crypto/tls: RFC 9266: Channel Bindings for TLS 1.3 support

[Neustradamus]

Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?

• https://datatracker.ietf.org/doc/html/rfc9266

Channel Bindings for TLS: https://datatracker.ietf.org/doc/html/rfc5929

• XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html
• XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html
• XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html
• XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html

Little details, to know easily:

• tls-unique for TLS =< 1.2
• tls-server-end-point
• tls-exporter for TLS = 1.3

Thanks in advance.

[ianlancetaylor]

CC @golang/security @FiloSottile

[cherrymui]

I guess this will be added to the crypto/tls package? What would the support look like? Thanks.

[Neustradamus]

@cherrymui: Yes :)

It is linked to:

• https://github.com/golang/go/commit/fce63888cecd22dfc01bf1b6dcb5a1429aecbc17
• https://github.com/golang/go/issues/18842 + https://github.com/golang/go/commit/7bd968fbfdfd943d8bfc3f6f48b47c5fe990f9ba
• https://github.com/golang/go/commit/039c2081d1178f90a8fa2f4e6958693129f8de33
• https://github.com/golang/go/search?q=tlsunique
• https://github.com/golang/go/search?q=tls+unique
• https://github.com/golang/go/search?q=tls+binding

cc: @agl, @andres-erbsen, @FiloSottile, @codesenberg, @seankhliao.

[Neustradamus]

Dear all,

I have update the main description about tls-unique, tls-server-end-point, tls-exporter and I have added XEP-0388/XEP-0440/XEP-0474 links.

I think that you have seen the jabber.ru MITM:

• https://notes.valdikss.org.ru/jabber.ru-mitm/
• https://snikket.org/blog/on-the-jabber-ru-mitm/
• https://www.devever.net/~hl/xmpp-incident
• https://blog.jmp.chat/b/certwatch

[FiloSottile]

RFC 9266, Section 2, says

"tls-exporter" uses Exported Keying Material (EKM), which is already widely exposed by TLS implementations

Indeed, we already support EKM via ConnectionState.ExportKeyingMaterial.

What do you need us to change in crypto/tls?

[Neustradamus]

@FiloSottile: Thanks for your answer but there is not an announcement in code: RFC5929 / RFC9266 And I do not find:

• tls-unique
• tls-server-end-point
• tls-exporter

Example GnuTLS:

• tls-unique: https://gitlab.com/search?search=tls-unique&nav_source=navbar&project_id=179611&group_id=121613&search_code=true&repository_ref=master
• tls-exporter: https://gitlab.com/search?search=tls-exporter&nav_source=navbar&project_id=179611&group_id=121613&search_code=true&repository_ref=master
• tls-server-end-point: https://gitlab.com/search?search=tls-server-end-point&nav_source=navbar&project_id=179611&group_id=121613&search_code=true&repository_ref=master
• rfc5929: https://gitlab.com/search?search=rfc5929&nav_source=navbar&project_id=179611&group_id=121613&search_code=true&repository_ref=master
• rfc9266: https://gitlab.com/search?search=rfc9266&nav_source=navbar&project_id=179611&group_id=121613&search_code=true&repository_ref=master

[morphf]

Is there an update on this?