Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt

John Mattsson <john.mattsson@ericsson.com> Fri, 10 June 2022 13:24 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5967CC1A7F16 for <uta@ietfa.amsl.com>; Fri, 10 Jun 2022 06:24:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.854
X-Spam-Level:
X-Spam-Status: No, score=-2.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NXdjZuXTy3m7 for <uta@ietfa.amsl.com>; Fri, 10 Jun 2022 06:24:48 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20628.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::628]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E019C15AADA for <uta@ietf.org>; Fri, 10 Jun 2022 06:24:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A5XUxXBeQPOn+DV15HsWcrVe6J5aDzblE1Z0PAnn2Rlykdo0uiMOWY6qxcALR+xmXrTuOEyPGZjuUeHxpCR655k2/WL2TBjwGkKv3uXwKdJhFNpTrBdO037zIzZEv0o62MLiuuOfQqZiI93p6JOizcITtPMAyyBjcK9rgEMSiYG+ftGkbDZjLqDQfL3/YGyTCZ2+Munxl7Pz5CUgWI/lxdJ6XYY+iTPwZaCcLmCgLSf+FCoMhQaXXYMMukIcN7dmlZiu10b148QMNd3w0FGKBLElebpfKL+/5C4Vtd6nMd+rRCbwQGOdF3E6MKfFPHMSvDZgT9MIngKUrnlHy68Ctg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9G485qzXKeflo5K7pDUJHvmsSdpji5+uSPftrrR+8BQ=; b=NTwH0KCQ0hIVxIDb/JWGRhj+wldzzb0BVuSrNurnqtaeS1PReccSwJG03raNfun/lL3brYZqkHKmAlcLMdK9LuObHgjIl4oaSSRcqH9HDTtUu7V9o3lGWGge0s/wyo046rk6TiJNFnDIFsjJoOVCBnxIutUt1I4kVBblOvaI46AEyO26Fz2UC4GTQJNHPavwjYlXe3UkmkFjwWLxpC8CGB8RgmoBuR0d1lF+/OwM0ScCcqMrE6IVjh0JmDwwfHeC8Tap9ioNb4W01EBz7mn+dgN8vjB7TQ0PTcKhiRKob9bJonDg/lkROfpLkHyd2Z/MqO/6NaDQk93Fogm0jQWUvQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9G485qzXKeflo5K7pDUJHvmsSdpji5+uSPftrrR+8BQ=; b=e/+JD55XM5B9B0ASaNty5BLZqCCz/VI4UQ0Fwjmju27+WQ2fy8Vyj1l++tgtnSYs9lAmR5uHZIjf/jFuMeELQkWHqHqx/hjkDNWzJ47gp+wQthMME+OsnukdAoVlro3NisZDvi1NET8+tP5TiJFh1J/IaEjXu89oL6s7sQiuONE=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by DB7PR07MB3945.eurprd07.prod.outlook.com (2603:10a6:5:5::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.5; Fri, 10 Jun 2022 13:24:43 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c9a5:b970:1fd7:5cdb]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c9a5:b970:1fd7:5cdb%5]) with mapi id 15.20.5332.012; Fri, 10 Jun 2022 13:24:42 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "uta@ietf.org" <uta@ietf.org>
Thread-Topic: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt
Thread-Index: AQHYcUbBkjs6coXZc0+Zy623jYhSi61It77g
Date: Fri, 10 Jun 2022 13:24:42 +0000
Message-ID: <HE1PR0701MB3050C47A2D288CEECB4F1D6489A69@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <165360014937.7348.791812490092301727@ietfa.amsl.com>
In-Reply-To: <165360014937.7348.791812490092301727@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: abba463d-7214-4cde-e0a7-08da4ae49450
x-ms-traffictypediagnostic: DB7PR07MB3945:EE_
x-microsoft-antispam-prvs: <DB7PR07MB3945396F39068ADFE803F3F489A69@DB7PR07MB3945.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OWiuef65MushvA3+ig7FkoAGcScllnfWXD2GHDVSTkepVsI6c3zVcTjF9pR3vVhIX8yo1uTPkZSWjzPIBApXab+WjLhl9Zln5jIYjpVntto//tn0zTNvS6h3CnR4Ty1Gq6AEI8KDClGH/PvM0Mmtyj4Yu+0I8ALDO8C3Jyi6BxMtMKmsUGFoEoIjMt/wFAHChejLwYEY7G7asMSRbUQw+bFs/Y4JrdNJNAallTIa7eWrH6OZOHnMc1qN+5UoeNO3shP0648anHEgtq2ST5tiRzg2LnF9dIjsCI2+t/ySARbNo0w6hD5w+AelKjfg8Y8ujaBrrnobVlL49LbGMY5H5pOa57NyZO+PVxqEgmuMFroiBQHyPEeljCtrqG3o6iUI+Xux4U/mi4onp8vDCs0sosyRQZbtpkOGIb5GzXZRE2FqN4BkwGNxjvnMI6BTXmPkG8YwWbvn/ulakJgG66GjfqtHMH4X1T1CzgVM4oTlsq0etwbABpqosLqZAguMETIIdWorgI3mZIaiu0LDJ/CmT+BTwK1rBzJAl5NwyzRzQ7FPcS3voxBvcltSRe+ekWWvJlDvDr1LN6ud4B2iZ5pIekbXOlqFt1sIQ6+gRsPw9Qznk4pqgQUiF2pfqeyT6jGW4uxTV2ehkr6tfspb3Q6sqonNAHlMok1TSU0qFRQKCjzZAcXaRBnIzU4Wn9H9o/Rhl9PixVRmQpvs9MV/ARCDjtd5dnuTbRpT9r/OgREh2d8zTIN57Q5oMe/7EZhKPs94aW+bsklz40sERj3IhmQOG/DB87crbGwVyqY1dec+iB8V6xNfmdF9CF1A0XS5Ajre1rvh9i1pEnDPckvzAMIXfj9blIK3DmQA0f9mXAqViKNIdPHLo3yZc/xeIm4rYKKb
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(316002)(83380400001)(55016003)(71200400001)(33656002)(966005)(38070700005)(76116006)(91956017)(2906002)(66946007)(8676002)(66556008)(66476007)(66446008)(64756008)(5660300002)(166002)(44832011)(21615005)(26005)(122000001)(86362001)(82960400001)(6506007)(7696005)(9686003)(53546011)(508600001)(66574015)(6916009)(186003)(52536014)(38100700002)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: OjAOZvZnBKj5Hg5Bd7eNTD/h816gv1twYi5x2fsbZdiDP/o78fbYeJUuEgU/ZhcBqTgDrpV1zwHoQvdWRizc5MDMr1ZPDgllOekktqSVvIqMSdsFrFNFRz3Ahh38ltdfDeTJnvWZWsqM+krcLnlwqshGRx3gX++lwAq8GUmLmZ1oPwFRYXj8j9Em+hLHnKOeNX2DgizosMEpY2JWECd8BZUmczn4owNk7bgL6oU0msIBdXvuZA6jmwwXwdXmp7BaAbD8GElK0yLC9XM1r2/sgez2yJkKIulWJUJyRnpI1Ru1IGpbKLTE9IaVoSSd7RAAInFzRromkxWUR7XfNFL9ej9EU+TDBpEunkLGUPUa+Wrzz4ltLgXVz8EAB49JqgD98oUK+A3FVss8ZNondbYW5Ssm9A0Sh+dcGqJ3Sav4Vjolx095A3eL5PttUlBXwwtjm6DvVw5vlsjxjTejQrPmq2c5oV0fxGiVb72s+XNsEYBafpzbntR70CSJ+ik64Ut2BnBWy9k9kh1mmqERFoeSFk81ZGOKZ7lBIr9/kptXJ/diddRV3qCzOAYdalutcW7uedbtTIm0UzOXNed+4XKWUHFFRIGEAyFyvZiugLmupL5GTkXlE/vBDYKLvVKBtR/AFyzBPlweWSJ1/QKEXkBiFpNXFHlxCNNraDFwth40iGwm/CQVnd6TmDSxT9D+zpvC9UHSW2eZ4We5AlEnAyKsO+szDaIhmyxLCXwasvvzE6XBY/8IYPMbQi4L4qc3wpTTYW1QO46Zs4efgrtzmusA81GChj2N6eYdJEL9NGXv5s7zvcHzlHA9KKiahv0fnbD7WgY5dSQ52hc22zkkBeIzLxfvNQXXETufQkY3ildVwbOV2Lkvaczl95uqf7P7SdVflV6v01yOcxjtpvKC79CMh0OS5KVKmp6zK52aFOu/MLWM+CkZUL1ERCM6fCBzmY3B3Ons6LGtbRZt0re7u3c3/onozYC1O1s32Ap+5Jxawury1p6+7SyCKRseNbVZ/8a6P+TFMkT+XwyEbG79u8Km6WguwE8BsF1zlV0D+VAZ/I9NRNboqwzRO7EV0kFkVPyXNXRucAssTFeoRJHOZ9aad4Aq+rT0u7gl9nlrEN9uPThrW7+6kTttvNK1dXrq/LmAuSv+BgU63CfOV+6q1T3g+f0d62dlO05AM61yU3brsNhT9K6QefXgq1mW9dPkTBH9bmEKX2P5hoOk0DVv1PfKBWnEJNCPStAlzbhJc9BiHJyY6yaxekFoHhDBn1kYyfB5ic7ZRXPLztZZIFk6wPjuw0/HsGr0MjjTZwKhOvDNFYHoUM2EeUTe85Odtgk9OoXsWD92vxnTQLH/LgzBgWHNhq2WJjq3kuMaxhGxnDH9v99gI1AD001170fX3dezBsRDXj8D76BfizuPiMTsl/ARZRR+2XEIwtxvSRCTT/xxnENu6l3cUJz9kp8QNOsg1RCUap/SerWE08buYxE5P5toeZ/4Rvkzq2sZ9OqqGFNhk/bDR/WUK19D1mhDh/aq7WVI/rfgqDY9Fb7irR/nEOwM91SUqinsBaRAENKrZzf1RS8h/j0KmbFUqgvFOsCXjAo8kltvauJWQzkR2rsHTu4kmUSkPO95jVZK2TuwxMsnL1rVttUigvFEeqFa5HsJNT9YLF4HXOZ8yFiWbfWDBec8V9X7sMK+0pQZyzpx7hRIPqbt07RX4eY7y1VKLrBKV7rz9XtLWz5SH93yZ6bgB1v+rVx0Kh3wgz9ABkTGB/W54AZF4NYtEP1i6jwNp59UADcQ
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050C47A2D288CEECB4F1D6489A69HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: abba463d-7214-4cde-e0a7-08da4ae49450
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jun 2022 13:24:42.7361 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Dw7reM4JM1IrSMXEhOdP3T7tqb6i+WB8QOcC8+Xj0HrSG0L8HY8GWe73DknIr7F3EzZrYCPtS9XKLSmJ2yPqZoHegxJWUG8wzR2ZtPGQGPw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB3945
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/6X3Nc5NAOrdkdwRC3r1ZlIdJu4E>
Subject: Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2022 13:24:52 -0000

Hi,

I reviwed the whole document. Looks fine in general. Some comments:


- "Those who implement and deploy TLS and DTLS, in particular versions 1.2 or earlier of these protocols"

Delete "or earlier". As these versions are "MUST NOT negotiate". Might be good to mention this deprecation in the introduction.


- Would be good for the reader if the intro said something to explain the TLS handshake and record layer. DTLS and QUIC also use the TLS handshake but with a different record layer. Would be good to point out that a lot of the recommendations for "TLS" apply to all uses of the TLS handshake such as DTLS and QUIC.


- I think QUIC should be mentioned in the introduction. Otherwise the document feels old already when it is published. QUIC already makes up a huge part of internet traffic. Over 25% in some ISP. Many of the recommendations apply to QUIC as well


- 3.3.  Compression
Would be good to add that TLS certificate compression is fine to use.


-  of time (e.g., measured in days)

"Days" is ridiculasly long for non-constrained use cases. ANSSI requires ephemeral diffie-hellman every hour or 100 GB for IPsec. Signal and WireGuard are doing Diffie-Hellman much more often than that. I think "measured in days" give the wrong idea. I suggest changing to "e.g., every hour".  Days seems like a recommendation taken from the year 2000. If needed separate contrained and non-constrained use cases.


-  "Renegotiation in TLS 1.2 was replaced"

Change to "partly replaced". Diffie-Hellman, server authentication, and update of the exporter secret are all missing.


- Section 4.1
I am missing a recommendation related to AEAD. I would make sense to add that "Implementations SHOULD NOT negotiate non-AEAD cipher suites."


- "Clients SHOULD include TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as the first proposal to any server, unless they have prior knowledge that the server cannot respond to a TLS 1.2 client_hello message."

I would delere ", unless ...". This does not align with MUST NOT negotiate 1.1


-  "When using RSA, servers SHOULD authenticate using certificates with at least a 2048-bit modulus for the public key."

This needs to be "MUST" to alging with "MUST NOT negotiate cipher suites offering less than 112 bits of security"


- The document should talk about the need to start phasing out RSA-2048 and 2048-bit DH keys which both gives 112-bit security. BSI requires that RSA-2048 disabled by January 2023. CA Browser forum has already forbidden RSA-2048 for use with code signing.


- 7.1. The document should make it clear without Host Name Validation there is typically no authentication. The TLS handshake only provides proof-of-possestion of the private key and transfers certificates so that the application can do authentication.


Cheers,
John

From: Uta <uta-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org>
Date: Thursday, 26 May 2022 at 23:22
To: i-d-announce@ietf.org <i-d-announce@ietf.org>
Cc: uta@ietf.org <uta@ietf.org>
Subject: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Using TLS in Applications WG of the IETF.

        Title           : Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
        Authors         : Yaron Sheffer
                          Peter Saint-Andre
                          Thomas Fossati
        Filename        : draft-ietf-uta-rfc7525bis-07.txt
        Pages           : 39
        Date            : 2022-05-26

Abstract:
   Transport Layer Security (TLS) and Datagram Transport Layer Security
   (DTLS) are widely used to protect data exchanged over application
   protocols such as HTTP, SMTP, IMAP, POP, SIP, and XMPP.  Over the
   years, the industry has witnessed several serious attacks on TLS and
   DTLS, including attacks on the most commonly used cipher suites and
   their modes of operation.  This document provides the latest
   recommendations for ensuring the security of deployed services that
   use TLS and DTLS.  These recommendations are applicable to the
   majority of use cases.

   An earlier version of this document was published as RFC 7525 when
   the industry was in the midst of its transition to TLS 1.2.  Years
   later this transition is largely complete and TLS 1.3 is widely
   available.  This document updates the guidance given the new
   environment and obsoletes RFC 7525.  In addition, the document
   updates RFC 5288 and RFC 6066 in view of recent attacks.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-uta-rfc7525bis/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-07.html

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-rfc7525bis-07


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta