Re: [Unbearable] Artart telechat review of draft-ietf-tokbind-negotiation-12

"Matthew A. Miller" <linuxwolf+ietf@outer-planes.net> Tue, 08 May 2018 23:13 UTC

Return-Path: <linuxwolf+ietf@outer-planes.net>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3937A12DA27 for <unbearable@ietfa.amsl.com>; Tue, 8 May 2018 16:13:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outer-planes-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PSF1fT4iwqk7 for <unbearable@ietfa.amsl.com>; Tue, 8 May 2018 16:13:07 -0700 (PDT)
Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com [IPv6:2607:f8b0:4003:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B386E12D7EF for <unbearable@ietf.org>; Tue, 8 May 2018 16:13:05 -0700 (PDT)
Received: by mail-oi0-x232.google.com with SMTP id v2-v6so29903689oif.3 for <unbearable@ietf.org>; Tue, 08 May 2018 16:13:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outer-planes-net.20150623.gappssmtp.com; s=20150623; h=sender:subject:to:cc:references:from:openpgp:autocrypt:message-id :date:user-agent:mime-version:in-reply-to; bh=XhkWomSFqUnkor+mWZuEe7G1MSk7eEjOe1Jc5DfRU6M=; b=BCufcJaqWHw6zjehClowvpE2CSbLTD0GBDjZUBf7JcfpvpYQc2+5i1DEzsHyZbWl9e wAvbhd0phQBYc44mh72KV56jZ1Amgbu4N7I/tGjyK7DbPDPn59UcEJi6keVP6B/8BFH7 FsbUj2zappR65kLWz+mtRdb+pXCFHE1g6raXegpOoxHC4AYmcTDCMAFgTjYEDJSwZyqa uiQnYyfKoWLwrP62EqJyTipVrOoJ5P4/VsdHnjgev5gET20nfNu/gm3bUCpursq/0A4h V7Ll8wbxncDzoAUZRou71eGagvk3d4yF9UW43V7PazCP51DUc9Kf8Gyp0K9/nhlhFp1B 3Tfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:openpgp :autocrypt:message-id:date:user-agent:mime-version:in-reply-to; bh=XhkWomSFqUnkor+mWZuEe7G1MSk7eEjOe1Jc5DfRU6M=; b=lcK758iDRPFAUB8jpWSf29vTZsWYUhJ8vo+ei3dIpr5P1/v13cv/jjq/A2pNMw57zF m4/P/SDFRYUfSWBtq2tpa5aLNqYrv4kSMAijpKTEJjDsfa9gfKNxZGc0mRixKjJZLpgy ARW6RpGrS347DvDAiupiGbgLfn1UXJ34DVInSt9iHTS3fdZLlHmKi2qx86PBlCWEZDzr 6ECQGcQoQ4pfwWcHQcW3tubQkz246IPveVzzusVIXSqJIJjExbIi9Og6tVW5GlJsbsUn yPVFxaZ6gRR+WRmEwdrK8WXIfr741Vo/5TwVL98rU+Hizxo/qFGa+aj+GwN2XYCjWRKw mYmA==
X-Gm-Message-State: ALQs6tARFxCYdegS/ftsUFNeC+Ywx1c6Ezk5A7W3Um/EmhhJh7dQPJqW J5B4jZvFjFJYR3FsXz8B/eUysA==
X-Google-Smtp-Source: AB8JxZqvH90R3nvhl331CiEHtt6HV0phfXoDWpJMEsukryVjad3bkYLDAw48a3wAwa7CfEPRG9Fskg==
X-Received: by 2002:aca:cc89:: with SMTP id c131-v6mr28379407oig.75.1525821184912; Tue, 08 May 2018 16:13:04 -0700 (PDT)
Received: from [10.6.21.160] ([128.177.113.102]) by smtp.gmail.com with ESMTPSA id n196-v6sm13939946oig.3.2018.05.08.16.13.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 May 2018 16:13:04 -0700 (PDT)
Sender: Matthew Miller <linuxwolf@outer-planes.net>
To: Andrei Popov <Andrei.Popov@microsoft.com>, "art@ietf.org" <art@ietf.org>
Cc: "unbearable@ietf.org" <unbearable@ietf.org>, "draft-ietf-tokbind-negotiation.all@ietf.org" <draft-ietf-tokbind-negotiation.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
References: <152581170538.16247.326421324193541615@ietfa.amsl.com> <DM5PR21MB05073538E86E74EE3373B6268C9A0@DM5PR21MB0507.namprd21.prod.outlook.com>
From: "Matthew A. Miller" <linuxwolf+ietf@outer-planes.net>
Openpgp: preference=signencrypt
Autocrypt: addr=linuxwolf+ietf@outer-planes.net; prefer-encrypt=mutual; keydata= xsBNBFJoAooBCADQmEtpbpY/4wTeKgZIuyG7HkxIFgiUeqOvtiBKj/pCA73d7Q5hCvQdGcKJ 6uZsYz3Il9oKoKFxVt90iEXspbE39g6ek19e6RsB4j0Q10l4QvH+EqeD760gs0H2yf/eYj9i uk9/VY6axdQlPsmid1zoQgCNjSM7X4/K26WGMs03sbXJpKdoonelzIlJSNfzi0q546iplo72 D2cCm9BriMkQvcGnsm4B9eBIBn3GKmVx1tsmPNeNTyun2DvaLnrYxbA0Ivo1DzZReds9NZ25 uROI/+b+lcg9/kmHzhK+q8NMQCFWmqpS/lZRKxVBSijKGpGr5h8VLVf5iURHtwG+B/QxABEB AAHNLk1hdHRoZXcgQS4gTWlsbGVyIDxsaW51eHdvbGZAb3V0ZXItcGxhbmVzLm5ldD7CwIAE EwEKACoCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFCQvHJDEFAlirCeQCGQEACgkQ7PRy ThCeBbt+sAgAzUQokr+f+ArieIrv2JkiQLqiBaZX29Aph9YwG3OPLWSdESEKkFOSJT0LWbsC cAKHLrVfgl2+6iPhf4OOacTdqK7wS6vruPZC1ChdO7NZTgbVa0hP/Q/QKEoaMGNdfc1/lgxY 5kwh+bvGIF1+HyadytgCBBHxdVEhYI7G3ejKqA8iVwri1VW0Wjp8iWdjpF74swIHhid5GcAu 6VJgVNJw3P+WkTkNrkd2tx5yUfNXQuGyFhxwlpiuaOpIk3p74P6e8h/riMpkJ5mIH/ryGTH7 qxpEIuep2bLQZmGwBen8kf3MO/VbiA/NMY6OHdc93EBKr0g7n2BA5uFLdy79FqAA3M7ATQRS aAKKAQgAwP67h8GJUO6XYyWOrcJGXDJnnZEDS+q+bTQXkJMFa74rVIx0yioqY8QdpBJFGaMT 4DCNYe/3pw61ZTDDKqukSCfOh/ssdd8zSGTQZSX5lR4B4+00/LKWugP6iHHHYiETbBVb5bxc aR/LE41Wx3z2HsW3TkeZB6WVk82MTclS1zCuY3p9AeCvr424BSQL7KC38y2eQc95G+nabsVD c6oQ8oZOf1D2giBb2VgbYkSppKj8BKvBtmjCauWeEq/AkZKaDAdua8Qj0vEfgcoh8aavlPJi rqj1YNSyc3AO4R5prPGgTepcUpW8ip8xIPAFoJXfuvsZSV7uVP36gwApU4+ZnwARAQABwsB8 BBgBCgAmAhsMFiEEMddYjeyQaQ1rzJjg7PRyThCeBbsFAlpvpIsFCQvLWoEACgkQ7PRyThCe BbuNHAf/cchJ7kHoIr5i+jgVRuR71AGlxlMbVolnS5tza3bi9Ie63LRdOtMUE3pDUQo25cWd cP7pzwwRBCDD2GxfIuyMCWaES0xtQdTIyNOAFFOtBtCFOrsNEk+iLAu6GBr4QzSQKW1QW4/b vcfpM2pLQn7Zd6naUioEYfTHCMmYHr7hQXaPNEQ7V/J4pLVAN8bHyVgQ9ciQN91DUs6jnueM BUW7DNvuHq0RDzA+ufYdpQAjwl4z1v+rnJ79P3HTxfFdiTTAk9MjyVQklHxS067cmLYkSOku dnCOHhDmSFwkKd9EwOBNuztpjCzmM5SgOT+U/iHH+IM/Hv6bjVCiAQ5WOihe6Q==
Message-ID: <e76c1d2a-6d90-e62b-341e-5af12c493a0f@outer-planes.net>
Date: Tue, 08 May 2018 17:13:03 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <DM5PR21MB05073538E86E74EE3373B6268C9A0@DM5PR21MB0507.namprd21.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="1o43nxD04MThH6a1Kgd22RlTNCSaQWdox"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/zDUvtGbLVQ8bwDZCoODm11szdtI>
Subject: Re: [Unbearable] Artart telechat review of draft-ietf-tokbind-negotiation-12
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2018 23:13:09 -0000

On 18/05/08 15:49, Andrei Popov wrote:
> Hi Matthew,
> 
> Thanks for the review and feedback.
> 
> The idea is that:
> - It is an error for the server to respond with a TB protocol version higher than the one advertised by the client. Since the client advertises its highest supported version, it makes no sense for the server to offer a higher version. If this happens, the client MUST terminate the TLS handshake.
> - On the other hand, the server is allowed to offer a lower TB protocol version; if the client happens to support this lower TB version, the connection proceeds with TB. Otherwise, the connection proceeds without TB.
> 

Does that mean clients can never require TB, or that such a requirement
is enforced somehow at the application layer, or something else?

From my experience, clients will do what clients will do -- with no
guidance on what to do when the client really needs TB but the
negotiated support leads to "no TB", there will be several ways clients
will implement TB enforcement, which can lead to interoperability
problems.  I think we'd rather have some up-front guidance if at all
possible.

I'm happy to suggest some text, but it may take me a bit.


- m&m

Matthew A. Miller

> 
> -----Original Message-----
> From: Matthew Miller <linuxwolf+ietf@outer-planes.net> 
> Sent: Tuesday, May 8, 2018 1:35 PM
> To: art@ietf.org
> Cc: unbearable@ietf.org; draft-ietf-tokbind-negotiation.all@ietf.org; ietf@ietf.org
> Subject: Artart telechat review of draft-ietf-tokbind-negotiation-12
> 
> Reviewer: Matthew Miller
> Review result: Ready with Issues
> 
> IETF LC End Date: N/A
> IESG Telechat date: 2018-05-10
> 
> Summary:  Ready with a potential issue.
> 
> 
> Major issues:  N/A
> 
> Minor issues:
> 
> In reading the client's processing of the server's "token_binding"
> extension, there seems to be the potential for falling through the cracks with regards to version:
> 
> * client MUST terminate the TLS handshake if the server's
>   TB_version is greater than the client's highest supported
> * client (MUST? SHOULD? MAY?) continue the TLS handshake **without
>   Token Binding** if the server's TB_version is not one the client
>   is willing to use (e.g., lower than the client's minimum
>   acceptable version)
>   
> As written, it seems that a client that requires token binding has to finish TLS negotiation, then reject further interactions at the application level, but it's not clear this is the expected or best approach.  I think it's worth adding at least some language about this scenario.
> 
> Nits/editorial comments:  N/A
> 
>