Transport%20Layer%20Security%20(TLS)%20Authorization%20Extensions%20<draft-housley-tls-authz-extns-01.txt>

1
Transport Layer Security (TLS)Authorization
Extensionsltdraft-housley-tls-authz-extns-01.txtgt

• Mark Brown
• RedPhone Security

Russ Housley Vigil Security
2
Overview (1 of 2)

• Authorization extensions for the Handshake
  Protocol in both TLS 1.0 and TLS 1.1
• Allow client to provide authorization information
  to the server
• Allow server to provide authorization information
  to the client

3
Overview (2 of 2)

• Client
  Server
• ClientHello
• (with AuthorizationData) --------gt
• 
  ServerHello
• (with
  AuthorizationData)
• 
  Certificate
• 
  ServerKeyExchange
• 
  CertificateRequest
• lt--------
  ServerHelloDone
• Certificate
• ClientKeyExchange
• CertificateVerify
• ChangeCipherSpec
• Finished --------gt
• 
  ChangeCipherSpec
• lt--------
  Finished
• Application Data lt-------gt
  Application Data

4
Two Authorization Formats

• enum
• x509_attr_cert(0),
• saml_assertion(1),
• x509_attr_cert_url(2),
• saml_assertion_url(3), (255)
• AuthzDataFormat

• X.509 Attribute Certificate
• SAML Assertion
• URL to fetch either of these, with a hash value
  to ensure that the correct object was obtained

5
AuthorizationData (1 of 2)

• struct
• AuthorizationDataEntry authz_data_listlt1..216-
  1gt
• AuthorizationData
• struct
• AuthzDataFormat authz_format
• select (authz_format)
• case x509_attr_cert X509AttrCert
• case saml_assertion SAMLAssertion
• case x509_attr_cert_url URLandHash
• case saml_assertion_url URLandHash
• authz_data_entry
• AuthorizationDataEntry

6
AuthorizationData (2 of 2)

• opaque X509AttrCertlt1..216-1gt
• opaque SAMLAssertionlt1..216-1gt
• struct
• opaque urllt1..216-1gt
• HashType hash_type
• select (hash_type)
• case sha1 SHA1Hash
• case sha256 SHA256Hash
• hash
• URLandHash
• enum
• sha1(0), sha256(1), (255)
• HashType

7
Sensitive Authorization Information

• Solved by double handshake

• Client
  Server
• ClientHello
• (no AuthorizationData) --------gt
• 
  ServerHello
• (no
  AuthorizationData)
• 
  Certificate
• 
  ServerKeyExchange
• 
  CertificateRequest
• lt--------
  ServerHelloDone
• Certificate
• ClientKeyExchange
• CertificateVerify
• ChangeCipherSpec
• Finished --------gt
• 
  ChangeCipherSpec
• lt--------
  Finished
• (more on next slide)

8
The rest of the double handshake

• Client
  Server
• ClientHello
• (with AuthorizationData) --------gt
• 
  ServerHello
• (with
  AuthorizationData)
• 
  Certificate
• 
  ServerKeyExchange
• 
  CertificateRequest
• lt--------
  ServerHelloDone
• Certificate
• ClientKeyExchange
• CertificateVerify
• ChangeCipherSpec
• Finished --------gt
• 
  ChangeCipherSpec
• lt--------
  Finished
• Application Data lt-------gt
  Application Data

9
More efficient with resumption

• Client
  Server
• ClientHello
• (no AuthorizationData) --------gt
• 
  ServerHello
• (no
  AuthorizationData)
• 
  Certificate
• 
  ServerKeyExchange
• 
  CertificateRequest
• lt--------
  ServerHelloDone
• Certificate
• ClientKeyExchange
• CertificateVerify
• ChangeCipherSpec
• Finished --------gt
• 
  ChangeCipherSpec
• lt--------
  Finished
• ClientHello
• (with AuthorizationData) --------gt

10
Open Issue

• Need to allow an empty AuthorizationData
  extension
• Client wants authorization information from the
  server, so it needs to include the extension in
  the client hello message
• Server wants to indicate that the authorization
  information provided by the client was accepted,
  but the server has none to provide

11
Way Forward

• Should this become a TLS WG document?
• If not, will proceed as standards-track
  individual submission