Open Bug 563276 Opened 14 years ago Updated 6 months ago

Support RFC 5929 - Channel Bindings for TLS

Categories

(NSS :: Libraries, enhancement, P5)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Milestone:
3.16.1

People

(Reporter: ryan.sleevi, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

Patch against 3.12.6 adding support
19.58 KB, patch
ryan.sleevi
: review?
wtc
nelson
: review?
nelson
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.9 Safari/533.2
Build Identifier: 

While draft-altman-tls-channel-bindings is not yet a finalized RFC, the functionality is currently deployed by Microsoft as part of their SChannel SSPI, as it's necessary to implement "Integrated Windows Authentication with Enhanced Protection" ( http://msdn.microsoft.com/en-us/library/dd639324(VS.90).aspx ).

Further, the tls-channel-bindings are referenced by a number of RFCs currently in progress ( http://www.fenron.net/~fenner/ietf/deps/index.cgi?dep=draft-altman-tls-channel-bindings )

The current version is -10, and is on track to be finalized soon ( https://datatracker.ietf.org/doc/draft-altman-tls-channel-bindings/ )

Reproducible: Always
One new public enum is exported by this patch:

SSLChannelBindingType

Two new public API calls are exposed:

SSL_GetChannelBinding
SEC_DecodeSignatureAlgorithmOidTag

I was uncertain whether it would be more appropriate to use a dynamic array for returning the types of supported channel bindings (similar to how cipher suites are supported), to facilitate protocols that may be able to negotiate amongst multiple types of bindings that may be added later, or whether to use the currently hard-coded list. Given that the selection of channel binding type may affect the strength of security offered, it seemed more appropriate to require application developers specify the type of binding they intend to request.

Absent of any specific NSS coding guidelines I could find, I've attempted to adhere to http://www.mozilla.org/projects/nspr/eng-process/contributors.html . Though most of the code appeared a mix between tabs and spaces, all of the new code contained is standardized on a four-space indent style.

Outputs were added to vfyserv and selfserv to output all of the available channel bindings during connection, when appropriate. I've cross-referenced the results with the Microsoft SChannel provider to verify compatibility, and will be happy to attach a patch to the Platform SDK Web Server sample code if necessary.

No new unit tests were added to this code.
Attachment #443031 - Flags: review?(wtc)
Comment on attachment 443031 [details] [diff] [review]
Patch against 3.12.6 adding support

Wan-Teh has encouraged me to review this patch.
Attachment #443031 - Flags: review?(nelson)
I confirm this is an enhancement request. :)
Status: UNCONFIRMED → NEW
Ever confirmed: true
Version: unspecified → trunk
Assignee: nobody → ryan.sleevi
Status: NEW → ASSIGNED
We had need of the tls-unique binding and so there's a Chromium patch here:

http://src.chromium.org/viewvc/chrome/trunk/src/net/third_party/nss/patches/tlsunique.patch?view=markup

I wasn't aware of this bug when writing it and I'm not claiming that it's superiour.
Priority: -- → P2
Target Milestone: --- → 3.14
draft-altman-tls-channel-bindings has become RFC 5929:
Channel Bindings for TLS.
URL: http://tools.ietf.org/html/rfc5929
Summary: Support draft-altman-tls-channel-bindings → Support RFC 5929 - Channel Bindings for TLS
Priority: P2 → P1
Target Milestone: 3.14 → 3.14.1
Target Milestone: 3.14.1 → 3.14.2
Target Milestone: 3.14.2 → 3.14.4
Target Milestone: 3.14.4 → 3.15.1
Target Milestone: 3.15.1 → 3.15.2
Target Milestone: 3.15.2 → 3.15.5
Target Milestone: 3.15.5 → 3.16
Target Milestone: 3.16 → 3.16.1
Are there any plans to add TLS Channel ID support to NSS? Is that the only route to support in Firefox? Looks like this one's been sitting for quite some time.
Eric: this bug is about channel bindings, which is separate (and standardized) from token bindings (new channel ID)

Any news on it?
Channel-Binding Support is important.
It is needed for SCRAM-SHA-XXX-PLUS variants

Linked to:

It is possible to change the "Milestone"?
It is a forgotten ticket I think...

It is already done for XMPP:

SCRAM-SHA-1-PLUS and SCRAM-SHA-256-PLUS are missing because https://bugzilla.mozilla.org/show_bug.cgi?id=563276
This ticket, people can look?

Tickets:

RFCs:

IANA:

Cyrus SASL supports:

Dovecot SASL supports:

GNU SASL supports:

CRAM-MD5 to Historic:

RFC6331: Moving DIGEST-MD5 to Historic

More informations:

After old TLS version, for TLS 1.3, there is: https://tools.ietf.org/html/draft-ietf-kitten-tls-channel-bindings-for-tls13

And there are other SCRAM too:

It is official, it is here: RFC 9266: Channel Bindings for TLS 1.3:

Little details, to know easily:

  • tls-unique for TLS =< 1.2
  • tls-exporter for TLS = 1.3

Can you add the support?

SCRAM-BIS: https://tools.ietf.org/html/draft-melnikov-scram-bis

See Also: → 1781743
Severity: normal → S3

The bug assignee is inactive on Bugzilla, and this bug has priority 'P1'.
:beurdouche, could you have a look please?

For more information, please visit auto_nag documentation.

Assignee: ryan.sleevi → nobody
Status: ASSIGNED → NEW
Flags: needinfo?(bbeurdouche)

See the comment on status here.

Severity: S3 → N/A
Priority: P1 → P5
See Also: → 1807870
Flags: needinfo?(bbeurdouche)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: