Skip to main content

Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
draft-ietf-tls-oob-pubkey-11

Revision differences

Document history

Date Rev. By Action
2014-06-26
11 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2014-05-07
11 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2014-04-24
11 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2014-02-18
11 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2014-02-17
11 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2014-02-10
11 (System) IANA Action state changed to Waiting on Authors from In Progress
2014-02-07
11 Cindy Morgan IESG state changed to RFC Ed Queue from Approved-announcement sent
2014-02-07
11 (System) RFC Editor state changed to EDIT
2014-02-07
11 (System) Announcement was received by RFC Editor
2014-02-06
11 (System) IANA Action state changed to In Progress
2014-02-06
11 Cindy Morgan IESG state changed to Approved-announcement sent from Approved-announcement to be sent::Point Raised - writeup needed
2014-02-06
11 Cindy Morgan IESG has approved the document
2014-02-06
11 Cindy Morgan Closed "Approve" ballot
2014-02-06
11 Cindy Morgan Ballot approval text was generated
2014-02-06
11 Cindy Morgan Ballot writeup was changed
2014-01-31
11 Sean Turner Changed consensus to Yes from Unknown
2014-01-20
11 Hannes Tschofenig IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2014-01-20
11 Hannes Tschofenig New version available: draft-ietf-tls-oob-pubkey-11.txt
2013-11-28
10 Tero Kivinen Closed request for Telechat review by SECDIR with state 'No Response'
2013-11-21
10 Cindy Morgan State changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation
2013-11-21
10 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo
2013-11-21
10 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2013-11-20
10 Gunter Van de Velde Request for Telechat review by OPSDIR Completed. Reviewer: Linda Dunbar.
2013-11-20
10 Ted Lemon [Ballot Position Update] New position, No Objection, has been recorded for Ted Lemon
2013-11-20
10 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko
2013-11-19
10 Richard Barnes
[Ballot comment]
Section 1:
"does not require codepaths for the ASN.1 parser"
That's not really true, since you're still using SubjectPublicKeyInfo, right?  Likewise, if you …
[Ballot comment]
Section 1:
"does not require codepaths for the ASN.1 parser"
That's not really true, since you're still using SubjectPublicKeyInfo, right?  Likewise, if you are ultimately going to authenticate the key (as discussed in the Security Considerations), you're going to validate something like a trust chain, e.g., via PKIX or DNSSEC.  So I'm not sure you actually get the code size savings you claim.

Section 3:
"... is represented in a DER encoded ASN.1 format ..."
It would be better to say that the subjectPublicKeyInfo value in the Certificate payload MUST contain the DER encoding of the SubjectPublicKeyInfo structure.  Just in case someone decides to put BER, XER, etc. in there.

Figure 4:
Both "select()" statements are missing opening "{" characters.
2013-11-19
10 Richard Barnes [Ballot Position Update] New position, Yes, has been recorded for Richard Barnes
2013-11-19
10 Christer Holmberg Request for Telechat review by GENART Completed: Ready. Reviewer: Christer Holmberg.
2013-11-18
10 Stephen Farrell
[Ballot comment]

Good to see this getting done. Thanks.

- The write-up sez experts to be added by AD. Just
noting that in case there's …
[Ballot comment]

Good to see this getting done. Thanks.

- The write-up sez experts to be added by AD. Just
noting that in case there's some urgency and a
ball-drop, I'm fine if that's done when there's a
request to handle.

- Section 1, 1st para: I could quibble and say that
self-signed certs are just as traditional in TLS. Not
as common, but just as traditional.  Shouldn't they
get some kind of mention?

- Figure 1: is 2^24-1 still a good max length?  Just
checking in case there's a reason now to prefer
smaller over same-as-others.

- Section 3: definition of SPKI - did you take a look
at DANE to see if there's any text there to copy or
reference? I'm sure you did, but just in case that's
not been done with the final DANE RFC, in which case
it'd be worth a quick check now.

- Figure 3/algs: Did you think about the curve 25519
equivalent for signatures (ed25519 is it?) - should
that use the ECDSA OID or be a new certificate type?
Just curious.

- 5.1: Be nice if the example made clear that this
can work with DH for forward secrecy as well.  (As
part of a general tendency to want more DH and PFS.)

- section 6: "the identity and public key" phrase is
a little ickky - wouldn't it be better to talk about
identifiers and not identity at least when discussing
binding to the public keys?

- section 6: what happens if a spec wants to use this
but also wants to punt to yet another spec as to how
to bind keys/identifiers? (Such as arguably CoAP.)
Are you asking that we drag CoAP back to the core wg?
I guess not. Maybe that MUST needs some more
consideration? I'd suggest s/MUST/need/
2013-11-18
10 Stephen Farrell [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell
2013-11-18
10 Martin Stiemerling [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling
2013-11-17
10 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2013-11-17
10 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick
2013-11-17
10 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2013-11-17
10 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel
2013-11-17
10 Barry Leiba
[Ballot comment]
Just a few editorial comments on this fine document, all purely at the nit level.  Accept or reject as you see fit, and …
[Ballot comment]
Just a few editorial comments on this fine document, all purely at the nit level.  Accept or reject as you see fit, and no need to respond unless you want to.

-- Section 1 --

OLD
  Alternative methods are available that allow a TLS clients/servers to
  obtain the TLS servers/client public key:
NEW
  Alternative methods are available that allow a TLS client/server to
  obtain the TLS server/client public key:
END

Probably also best to change the first bullet to "The TLS client" also, so all is consistent (the other bullets start that way).

Some other minor grammar/usage editing, if I may:

OLD
  This document introduces the use of raw public keys in TLS/DTLS.  Raw
  public key thereby means that only a sub-set of the information found
  in typical certificates is utilized, namely the SubjectPublicKeyInfo
  structure of a PKIX certificates that carries the parameters
  necessary to describe the public key.  Other parameters also found in
  a PKIX certificate are omitted.  A consequence of omitting various
  certificate related structures is that the resulting raw public key
  is fairly small (compared to the original certificate) and does not
  require codepaths for the ASN.1 parser, for certificate path
  validation and other PKIX related processing tasks.
NEW
  This document introduces the use of raw public keys in TLS/DTLS. With
  raw public keys, only a subset of the information found in typical
  certificates is utilized: namely, the SubjectPublicKeyInfo structure
  of a PKIX certificates that carries the parameters necessary to
  describe the public key.  Other parameters found in PKIX certificates
  are omitted.  By omitting various certificate-related structures, the
  resulting raw public key is kept fairly small in comparison to the
  original certificate, and the code to process the keys does not
  require paths for an ASN.1 parser, for certificate path validation,
  and for other PKIX related processing tasks.
END

The "This document is structured as follows" paragraph oddly omits an explanation of Section 6.  If you find the paragraph useful, you should probably add "Section 6 describes security considerations with this approach," or some such.

-- Section 6 --
Is the indentation of the third paragraph intentional and significant, and, if so, what does it mean?
2013-11-17
10 Barry Leiba [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba
2013-11-15
10 Gunter Van de Velde Request for Telechat review by OPSDIR is assigned to Linda Dunbar
2013-11-15
10 Gunter Van de Velde Request for Telechat review by OPSDIR is assigned to Linda Dunbar
2013-11-15
10 Brian Haberman [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman
2013-11-14
10 Jean Mahoney Request for Telechat review by GENART is assigned to Christer Holmberg
2013-11-14
10 Jean Mahoney Request for Telechat review by GENART is assigned to Christer Holmberg
2013-11-12
10 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant
2013-11-08
10 Tero Kivinen Request for Telechat review by SECDIR is assigned to Yaron Sheffer
2013-11-08
10 Tero Kivinen Request for Telechat review by SECDIR is assigned to Yaron Sheffer
2013-11-07
10 (System) IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2013-11-05
10 Sean Turner Ballot has been issued
2013-11-05
10 Sean Turner [Ballot Position Update] New position, Yes, has been recorded for Sean Turner
2013-11-05
10 Sean Turner Created "Approve" ballot
2013-11-05
10 Sean Turner Ballot writeup was changed
2013-11-05
10 Sean Turner Changed document writeup
2013-11-05
10 Sean Turner State changed to IESG Evaluation from AD Evaluation
2013-11-05
10 Sean Turner Placed on agenda for telechat - 2013-11-21
2013-11-05
10 Sean Turner State changed to AD Evaluation from Waiting for Writeup
2013-11-05
10 Sean Turner Changed document writeup
2013-10-19
10 Hannes Tschofenig IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2013-10-19
10 Hannes Tschofenig New version available: draft-ietf-tls-oob-pubkey-10.txt
2013-09-12
09 Sean Turner Document shepherd changed to Joseph A. Salowey
2013-08-16
09 (System) State changed to Waiting for Writeup from In Last Call
2013-08-13
09 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed
2013-08-13
09 Pearl Liang
IESG/Authors/WG Chairs:

IANA has reviewed [draft-enter-here].  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon …
IESG/Authors/WG Chairs:

IANA has reviewed [draft-enter-here].  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon as possible.

We received the following comments/questions from the IANA's reviewer:

Upon approval of this document there are two actions which IANA must complete.

First, in the TLS Certificate Types subregistry of the Transport Layer Security (TLS) Extensions registry located at:

http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml

a new TLS Certificate Type will be registered as follows:

Value: 2
Description: Raw Public Key
Reference: [ RFC-to-be ]

Second, in the ExtensionType Values subregistry of the Transport Layer Security (TLS) Extensions registry located at:

http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml

two new ExtensionType Values are to be registered as follows:

Value: [ TBD-at-registration ]
Extension Name: client_certificate_type
Reference: [ RFC-to-be ]

Value: [ TBD-at-registration ]
Extension Name: server_certificate_type
Reference: [ RFC-to-be ]

We understand that these two actions are the only ones required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed
until the document has been approved for publication as an RFC.
This message is only to confirm what actions will be performed.
2013-08-08
09 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Yaron Sheffer.
2013-08-06
09 Christer Holmberg Request for Early review by GENART Completed: Almost Ready. Reviewer: Christer Holmberg.
2013-08-02
09 Tero Kivinen Request for Last Call review by SECDIR is assigned to Yaron Sheffer
2013-08-02
09 Tero Kivinen Request for Last Call review by SECDIR is assigned to Yaron Sheffer
2013-08-02
09 Tero Kivinen Closed request for Last Call review by SECDIR with state 'Withdrawn'
2013-08-02
09 Tero Kivinen Request for Last Call review by SECDIR is assigned to Joseph Salowey
2013-08-02
09 Tero Kivinen Request for Last Call review by SECDIR is assigned to Joseph Salowey
2013-08-02
09 Jean Mahoney Request for Early review by GENART is assigned to Christer Holmberg
2013-08-02
09 Jean Mahoney Request for Early review by GENART is assigned to Christer Holmberg
2013-08-02
09 Cindy Morgan IANA Review state changed to IANA - Review Needed
2013-08-02
09 Cindy Morgan
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Out-of-Band Public Key Validation for …
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Out-of-Band Public Key Validation for Transport Layer Security (TLS)) to Proposed Standard


The IESG has received a request from the Transport Layer Security WG
(tls) to consider the following document:
- 'Out-of-Band Public Key Validation for Transport Layer Security (TLS)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2013-08-16. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document specifies a new certificate type and two TLS
  extensions, one for the client and one for the server, for exchanging
  raw public keys in Transport Layer Security (TLS) and Datagram
  Transport Layer Security (DTLS) for use with out-of-band public key
  validation.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-tls-oob-pubkey/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-tls-oob-pubkey/ballot/


No IPR declarations have been submitted directly on this I-D.


2013-08-02
09 Cindy Morgan State changed to In Last Call from Last Call Requested
2013-08-02
09 Sean Turner Last call was requested
2013-08-02
09 Sean Turner Ballot approval text was generated
2013-08-02
09 Sean Turner Ballot writeup was generated
2013-08-02
09 Sean Turner State changed to Last Call Requested from AD Evaluation
2013-08-02
09 Sean Turner Last call announcement was generated
2013-07-31
09 Sean Turner State changed to AD Evaluation from AD Evaluation::Point Raised - writeup needed
2013-07-30
09 Hannes Tschofenig New version available: draft-ietf-tls-oob-pubkey-09.txt
2013-07-19
08 Sean Turner State changed to AD Evaluation::Point Raised - writeup needed from AD Evaluation::AD Followup
2013-07-15
08 (System) Sub state has been changed to AD Followup from Revised ID Needed
2013-07-15
08 Hannes Tschofenig New version available: draft-ietf-tls-oob-pubkey-08.txt
2013-04-24
07 Sean Turner State changed to AD Evaluation::Revised I-D Needed from AD Evaluation
2013-04-24
07 Sean Turner State changed to AD Evaluation from AD Evaluation::Revised I-D Needed
2013-04-16
07 Sean Turner Here's a link to my AD review:
https://www.ietf.org/mail-archive/web/tls/current/msg09526.html
2013-04-16
07 Sean Turner State changed to AD Evaluation::Revised I-D Needed from AD Evaluation
2013-03-20
07 Sean Turner State changed to AD Evaluation from Publication Requested
2013-03-18
07 Cindy Morgan
(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? …
(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?
A Proposed Standard RFC is being requested and is indicated on the title page header.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:
Technical Summary:

This document specifies Version 1.2 of the Transport Layer Security
(TLS) protocol. The TLS protocol provides communications security
over the Internet. The protocol allows client/server applications to
communicate in a way that is designed to prevent eavesdropping,
tampering, or message forgery.

Working Group Summary:

In general the consensus around the document is strong. THe main area of contention was in the reuse of the certificate type registry. This has been satisfactorily resolved.

Document Quality:

THere are a number of implementations of the protocol in progress. This document has had review by members of the DANE working group and the LWIG working group.

Personnel:

Joe Salowey is the Document Shepherd. Sean Turner is the Responsible Area Director.

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.
The document shepherd has reviewed the document for readability, technical content and ID nits. The document shepherd believes this document is ready for publication.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?
No

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.
The document has had significant review from the TLS working group. In addition, members of the DANE working group and LWIG working group, which are consumers of this work, have reviewed it.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.
No Specific concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?
Each author has confirmed that any IPR has been disclosed.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.
No disclosure has been filed on this document.,

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?
THere was strong consensus in the working group for this document.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)
No

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.
THere is an out of date reference to an ID that can be updated and one line length issue that can be addressed by the RFC editor.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.
Not applicable.

(13) Have all references within this document been identified as either normative or informative?
yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?
Normative references are in a clear state.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.
No

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.
THis document odes not change the status of other RFCs.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).
THe referenced registries are clearly identified. THere are no newly created registries.

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.
THere are no new registries.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.
Not applicable.
2013-03-18
07 Cindy Morgan Note added 'Joe Salowey (jsalowey@cisco.com) is the Document Shepherd'
2013-03-18
07 Cindy Morgan Intended Status changed to Proposed Standard
2013-03-18
07 Cindy Morgan IESG process started in state Publication Requested
2013-03-18
07 (System) Earlier history may be found in the Comment Log for draft-wouters-tls-oob-pubkey
2013-02-14
07 Hannes Tschofenig New version available: draft-ietf-tls-oob-pubkey-07.txt
2012-10-22
06 Hannes Tschofenig New version available: draft-ietf-tls-oob-pubkey-06.txt
2012-10-22
05 Hannes Tschofenig New version available: draft-ietf-tls-oob-pubkey-05.txt
2012-07-16
04 Hannes Tschofenig New version available: draft-ietf-tls-oob-pubkey-04.txt
2012-04-25
03 Paul Wouters New version available: draft-ietf-tls-oob-pubkey-03.txt
2012-03-11
02 Hannes Tschofenig New version available: draft-ietf-tls-oob-pubkey-02.txt
2012-01-20
01 (System) New version available: draft-ietf-tls-oob-pubkey-01.txt
2012-01-07
00 (System) New version available: draft-ietf-tls-oob-pubkey-00.txt