]> TU Dresden

muhammad_usama.sardar@tu-dresden.de

Security Transport Layer Security This document applies only to non-trivial extensions of TLS, which require formal analysis. It proposes the authors specify a threat model and informal security goals in the Security Considerations section, as well as motivation and a protocol diagram in the draft. We also briefly present a few pain points of the team doing the formal analysis which -- we believe -- require refining the process:

• Provide protection against FATT-bypass by other TLS-related WGs
• Contacting FATT
• ML-KEM
• Understanding the opposing goals
• Response within reasonable time frame

About This Document The latest revision of this draft can be found at . Status information for this document may be found at . Discussion of this document takes place on the Transport Layer Security Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction While the TLS FATT process marks a historic change in achieving high cryptographic assurances by tightly integrating formal methods in the working group (WG) process, the current FATT process has some practical limitations. Given a relatively smaller formal methods community, and a steep learning curve as well as very low consideration of usability in the existing formal analysis tools, this document proposes some solutions to make the FATT process sustainable. Specifically, the TLS FATT process does not outline the division of responsibility between the authors and the team doing the formal analysis (the latter is hereafter referred to as the "Verifier"). This document aims to propose some solutions without putting an extensive burden on either party. An argument is often presented by the authors that an Internet-Draft is written for the implementers. We make several counter-arguments here:

• Researchers and protocol designers are also stakeholders of such specifications .
• Even implementers may like to understand the security implications before blindly starting to implement it.
• With the FATT process, this argument is clearly invalid. The Verifier may not be an implementer.

This document outlines the corresponding changes in the way Internet-Drafts are typically written. For the Internet-Draft to be useful for the formal analysis, this document proposes that the draft should contain four main items, namely:

• motivation,
• a threat model,
• informal security goals, and
• a protocol diagram ().

Each one of these is summarized in . Future versions of this draft will include concrete examples. Responsibilities of the Verifier are summarized in .

Motivation A clear separation of responsibilities would help IRTF UFMRG to train the authors and verifiers separately to fulfill their own responsibilities. Moreover, we believe that the experiences can help improve the FATT process. The goal is to document the identified gaps with concrete examples, discuss those and mutually find the best way forward.

Scope The scope of this document is only non-trivial extensions of TLS, which require formal analysis.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Protocol Diagram In the context of this document, a Protocol Diagram specifies the proposed cryptographically-relevant changes compared to the standard TLS protocol . This is conceptually similar to the Protocol Model in . However, while only recommends diagrams, we consider diagrams to be essential.

Verifier In this document, the Verifier refers to the team doing the formal analysis. Note that it is NOT a new formal role in the WG process.

Definition of Attack Any ambiguity originating from the threat model, informal security goals, and a Protocol Diagram is to be considered as an attack. The authors are, therefore, encouraged to be as precise as possible. The Verifier may propose text for consideration by authors/WG to disambiguate or propose a fix to the attack.

Pain Points of Verifier From the two extremes -- where Russ kindly provided all requested inputs and we were able to get it through (with a small change) without any formal analysis to where formal analysis revealed vulnerabilities and resulted in a separate WG to tackle this problem -- we summarize the pain points of the Verifier with the hope that we can refine the process. Note that we are not at all asserting that the authors have no pain points. They very likely have their own -- that is another indication that the process needs a refinement.

Provide Protection Against FATT-bypass by Other TLS-related WGs TLS-related WGs in particular those where the representation of TLS WG is a minority -- including the one (SEAT WG) that the author has defended himself as one of the six proponents -- MUST NOT be allowed to make changes to the TLS protocol beyond what is explicitly allowed in their charter. If rechartering of such WGs is absolutely unavoidable and includes non-trivial changes to the TLS protocol, it MUST only be done after agreement with the TLS WG. This will prevent the short-circuit path for FATT. If the WG does not have proper FATT-like process, TLS WG may request FATT review before WGLC. In short, our concern is: For example, makes key schedule level changes, breaks the SEAT WG charter and SEAT WG has no formal FATT-like process.

Contacting FATT The FATT process restricts the Verifier from contacting the FATT directly. We argue that the Verifier should be allowed to contact the FATT (at least the FATT person for a specific draft) because of the following reasons:

• Formal methods community is small and within this small community, those with deep knowledge of TLS are quite limited.

• The feedback we receive on the list is really limited.
• Communication via chairs is a source of misunderstandings, as it has already happened with the chairs summarizing the intent of "Tamarin-like" to just "Tamarin".

ML-KEM

Formal analysis (Work-in-progress) We have presented observation from our ongoing symbolic security analysis (cf. limitations in ) using ProVerif on the mailing list. We argue that in general:

1. Migration from ECDHE to hybrid is security improvement.
2. Migration from hybrid to pure ML-KEM is security regression.

Hybrid PQ/T More formally, the property hybrid PQ/T should provide is: Hybrid preserves ECDHE, and adds ML-KEM as an additional factor. So as long as one of them is not broken, the system is secure. In particular, even if ML-KEM is completely broken, the system retains the security level of ECDHE.

Non-hybrid PQ On the other hand, the formal property non-hybrid PQ provides is: If ML-KEM is broken, the whole system is broken.

Comparison Leak out the ECDHE key from hybrid PQ/T and you get a pure ML-KEM. Clearly, hybrid is in general more secure, unless ECDHE is fully broken, in which case it still falls equivalent to pure ML-KEM, or in the hypothetical scenario that there is an implementation bug in the ECDHE part which is triggered only in composition.

"Cost" "Cost" has been presented on the list as the motivation for ML-KEM but no authentic reference has yet been presented. There seems to be a need for a thorough study to understand the "cost."

Understanding the Opposing Goals The authors need to understand that the task of the Verifier is to find the subtle corner cases where the protocol may fail. This is naturally opposed to the goal of the authors -- that is, to convince the WG that the protocol is good enough to be adopted/published. In particular, some topics like remote attestation need more precise specifications because small changes or ambiguites may make a big difference.

Response within reasonable time frame If authors do not respond to the Verifier's questions within a reasonable time frame (say a few weeks but not months), the Verifier may not pursue formal analysis of their draft.

Proposed solutions In addition to those mentioned inline in the previous section, we propose the following:

Scope of FATT

• Be more explicit on:
  • what is the scope of FATT?
  • what kind of drafts need FATT review and why? Discussion on this is happening in issue 19.

Discussion at Meeting So at least some time should be allocated in the meetings for discussion of formal analysis. If the authors are doing the formal analysis themselves, it would be helpful to also present the current state of formal analysis in meetings for discussion. This may be a single slide describing:

• Approach used: symbolic or computational
• Tool used: ProVerif, CryptoVerif etc.
• Properties established

This will help the Verifier give any feedback and avoid any repititive effort.

Responsibilities of Authors This document proposes that the authors provide the following four items:

Motivation The motivation of the work (i.e., the proposed extension of TLS) needs to primarily come from the authors. The Verifier can ask questions to improve it, but he cannot just cook it up.

Threat Model A threat model identifies which threats are in scope for the protocol design. So it should answer questions like:

• What are the capabilities of the adversary? What can the adversary do?
• Whether post-quantum threats are in scope?
• What can go wrong in the system? etc.

Typical Dolev-Yao adversary A typical threat model assumes the classical Dolev-Yao adversary, who has full control over the communication channel. Any additional adversary capabilities and assumptions must be explicitly stated.

Potential Weaknesses of Cryptographic Primitives In general, it also outlines the potential weaknesses of the cryptographic primitives used in the proposed protocol extension. Examples include:

• weak hash functions
• weak Diffie-Hellman (DH) groups
• weak elements within strong DH groups

Keys This section should specify any keys in the system (e.g., long-term keys of the server) in addition to the standard TLS key schedule. Theoretically and arguably practically, any key may be compromised (i.e., become available to the adversary). For readability, we propose defining each key clearly as in Section 4.1 of . Alternatively, present as a table with the following entries for each key:

• Name (or symbol) of the key
• Purpose of the key
• (optionally but preferably -- particularly when the endpoint is not fully trusted) Which software in the system has access to the key?

If more than one servers are involved (such as migration cases), the keys for servers should be distinguished in an unambiguous way.

Informal Security Goals Knowing what you want is the first step toward achieving it. Hence, informal security goals such as integrity, authentication, freshness, etc. should be outlined in the Internet-Draft. If the informal security goals are not spelled out in the Internet-Draft, it is safe to assume that the goals are still unclear to the authors. Examples:

• Integrity of message X holds unless some key Y is leaked.
• Freshness of message X holds unless some key Y or some key Z is leaked.
• Server Authentication holds unless some key Y or some key Z is leaked.

See Section 5.1 of for concrete examples.

Protocol Diagram A Protocol Diagram should clearly mention the initial knowledge of the protocol participants, e.g., which authentic public keys are known to the protocol participants at the start of the protocol. An example of a Protocol Diagram for is provided in Figure 5 in .

Document Structure While the needs may differ for some drafts, we propose the following baseline template, with an example of : The template is:

• Easy for readers
• Easy for reviewers
• Easy for formal analysis

TODO: Currently it is almost a copy of the guidance email to the authors. We will add details in next versions.

Introduction

• Problem statement: Say in general what the problem is.
• For , we believe this should not include CATS. Anyone unfamiliar with CATS should be able to understand your problem.

Terminology

• Define any terms not defined in RFC8446bis or point to other drafts from where the definition is used.

Motivation and design rationale

• We really like how Russ motivates the problem statement in . Use it as a sample.
• Here authors should address all the concerns from WG, including justification with compelling arguments and authentic references why authors think it should be done within TLS WG (and within handshake).
• For , authors could put CATS here as a motivational use case.

Proposed solution (one or more sections)

• Protocol design with Protocol Diagram: we work on the formal analysis of TLS 1.3 exclusively. Please contact someone else if your draft relates to older versions.

Security considerations

Threat model

Desired security goals As draft proceeds these desired security goals will become what the draft actually achieves.

Other security implications/considerations

Responsibilities of Verifier When the authors declare the version as ready for formal analysis, the Verifier takes the above inputs, performs the formal analysis, and brings the results back to the authors and the WG. Based on the analysis, the verifier may propose updates to the Security Considerations section or other sections of the Internet-Draft.

Security Considerations The whole document is about improving security considerations. Like all security proofs, formal analysis is only as strong as its assumptions and model. The scope is typically limited, and the model does not necessarily capture real-world deployment complexity, implementation details, operational constraints, or misuse scenarios. Formal methods should be used as complementary and not as subtitute of other analysis methods.

IANA Considerations This document has no IANA actions.

References Normative References IETF TLS WG In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References Independent This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705, 6066, 7627, and 8422 and obsoletes RFCs 5077, 5246, 6961, 8422, and 8446. This document also specifies new requirements for TLS 1.2 implementations. Intuit Arm Limited Arm Limited Arm Limited Huawei Linaro The TLS handshake protocol allows authentication of one or both peers using static, long-term credentials. In some cases, it is also desirable to ensure that the peer runtime environment is in a secure state. Such an assurance can be achieved using attestation which is a process by which an entity produces evidence about itself that another party can use to appraise whether that entity is found in a secure state. This document describes a series of protocol extensions to the TLS 1.3 handshake that enables the binding of the TLS authentication key to a remote attestation session. This enables an entity capable of producing attestation evidence, such as a confidential workload running in a Trusted Execution Environment (TEE), or an IoT device that is trying to authenticate itself to a network access point, to present a more comprehensive set of security metrics to its peer. These extensions have been designed to allow the peers to use any attestation technology, in any remote attestation topology, and mutually. Internet Architecture Board The IETF process depends on peer review. However, IETF documents are generally written to be useful for implementors, not reviewers. In particular, while great care is generally taken to provide a complete description of the state machines and bits on the wire, this level of detail tends to get in the way of initial understanding. This document describes an approach for providing protocol "models" that allow reviewers to quickly grasp the essence of a system. This memo provides information for the Internet community. Cryptography Consulting LLC Cloudflare, Inc. This document provides guidelines and best practices for writing technical specifications for cryptography protocols and primitives, targeting the needs of implementers, researchers, and protocol designers. It highlights the importance of technical specifications and discusses strategies for creating high-quality specifications that cater to the needs of each community, including guidance on representing mathematical operations, security definitions, and threat models. Vigil Security, LLC This document specifies a TLS 1.3 extension that allows TLS clients and servers to authenticate with certificates and provide confidentiality based on encryption with a symmetric key from the usual key agreement algorithm and an external pre-shared key (PSK). This Standards Track RFC (once approved) obsoletes RFC 8773, which was an Experimental RFC. Intuit Arm Limited Arm Limited Linaro Nokia The TLS handshake protocol allows authentication of one or both peers using static, long-term credentials. In some cases, it is also desirable to ensure that the peer runtime environment is in a secure state. Such an assurance can be achieved using remote attestation which is a process by which an entity produces Evidence about itself that another party can use to appraise whether that entity is found in a secure state. This document describes a series of protocol extensions to the TLS 1.3 handshake that enable the binding of the TLS authentication key to a remote attestation session. This enables an entity capable of producing attestation Evidence, such as a confidential workload running in a Trusted Execution Environment (TEE), or an IoT device that is trying to authenticate itself to a network access point, to present a more comprehensive set of security metrics to its peer. These extensions have been designed to allow the peers to use any attestation technology, in any remote attestation topology, and to use them mutually. This document specifies a TLS 1.3 extension that allows a server to authenticate with a combination of a certificate and an external pre-shared key (PSK). SandboxAQ This memo defines ML-KEM-512, ML-KEM-768, and ML-KEM-1024 as NamedGroups and and registers IANA values in the TLS Supported Groups registry for use in TLS 1.3 to achieve post-quantum (PQ) key establishment. China Telecom China Telecom Palo Alto Networks Palo Alto Networks This draft proposes a service affinity solution between client and server based on Transport Layer Security (TLS). An extension to Transport Layer Security (TLS) 1.3 to enable session migration. This mechanism is designed for network architectures, particularly for multi-homed servers that possess multiple network interfaces and IP addresses. This document describes the guidelines and procedures for formation and operation of IETF working groups. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.

Appendix

Document History -05

• Removed process-related stuff
• Moved discussion at meeting to solutions
• Added ML-KEM

-04

• Extended threat model
• Helpful discussions on formal analysis in meetings in
• Pointer to formal analysis and costs in

-03

• Limitations of formal analysis in security considerations
• Proposed solutions section
• More guidance for authors: Threat Model and Informal Security Goals

-02

• Added document structure
• FATT-bypass by Other TLS-related WGs
• FATT process not being followed

-01

• Pain points of Verifier
• Small adjustment of phrasing

Acknowledgments We thankfully acknowledge Eric Rescorla and John Mattsson for their valuable input. The research work is funded by Deutsche Forschungsgemeinschaft.