Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Would you believe my timezone is GMT+120? This is good to advance On 11/7/18, 2:35 AM, "Christopher Wood" wrote: This is the working group last call for the "Exported Authenticators in TLS" draft available at https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/.

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

The WGLC for "Exported Authenticators in TLS" is now complete. No outstanding or otherwise blocking issues were raised. We will work with the author to prepare a write-up for Ben and the IESG. Thanks, Chris, Joe, and Sean On Tue, Nov 6, 2018 at 11:34 PM Christopher Wood wrote: > > This is the wo

[TLS] WGLC for draft-ietf-tls-exported-authenticator

This is the working group last call for the "Exported Authenticators in TLS" draft available at https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. Please review the document and send your comments to the list by 2359 UTC on 30 November 2018. Thanks, Chris, Joe, and Sean

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Martin, Thanks for the corrections, and thank you others who have reviewed the patches. I've updated the PRs appropriately. Nick On Wed, May 30, 2018 at 6:48 PM Martin Thomson wrote: > I've reviewed changes. Thanks for writing them up Nick. > > Two concerns: > > On #26, I think that there is

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

I've reviewed changes. Thanks for writing them up Nick. Two concerns: On #26, I think that there is a misunderstanding of how signature_algorithms and signature_algorithms_cert work. My understanding is that the former applies to the entire chain, unless the latter is present, in which case the

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

I've put together some PRs to address the comments from last call. Comments welcome. Failing CertificateVerify due to MITM text: https://github.com/tlswg/tls-exported-authenticator/pull/28 Comments from Ben Kaduk: https://github.com/tlswg/tls-exported-authenticator/pull/26 Authenticated Denial:

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Mike just inadvertently (?) discovered a problem with exported authenticators. TLS post handshake authentication provides an authenticated refusal when a certificate can't be found. It turns out that the current design of the HTTP/2 CERTIFICATE frame might need to rely on the same capability here

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Thanks all for the comments on the draft. Let me try to summarize the comments and propose next steps. Tim Hollebeek had a comment about 0 as the separator. I generally don’t think this is a big issue, and prefer 0 because it is a natural way to terminate a string. If anyone strongly disagrees, pl

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

On Wed, May 9, 2018 at 7:15 PM, Martin Thomson wrote: > I'm not that concerned about this, though I will concede that it's worth > pointing out. > > Failing to validate a secondary certificate for a server shouldn't be cause > for terminating an otherwise usable connection. To be clear: it's no

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

I'm not that concerned about this, though I will concede that it's worth pointing out. Failing to validate a secondary certificate for a server shouldn't be cause for terminating an otherwise usable connection. The same goes for clients that authenticate using this. As long as users of exported

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Regardless of where it goes in the document, I think there's a real deployment consideration here: if you run this mechanism through a conventional MITM proxy, what will happen will be that the secondary cert auth will appear to just fail with a bogus signature. If clients respond to that by termin

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

>Perhaps, but it still behooves us to warn implementors that a significant > percentage of enterprise traffic will break with this mechanism. Why do you think a significant percentage will break? ___ TLS mailing list TLS@ietf.org https://www.iet

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Perhaps, but it still behooves us to warn implementors that a significant percentage of enterprise traffic will break with this mechanism. > On May 9, 2018, at 3:39 AM, Martin Thomson wrote: > > This isn't really a security consideration though, it's a truism. A MitM > can break things that de

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

This isn't really a security consideration though, it's a truism. A MitM can break things that depend on end-to-end integrity of the connection. On Wed, May 9, 2018 at 11:25 AM Roelof duToit wrote: > If the use of the mechanism is not negotiated on the TLS level then I would appreciate it if the

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

If the use of the mechanism is not negotiated on the TLS level then I would appreciate it if the “Security Considerations” section of the draft could be amended to include a paragraph that warns potential implementors that protocol-agnostic middleboxes will break the mechanism without any clear

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

On Wed, May 9, 2018 at 2:20 AM Roelof duToit wrote: > I understand that there is not really anything to negotiate per se, but would it not be prudent to add a TLS extension to negotiate support for exported-authenticator in the TLS layer prior to using it in the application layer? We don't signa

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Belatedly, as I’ve been offline for the past week, but I support this draft moving forward. From: Nick Sullivan Sent: Thursday, May 3, 2018 1:16 PM To: Sean Turner Cc: TLS WG Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator Does anyone have any comments about the draft

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

I understand that there is not really anything to negotiate per se, but would it not be prudent to add a TLS extension to negotiate support for exported-authenticator in the TLS layer prior to using it in the application layer? —Roelof > On May 7, 2018, at 12:16 PM, Roelof duToit wrote: > >

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Agree. Middleboxes can signal on the TLS layer that token-binding is not supported, but not for exported-authenticator. > On May 7, 2018, at 12:06 PM, Eric Rescorla wrote: > > Note that this is different from Token Binding because that's negotiated by > an extension, so per S 9.3, non-support

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Note that this is different from Token Binding because that's negotiated by an extension, so per S 9.3, non-supporting middleboxes need to strip out the extension -Ekr On Mon, May 7, 2018 at 8:06 AM, Roelof duToit wrote: > > > On May 4, 2018, at 5:48 PM, Benjamin Kaduk wrote: > > > > On Fri,

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

> On May 4, 2018, at 5:48 PM, Benjamin Kaduk wrote: > > On Fri, May 04, 2018 at 11:20:55AM -0400, Roelof duToit wrote: >> How will this (and any mechanism built on top of RFC 5705 exported key >> material) interoperate with middleboxes? This use of the mechanism is not >> negotiated on the TL

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

On Fri, May 04, 2018 at 11:20:55AM -0400, Roelof duToit wrote: > How will this (and any mechanism built on top of RFC 5705 exported key > material) interoperate with middleboxes? This use of the mechanism is not > negotiated on the TLS level, so there is no extension for the middlebox to > stri

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

On Thu, Apr 19, 2018 at 04:32:55PM -0400, Sean Turner wrote: > All, > > This is the working group last call for the "Exported Authenticators in TLS" > draft available at > https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. > Please review the document and send your commen

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

I sent in one editorial PR as well. Pending the suggested change, I think the document is ready to go. Best, Chris On Thu, May 3, 2018 at 7:24 PM Martin Thomson wrote: > I've already provided enough input on this draft, but I sent in a few > editorial PRs. > Otherwise, this looks fine to go fro

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

How will this (and any mechanism built on top of RFC 5705 exported key material) interoperate with middleboxes? This use of the mechanism is not negotiated on the TLS level, so there is no extension for the middlebox to strip that would warn the endpoints not to use exported authenticators. Ar

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Hi Nikos, The problems post-handshake authentication has with HTTP/2 are described in draft-ietf-httpbis-http2-secondary-certs-00 a.k.a. draft-Bishop. See Section 1.2.3 in particular. In brief, the problem is

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Turner Cc: TLS WG Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator Does anyone have any comments about the draft, criticisms, or votes of support? Nick On Thu, May 3, 2018 at 1:12 PM Sean Turner mailto:s...@sn3rd.com> > wrote: > On Apr 21, 2018, at 10:25, Se

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

On Thu, 2018-04-19 at 16:32 -0400, Sean Turner wrote: > All, > > This is the working group last call for the "Exported Authenticators > in TLS" draft available at https://datatracker.ietf.org/doc/draft-iet > f-tls-exported-authenticator/. Please review the document and send > your comments to the

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

I've already provided enough input on this draft, but I sent in a few editorial PRs. Otherwise, this looks fine to go from my perspective. I would like to see some other opinions though, I'm probably too close to this. ___ TLS mailing list TLS@ietf.org

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Does anyone have any comments about the draft, criticisms, or votes of support? Nick On Thu, May 3, 2018 at 1:12 PM Sean Turner wrote: > > > > On Apr 21, 2018, at 10:25, Sean Turner wrote: > > > > > >> On Apr 19, 2018, at 16:32, Sean Turner wrote: > >> > >> All, > >> > >> This is the working

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

> On Apr 21, 2018, at 10:25, Sean Turner wrote: > > >> On Apr 19, 2018, at 16:32, Sean Turner wrote: >> >> All, >> >> This is the working group last call for the "Exported Authenticators in TLS" >> draft available at >> https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticato

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

> On Apr 19, 2018, at 16:32, Sean Turner wrote: > > All, > > This is the working group last call for the "Exported Authenticators in TLS" > draft available at > https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. > Please review the document and send your comments to th

[TLS] WGLC for draft-ietf-tls-exported-authenticator

All, This is the working group last call for the "Exported Authenticators in TLS" draft available at https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. Please review the document and send your comments to the list by 2359 UTC on 4 April 2018. Thanks - J&S __