Proposed Transport Layer Security TLS Evidence Extensions

1
ProposedTransport Layer Security (TLS)Evidence
Extensions

• ltdraft-housley-evidence-extns-00.txtgt
• Russ Housley
• IETF 67 TLS WG Session

2
Motivation

• TLS is used to protect many different
  applications, but TLS does not provide any
  evidence of the protected content
• Of course not, it is the transport layer
• But, the alternative is evidence mechanism in
  every application that makes use of TLS

3
Signatures

• Digital signatures are used to generate the
  evidence
• Both the client and the server must have
  certified signature keys

4
ProposedEvidence Creation Exchange

• Client
  Server
• ClientHello (w/ extns) --------gt
• 
  ServerHello (w/ extns)
• 
  Certificate
• 
  ServerKeyExchange
• 
  CertificateRequest
• lt--------
  ServerHelloDone
• Certificate
• ClientKeyExchange
• CertificateVerify
• ChangeCipherSpec
• Finished --------gt
• 
  ChangeCipherSpec
• lt--------
  Finished
• Application Data lt-------gt
  Application Data
• Alert(evidence_start1) --------gt
• 
  Application Data
• lt--------
  Alert(evidence_start2)

5
Application Support

• To gather evidence from an unchanged application,
  the evidence start alerts are sent immediately
  after the Finished message, and the evidence end
  alerts are sent at the end of the session
• If willing to change an application, then alerts
  can be placed at interesting content

6
Evidence Protocol (1 of 3)

• enum
• request(1), response(2), (255)
• EvidenceMsgType
• struct
• EvidenceMsgType evidence_msg_type
• uint24 length / number of octets in message
  /
• select (EvidenceMsgType)
• case request EvidenceRequest
• case response EvidenceResponse
• body
• EvidenceProtocol

7
Evidence Protocol (2 of 3)

• struct
• Evidence evidencelt1..216-1gt
• ASN.1Cert party1_certificate
• EvidenceSignature party1_signature
• EvidenceRequest
• struct
• EvidenceCreateSuite evidence_suite
• uint32 gmt_unix_time
• opaque handshake_protocol_hashlt1..512gt
• opaque app_data_sent_hashlt1..512gt
• opaque app_data_received_hashlt1..512gt
• Evidence

8
Evidence Protocol (3 of 3)

• struct
• Evidence evidencelt1..216-1gt
• ASN.1Cert party1_certificate
• EvidenceSignature party1_signature
• ASN.1Cert party2_certificate
• EvidenceSignature party2_signature
• EvidenceResponse

9
Request to TLS Working Group

• Authors are asking the TLS WG to accept the
  document, and move it forward as a Proposed
  Standard