Imagine you’re playing a game with your friends, and you’ve already agreed on the rules (like setting up a secret handshake). But after the game starts, one of your friends says, “Wait! I want to show my membership card to prove I’m in the club.” You don’t need to stop the game and start over — they can just show the card during the game. That’s kind of how Exported Authenticators work in computer networks. They let someone prove who they are after the secure connection is already set up.

Exported Authenticators (ExpAuth) are a feature in the TLS 1.3 protocol designed to provide mutual authentication after an encrypted session has already been established. Essentially, they allow for client or server authentication to be performed after the initial handshake has completed, without needing to renegotiate a new session. This is useful in scenarios where authentication is deferred or where multiple parties need to authenticate during the same secure connection.

Exported Authenticators in TLS 1.3

In TLS 1.3, the initial handshake sets up a secure encrypted session between a client and server. During this handshake, the server typically authenticates itself to the client using a certificate, and optionally, the client may authenticate itself as well.

However, there are scenarios where it’s beneficial to authenticate after the session has already started, rather than during the handshake. This is where Exported Authenticators (ExpAuth) come into play. They allow for additional or deferred authentication using certificate-based authentication after the handshake is complete, leveraging the existing secure session.

How Exported Authenticators Work

  1. Session Established: First, a TLS 1.3 session is established between the client and server. This session is already encrypted and secure.

  2. Authenticator Export: During or after the session, either the client or server can generate an exported authenticator, which is essentially a cryptographic proof of identity tied to the established session.

  3. Authentication Request: The party that needs to be authenticated (client or server) creates the exported authenticator. This authenticator includes:
    • A certificate proving their identity.
    • A signature created using the session keys from the established TLS session.
  4. Verification: The other party receives the exported authenticator and verifies the proof by checking the signature and certificate against the current session information. If everything matches, the authentication is considered valid, and the connection continues securely without needing a new handshake.

Key Benefits of Exported Authenticators

  • Deferred Authentication: Exported Authenticators allow for deferred or additional authentication to take place after the secure connection has been established, which can be useful in multi-phase authentication processes.

  • No Need for Renegotiation: Traditional TLS would require renegotiating a session to perform new authentication steps. Exported Authenticators avoid this by using the existing session, reducing overhead and potential security issues related to renegotiation.

  • Mutual Authentication: Both the client and server can authenticate each other during an ongoing session, making it ideal for environments where multi-party authentication is required.

Example Use Case

A common use case for Exported Authenticators might be a secure web service that initially only requires the server to authenticate to the client during the TLS handshake (like most HTTPS connections). Later in the session, when the client tries to access sensitive resources, the server may request the client to authenticate using an exported authenticator, without breaking or renegotiating the existing connection.

Standards and Implementation

  • Exported Authenticators are part of the TLS 1.3 specification and described in RFC 8446.
  • Browser vendors and CDNs (e.g., Cloudflare) are slowly adopting these advanced authentication mechanisms, especially in environments requiring enhanced security and mutual trust.

References