Re: [TLS] Call for Adoption: TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key

2019-02-25 Thread Christopher Wood 
It looks like we have consensus to adopt this as an experimental WG
item. Russ, please submit the draft as
draft-ietf-tls-tls13-cert-with-extern-psk.

Thanks,
Chris, Joe, and Sean

On Sun, Feb 10, 2019 at 1:39 PM Christopher Wood
 wrote:
>
> Given the low amount of responses, we’re going to extend this adoption
> call for another two weeks. As a reminder, if you would like for this
> draft to become a WG document and you are willing to review it as it
> moves through the process, then please let the list know by 2359UTC
> 20180222. If you are opposed to this being a WG document, please say
> so (and say why).
>
> Thanks,
> Chris, Joe, and Sean
>
> On Fri, Feb 8, 2019 at 8:58 AM Eric Rescorla  wrote:
> >
> > I'd like to hear from some people who plan to implement and deploy this. 
> > Absent that, I'm not sure we should adopt it. Code points are free, so it 
> > doesn't need to be a TLS WG item unless the TLS WG and community are going 
> > to do substantial work on it.
> >
> > -Ekr
> >
> >
> > On Fri, Jan 25, 2019 at 10:12 AM Christopher Wood 
> >  wrote:
> >>
> >> At the TLS@IETF103 session, there was interest in adopting
> >> draft-housley-tls-tls13-cert-with-extern-psk as an experimental WG
> >> item, provided that it's limited to external PSKs with certificates
> >> for the initial handshake. This email is to determine whether there is
> >> WG consensus to adopt this draft (as is) as a WG item.
> >>
> >> If you would like for this draft to become a WG document and you are
> >> willing to review it as it moves through the process, then please let
> >> the list know by 2359UTC 20180208. If you are opposed to this being a
> >> WG document, please say so (and say why).
> >>
> >> Thanks,
> >> Chris, Joe and Sean
> >>
> >> ___
> >> TLS mailing list
> >> TLS@ietf.org
> >> https://www.ietf.org/mailman/listinfo/tls

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] ct_compliant cached info field

2019-02-25 Thread Rob Stradling 
Thanks EKR.

Done, in https://github.com/google/certificate-transparency-rfcs/pull/307

On 22/02/2019 14:51, Eric Rescorla wrote:
> That works for me
> 
> -Ekr
> 
> 
> On Fri, Feb 22, 2019 at 6:41 AM Rob Stradling  > wrote:
> 
> EKR, Martin,
> 
> Hi, and sorry for the long delay in replying.
> 
> This originated in [1] and was added to 6962-bis in [2].  The
> motivation
> was to provide a mechanism to permit a TLS server to avoid sending CT
> artifacts (SCTs, STHs, inclusion proofs) that it knows the TLS client
> already has or doesn't need, thereby reducing bytes on the wire for
> constrained and high-volume environments.
> 
> The approach envisaged by RFC7924 seems to be: "here's a list of TLS
> message fingerprints I've received previously; please don't send these
> exact messages to me again".  This works for stand-alone messages that
> contain one item, such as the server's Certificate message (which
> contains 1 server certificate chain).
> 
> However, in 6962-bis's case, SCTs and inclusion proofs are not
> stand-alone items; instead, they correspond to particular certificates.
> Each relevant TLS message will contain a TransItemList, which will
> probably contain at least a set of several SCTs; and whilst each SCT is
> static, the set (and the order within the set) is not.  Therefore, the
> approach of caching TLS messages by fingerprint didn't look like it
> would work for us.
> 
> We concluded that it would make more sense for the client to make a
> more
> high-level statement: "here's a list of certificate fingerprints that
> I've received previously and that I already regard as being
> CT-compliant".
> 
> This isn't an essential part of 6962-bis.  Other than Ben L's "Sounds
> like a good idea" comment in [1], I don't recall anyone commenting
> on it
> until EKR started this thread.
> 
> I propose to remove this cached-info mechanism from 6962-bis, if nobody
> objects.  (It could of course be revisited in some future document, if
> there's interest).
> 
> 
> [1] https://trac.ietf.org/trac/trans/ticket/111
> 
> [2] https://github.com/google/certificate-transparency-rfcs/pull/186
> 
> On 31/12/2018 14:36, Eric Rescorla wrote:
>  > + trans
>  >
>  > On Sun, Dec 30, 2018 at 10:06 PM Martin Thomson
> mailto:m...@lowentropy.net>
>  > >> wrote:
>  >
>  >
>  >     On Fri, Dec 28, 2018, at 04:58, Eric Rescorla wrote:
>  >      > Please take a look at
>  >      >
>  >
> https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-30#section-6.5
>  >
>  >     At a minimum, this would seem to update cached_info.
>  >
>  >     There's not a lot of meat on this text.  It seems to be
> saying that
>  >     if you are providing transparency_info, then you can provide a
>  >     certificate other than any of the certificates that the client
>  >     believes to be CT compliant.  Also, you don't provide
> "x509_sct_v2"
>  >     or "precert_sct_v2" in transparency_info.
>  >
>  >     How is the client then able to determine that this new
> certificate
>  >     is CT compliant?  Using  "inclusion_proof_v2" and
>  >     "signed_tree_head_v2" (or one or other)?  If so, the text doesn't
>  >     point in that direction.
>  >
>  >     There's a lot of "why" missing in this document.  Why would a
> client
>  >     choose to indicate "ct_compliant"?  Why is cached_info being
>  >     extended in this way?
>  >
>  >     I might guess that the reason here is that the draft aims to
> avoid
>  >     including information that might change over time, which would
>  >     render caches invalid.  Isn't that motivation to recommend an SCT
>  >     over an STH?
>  >
>  >     Separately, why does this establish a new registry for signature
>  >     schemes?  It is obviously trying to keep TLS compatibility,
> based on
>  >     the codepoints, but forking the registry is a great way to create
>  >     problems.
> 
> -- 
> Rob Stradling
> Senior Research & Development Scientist
> Email: r...@sectigo.com 
> 

-- 
Rob Stradling
Senior Research & Development Scientist
Email: r...@sectigo.com
Bradford, UK
Office: +441274024707
Sectigo Limited

This message and any files associated with it may contain legally 
privileged, confidential, or proprietary information. If you are not the 
intended recipient, you are not permitted to use, copy, or forward it, 
in whole or in part without the express consent of the sender. Please 
notify the sender by reply email, disregard the foregoing messages, and 
delete it immediately.
___
TLS mailing list
TLS@ietf.org