Re: [certid] review of draft-saintandre-tls-server-id-check-09
Martin Rex <mrex@sap.com> Fri, 24 September 2010 23:27 UTC
Return-Path: <mrex@sap.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 372B83A69A8 for <certid@core3.amsl.com>;
Fri, 24 Sep 2010 16:27:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.823
X-Spam-Level:
X-Spam-Status: No, score=-9.823 tagged_above=-999 required=5 tests=[AWL=0.426,
BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mcjpLIeaeYKQ for
<certid@core3.amsl.com>; Fri, 24 Sep 2010 16:26:59 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by
core3.amsl.com (Postfix) with ESMTP id B40693A6814 for <certid@ietf.org>;
Fri, 24 Sep 2010 16:26:58 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id
o8ONRP8d026535 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
verify=OK); Sat, 25 Sep 2010 01:27:30 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201009242327.o8ONRErW003884@fs4113.wdf.sap.corp>
To: matt@mattmccutchen.net (Matt McCutchen)
Date: Sat, 25 Sep 2010 01:27:14 +0200 (MEST)
In-Reply-To: <1285361799.1962.4.camel@mattlaptop2.local> from "Matt McCutchen"
at Sep 24, 10 04:56:39 pm
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal07
X-SAP: out
Cc: certid@ietf.org
Subject: Re: [certid] review of draft-saintandre-tls-server-id-check-09
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 23:27:00 -0000
Matt McCutchen wrote: > > A user who visits https://gmail.com with a modern browser intends the > browser to do whatever https://gmail.com says, which in this case is to > follow a redirect. But what if he does not? As if he had a choice. The only intention that can be reliably deduced from a user supplying an hostname as a target address, is that a user wants to "enter" exactly _that_ site. And server endpoint identification does nothing else than a plausibility check whether the user is entering where he asked to enter. What you describe, and what web browsers are doing, appears to be a pretty bold and unwarranted assertion about what the users intentions must be "by using a modern browser" (I don't think that is a _new_ browser behaviour). > > > The reference identifier that is passed into the server endpoint > > identification for the TLS handshake performed with https://mail.google.com > > results from an untrusted name transformation, and this > > is very relevant for the security considerations of this I-D. > > I'm not sure what kind of trust you were expecting here, but the > transformation is authorized by https://gmail.com, so there is no reason > the user shouldn't trust it for the purpose of interacting with the > service she knows as https://gmail.com . This transformation is _NOT_ authorized by the user, so if anything deserves a scary warning page, then it's this transition. The user only said "enter that site", I do not think it is appropriate for the browser to turn this into "go to that site and totally enslave me". Not everyone might be thrilled by such conduct as much as you make it appear. > > It's true that the security considerations section of the draft states, > "When the connecting application is an interactive client, the source > domain name and service type MUST be provided by a human user", but I > think that is pretty bogus. The intention of this is right on the spot, but it falls short. The important part is that the reference identifier comes only from a source that is trusted by the user or admin of the system, which may be a local preconfiguration, a persisted prior target (e.g. bookmark), or a configuration for a non-interactive client software. If all web-servers on the internet would enable TLS (which is what Google has suggested), your line of thought would mean that everyone will trust everybode else with everything on the internet, starting with a https://www.google.com search. Perfect world? You sure? > > HTTP redirects in a web browser are one of many cases in which using > a source domain from a source other than the user is the expected > behavior. It is expected behaviour for HTTP. Retaining such behaviour for HTTPS will wash most of the original security down the drain. > > These cases are not going to go away > with the publication of the standard. Correct. But "new/modern" browsers are so extremely buggy and dangerous^W^W^Wfeature-rich and constantly enhanced that people will quickly and eagerly upgrade to every new version coming out (so I've been told). > > I would prefer to limit the scope of server-id-check to what happens > after the source domain is provided (e.g., as an argument to an API call > of the client library) and simply emphasize that a conformant client is > only as secure as the source domain it is given. Doing server-id-check for the sole purpose of labeling a software as "RFCxxxx compliant" would be somewhat of a waste of IETF resources. The original idea behind server-id-check was that the client software could ensure that a users valuable or sensitive information is NOT going to be sent to some other site than the one the user requested. By disconnecting the server-id-check requested by the user from the server identity to which the users data will actually be sent, there is nothing much left in terms of security from the original server endpoint identification (which, when based on a software suppliers pre-configured list of ~100 trust anchors, wasn't terribly strong to begin with). -Martin
- [certid] review of draft-saintandre-tls-server-id… Wes Hardaker
- Re: [certid] review of draft-saintandre-tls-serve… Sean Turner
- Re: [certid] review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] review of draft-saintandre-tls-serve… Henry B. Hotz
- Re: [certid] review of draft-saintandre-tls-serve… Martin Rex
- Re: [certid] [TLS] review of draft-saintandre-tls… Marsh Ray
- Re: [certid] [TLS] review of draft-saintandre-tls… Martin Rex
- Re: [certid] review of draft-saintandre-tls-serve… Matt McCutchen
- Re: [certid] review of draft-saintandre-tls-serve… Matt McCutchen
- Re: [certid] review of draft-saintandre-tls-serve… Martin Rex
- Re: [certid] review of draft-saintandre-tls-serve… Matt McCutchen
- Re: [certid] review of draft-saintandre-tls-serve… Martin Rex
- Re: [certid] review of draft-saintandre-tls-serve… Peter Saint-Andre