1 / 9

Proposed Transport Layer Security (TLS) Evidence Extensions

This document proposes evidence extensions for Transport Layer Security (TLS) to provide evidence of protected content using digital signatures in TLS applications.

griddick
Download Presentation

Proposed Transport Layer Security (TLS) Evidence Extensions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ProposedTransport Layer Security (TLS)Evidence Extensions <draft-housley-evidence-extns-00.txt> Russ Housley IETF 67 – TLS WG Session

  2. Motivation • TLS is used to protect many different applications, but TLS does not provide any evidence of the protected content • Of course not, it is the transport layer … • But, the alternative is evidence mechanism in every application that makes use of TLS

  3. Signatures • Digital signatures are used to generate the evidence • Both the client and the server must have certified signature keys

  4. ProposedEvidence Creation Exchange ClientServer ClientHello (w/ extns) --------> ServerHello (w/ extns) Certificate+ ServerKeyExchange* CertificateRequest+ <-------- ServerHelloDone Certificate+ ClientKeyExchange CertificateVerify+ ChangeCipherSpec Finished --------> ChangeCipherSpec <-------- Finished Application Data <-------> Application Data Alert(evidence_start1) --------> Application Data <-------- Alert(evidence_start2) Application Data <-------> Application Data Alert(evidence_end1) --------> Application Data <-------- Alert(evidence_end2) EvidenceRequest --------> <-------- EvidenceResponse Application Data <-------> Application Data

  5. Application Support • To gather evidence from an unchanged application, the evidence start alerts are sent immediately after the Finished message, and the evidence end alerts are sent at the end of the session • If willing to change an application, then alerts can be placed at “interesting” content

  6. Evidence Protocol (1 of 3) enum { request(1), response(2), (255) } EvidenceMsgType; struct { EvidenceMsgType evidence_msg_type; uint24 length; /* number of octets in message */ select (EvidenceMsgType) { case request: EvidenceRequest; case response: EvidenceResponse; } body; } EvidenceProtocol;

  7. Evidence Protocol (2 of 3) struct { Evidence evidence<1..2^16-1>; ASN.1Cert party1_certificate; EvidenceSignature party1_signature; } EvidenceRequest; struct { EvidenceCreateSuite evidence_suite; uint32 gmt_unix_time; opaque handshake_protocol_hash<1..512>; opaque app_data_sent_hash<1..512>; opaque app_data_received_hash<1..512>; } Evidence;

  8. Evidence Protocol (3 of 3) struct { Evidence evidence<1..2^16-1>; ASN.1Cert party1_certificate; EvidenceSignature party1_signature; ASN.1Cert party2_certificate; EvidenceSignature party2_signature; } EvidenceResponse;

  9. Request to TLS Working Group • Authors are asking the TLS WG to accept the document, and move it forward as a Proposed Standard

More Related