diff options
Diffstat (limited to 'doc/protocol/draft-badra-hajjeh-mtls-01.txt')
-rw-r--r-- | doc/protocol/draft-badra-hajjeh-mtls-01.txt | 505 |
1 files changed, 0 insertions, 505 deletions
diff --git a/doc/protocol/draft-badra-hajjeh-mtls-01.txt b/doc/protocol/draft-badra-hajjeh-mtls-01.txt deleted file mode 100644 index 247806d18f..0000000000 --- a/doc/protocol/draft-badra-hajjeh-mtls-01.txt +++ /dev/null @@ -1,505 +0,0 @@ - - - -Internet Engineering Task Force M. Badra -INTERNET DRAFT ENST Paris - I. Hajjeh - ESRGroups -Expires: December 2006 June 15, 2006 - - MTLS: TLS Multiplexing - <draft-badra-hajjeh-mtls-01.txt> - - -Status - - By submitting this Internet-Draft, each author represents that any - applicable patent or other IPR claims of which he or she is aware - have been or will be disclosed, and any of which he or she becomes - aware will be disclosed, in accordance with Section 6 of BCP 79. - - Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that - other groups may also distribute working documents as Internet - Drafts. - - Internet-Drafts are draft documents valid for a maximum of six - months and may be updated, replaced, or obsoleted by other documents - at any time. It is inappropriate to use Internet-Drafts as reference - material or to cite them other than as "work in progress." - - The list of current Internet-Drafts can be accessed at - http://www.ietf.org/ietf/1id-abstracts.txt - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html - - This Internet-Draft will expire on November 20, 2006. - -Copyright Notice - - Copyright (C) The Internet Society (2006). All Rights Reserved. - -Abstract - - The Transport Layer Security (TLS) standard provides connection - security with mutual authentication, data confidentiality and - integrity, key generation and distribution, and security parameters - negotiation. However, missing from the protocol is a way to - multiplex application data over a single TLS session. - - This document defines MTLS, a new TLS sub-protocol running over TLS - (or DTLS) Record protocol. The MTLS design provides application - multiplexing over a single TLS (or DTLS) session. Therefore, instead - of associating a TLS connection with each application, MTLS allows - - -Badra & Hajjeh Expires December 2006 [Page 1] - -Internet-Draft TLS Multiplexing June 2006 - - - several applications to protect their exchanges over a single TLS - session. - -1 Introduction - - SMTP over TLS [SMTPTLS], HTTP over TLS [HTTPTLS], POP over TLS and - IMAP over TLS [POPTLS] are examples of securing, respectively, SMTP, - HTTP, POP and IMAP data exchanges using the TLS protocol [TLS]. - - TLS ([TLS], [TLSv1.1] and [DTLS]) is the most deployed security - protocol for securing exchanges, authenticating entities and for - generating and distributing cryptographic keys. However, what is - missing from the protocol is the way to multiplex application data - over the same TLS session. - - Actually, TLS (or DTLS) clients and servers MUST establish a TLS (or - DTLS) session for each application they want to run over a transport - layer. However, some applications may agree or be configured to use - the same security policies or parameters (e.g. authentication method - and cipher_suite) and then to share a single TLS session to protect - their exchanges. In this way, this document extends TLS to allow - application multiplexing over TLS. - - The document motivations included: - - o TLS is application protocol-independent. Higher-level protocol - can operate on top of the TLS protocol transparently. - - o TLS is a protocol of a modular nature. Since TLS is developed in - four independent protocols, the approach defined in this - document can be added by extending the TLS protocol and with a - total reuse of pre-existing TLS infrastructures and - implementations. - - o It provides a secure VPN tunnel over a transport layer. Unlike - "ssh-connection" [SSHCON], MTLS can run over unreliable - transport protocols, such as UDP. - - o Establishing a single session for a number of applications - -instead of establishing a session per application- reduces - resource consumption, latency and messages flow that are - associated with executing simultaneous TLS sessions. - - o TLS can not forbid an intruder to analyze the traffic and cannot - protect data from inference. Thus, the intruder can know the - type of application data transmitted through the TLS session. - However, the extension defined in this document allows, by its - design, data protection against inference. - - - -Badra & Hajjeh Expires December 2006 [Page 2] - -Internet-Draft TLS Multiplexing June 2006 - - -1.2 Requirements language - - The key words "MUST", "SHALL", "SHOULD", and "MAY", in this document - are to be interpreted as described in RFC-2119. - -2 TLS multiplexing overview and considerations - - This document defines a new TLS sub-protocol called Multiplexing TLS - (MTLS) to handle data multiplexing, and it specifies the content - type mtls(TBD). It extends also TLS with a new extension type - allowing the negotiation of data multiplexing features. - -2.1 Handshake - - Based on the TLS Extensions [TLSExt], a client and a server can, in - an ordinary TLS handshake, negotiate the future use of MTLS. If the - client does attempt to initiate a TLS connection using MTLS with a - server that does not support it, it will be automatically alerted. - For servers aware of MTLS but not wishing to use it, it will - gracefully revert to an ordinary TLS handshake or stop the - negotiation. - - The negotiation usually starts with the client determining whether - the server is capable of and willing to use MTLS or not. In order to - allow a TLS client to negotiate the application multiplexing - functionality, a new extension type SHOULD be added to the Extended - Client and Extended Server Hello messages. - - This document defines an extension of type - "application_layer_protocol". The "extension_data" field of this - extension contains a "data_multiplexing", where: - - Struct { - ApplicationLayerProtocol alp_list<0..2^22-1>; - } data_multiplexing; - - struct { - SenderChannelID sender_channel_id; - ReceiverChannelID receiver_channel_id; - uint32 max_packet_length; - ApplicationpProtocolName apn; - } ApplicationLayerProtocol; - - opaque SenderChannelID [2]; - opaque ReceiverChannelID [2]; - Opaque ApplicationpProtocolName<1..2^4>; - - Each channel has its identifier, which is composed of two parts - (sender_channel_id and receiver_channel_id) generated respectively - by the sender and the receiver. During the Handshake phase, the - -Badra & Hajjeh Expires December 2006 [Page 3] - -Internet-Draft TLS Multiplexing June 2006 - - - sender generates the sender_channel_id's value and initializes the - receiver_channel_id to empty field, in which the receiver replies - with a generated receiver_channel_id. - - The sender (respectively the receiver) initializes its - max_packet_length with the data length (in octets), specifying how - many bytes the receiver (respectively the sender) can maximally send - on the channel. Each end of the channel establishes a 'receive - buffer' and a 'send buffer'. - - How the negotiation of options within an extension is handled is up - to the definition of that extension. Implementations of this - document MAY allow the server to respond with the intersection - between what the client and the server support. However, the server - MAY reply with all the applications it supports, but in this case - the server MUST support at least one application requested by the - client. The sender_channel_id, receiver_channel_id and the - max_packet_size MUST be omitted from the server response for each - application not requested by the client. - - Note: if the server (receiver) agrees, the client (sender) SHOULD - establish a single TLS (respectively DTLS) session for all - applications it wishes to run over a single TLS session. In this - case, the sender SHOULD send a data multiplexing extension - containing "ALL" as ApplicationpProtocolName value. The - sender_channel_id, the receiver_channel_id and the max_packet_length - fields SHOULD be omitted. If the receiver is able to negotiate such - a session, it will reply with a list of applications it can accept - to run through a single TLS session. The receiver_channel_id, the - sender_channel_id and the max_packet_length fields SHOULD be - omitted. - - However, the client MAY indicate to the server its support of the - data multiplexing extension without determining the application - types it wishes to multiplex. In this case, the client sends an - empty data multiplexing extension. If the server is able of and - willing to use the data multiplexing extension, it MUST reply with - an empty extension of the same type. Once the Handshake is complete, - the client and the server SHOULD establish and manage many - application channels using the requests/responses defined below. - - 2.1.1. Opening and closing connections - - Once the Handshake is complete, the two entities can start data - multiplexing using a set of requests/responses defined below. All - requests/requests will pass through MTLS layer and are formatted - into MTLS packets, depending on each request/response. - - - - -Badra & Hajjeh Expires December 2006 [Page 4] - -Internet-Draft TLS Multiplexing June 2006 - - - The sender MAY request the opening of many channels. For each - request, the MTLS layer MUST generate and send the following - request: - - struct { - uint8 type; - SenderChannelID sender_channel_id; - uint32 max_packet_length;// of the sender of this packet - ApplicationpProtocolName apn; - } RequestEstablishmentChannel; - - The field "type" specifies the MTLS packet type (types are - summarized below), max_packet_length and the sender_channel_id are - used as previously described. - - The receiver decides whether it can open the channel, and replies - with one of the following messages: - - struct { - uint8 type; - SenderChannelID sender_channel_id; - ReceiverChannelID receiver_channel_id; - uint32 max_packet_length; - } RequestEstablishmentSuccess; - - struct { - uint8 type; - SenderChannelID sender_channel_id; - opaque error<0..2^16>; - } RequestEchecChannel; - - The field "error" conveys a description of the error. - - The following packet MAY be sent to notify the receiver that the - sender will not send any more data on this channel and that any data - received after a closure request will be ignored. The sender of the - closure request MAY close its 'receive buffer' without waiting for - the receiver's response. However, the receiver MUST respond with a - confirmation of the closure and close down the channel immediately, - discarding any pending writes. - - struct { - uint8 type; - SenderChannelID sender_channel_id; - ReceiverChannelID receiver_channel_id; - } CloseChannel; - - - - - -Badra & Hajjeh Expires December 2006 [Page 5] - -Internet-Draft TLS Multiplexing June 2006 - - - struct { - uint8 type; - SenderChannelID sender_channel_id; - ReceiverChannelID receiver_channel_id; - } ConfirmationCloseChannel; - -2.2 MTLS sub-protocol - - The structure of the MTLS packet is described below. The channel_id - value depends on the originator of the packet; for received - (respectively submitted) packets, it conveys the sender_channel_id - (respectively receiver_channel_id). The length conveys the data - length of the current packet. - - Each entity maintains its max_packet_length that is originally - initialized (during the channel establishment or during the - handshake phase) to a value not bigger than the maximum size of this - entity's 'receive buffer'. For each received packet, the entity MUST - subtract the packet's length from the max_packet_length. The result - is always positive since the packet's length is always less than or - equal to the current max_packet_length. - - The free space of the 'receive buffer' MAY increase in length. - Consequently, the entity MUST inform the other end about this - increase, allowing the other entity to send packet with length - bigger than the old max_packet_length but smaller or equal than the - new value. - - The entity MAY indicate this increase using either data or - Acknowledgment packets. In the first case, the entity MUST set the - max_packet_length_changed to 1 and extra_length set to the extra - free space. In the second case, the entity only needs to send the - length of the extra free space. - - If the length of the 'receive buffer' does not change, - Acknowledgment packet will never be sent. However, the entity MAY - send data packet but in this case, it MUST set the - max_packet_length_changed to 0 and MUST consequently remove the - extra_length field from the packet header. - - In the case where the 'receive buffer' of an entity fills up, the - other entity MUST wait for an Acknowledgment or a data packet with - packet_length_changed set to 1, before sending any more - MTLSPlaintext packets. - - - - - - - -Badra & Hajjeh Expires December 2006 [Page 6] - -Internet-Draft TLS Multiplexing June 2006 - - - struct { - uint8 type; - uint16 channel_id; - uint8 max_packet_length_changed; - uint32 extra_length; // omitted if the value of the - // max_packet_length_changed is 0 - uint32 length; - opaque data[MTLSPlaintext.length]; - } MTLSPlaintext; - - struct { - uint8 type; - uint16 channel_id; // of the receiver of that packet - uint32 extra_length; - } Acknowledgment; - - The TLS Record Layer receives data from MTLS, supposes it as - uninterpreted data and applies the fragmentation and the - cryptographic operations on it, as defined in [TLS]. - - Note: multiple MTLS fragments MAY be coalesced into a single - TLSPlaintext record. - - Received data is decrypted, verified, decompressed, and reassembled, - then delivered to MTLS sub-protocol. Next, the MTLS sends data to - the appropriate application using the channel identifier and the - length value. - -2.3 MTLS Message Types - - RequestEstablishmentChannel 0x01 - RequestEstablishmentSuccess 0x02 - RequestEchecChannel 0x03 - CloseChannel 0x04 - ConfirmationCloseChannel 0x05 - MTLSPlaintext 0x06 - Acknowledgment 0x07 - -Security Considerations - - Security issues are discussed throughout this document, and in - [TLS], [TLSv1.1], [DTLS] and [TLSEXT] documents. - - If a fatal error related to a channel or a connection of an - arbitrary application occurs, the secure session MUST NOT be - resumed. - - - - - -Badra & Hajjeh Expires December 2006 [Page 7] - -Internet-Draft TLS Multiplexing June 2006 - - -IANA Considerations - - This section provides guidance to the IANA regarding registration of - values related to the TLS protocol. - - There are name spaces that require registration: the mtls content - type, the data_multiplexing extension, and the MTLS message types. - - -References - - [TLS] Dierks, T., et. al., "The TLS Protocol Version 1.0", RFC - 2246, January 1999. - - [TLSExt] Blake-Wilson, S., et. al., "Transport Layer Security - (TLS) Extensions", RFC 4346, April 2006. - - [DTLS] Rescorla, E., Modadugu, N., "Datagram Transport Layer - Security", RFC 4347, April 2006. - - [TLSv1.1] Dierks, T., Rescorla, E., "The TLS Protocol Version 1.1", - RFC 4346, April 200P. - - [SMTPTLS] Hoffman, P., "SMTP Service Extension for Secure SMTP over - TLS", RFC 2487, January 1999. - - [HTTPTLS] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. - - [POPTLS] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC - 2595, June 1999. - - [SSHCON] Lonvick, C., "SSH Connection Protocol", RFC 4254, January - 2005. - -Author's Addresses - - Mohamad Badra - ENST Paris - France Email: Mohamad.Badra@enst.fr - - Ibrahim Hajjeh - ESRGroups, Security WG - France Email: Ibrahim.Hajjeh@esrgroups.org - - - - - - - - -Badra & Hajjeh Expires December 2006 [Page 8] - -Internet-Draft TLS Multiplexing June 2006 - - - Intellectual Property Statement - - The IETF takes no position regarding the validity or scope of any - Intellectual Property Rights or other rights that might be claimed - to pertain to the implementation or use of the technology described - in this document or the extent to which any license under such - rights might or might not be available; nor does it represent that - it has made any independent effort to identify any such rights. - Information on the IETF's procedures with respect to rights in IETF - Documents can be found in BCP 78 and BCP 79. - - Copies of IPR disclosures made to the IETF Secretariat and any - assurances of licenses to be made available, or the result of an - attempt made to obtain a general license or permission for the use - of such proprietary rights by implementers or users of this - specification can be obtained from the IETF on-line IPR repository - at http://www.ietf.org/ipr. - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights that may cover technology that may be required to implement - this standard. Please address the information to the IETF at ietf- - ipr@ietf.org. - - Disclaimer of Validity - - This document and the information contained herein are provided on - an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE - REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE - INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR - IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF - THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED - WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - Copyright Statement - - Copyright (C) The Internet Society (2006). This document is subject - to the rights, licenses and restrictions contained in BCP 78, and - except as set forth therein, the authors retain all their rights. - - Acknowledgment - - Funding for the RFC Editor function is currently provided by the - Internet Society. - - - - - - - -Badra & Hajjeh Expires December 2006 [Page 9]
\ No newline at end of file |