-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdraft-balfanz-tls-channelid-01.xml
318 lines (275 loc) · 20.4 KB
/
draft-balfanz-tls-channelid-01.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
<?xml version="1.0"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd"[
<!ENTITY RFC2119 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY RFC2616 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2616.xml'>
<!ENTITY RFC5077 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5077.xml'>
<!ENTITY RFC5246 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5246.xml'>
]>
<?rfc toc="yes" symrefs="yes"?>
<rfc ipr="trust200902" docName="draft-balfanz-tls-channelid-01">
<front>
<title abbrev="TLS Channel ID">Transport Layer Security (TLS) Channel IDs</title>
<author initials="D." surname="Balfanz" fullname="Dirk Balfanz">
<organization>Google Inc</organization>
<address>
<email>[email protected]</email>
</address>
</author>
<author initials="R." surname="Hamilton" fullname="Ryan Hamilton">
<organization>Google Inc</organization>
<address>
<email>[email protected]</email>
</address>
</author>
<date month="June" year="2013" />
<area>Security</area>
<abstract>
<t>
This document describes a Transport Layer Security (TLS) extension for identifying client machines at the TLS layer without using bearer tokens.
</t>
</abstract>
</front>
<middle>
<section title="Introduction" anchor="intro">
<t>
Many applications on the Internet use <spanx style="emph">bearer tokens</spanx> to authenticate clients to servers. The most prominent example is the HTTP-based World Wide Web, which overwhelmingly uses HTTP cookies to authenticate client requests. Other examples include OpenID or SAML assertions, and OAuth tokens. All these have in common that the <spanx style="emph">bearer</spanx> of the HTTP cookie or authentication token is granted access to a protected resource, regardless of the channel over which the token is presented, or who presented it.
</t>
<t>
As a result, an adversary that manages to steal a bearer token from a client can impersonate that client to services that require the token.
</t>
<t>
This document describes a light-weight mechanism for establishing a <spanx style="emph">cryptographic channel</spanx> between client and server. A server can choose to bind authentication tokens to this channel, thus rendering the theft of authentication tokens fruitless - tokens must be sent over the channel to which they are bound (i.e., by the client to which they were issued) or else they will be ignored.
</t>
<t>
This document does not prescribe <spanx style="emph">how</spanx> authentication tokens are bound to the underlying channel. Rather, it prescribes how a client can establish a long-lived channel with a server. Such a channel persists across HTTP requests, TLS connections, and even multiple TLS sessions, as long as the same client communicates with the same server.
</t>
<t>
The basic idea is that the client proves, during the TLS handshake, possession of a private key. The corresponding public key becomes the "Channel ID" that identifies this TLS connection. Clients should re-use the same private/public key pair across subsequent TLS connections to the same server, thus creating TLS connections that share the same Channel ID.
</t>
<t>
Using private/public key pairs to define a channel (as opposed to, say, an HTTP session cookie) has several advantages: One, the credential establishing the channel (the private key) is never sent from client to server, thus removing it from the reach of eavesdroppers in the network. Two, clients can choose to implement cryptographic operations in a secure hardware module, which further removes the private key from the reach of eavesdroppers residing on the client itself.
</t>
</section>
<section title="Why not client certificates">
<t>
TLS already supports a means of identifying clients without using bearer tokens: client certificates. However, a number of problems with using client certificates motivated the development of an alternative.
</t>
<t>
Most importantly, it's not acceptable for a client identifier to be transmitted in the clear, because eavesdroppers in the network could use these identifiers to deanonymize TLS connections. Client certificates in TLS, however, are sent unencrypted. Although we could also define a change to the TLS state machine to move the client certificates under encryption, such changes eliminate most of the benefits of reusing something that's already defined.
</t>
<t>
TLS client certificates are also defined to be part of the session state. Even though the key material used for TLS client authentication might be protected from theft from compromised clients (for example, by employing hardware secure elements on the client), TLS session resumption information rarely is. Because client certificates are part of the session state, stolen session resumption information gives the attacker something equivalent to a stolen client private key. Our objective, however, is that attackers should not be able to give the impression that they can wield a private key unless they are actually in control of that private key.
</t>
<t>
Client-certificates typically identify a user, while we seek to identify machines. Since they are not, conceptually, mutually exclusive and as only a single client certificate can be provided in TLS, we don't want to consume that single slot and eliminate the possibility of also using existing client certificates.
</t>
<t>
Client certificates are implemented in TLS as X.509 certificates and we don't wish to require servers to parse arbitrary ASN.1. ASN.1 is a complex encoding that has been the source of several security vulnerabilities in the past and typical TLS servers can currently avoid doing ASN.1 parsing.
</t>
<t>
X.509 certificates always include a signature, which would be a self-signature in this case. Calculating and transmitting the self-signature is a waste of computation and network traffic in our use. Although we could define a null signature algorithm with an empty signature, such deviations from X.509 eliminate many of the benefits of reusing something that is already implemented.
</t>
<t>
Finally, client certificates trigger significant server-side processing by default and often need to be stored in their entirety for the duration of the connection. Since this design is intended to be widely used, it allows servers to retain only a cryptographic hash of the client's public key after the handshake completes.
</t>
</section>
<section title="Requirements Notation">
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref
target="RFC2119">RFC 2119</xref>.
</t>
</section>
<section title="Channel ID Client Keys">
<t>
For the purpose of this specification, a public key is a point <spanx style="verb">Q = dG</spanx> on the <xref target="DSS">P-256 curve</xref> (where <spanx style="verb">d</spanx> is the ECC private key, and <spanx style="verb">G</spanx> is the curve base point). Clients SHOULD use a separate key pair <spanx style="verb">(d, Q)</spanx> for each server they connect to, and generate a new key pair if necessary according to appendix B.4 in <xref target="DSS">FIPS-186-3</xref>.
</t>
<t>
A public key <spanx style="verb">Q</spanx> has two affine coordinates <spanx style="verb">x, y</spanx>: <spanx style="verb">Q = (x,y)</spanx>. The public key <spanx style="verb">Q</spanx> - or, in other words, the pair <spanx style="verb">x, y</spanx> - that a client uses for a specific server is that client's Channel ID for that server.
</t>
</section>
<section title="Channel ID Extension">
<t>
A new extension type (<spanx style="verb">channel_id(TBD)</spanx>) is defined and MAY be included by the client in its <spanx style="verb">ClientHello</spanx> message. If, and only if, the server sees this extension in the <spanx style="verb">ClientHello</spanx>, it MAY choose to echo the extension in its <spanx style="verb">ServerHello</spanx>. In both cases, the <spanx style="verb">extension_data</spanx> field MUST be empty.
</t>
<figure>
<artwork>
enum {
channel_id(TBD), (65535)
} ExtensionType;
</artwork>
</figure>
<t>
A new handshake message type (<spanx style="verb">encrypted_extensions(TBD)</spanx>) is defined. If the server included a <spanx style="verb">channel_id</spanx> extension in its <spanx style="verb">ServerHello</spanx> message, the client MUST verify that the selected cipher suite is sufficiently strong. If the cipher suite provides < 80-bits of security, the client MUST abort the handshake with a fatal <spanx style="verb">illegal_parameter</spanx> alert. Otherwise, the client MUST send an <spanx style="verb">EncryptedExtensions</spanx> message after its <spanx style="verb">ChangeCipherSpec</spanx> and before its <spanx style="verb">Finished</spanx> message.
</t>
<figure>
<artwork>
enum {
encrypted_extensions(TBD), (65535)
} HandshakeType;
</artwork>
</figure>
<t>Therefore a full handshake with <spanx style="verb">EncryptedExtensions</spanx> has the following flow (contrast with section 7.3 of <xref target="RFC5246">RFC 5246</xref>):</t>
<figure>
<artwork>
Client Server
ClientHello (ChannelID extension) -------->
ServerHello
(ChannelID extension)
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
EncryptedExtensions
Finished -------->
[ChangeCipherSpec]
<-------- Finished
Application Data <-------> Application Data
</artwork>
</figure>
<t>An abbreviated handshake with <spanx style="verb">EncryptedExtensions</spanx> has the following flow:</t>
<figure>
<artwork>
Client Server
ClientHello (ChannelID extension) -------->
ServerHello
(ChannelID extension)
[ChangeCipherSpec]
<-------- Finished
[ChangeCipherSpec]
EncryptedExtensions
Finished -------->
Application Data <-------> Application Data
</artwork>
</figure>
<t>The <spanx style="verb">EncryptedExtensions</spanx> message contains a series of <spanx style="verb">Extension</spanx> structures (see section 7.4.1.4 of <xref target="RFC5246">RFC 5246</xref></t>
<t>If the server included a <spanx style="verb">channel_id</spanx> extension in its <spanx style="verb">ServerHello</spanx> message, the client MUST include, within an EncryptedExtensions message, an <spanx style="verb">Extension</spanx> with <spanx style="verb">extension_type</spanx> equal to <spanx style="verb">channel_id(TBD)</spanx>. The <spanx style="verb">extension_data</spanx> of which has the following format:</t>
<figure>
<artwork>
struct {
opaque x[32];
opaque y[32];
opaque r[32];
opaque s[32];
} ChannelIDExtension;
</artwork>
</figure>
<t>
The contents of each of <spanx style="verb">x</spanx>, <spanx style="verb">y</spanx>, <spanx style="verb">r</spanx> and <spanx style="verb">s</spanx> is a 32-byte, big-endian number. The <spanx style="verb">x</spanx> and <spanx style="verb">y</spanx> fields contain the affine coordinates of the client's Channel ID Q (i.e., a <xref target="DSS">P-256</xref> curve point). The <spanx style="verb">r</spanx> and <spanx style="verb">s</spanx> fields contain an <xref target="DSS">ECDSA</xref> signature by the corresponding private key over this US-ASCII strong (not including quotes, and where "\x00" represents an octet containing all zero bits):
</t>
<figure><artwork>
"TLS Channel ID signature\x00"
</artwork></figure>
<t>
followed by hashes of both the client-sent and server-sent handshake messages, as seen by the client, prior to the <spanx style="verb">EncryptedExtensions</spanx> message.
</t>
<t>
Unlike many other TLS extensions, this extension does not establish properties of the session, only of the connection. When session resumption or <xref target="RFC5077">session tickets</xref> are used, the previous contents of this extension are irrelevant and only the values in the new handshake messages are considered.
</t>
</section>
<section title="Security Considerations">
<t>
There are four classes of attackers against which we consider our security guarantees: passive network attackers, active network attackers, active network attackers with misissued certificates and attackers in possession of the legitimate server's private key.
</t>
<t>
First, we wish to guarantee that we don't disclose the Channel ID to passive or active network attackers. We do this by sending a constant-length Channel ID under encryption. However, since the Channel ID may be transmitted before the server's Finished message is received, it's possible that the server isn't in possession of the corresponding private key to the certificate that it presented. In this situation, an active attacker could cause a Channel ID to be transmitted under a random key in a cipher suite of their choosing. Therefore we limit the permissible cipher suites to those where decrypting the message is infeasible.
</t>
<t>
Even with this limit, an active attacker can cause the Channel ID to be transmitted in a non-forward-secure manner. Subsequent disclosure of the server's private key would allow previously recorded Channel IDs to be decrypted.
</t>
<t>
Second, we wish to guarantee that none of the first three attackers can terminate/hijack a TLS connection and impersonate a Channel ID from that connection when connecting to the legitimate server. We assume that TLS provides sufficient security to prevent these attackers from being able to hijack the TLS connection. An active attacker illegitimately in possession of a certificate for a server can successfully terminate a TLS connection destined for that server and decrypt the Channel ID. However, as the signature covers the handshake hashes, and therefore the server's certificate, it wouldn't be accepted by the true server.
</t>
<t>
Against an attacker with the legitimate server's private key we can provide the second guarantee only if the legitimate server uses a forward-secret cipher suite, otherwise the attacker can hijack the connection.
</t>
</section>
<section title="Use Cases">
<section title="Channel-Bound Cookies">
<t>
An HTTP application on the server can <spanx style="emph">channel-bind</spanx> its cookies by associating them with the Channel ID of the user-agent that the cookies are being set on. The server MAY then choose to consider cookies sent from the user-agent invalid if the Channel ID associated with the cookie does not match the Channel ID used by the user-agent when it sends the cookie back to the server.
</t>
<t>
Such a mismatch could occur when the cookie has been obtained from the legitimate user-agent and is now being sent by a client not in possession of the legitimate user-agent's Channel ID private key. The mismatch can also occur if the legitimate user-agent has changed the Channel ID it is using for the server, presumably due to the user requesting a Channel ID reset through the user-agent's user interface (see <xref target="privacy" />). Such a user intervention is analogous to the user's removal of cookies from the user-agent, but instead of removing cookies, the cookies are being rendered invalid (in the eyes of the server).
</t>
</section>
<section title="Channel-Bound OAuth Tokens">
<t>
Similarly to cookies, a server may choose to channel-bind OAuth tokens (or any other kind of authorization tokens) to the clients to which they are issued. The mechanism on the server remains the same (it associates the OAuth token with the client's Channel ID either by storing this information in a database, or by suitably encoding the information in the OAuth token itself), but the application-level protocol may be different: In addition to HTTP, OAuth tokens are used in protocols such as IMAP and XMPP.
</t>
</section>
</section>
<section anchor="privacy" title="Privacy Considerations">
<t>
The TLS layer does its part in protecting user privacy by transmitting the Channel ID public key under encryption. Higher levels of the stack must ensure that the same Channel ID is not used with different servers in such a way as to provide a linkable identifier. For example, a user-agent must use different Channel IDs for communicating with different servers. Because channel-bound cookies are an important use case for TLS Channel ID, and cookies can be set on top-level domains, it is RECOMMENDED that user-agents use the same Channel ID for servers within the same top-level domain, and different Channel IDs for different top-level domains. User-agents must also ensure that Channel ID state can be reset by the user in the same way as other identifiers, i.e. cookies.
</t>
<t>
However, there are some security concerns that could result in the disclosure of a client's Channel ID to a network attacker. This is covered in the Security Considerations section.
</t>
<t>
Clients that share an IP address can be disambiguated through their Channel IDs. This is analogous to protocols that use cookies (e.g., HTTP), which also allow disambiguation of user-agents behind proxies.
</t>
<t>
Channel ID has been designed to provide privacy equivalent to that of cookies. User-agents SHOULD continue to meet this design goal at higher layers of the protocol stack. For example, if a user indicates that they would like to block third-party cookies (or if the user-agent has some sort of policy around when it blocks third-party cookies by default), then the user agent SHOULD NOT use Channel ID on third-party connections (or other connections through which the user-agent would refuse to send or accept cookies).
</t>
</section>
<section title="IANA Considerations">
<t>
This document requires IANA to update its registry of TLS extensions to assign an entry referred to here as <spanx style="verb">channel_id</spanx>.
</t>
<t>
This document also requires IANA to update its registry of TLS handshake types to assign an entry referred to here as <spanx style="verb">encrypted_extensions</spanx>.
</t>
</section>
</middle>
<back>
<references title="Normative References">
&RFC2119;
&RFC5246;
<reference anchor="DSS">
<front>
<title>FIPS 186-3: Digital Signature Standard</title>
<author>
<organization>National Institute of Standards and Technology</organization>
</author>
</front>
</reference>
</references>
<references title="Informative References">
&RFC5077;
</references>
<section title="Acknowledgements" anchor="acks">
<t>
The following individuals contributed to this specification:
</t>
<t>
Dirk Balfanz, Wan-Teh Chang, Ryan Hamilton, Adam Langley, and Mayank Upadhyay.
</t>
</section>
<section title="History of Changes">
<section title="Version 01">
<t>
<list style="symbols">
<t>
Some clarifications, mostly around the Channel ID and session state.
</t>
<t>
Added a section on Use Cases.
</t>
<t>
Expanded the Privacy Considerations sections to include discussion of third-party connections in HTTP user-agents.
</t>
<t>
Fixed some typos.
</t>
</list>
</t>
</section>
</section>
</back>
</rfc>