RFC 9266: Channel Bindings for TLS 1.3 support

Neustradamus commented 1 year ago

Description

Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?

https://datatracker.ietf.org/doc/html/rfc9266

Little details, to know easily:

tls-unique for TLS =< 1.2
tls-server-end-point
tls-exporter for TLS = 1.3

Thanks in advance.

Linked to:

Reproduction Steps

Please read the RFC9266.

Expected behavior

Please read the RFC9266.

Actual behavior

Please read the RFC9266.

Regression?

No response

Known Workarounds

No response

Configuration

No response

Other information

No response

dotnet-issue-labeler[bot] commented 1 year ago

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

ghost commented 1 year ago

Tagging subscribers to this area: @dotnet/ncl, @vcsjones See info in area-owners.md if you want to be subscribed.

Issue Details

### Description Can you add the support of RFC 9266: Channel Bindings for TLS 1.3? - https://datatracker.ietf.org/doc/html/rfc9266 Little details, to know easily: - tls-unique for TLS =< 1.2 - tls-exporter for TLS = 1.3 Thanks in advance. Linked to: - https://github.com/dotnet/runtime/search?q=tls-unique ### Reproduction Steps Please read the RFC9266. ### Expected behavior Please read the RFC9266. ### Actual behavior Please read the RFC9266. ### Regression? _No response_ ### Known Workarounds _No response_ ### Configuration _No response_ ### Other information _No response_

Author:	Neustradamus
Assignees:	-
Labels:	`area-System.Net.Security`, `untriaged`
Milestone:	-

Neustradamus commented 1 year ago

@wfurt, @aik-jahoda, @filipnavara, @hughbe: What do you think?

I have added some info in the main ticket.

wfurt commented 1 year ago

not in 7.0. We may look into it in 8.0. On Windows this comes from schannel. We will need to check what is supported there.

Neustradamus commented 7 months ago

Dear @dotnet team,

Have you progressed on it?

wfurt commented 7 months ago

no, but we may during 9.0. On Windows, this could just work as we depends on schannel implementation. It will need some more research and testing. What is your intended use case @Neustradamus ?

Neustradamus commented 5 months ago

Dear all @dotnet team,

Any news of this security missing problem?

Thanks in advance.

Where I can send an email to security Microsoft team?

jstedfast commented 5 months ago

@wfurt

Hi, I'm the author of MailKit and @Neustradamus has asked me to comment here, although I don't think my comment will go the way he expects.

It appears that @Neustradamus goes around to every single project on GitHub that supports any mode of SASL authentication and requests that they implement support for all of the (numerous) SCRAM-SHA-* authentication mechanisms combined with the channel binding support that the -PLUS variants require.

When he asked me to implement tls-export channel binding support for the SCRAM mechanisms, I told him that I couldn't because .NET's SslStream didn't support it which is how this issue got opened.

Foolishly, I wasted a ton of time implementing all of the SCRAM mechanisms and channel binding support for tls-unique and tls-server-end-point several years ago under the assumption that he had filed these feature requests for MailKit because he needed them (as opposed to him using MailKit and dozens of other hapless projects as evidence that there is wide support for it).

Now I see that not a single human being is asking for SCRAM on any of these products other than @Neustradamus himself, which leads me to conclude that there is absolutely no organic demand for it anywhere.

I'm sure @Neustradamus has all of the best intentions, but I wish that he realized how much wasted effort he is causing for developers across a wide variety of projects that might be better off focusing their effort on other things that matter more.

In conclusion, this is all about checking a checkbox and nothing more as far as I can tell.

My recommendation would be to wait and see if there is any actual organic demand for it. That's my plan from here on out.

Edit:

This was an interesting read on the topic of SCRAM: https://blog.josefsson.org/2021/06/08/whats-wrong-with-scram/

Neustradamus commented 5 months ago

@jstedfast: SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256, SCRAM-SHA-256-PLUS have been added in GNU SASL by @jas4711, the author of your latest link.

You can see a lot of information about SCRAM and Channel Binding and a list of supported projects:

https://github.com/scram-sasl/info/issues/1

Old and unsecure mechanisms like CRAM-MD5 and DIGEST-MD5 have been removed from Cyrus SASL and Cyrus IMAP in master code.

You can see that Cyrus SASL/IMAP, Dovecot, Exim support SCRAM-SHA-*-PLUS and several other softwares, look the uncomplete list.

wfurt commented 5 months ago

thanks for the feedback @jstedfast. I'll ping Windows TLS team to see what is their take on it.

Neustradamus commented 5 months ago

@wfurt: Thanks for your ping to Windows TLS team!

I hope a security solution soon.

It is linked to Microsoft Channel Binding:

https://www.google.com/search?q=microsoft+channel+binding

It is needed to have a compatibility with:

tls-unique for TLS =< 1.2 (RFC5929)
tls-server-end-point (RFC5929)
tls-exporter for TLS = 1.3 (RFC9266)

dotnet / runtime