idnits 2.17.1 draft-josefsson-sasl-tls-cb-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 14. -- Found old boilerplate from RFC 3978, Section 5.5 on line 169. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 146. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 153. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 159. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 24, 2006) is 6608 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2222 (ref. '2') (Obsoleted by RFC 4422, RFC 4752) ** Obsolete normative reference: RFC 2246 (ref. '3') (Obsoleted by RFC 4346) Summary: 5 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Josefsson 3 Internet-Draft March 24, 2006 4 Expires: September 25, 2006 6 Channel bindings for SASL over TLS 7 draft-josefsson-sasl-tls-cb-00 9 Status of this Memo 11 By submitting this Internet-Draft, each author represents that any 12 applicable patent or other IPR claims of which he or she is aware 13 have been or will be disclosed, and any of which he or she becomes 14 aware will be disclosed, in accordance with Section 6 of BCP 79. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 This Internet-Draft will expire on September 25, 2006. 34 Copyright Notice 36 Copyright (C) The Internet Society (2006). 38 Abstract 40 This document define how to compute data that is bound to a specific 41 Transport Layer Security (TLS) session, for use by Simple 42 Authentication and Security Layer (SASL) mechanisms. 44 Table of Contents 46 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 47 2. Conventions Used in this Document . . . . . . . . . . . . . . . 3 48 3. Deriving the Channel Binding . . . . . . . . . . . . . . . . . 3 49 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3 50 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 51 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 4 52 6.1. Normative References . . . . . . . . . . . . . . . . . . . 4 53 6.2. Informative References . . . . . . . . . . . . . . . . . . 4 54 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 55 Intellectual Property and Copyright Statements . . . . . . . . . . 6 57 1. Introduction 59 Binding an authentication attempt to a specific encrypted session can 60 protect from certain attacks [4]. This document describe how to 61 generate data that can be used by SASL [2] mechanisms to bind it to a 62 specific TLS [3] session. 64 An application that use SASL under TLS is responsible for deriving 65 channel binding data for use by SASL. This document make it possible 66 to derive channel bindings that can be used by any SASL mechanism. 67 Compared to specifying TLS channel bindings for each and every SASL 68 mechanism, the process described below enable an interface between 69 applications and SASL implementations that is not mechanism specific. 71 2. Conventions Used in this Document 73 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 74 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 75 document are to be interpreted as described in [1]. 77 3. Deriving the Channel Binding 79 The TLS Pseudo-Random Function (PRF) generate, using the constant 80 string "SASL channel binding", and based on the master secret and the 81 random values established during a TLS handshake, a 64 octet string 82 that make up the SASL channel binding data. 84 Using the terminology of TLS [3], the SASL channel binding data is 85 computed as follows: 87 SASL_channel_binding = 88 PRF(SecurityParameters.master_secret, 89 "SASL channel binding", 90 SecurityParameters.server_random + 91 SecurityParameters.client_random) [0..64]; 93 The derived data MUST NOT be used for any other purpose than in 94 combination with an SASL authentication. 96 4. IANA Considerations 98 None. 100 5. Security Considerations 102 It is critical to protect the TLS master secret. 104 We claim that by appropriately using the channel binding data derived 105 from a TLS session a SASL mechanism can protect itself from the 106 attacks in attacks [4]. To guarantee this property, the derived data 107 is only to be used for the intended purpose. 109 The security considerations in SASL and TLS should also be 110 considered. 112 6. References 114 6.1. Normative References 116 [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement 117 Levels", BCP 14, RFC 2119, March 1997. 119 [2] Myers, J., "Simple Authentication and Security Layer (SASL)", 120 RFC 2222, October 1997. 122 [3] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", 123 RFC 2246, January 1999. 125 6.2. Informative References 127 [4] Asokan, N., Niemi, V., and K. Nyberg, "Man-in-the-Middle in 128 Tunneled Authentication", 129 WWW http://www.saunalahti.fi/~asokan/research/mitm.html. 131 Author's Address 133 Simon Josefsson 135 Email: simon@josefsson.org 137 Intellectual Property Statement 139 The IETF takes no position regarding the validity or scope of any 140 Intellectual Property Rights or other rights that might be claimed to 141 pertain to the implementation or use of the technology described in 142 this document or the extent to which any license under such rights 143 might or might not be available; nor does it represent that it has 144 made any independent effort to identify any such rights. Information 145 on the procedures with respect to rights in RFC documents can be 146 found in BCP 78 and BCP 79. 148 Copies of IPR disclosures made to the IETF Secretariat and any 149 assurances of licenses to be made available, or the result of an 150 attempt made to obtain a general license or permission for the use of 151 such proprietary rights by implementers or users of this 152 specification can be obtained from the IETF on-line IPR repository at 153 http://www.ietf.org/ipr. 155 The IETF invites any interested party to bring to its attention any 156 copyrights, patents or patent applications, or other proprietary 157 rights that may cover technology that may be required to implement 158 this standard. Please address the information to the IETF at 159 ietf-ipr@ietf.org. 161 Disclaimer of Validity 163 This document and the information contained herein are provided on an 164 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 165 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 166 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 167 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 168 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 169 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 171 Copyright Statement 173 Copyright (C) The Internet Society (2006). This document is subject 174 to the rights, licenses and restrictions contained in BCP 78, and 175 except as set forth therein, the authors retain all their rights. 177 Acknowledgment 179 Funding for the RFC Editor function is currently provided by the 180 Internet Society.