Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC 9266: Channel Bindings for TLS 1.3 support #19

Closed
Neustradamus opened this issue Nov 19, 2023 · 6 comments
Closed

RFC 9266: Channel Bindings for TLS 1.3 support #19

Neustradamus opened this issue Nov 19, 2023 · 6 comments
Labels
invalid

Comments

@Neustradamus
Copy link

Neustradamus commented Nov 19, 2023
edited
Loading

Dear @ongres team,

Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?

Little details, to know easily:

  • tls-unique for TLS =< 1.2
  • tls-server-end-point
  • tls-exporter for TLS = 1.3

I think that you have seen the jabber.ru MITM and Channel Binding is the solution:

Thanks in advance.

Linked to:
This was referenced Nov 19, 2023
Closed
Closed
@jorsol
Copy link
Collaborator

jorsol commented Mar 16, 2024

This library implements RFC 5802 and RFC 7677, this library doesn't implement external security layers such as that provided by TLS as can be read on the RFC for SCRAM:

For simplicity, this family of mechanisms does not presently include
negotiation of a security layer [RFC4422].  It is intended to be used
with an external security layer such as that provided by TLS or SSH,
with optional channel binding [RFC5056] to the external security
layer.

This library provides the building blocks to provide the SCRAM negotiation with servers, the RFC 5929 and RFC 9266 are out of the scope for this library.

Anyone who needs to extract channel-binding data that can later be used with SCRAM should check for the Bouncy Castle Crypto APIs.

@jorsol jorsol closed this as completed Mar 16, 2024
@jorsol jorsol closed this as not planned Won't fix, can't repro, duplicate, stale Mar 16, 2024
@Neustradamus
Copy link
Author

@jorsol: -PLUS variants are in RFC 5802 and RFC 7677 and more.

You can look here:

Can you reopen to support full RFCs?

@jorsol
Copy link
Collaborator

jorsol commented Mar 17, 2024
edited
Loading

Hi @Neustradamus, I'm quoting the RFC 5802 section 4 linked:

The "-PLUS" suffix is used only when the server supports channel
binding to the external channel. If the server supports channel
binding, it will advertise both the "bare" and "plus" versions of
whatever mechanisms it supports (e.g., if the server supports only
SCRAM with SHA-1, then it will advertise support for both SCRAM-SHA-1
and SCRAM-SHA-1-PLUS). If the server does not support channel
binding, then it will advertise only the "bare" version of the
mechanism (e.g., only SCRAM-SHA-1). The "-PLUS" exists to allow
negotiation of the use of channel binding.

The "-PLUS" exists to allow negotiation of the use of channel binding.

What this means is that the "-PLUS" suffix only signals that the mechanism requires channel binding during negotiation, it doesn't mention that all SCRAM libraries MUST implement channel binding, nor it is its job.

You can look at the RFC 5802 section 1:

For simplicity, this family of mechanisms does not presently include
negotiation of a security layer [RFC4422]. It is intended to be used
with an external security layer such as that provided by TLS or SSH,
with optional channel binding [RFC5056] to the external security
layer.

In other words, the family of SCRAM mechanisms DOES NOT include a security layer, that it is meant to be provided by an external security layer during negotiation, and an external library that can provide channel-binding data is the Bouncy Castle Crypto APIs, so this library MAY be used in conjunction with a library that implements channel-binding data to provide support for negotiation of the "-PLUS" mechanisms. The point here is that, this library is not a TLS library, it provides the building blocks to support SCRAM in a client/server, and an external helper that implements channel binding data extraction must be used.

I hope it is clear now.

@jorsol jorsol added the invalid label Mar 22, 2024
This was referenced Apr 3, 2024
Open
Closed
@Neustradamus
Copy link
Author

@jorsol: Good news in 3.0 (2024-04-03), a little part of Channel Binding has been added!

  • tls-server-end-point

Can you add now the tls-exporter support?

Thanks in advance.

Links:

@jorsol
Copy link
Collaborator

jorsol commented Jun 26, 2024

Hi @Neustradamus, sorry but no, there is no plan to support tls-exporter, this just implements RFC-5802, and is out of the scope to implement the security layer in this library.

If an external library implements tls-exporter and pass the channel binding data to this library, it should work.

@Neustradamus
Copy link
Author

Important: The RFC9266 updates the RFC5802, etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Neustradamus @jorsol