHkCQdISB 9hmmMXfxZn5//o2uL0ar8Lya3BwN2x2o8h7J8UraA4WreNRxvdRbedA8FqzXDOc0Tzai SUCzJaPNUsK+shzeWWH0NkZnfXLrQlx5EdDY0HhPVyteNVkYhGszcaYV+E/S+t0TV0Os fasTXJTXoSfGYLEld0X/EoluZbkRTWikiI9C13kV2Zjzj2LcnUXjv7lw8rUPgJ0caFIo n5t6wNFRK3Ay69KjI4iiNmn9LlR5f/m1a6gaqqzmIuEGP35XKgP1NoS9NytTjEB5L5nC LnBg==
X-Gm-Message-State: AKS2vOxBUnIwMwwx24+R7oQFDEmz1eWyswqa41GerHk/h+qIqFDxyq7L suKI3WJFaglPiG6hS4aUImPVvnXtMOG6tT1gJg==
X-Received: by 10.46.75.9 with SMTP id y9mr3867135lja.60.1498689465088; Wed, 28 Jun 2017 15:37:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.44.73 with HTTP; Wed, 28 Jun 2017 15:37:24 -0700 (PDT)
From: Nick Harper <nharper@google.com>
Date: Wed, 28 Jun 2017 15:37:24 -0700
Message-ID: <CACdeXiJmaP4=TLKBhVsZmaPA=ayZMLSWiMxM1pHYM6gMVK4zKQ@mail.gmail.com>
To: IETF Tokbind WG <unbearable@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/j6K-nW0xsb0QEySSBZ950BIlHAI>
Subject: [Unbearable] TLS 1.3 support for Token Binding
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jun 2017 22:37:51 -0000
draft-ietf-tokbind-tls13-0rtt is defining how Token Binding can work on 0-RTT connections, but so far this WG doesn't have anything defining how Token Binding should work in TLS 1.3 on connections without early data. I'm fine adding that to draft-ietf-tokbind-tls13-0rtt, but I think it would be better suited to be in a separate draft. (A separate draft would allow those who don't care for 0-RTT Token Binding to completely ignore it when implementing Token Binding for TLS 1.3.) Here's what I think needs to be in a TLS 1.3 Token Binding draft: - negotiation extension goes in EncryptedExtensions instead of ServerHello - clarify definition of exporter using TLS 1.3 terminology instead of RFC 5705 terminology - define some behavior for the interaction of the TB negotiation extension with 0-RTT (in this draft, it would be "don't use TB with 0-RTT") Do other WG members think we need a separate draft for that?
- [Unbearable] TLS 1.3 support for Token Binding Nick Harper