IETF Logo Mail Archive

Re: [certid] [Gen-art] Gen-ART LC Review of draft-saintandre-tls-server-id-check-11

Ben Campbell <ben@estacado.net> Thu, 09 December 2010 14:51 UTC

Return-Path: <ben@estacado.net>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8BC0B28C128; Thu, 9 Dec 2010 06:51:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.184
X-Spam-Level:
X-Spam-Status: No, score=-1.184 tagged_above=-999 required=5 tests=[AWL=-0.885, BAYES_00=-2.599, MANGLED_LIST=2.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vE+KxNFb93d6; Thu, 9 Dec 2010 06:51:35 -0800 (PST)
Received: from estacado.net (estacado-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:266::2]) by core3.amsl.com (Postfix) with ESMTP id 25BE228C138; Thu, 9 Dec 2010 06:51:25 -0800 (PST)
Received: from [10.0.1.12] (cpe-76-183-178-106.tx.res.rr.com [76.183.178.106]) (authenticated bits=0) by estacado.net (8.14.3/8.14.2) with ESMTP id oB9Eqh64000477 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 9 Dec 2010 08:52:53 -0600 (CST) (envelope-from ben@estacado.net)
References: <4D000C34.5070008@KingsMountain.com> <4D001AF2.7010000@stpeter.im>
In-Reply-To: <4D001AF2.7010000@stpeter.im>
Mime-Version: 1.0 (iPad Mail 8C148)
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Message-Id: <D329AF46-49CC-4DD4-AC14-F8769DA5C12A@estacado.net>
X-Mailer: iPad Mail (8C148)
From: Ben Campbell <ben@estacado.net>
Date: Thu, 09 Dec 2010 08:52:41 -0600
To: Peter Saint-Andre <stpeter@stpeter.im>
Cc: "draft-saintandre-tls-server-id-check.all@tools.ietf.org" <draft-saintandre-tls-server-id-check.all@tools.ietf.org>, General Area Review Team <gen-art@ietf.org>, "certid@ietf.org" <certid@ietf.org>, =JeffH <Jeff.Hodges@KingsMountain.com>
Subject: Re: [certid] [Gen-art] Gen-ART LC Review of draft-saintandre-tls-server-id-check-11
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 14:51:36 -0000

Still WFM.

On Dec 8, 2010, at 5:55 PM, Peter Saint-Andre <stpeter@stpeter.im> wrote:

> And the wordsmithing continues...
> 
> On 12/8/10 3:52 PM, =JeffH wrote:
>> see way below...
>> 
>> PeterSA wrote on Wed, 08 Dec 2010 07:54:52 -0700 (06:54 PST)
>>> 
>>> On 12/8/10 7:37 AM, Ben Campbell wrote:
>>>> 
>>>> 
>>>> On Dec 8, 2010, at 7:10 AM, Peter Saint-Andre <stpeter@stpeter.im>
>>>> wrote:
>>>> 
>>>>> On 12/7/10 10:45 PM, Ben Campbell wrote:
>>>>>> 
>>>>>> On Dec 7, 2010, at 11:12 PM, Peter Saint-Andre wrote:
>>>>>> 
>>>>>>> On 12/7/10 6:35 PM, Ben Campbell wrote:
>>>>>>>> 
>>>>>>>> On Dec 6, 2010, at 7:00 PM, =JeffH wrote:
>>>>>>>> 
>>>>>>>>> Peter Saint-Andre <Peter.SaintAndre@webex.com> replied..
>>>>>>>>>> 
>>>>>>>>>> On 12/3/10 2:24 PM, "Ben Campbell" <ben@nostrum.com>
>>>>>>>>>> wrote:
>>>>>>> 
>>>>>>> <snip/>
>>>>>>> 
>>>>>>>>>>> -- 3.1, 1st paragraph:
>>>>>>>>>>> 
>>>>>>>>>>> It's probably worth emphasizing that the rules are
>>>>>>>>>>> often cumulative.  I think someone thinking about these
>>>>>>>>>>> for the first time might not grasp that until they see
>>>>>>>>>>> examples later in the doc.
>>>>>>>>>> 
>>>>>>>>>> I've added the second sentence to this paragraph:
>>>>>>>>>> 
>>>>>>>>>> When a certification authority issues a certificate based
>>>>>>>>>> on the fully-qualified DNS domain name at which the
>>>>>>>>>> application service provider will provide the relevant
>>>>>>>>>> application, the following rules apply to the
>>>>>>>>>> representation of application service identities.  The
>>>>>>>>>> reader needs to be aware that some of these rules are
>>>>>>>>>> cumulative and can interact in important ways that are
>>>>>>>>>> illustrated later in this document.
>>>>>>>>> 
>>>>>>>>> LGTM.
>>>>>>>> 
>>>>>>>> WFM
>>>>>>>> 
>>>>>>>> In fact, as I was re-reading RFC 5922, it occurred to me to
>>>>>>>> wonder if people need guidance one way or another on the idea
>>>>>>>> of "multi-purpose" certs that might have any number of
>>>>>>>> subjectAltName entries for different purposes. I'm talking
>>>>>>>> about virtual domain hosting, or multi-protocol hosts. I
>>>>>>>> assume in the latter case, you would expect a host to use
>>>>>>>> different certs for different protocols. In the first case,
>>>>>>>> is their any guidance to give. I can't remember, do you
>>>>>>>> mention the TLS server_name extension?
>>>>>>>> 
>>>>>>>> (I don't mean to suggest any real action here--just thinking
>>>>>>>> out loud about something that would have been much better to
>>>>>>>> bring up well before IETF LC. :-)  )
>>>>>>> 
>>>>>>> Those scenarios are important, but IMHO how the server
>>>>>>> determines which certificate to present (e.g., based on the SNI
>>>>>>> or something else, such as the 'to' address on an XMPP stream
>>>>>>> header) is something that an application protocol specification
>>>>>>> needs to define.
>>>>>> 
>>>>>> Agreed. Does this draft need to say that, or do we just take it
>>>>>> as given?
>>>>> 
>>>>> I think it's appropriate to add a few words about that. I
>>>>> suggest...
>>>>> 
>>>>> 1.1
>>>>> 
>>>>> ... When a client connects to an application service using
>>>>> Transport Layer Security [TLS] or Datagram Transport Layer Security
>>>>> [DTLS], it references some notion of the server's identity while
>>>>> attempting to establish a secure connection (e.g., "the website at
>>>>> example.com") and typically specifies at least the DNS domain name
>>>>> with which it is trying to communicate (e.g., using a Server Name
>>>>> Indication during TLS negotiation as described in [TLS-EXT]).
>>>>> 
>>>>> 1.5
>>>>> 
>>>>> presented identifier:  An identifier that is presented by a server
>>>>> to a client within a PKIX certificate when the client attempts to
>>>>> establish a secure connection with the server; the certificate can
>>>>> include one or more presented identifiers of different types, and
>>>>> the certificate presented is typically based on a DNS domain name
>>>>> specified by the client when initiating communication (e.g., using
>>>>> a Server Name Indication during TLS negotiation as described in
>>>>> [TLS-EXT]).
>>>>> 
>>>> 
>>>> Do you think server_name extension use is actually common enough to
>>>> call typical? I'm not saying it's not--I don't really know one way or
>>>> another. Otherwise, WFM.
>> 
>> I don't think the TLS server_name extension (aka SNI) is in common
>> enough use yet to call it "typical". There's a certain
>> still-widely-deployed version of a certain desktop OS that doesn't
>> support it, unfortunately.
> 
> I had changed it to:
> 
>      if the server hosts more than one domain then the certificate it
>      presents might be based on a DNS domain name specified by the
>      client when initiating communication (e.g., using a Server Name
>      Indication during TLS negotiation as described in [TLS-EXT]).
> 
> That seems suitably vague about how common SNI is. But per your message
> I think this might belong in a different place.
> 
>>> We could say "and if the server hosts more than one domain then the
>>> certificate presented is typically based..."
>> 
>> Upon re-reading what we presently have in -11 for [S1.1], I don't think
>> we need to introduce in that intro paragraph the notion of
>> disambiguating names in a multi-domain situation. I'd leave that para
>> as-is.
> 
> Yes, I'd already removed any mention of SNI from Section 1.1.
> 
>> in terms of the defn for "presented identifier" in [S1.5], I'd update it
>> like so (I don't think mentioning SNI is reasonable in that defn proper)..
>> 
>> presented identifier:  An identifier that is presented by a server
>> to a client within a PKIX certificate when the client attempts to
>> establish a secure connection with the server; the certificate can
>> include one or more presented identifiers of different types, and
>> if the server hosts more than one domain then the certificate might
>> present distinct identifiers for each domain.
> 
> WFM.
> 
>> I'm wondering if we ought to add an "implementation note" at the end of
>> [S3.1] where we mention why one might have a cert with multiple
>> presented identifiers or a client may employ SNI.
>> 
>> 
>> Implementation Note:  A given application service may be addressed by
>> multiple domain names for a variety of reasons. In the default [TLS]
>> handshake exchange,
>> there is no indication by the client as to the domain name the client
>> trying to connect to, and the TLS server returns only one certificate
>> for itself. Thus absent an extension to [TLS], a typical workaround used
>> to facilitate mapping an application service to multiple domain names is
>> to embed the said domain names into the returned application service
>> certificate. Another approach, more recent and formally specified, is
>> for the client to use the TLS "Server Name Indication" extension, when
>> sending the client_hello message, stipulating the domain name the client
>> used to connect with the application service. The application service
>> can then return the appropriate certificate in its Certificate message.
>> This latter certificate could thus contain a single domain name.
>> 
>> of course, the FDA notes that the above will require generous
>> wordsmithing before use.
> 
> Wordsmithed as follows:
> 
> ##
> 
> 5.4.  Multiple Identifiers
> 
>   A given application service might be addressed by multiple DNS domain
>   names for a variety of reasons, and a given deployment might service
>   multiple domains (e.g., in so-called "virtual hosting" environments).
>   In the default TLS handshake exchange, the client is not able to
>   indicate the DNS domain name with which it wants to communicate, and
>   the TLS server returns only one certificate for itself.  Absent an
>   extension to TLS, a typical workaround used to facilitate mapping an
>   application service to multiple DNS domain names is to embed all of
>   the domain names into a single certificate.
> 
>   A more recent approach, formally specified in [TLS-EXT], is for the
>   client to use the TLS "Server Name Indication" (SNI) extension when
>   sending the client_hello message, stipulating the DNS domain name it
>   desires or expects of the service.  The service can then return the
>   appropriate certificate in its Certificate message, and that
>   certificate can represent a single DNS domain name.
> 
>   To accommodate the workaround that was needed before the development
>   of the SNI extension, this specification allows multiple DNS-IDs,
>   SRV-IDs, or URI-IDs in a certificate; however, it explicitly
>   discourages multiple CN-IDs.  Although it would be preferable to
>   forbid multiple CN-IDs entirely, there are several reasons at this
>   time why this specification states that they SHOULD NOT (instead of
>   MUST NOT) be included:
> 
>   o  At least one significant technology community of interest
>      explicitly allows multiple CN-IDs [EV-CERTS].
> 
>   o  At least one significant certification authority is known to issue
>      certificates containing multiple CN-IDs.
> 
>   o  Many service providers often deem inclusion of multiple CN-IDs
>      necessary in virtual hosting environments because at least one
>      widely-deployed operating system does not yet support the SNI
>      extension [TLS-EXT].
> 
>   It is hoped that the recommendation regarding multiple CN-IDs can be
>   further tightened in the future.
> 
> ###
> 
> 
> 
> _______________________________________________
> Gen-art mailing list
> Gen-art@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email