pp7: draft-hodges-server-ident-check-00.txt

' =JeffH ' <Jeff.Hodges@KingsMountain.com> Sun, 10 February 2008 20:19 UTC

Return-Path: <discuss-bounces@ietf.org>
X-Original-To: ietfarch-discuss-archive@core3.amsl.com
Delivered-To: ietfarch-discuss-archive@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 16CAB3A695D; Sun, 10 Feb 2008 12:19:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.335
X-Spam-Status: No, score=0.335 tagged_above=-999 required=5 tests=[BAYES_50=0.001, IP_NOT_FRIENDLY=0.334]
Received: from core3.amsl.com ([]) by localhost (mail.ietf.org []) (amavisd-new, port 10024) with ESMTP id GkFDdOwEYLPt; Sun, 10 Feb 2008 12:19:00 -0800 (PST)
Received: from core3.amsl.com (localhost []) by core3.amsl.com (Postfix) with ESMTP id 8DC1C3A696C; Sun, 10 Feb 2008 12:18:35 -0800 (PST)
X-Original-To: discuss@core3.amsl.com
Delivered-To: discuss@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 451BA3A696A for <discuss@core3.amsl.com>; Sun, 10 Feb 2008 12:18:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([]) by localhost (mail.ietf.org []) (amavisd-new, port 10024) with ESMTP id 9KMCOfxg7EQU for <discuss@core3.amsl.com>; Sun, 10 Feb 2008 12:18:32 -0800 (PST)
Received: from outbound-mail-10.bluehost.com (outbound-mail-10.bluehost.com []) by core3.amsl.com (Postfix) with SMTP id 41D5E3A63EC for <discuss@ietf.org>; Sun, 10 Feb 2008 12:17:34 -0800 (PST)
Received: (qmail 22383 invoked by uid 0); 10 Feb 2008 20:19:00 -0000
Received: from unknown (HELO box7.bluehost.com) ( by mailproxy1.bluehost.com with SMTP; 10 Feb 2008 20:19:00 -0000
Received: from c-98-207-19-194.hsd1.ca.comcast.net ([] helo=KingsMountain.com) by box7.bluehost.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1JOIdf-0001cs-4S; Sun, 10 Feb 2008 13:18:59 -0700
X-Mailer: exmh version 2.7.2 01/07/2005 (debian 1:2.7.2-7) with nmh-1.1
Subject: pp7: draft-hodges-server-ident-check-00.txt
To: discuss@ietf.org
From: ' =JeffH ' <Jeff.Hodges@KingsMountain.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 10 Feb 2008 12:19:08 -0800
X-Identified-User: {32571:box7.bluehost.com:kingsmou:kingsmountain.com} {sentby:bopbeforesmtp authed with kingsmountain.com}
Message-Id: <20080210201734.41D5E3A63EC@core3.amsl.com>
Cc: rlmorgan@washington.edu
X-BeenThere: discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: discuss@ietf.org
List-Id: general discussion of application-layer protocols <discuss.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@ietf.org>
List-Help: <mailto:discuss-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=subscribe>
Sender: discuss-bounces@ietf.org
Errors-To: discuss-bounces@ietf.org

Here's an I-D fresh off the press wrt pp7 - "Server Identity Check". I've also 
submitted it to the I-D repository.


None                                                           J. Hodges
Internet-Draft                                                   NeuStar
Expires: August 13, 2008                                       R. Morgan
                                                       February 10, 2008

                     Generic Server Identity Check

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on August 13, 2008.

Copyright Notice

   Copyright (C) The IETF Trust (2008).

Hodges & Morgan          Expires August 13, 2008                [Page 1]

Internet-Draft             Server Ident Check              February 2008


   This document specifies the how an entity establishing a TLS
   connection, or other PKI-based interaction, with a server should
   verify the server identity.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 4
   3.  Server Identity Check . . . . . . . . . . . . . . . . . . . . . 5
     3.1.  Comparison of DNS Names . . . . . . . . . . . . . . . . . . 6
     3.2.  Comparison of IP Addresses  . . . . . . . . . . . . . . . . 6
     3.3.  Comparison of Other subjectName Types . . . . . . . . . . . 6
   4.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 8
   Intellectual Property and Copyright Statements  . . . . . . . . . . 9

Hodges & Morgan          Expires August 13, 2008                [Page 2]

Internet-Draft             Server Ident Check              February 2008

1.  Introduction

   Establishing a TLS-based connection with a server, or any other sort
   of client-server PKI-based interaction, entails, on the part of the
   client, verifying the "server's identity" based upon information
   presented by the server in its certificate correlated with the
   information about the server ensconced in the Domain Name System

   Presently, various Internet-Drafts utilizing TLS or prescribing PKI-
   based interactions, either prescribe their own server identity check,
   or reference [RFC4513] or its predecesor, [RFC2830]. [there may be
   other I-Ds referencing other specs that describe the equivalent of
   server identity checks]

   Converging our present understanding of this critical aspect of PKI-
   based interactions is desirable in that it will hopefully encourage
   more coherence in specifications and actual implementations thereof,
   as well as ease the burden of crafting new specifications because
   this aspect has been factored out and separately standardized.

   This document extracts the "server identity check" section from
   [RFC4513], with the goal of becoming a stand-alone BCP document
   appropriately referenceable by I-Ds and thus RFCs.

Hodges & Morgan          Expires August 13, 2008                [Page 3]

Internet-Draft             Server Ident Check              February 2008

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [RFC2119].

Hodges & Morgan          Expires August 13, 2008                [Page 4]

Internet-Draft             Server Ident Check              February 2008

3.  Server Identity Check

   In order to prevent man-in-the-middle attacks, the client MUST verify
   the server's identity (as presented in the server's Certificate
   message).  In this section, the client's understanding of the
   server's identity (typically the identity used to establish the
   transport connection) is called the "reference identity".

   The client may map the reference identity to a different type prior
   to performing a comparison.  Mappings may be performed for all
   available subjectAltName types to which the reference identity can be
   mapped; however, the reference identity should only be mapped to
   types for which the mapping is either inherently secure (e.g.,
   extracting the DNS name from a URI to compare with a subjectAltName
   of type dNSName) or for which the mapping is performed in a secure
   manner (e.g., using DNSSEC, or using user- or admin-configured host-
   to-address/address-to-host lookup tables).

   The server's identity may also be verified by comparing the reference
   identity to the Common Name (CN) [RFC4519] value in the leaf Relative
   Distinguished Name (RDN) of the subjectName field of the server's
   certificate.  This comparison is performed using the rules for
   comparison of DNS names in Section, below, with the exception
   that no wildcard matching is allowed.  Although the use of the Common
   Name value is existing practice, it is deprecated, and Certification
   Authorities are encouraged to provide subjectAltName values instead.
   Note that the TLS implementation may represent DNs in certificates
   according to X.500 or other conventions.  For example, some X.500
   implementations order the RDNs in a DN using a left-to-right (most
   significant to least significant) convention instead of LDAP's right-
   to-left convention.

   If the server identity check fails, user-oriented clients SHOULD
   either notify the user (clients may give the user the opportunity to
   continue with the LDAP session in this case) or close the transport
   connection and indicate that the server's identity is suspect.
   Automated clients SHOULD close the transport connection and then
   return or log an error indicating that the server's identity is
   suspect or both.

   Beyond the server identity check described in this section, clients
   should be prepared to do further checking to ensure that the server
   is authorized to provide the service it is requested to provide.  The
   client may need to make use of local policy information in making
   this determination.

Hodges & Morgan          Expires August 13, 2008                [Page 5]

Internet-Draft             Server Ident Check              February 2008

3.1.  Comparison of DNS Names

   If the reference identity is an internationalized domain name,
   conforming implementations MUST convert it to the ASCII Compatible
   Encoding (ACE) format as specified in Section 4 of RFC 3490 [RFC3490]
   before comparison with subjectAltName values of type dNSName.
   Specifically, conforming implementations MUST perform the conversion
   operation specified in Section 4 of RFC 3490 as follows:

   o  in step 1, the domain name SHALL be considered a "stored string";

   o  in step 3, set the flag called "UseSTD3ASCIIRules";

   o  in step 4, process each label with the "ToASCII" operation; and

   o  in step 5, change all label separators to U+002E (full stop).

   After performing the "to-ASCII" conversion, the DNS labels and names
   MUST be compared for equality according to the rules specified in
   Section 3 of RFC3490.

   The '*' (ASCII 42) wildcard character is allowed in subjectAltName
   values of type dNSName, and then only as the left-most (least
   significant) DNS label in that value.  This wildcard matches any
   left-most DNS label in the server name.  That is, the subject
   *.example.com matches the server names a.example.com and
   b.example.com, but does not match example.com or a.b.example.com.

3.2.  Comparison of IP Addresses

   When the reference identity is an IP address, the identity MUST be
   converted to the "network byte order" octet string representation
   [RFC791][RFC2460].  For IP Version 4, as specified in RFC 791, the
   octet string will contain exactly four octets.  For IP Version 6, as
   specified in RFC 2460, the octet string will contain exactly sixteen
   octets.  This octet string is then compared against subjectAltName
   values of type iPAddress.  A match occurs if the reference identity
   octet string and value octet strings are identical.

3.3.  Comparison of Other subjectName Types

   Client implementations MAY support matching against subjectAltName
   values of other types as described in other documents.

Hodges & Morgan          Expires August 13, 2008                [Page 6]

Internet-Draft             Server Ident Check              February 2008

4.  References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, December 1998.

   [RFC2830]  Hodges, J., Morgan, R., and M. Wahl, "Lightweight
              Directory Access Protocol (v3): Extension for Transport
              Layer Security", RFC 2830, May 2000.

   [RFC3490]  Faltstrom, P., Hoffman, P., and A. Costello,
              "Internationalizing Domain Names in Applications (IDNA)",
              RFC 3490, March 2003.

   [RFC4346]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.1", RFC 4346, April 2006.

   [RFC4513]  Harrison, R., "Lightweight Directory Access Protocol
              (LDAP): Authentication Methods and Security Mechanisms",
              RFC 4513, June 2006.

Hodges & Morgan          Expires August 13, 2008                [Page 7]

Internet-Draft             Server Ident Check              February 2008

Authors' Addresses

   Jeff Hodges
   2000 Broadway Street
   Redwood City, CA  94063

   Email: Jeff.Hodges@neustar.biz

   RL 'Bob' Morgan
   Seattle, WA

   Email: rlmorgan@washington.edu

Hodges & Morgan          Expires August 13, 2008                [Page 8]

Internet-Draft             Server Ident Check              February 2008

Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at


   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).

Hodges & Morgan          Expires August 13, 2008                [Page 9]