[Last-Call] Re: Secdir last call review of draft-ietf-opsawg-tacacs-tls13-18

"Douglas Gash \(dcmgash\)" <dcmgash=40cisco.com@xxxxxxxxxxxxxx> · Thu, 13 Mar 2025 15:28:16 +0000

Hi Viktor,

Certainly, we will remove that comment from the doc.

PROPOSED NEW TEXT:
   *  Raw Public Keys (RPK).  The details of RPK are considered out-of-
      scope for this document.  Please refer to [RFC7250] and
      Section 4.4.2 of [RFC8446] for implementation, deployment, and
      security considerations.

From: Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx>

Date: Thursday, 13 March 2025 at 14:47

To: last-call@xxxxxxxx <last-call@xxxxxxxx>

Subject: [Last-Call] Re: Secdir last call review of draft-ietf-opsawg-tacacs-tls13-18

On Thu, Mar 13, 2025 at 09:33:14AM +0000, Douglas Gash (dcmgash) wrote:

>    *  Raw Public Keys (RPK).  There is no definitive description of Raw

>       Public Keys in TLS 1.3 at time of writing, so [RFC7250] must be

>       used in context of [RFC8446].  The details of RPK are considered

>       out-of-scope for this document.  Please refer to the RFCs above

>       for implementation, deployment, and security considerations.

Please remove the disclaimers.  I see no lack of clarity about TLS 1.3

RPKs in RFC8446 Section 4.4.2:

    https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2

OpenSSL, for example, includes an implementation of TLS 1.3 RPKs in

conformance with that specification.  Indeed important details of how

to use RPKs in TLS 1.3 can only be found in RFC8446, and RFC7250 is

only sufficient for RPKs with TLS 1.2.

    $ posttls-finger -ldane -Lpeercert,summary -c -p TLSv1.2 [...]

    posttls-finger: [...] raw public key fingerprint=F4:D9:CF:3B:4E:25:10:85:A4:F3:19:3D:AA:F3:A5:14:1C:D9:5C:71:09:D3:3C:97:1C:3F:8F:7C:EC:48:CD:1B

    posttls-finger: [...] Matched DANE raw public key: 3 1 1 F4D9CF3B4E251085A4F3193DAAF3A5141CD95C7109D33C971C3F8F7CEC48CD1B

    posttls-finger: Verified TLS connection established to [...] TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

    $ posttls-finger -ldane -Lpeercert,summary -c -p TLSv1.3 [...]

    posttls-finger: [...] raw public key fingerprint=C0:B6:7B:03:DA:B5:97:A5:D8:B7:43:E7:09:AE:08:0D:7D:3E:50:9A:7B:AB:0A:02:88:D8:98:7F:EA:EA:E8:03

    posttls-finger: [...] Matched DANE raw public key: 3 1 1 C0B67B03DAB597A5D8B743E709AE080D7D3E509A7BAB0A0288D8987FEAEAE803

    posttls-finger: Verified TLS connection established to [...] TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519MLKEM768 server-signature ML-DSA-65 (raw public key)

It is important to not misrepresent the handling of RPKs in TLS 1.3.

-- 

    Viktor.

-- 

last-call mailing list -- last-call@xxxxxxxx

To unsubscribe send an email to last-call-leave@xxxxxxxx

-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx