diff options
Diffstat (limited to 'doc/protocol/draft-badra-tls-password-ext-00.txt')
-rw-r--r-- | doc/protocol/draft-badra-tls-password-ext-00.txt | 393 |
1 files changed, 0 insertions, 393 deletions
diff --git a/doc/protocol/draft-badra-tls-password-ext-00.txt b/doc/protocol/draft-badra-tls-password-ext-00.txt deleted file mode 100644 index a33aee974a..0000000000 --- a/doc/protocol/draft-badra-tls-password-ext-00.txt +++ /dev/null @@ -1,393 +0,0 @@ - - - -Internet Engineering Task Force M. Badra -INTERNET DRAFT LIMOS Laboratory -April 19, 2007 Expires: October 2007 - - - Password Extension for TLS Client Authentication - <draft-badra-tls-password-ext-00.txt> - - -Status - - By submitting this Internet-Draft, each author represents that any - applicable patent or other IPR claims of which he or she is aware - have been or will be disclosed, and any of which he or she becomes - aware will be disclosed, in accordance with Section 6 of BCP 79. - - Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that - other groups may also distribute working documents as Internet - Drafts. - - Internet-Drafts are draft documents valid for a maximum of six - months and may be updated, replaced, or obsoleted by other documents - at any time. It is inappropriate to use Internet-Drafts as reference - material or to cite them other than as "work in progress." - - The list of current Internet-Drafts can be accessed at - http://www.ietf.org/ietf/1id-abstracts.txt - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html - - This Internet-Draft will expire on October 19, 2007. - -Copyright Notice - - Copyright (C) The IETF Trust (2007). - -Abstract - - This document specifies a new TLS extension and a new TLS message - providing TLS client authentication using passwords. It provides - client credential protection. - - - - - - - - - -Badra Expires October 2007 [Page 1] - -Internet-draft Password Ciphersuites for TLS April 2007 - - -1 Introduction - - This document defines a new extension and a new TLS message to the - TLS protocol to enable TLS client authentication using passwords. It - provides client credential protection. - -1.2 Requirements language and Terminologies - - The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", - "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this - document are to be interpreted as described in [KEYWORDS]. - -2. Password Extension - - In order to negotiate the use of client password-based - authentication, clients MAY include an extension of type "password" - in the extended client hello. The "extension_data" field of this - extension SHALL be empty. The extension_type field is to be assigned - by IANA. - - For servers aware of the password extension but not wishing to use - it, it will gracefully revert to an ordinary TLS handshake or stop - the negotiation. - - Servers that receive an extended hello containing a "password" - extension MAY agree to authenticate the client using passwords by - including an extension of type "password", with empty - "extension_data", in the extended server hello. The - CertificateRequest payload is omitted from the server response. - - Clients return a response along with their credentials by sending a - "EncryptedPassword" message immediately after the - "ClientKeyExchange" message. The encrypted password message is sent - symmetrically encrypted with the key client_write_key and the cipher - algorithm selected by the server in the ServerHello.cipher_suite. - The Certificate and CertificateVerify payloads are omitted from the - client response. - -2.1. Encrypted Password - - When this message will be sent: - - The client MUST send this message immediately after the client key - exchange message. - - - - - - - -Badra Expires October 2007 [Page 2] - -Internet-draft Password Ciphersuites for TLS April 2007 - - - - Structure of this message: - - struct { - uint16 length; - select (CipherSpec.cipher_type) { - case stream: - stream-ciphered struct { - opaque fresh_random<16..2^16-1>; - opaque login<1..2^16-1>; - opaque password<1..2^16-1>; - }; - case block: - block-ciphered struct { - opaque IV[CipherSpec.block_length]; - opaque login<1..2^16-1>; - opaque password<1..2^16-1>; - uint8 padding[EncryptedPassword.padding_length]; - uint8 padding_length; - }; - } EncryptedPassword; - - fresh_random - A vector contains at least 16 bytes. - - length - The length (in bytes) of the EncryptedPassword structure. - - padding - Padding that is added to force the length of the EncryptedPassword - structure to be an integral multiple of the block cipher's block - length. The padding MAY be any length up to 255 bytes, as long as - it results in the EncryptedPassword.length being an integral - multiple of the block length. Lengths longer than necessary might - be desirable to frustrate attacks on a protocol that are based on - analysis of the lengths of exchanged messages. Each uint8 in the - padding data vector MUST be filled with the padding length value. - The receiver MUST check this padding and SHOULD use the - bad_record_mac alert to indicate padding errors. - - padding_length - The padding length MUST be such that the total size of the - EncryptedPassword structure is a multiple of the cipher's block - length. Legal values range from zero to 255, inclusive. This - length specifies the length of the padding field exclusive of the - padding_length field itself. - - - - - -Badra Expires October 2007 [Page 3] - -Internet-draft Password Ciphersuites for TLS April 2007 - - - BulkCipherAlgorithm.null (e.g. TLS_RSA_WITH_NULL_MD5 and - RSA_WITH_NULL_SHA) MUST NOT be negotiated when password extension is - deployed, as it provides no more protection than an unsecured - connection. - - Implementations of this document MUST ensure that all policies being - applied on the PSK encoding (section 5 of [PSK]) are applied on the - password encoding as well. - - Editor note: is it more secure to don't send the password on the - wire and instead of that, mix it with the premaster secret, and use - the result as an input for the key derivation function to implicitly - authenticate the client? - - Upon receipt of this message, the server symmetrically decrypts the - EncryptedPassword using the same key as the client to retrieve the - username and the password in clear text. The server then checks its - database for a match. If a match is found, the server sends its - change cipher spec message and proceeds directly to finished - message. If no match is found, the server MUST send a fatal alert, - results in the immediate termination of the connection. - - If the server does not recognize the login, it MAY respond with an - "unknown_login" alert message. Alternatively, if the server wishes - to hide the fact that the login was not known, it MAY continue the - protocol as if the login existed but the key was incorrect: that is, - respond with a "decrypt_error" alert. - - Client Server - ------ ------ - - ClientHello --------> - ServerHello - Certificate* - ServerKeyExchange* - <-------- ServerHelloDone - ClientKeyExchange - EncryptedPassword - ChangeCipherSpec - Finished --------> - ChangeCipherSpec - <-------- Finished - Application Data Application Data - Attribute Value Pairs Attribute Value Pairs - Type Length Value <=======> Type Length Value - -3. Security Considerations - - - - -Badra Expires October 2007 [Page 4] - -Internet-draft Password Ciphersuites for TLS April 2007 - - - The security considerations described throughout [TLS], [DTLS], and - [TLS1.1] apply here as well. - -4. IANA Considerations - - This document defines a new TLS extension "password", assigned the - value TBD from the TLS ExtensionType registry defined in [TLSEXT]. - - This document also defines a new TLS alert message, - unknown_login(TBD). - - This document defines a new handshake message, encrypted password, - whose value is to be allocated from the TLS HandshakeType registry - defined in [TLS]. - -5. References - -5.1. Normative References - - [TLS] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", - RFC 2246, January 1999. - - [TLSExt] Blake-Wilson, S., et. al., "Transport Layer Security TLS) - Extensions", RFC 4346, April 2006. - - [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", RFC 2119, March 1997. - - [PSK] Eronen, P. (Ed.) and H. Tschofenig (Ed.), "Pre-Shared Key - Ciphersuites for Transport Layer Security (TLS)", - RFC 4279, December 2005. - - [TLSCAM] Moriai, S., Kato, A., Kanda M., "Addition of Camellia - Cipher Suites to Transport Layer Security (TLS)", - RFC 4132, July 2005. - - [TLSAES] Chown, P., "Advanced Encryption Standard (AES) - Ciphersuites for Transport Layer Security (TLS)", - RFC 3268, June 2002. - - [TLSECC] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., - Moeller, B., "Elliptic Curve Cryptography (ECC) Cipher - Suites for Transport Layer Security (TLS)", RFC 4492, May - 2006 - - [TLSCTR] Modadugu, N. and E. Rescorla, "AES Counter Mode Cipher - Suites for TLS and DTLS", draft-ietf-tls-ctr-01.txt (work - in progress), June 2006. - - - -Badra Expires October 2007 [Page 5] - -Internet-draft Password Ciphersuites for TLS April 2007 - - - -5.2. Informative References - - [KERB] Medvinsky, A. and M. Hur, "Addition of Kerberos Cipher - Suites to Transport Layer Security (TLS)", RFC 2712, - October 1999. - -Author's Addresses - - Mohamad Badra - LIMOS Laboratory - UMR (6158), CNRS - France Email: badra@isima.fr - -Full Copyright Statement - - Copyright (C) The IETF Trust (2007). - - This document is subject to the rights, licenses and restrictions - contained in BCP 78, and except as set forth therein, the authors - retain all their rights. - - This document and the information contained herein are provided on - an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE - REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE - IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL - WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY - WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE - ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS - FOR A PARTICULAR PURPOSE. - -Intellectual Property - - The IETF takes no position regarding the validity or scope of any - Intellectual Property Rights or other rights that might be claimed - to pertain to the implementation or use of the technology described - in this document or the extent to which any license under such - rights might or might not be available; nor does it represent that - it has made any independent effort to identify any such rights. - Information on the procedures with respect to rights in RFC - documents can be found in BCP 78 and BCP 79. - - Copies of IPR disclosures made to the IETF Secretariat and any - assurances of licenses to be made available, or the result of an - attempt made to obtain a general license or permission for the use - of such proprietary rights by implementers or users of this - specification can be obtained from the IETF on-line IPR repository - at http://www.ietf.org/ipr. - - - - -Badra Expires October 2007 [Page 6] - -Internet-draft Password Ciphersuites for TLS April 2007 - - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights that may cover technology that may be required to implement - this standard. Please address the information to the IETF at ietf- - ipr@ietf.org. - -Acknowledgment - - Funding for the RFC Editor function is provided by the IETF - Administrative Support Activity (IASA). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Badra Expires October 2007 [Page 7] -
\ No newline at end of file |