IETF Logo Mail Archive

[dane] checking names in certificates

Tony Finch <dot@dotat.at> Tue, 14 August 2012 11:05 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E64D21F86AF for <dane@ietfa.amsl.com>; Tue, 14 Aug 2012 04:05:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.281
X-Spam-Level:
X-Spam-Status: No, score=-6.281 tagged_above=-999 required=5 tests=[AWL=0.318, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grlrE+mqjVqg for <dane@ietfa.amsl.com>; Tue, 14 Aug 2012 04:05:35 -0700 (PDT)
Received: from ppsw-50.csi.cam.ac.uk (ppsw-50.csi.cam.ac.uk [131.111.8.150]) by ietfa.amsl.com (Postfix) with ESMTP id AC24921F8690 for <dane@ietf.org>; Tue, 14 Aug 2012 04:05:34 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:46261) by ppsw-50.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:25) with esmtpa (EXTERNAL:fanf2) id 1T1EwB-0008Es-pk (Exim 4.72) for dane@ietf.org (return-path <fanf2@hermes.cam.ac.uk>); Tue, 14 Aug 2012 12:05:27 +0100
Received: from fanf2 (helo=localhost) by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1T1EwA-0001jS-WE (Exim 4.67) for dane@ietf.org (return-path <fanf2@hermes.cam.ac.uk>); Tue, 14 Aug 2012 12:05:27 +0100
Date: Tue, 14 Aug 2012 12:05:26 +0100
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: dane@ietf.org
Message-ID: <alpine.LSU.2.00.1208141157010.16769@hermes-2.csi.cam.ac.uk>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Subject: [dane] checking names in certificates
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2012 11:05:36 -0000

RFC 6698 sextion 4 says:

   Some specifications for applications that run over TLS, such as
   [RFC2818] for HTTP, require that the server's certificate have a
   domain name that matches the host name expected by the client.  Some
   specifications, such as [RFC6125], detail how to match the identity
   given in a PKIX certificate with those expected by the user.

In draft-fanf-dane-smtp and draft-fanf-dane-mua I said that clients must
check that the name in the certificate matches the server host name. This
was based on the fairly vague reasoning that this is the normal thing to
do in current code and that it would be simpler to keep this logic in all
cases. However there is a stronger reason. I'm adding this to my security
considerations section:

   Section 4 of the TLSA specification [RFC6698] leaves the details of
   checking names in certificates to higher level application protocols,
   though it suggests the use of [RFC6125].

   Name checking might appear to be unnecessary, since DNSSEC provides a
   secure binding between the server name and the TLSA record, which in
   turn authenticates the certificate.  However this latter step can be
   indirect, via a chain of certificates.  A usage=0 TLSA record only
   authenticates the CA that issued the certificate, and third parties
   can obtain certificates from the same CA.

   So this specification says that SMTP clients check that the server's
   certificate matches the server host name, to ensure that the
   certificate was issued by the CA to the server that the client is
   connecting to.  The client always performs this check regardless of
   the TLSA usage, because the implementation is simpler and so that
   this specification is less likely to need updating when new TLSA
   usages are added.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Rockall, Malin, Hebrides, Bailey: Southeast 4 or 5, occasionally 6 at first,
decreasing 3 for a time later. Slight or moderate, occasionally rough at
first. Thundery showers. Good, occasionally poor.

v2.23.0 | Report a Bug | By Email