proposal: crypto/tls: implement RFC 5929: Channel Bindings for TLS: tls-server-end-point support

[Neustradamus]

Proposal Details

Dear Golang team, @andres-erbsen (who has added "tls-unique", a part of the RFC 5929),

Can you add the missing "tls-server-end-point" support of RFC 5929: Channel Bindings for TLS?

• https://datatracker.ietf.org/doc/html/rfc5929
• https://www.rfc-editor.org/rfc/rfc5929#section-4

Recently, @simo5 explains why it is needed here: https://mailarchive.ietf.org/arch/msg/kitten/-hhno2IUJQwXOyJT3-CTaKxoOuA/

• XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html
• XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html
• XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html
• XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html

Little details, to know easily:

• tls-unique for TLS =< 1.2 (RFC5929)
• tls-server-end-point =< 1.2 + 1.3 (RFC5929)
• tls-exporter for TLS = 1.3 (RFC9266)

After the jabber.ru MITM, it is time to add it:

• https://notes.valdikss.org.ru/jabber.ru-mitm/
• https://snikket.org/blog/on-the-jabber-ru-mitm/
• https://www.devever.net/~hl/xmpp-incident
• https://blog.jmp.chat/b/certwatch/certwatch

Thanks in advance.

Linked to:

• Channel Binding: State of Play scram-sasl/info#1
• https://github.com/golang-auth/go-channelbinding
• https://github.com/search?q=repo%3Agolang-auth%2Fgo-channelbinding+tls-unique&type=code
• https://github.com/search?q=repo%3Agolang-auth%2Fgo-channelbinding+tls-server-end-point&type=code
• https://github.com/search?q=repo%3Agolang-auth%2Fgo-channelbinding+tls-exporter&type=code
• https://github.com/go-ldap/ldap
• https://github.com/search?q=repo%3Ago-ldap%2Fldap+tls-server-end-point&type=code
• Add RFC 5929 channel binding support for SSPI client go-ldap/ldap#565
• RFC 9266: Channel Bindings for TLS 1.3: tls-exporter support go-ldap/ldap#392
• https://github.com/golang/go
• https://github.com/search?q=repo%3Agolang%2Fgo+tls-unique&type=code
• fce6388
• proposal: crypto/tls: implement RFC 9266: Channel Bindings for TLS 1.3: tls-exporter support #54103
• proposal: crypto/tls: implement RFC 5929: Channel Bindings for TLS: tls-server-end-point support #65047
• https://github.com/google/conscrypt
• https://github.com/search?q=repo%3Agoogle%2Fconscrypt+tls-unique&type=code
• Add support for accessing tls-unique channel binding value. google/conscrypt#388
• RFC 9266: Channel Bindings for TLS 1.3: tls-exporter support google/conscrypt#1078
• RFC 5929: Channel Bindings for TLS: tls-server-end-point support google/conscrypt#1411
• https://github.com/xmppo/go-xmpp
• https://github.com/search?q=repo%3Axmppo%2Fgo-xmpp+tls-unique&type=code
• https://github.com/search?q=repo%3Axmppo%2Fgo-xmpp+tls-server-end-point&type=code
• https://github.com/search?q=repo%3Axmppo%2Fgo-xmpp+tls-exporter&type=code
• SCRAM: Add support for tls-server-end-point channel binding. xmppo/go-xmpp#177 + Tls-server-end-point improvements. xmppo/go-xmpp#178

cc: @flooey, @andres-erbsen, @jake-scott, @Chrizpy, @mdosch.

[ianlancetaylor]

CC @golang/security

[Neustradamus]

Dear @golang, @golang/security team,

Have you progressed on it?

Thanks in advance.

[Neustradamus]

Dear @golang team, @golang/security team, @seankhliao,

Can you look it?

Important to know:

• tls-server-end-point =< 1.2 + 1.3 (RFC5929)

Thanks in advance.