Re: [IPsec] Matching of IKE ID on certificate subject and RDN ordering
Tobias Brunner <tobias.brunner@hsr.ch> Fri, 08 May 2020 08:05 UTC
Return-Path: <tobias.brunner@hsr.ch>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C476B3A0886 for <ipsec@ietfa.amsl.com>; Fri, 8 May 2020 01:05:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hsr.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjwPU-IR__k7 for <ipsec@ietfa.amsl.com>; Fri, 8 May 2020 01:05:42 -0700 (PDT)
Received: from mx2.hsr.ch (mx2.hsr.ch [152.96.36.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B50093A04BB for <ipsec@ietf.org>; Fri, 8 May 2020 01:05:42 -0700 (PDT)
X-Virus-Scanned: by SpamTitan at hsr.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hsr.ch; s=hsr1119; t=1588925140; bh=AhSUcP0+CtnQ0i3IlFaic9HUb3TGDqBHfJU5DN70e8Q=; h=Subject:To:References:From:Date:In-Reply-To; b=TThBZ7mwH+XsPUzmttBFVMIDl9I+Ykai5oWcBExHeZx0WTjSFK8y8jI7V40wZRXg2 /v1mBvCng4+YsnTbDd3f1IQ7dGbxFlgjZohLEnDxkzoclEaDhOhNI3EnPLNzIdkmne BOiLz8EcwxvvxYlu7KViX5U70+RT2pOLWcXw39cBm8xfG45Zn6O45I8mZZvzppLJOU gaFj+W3whCt6xFMGSPFvXujIvIPEBjt+h6ldJDw/4ZrZRXLqpTFPpURXH3SYHgn1HL +5LkcjP+/kZXSaIAm3mOK/UlD+t74wv9ek1JZqnkInNn20T1bclXFxRqu3cIaCv37w 8RjHxosmXm+tA==
Authentication-Results: mx2.hsr.ch; none
Received: from [192.168.2.100] (152.96.21.56) by sid00233.hsr.ch (152.96.21.236) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Fri, 8 May 2020 10:05:34 +0200
To: Paul Wouters <paul@nohats.ca>, "ipsec@ietf.org WG" <ipsec@ietf.org>
References: <alpine.LRH.2.21.2005071902140.2069@bofh.nohats.ca>
From: Tobias Brunner <tobias.brunner@hsr.ch>
Message-ID: <70c23d31-3cc8-f1f5-f361-a6b8bdab90b8@hsr.ch>
Date: Fri, 08 May 2020 10:05:33 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <alpine.LRH.2.21.2005071902140.2069@bofh.nohats.ca>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [152.96.21.56]
X-ClientProxiedBy: sid00234.hsr.ch (152.96.21.234) To sid00233.hsr.ch (152.96.21.236)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/LLmXa_Kmm7ek50AbIy5HjwfaG1M>
Subject: Re: [IPsec] Matching of IKE ID on certificate subject and RDN ordering
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2020 08:05:45 -0000
Hi Paul, > For openssl, when checking the subject of the cert, it matches in this > order. but when I generated the same certificate with nss cert-util > and re-read it back in openssl, it showed me: > > CN=server, OU="Global, Support, Services", O=Test Example, L=Brno, ST=Moravia, C=CZ > > Note that C= and CN= are swapped. These are differences in the binary data, not the presentation. That's because, according to the documentation and examples, NSS certutil follows RFC 1485 when it comes to string representations of DNs, which states: The name is presented/input in a little-endian order (most significant component last). The latest RFC that replaced it, RFC 4514, states it this way, which is a bit clearer: Otherwise, the output consists of the string encodings of each RelativeDistinguishedName in the RDNSequence ..., starting with the last element of the sequence and moving backwards toward the first. Why the last RDN first? Could be to see the CN immediately, which usually identifies the actual entity. What you see in OpenSSL is the physical representation in the ASN.1 encoding of the certificate, i.e. the RDNs in their actual order in the RDNSequence. We follow the same principle in strongSwan when logging and parsing DNs. > So technically, when we expect one, receiving the other order would be > wrong. So should we really do matching based on the same order of RDNs. > What do other implementations do? In strongSwan we have an option (charon.rdn_matching) that allows changing how DNs in certificates are matched against configured IKE identities. It defaults to 'strict', which results in what RFC 5280 describes, i.e. all RDNs have to match in the same order (wildcards to ignore the values of RDNs are always allowed). With 'reordered', all RDNs have to be there, but their order doesn't matter. Finally, with 'relaxed', the certificate's DN may additionally contain RNDs that are not configured, which are then treated like wildcards. For example, with 'relaxed' you could configure CN=server which would be the same as configuring C=*, ST=*, L=*, O=*, OU=*, CN=server which matched both certificates with 'relaxed' and 'reordered' but only one with 'strict'. Using 'reordered' and 'relaxed' causes some overhead (memory and runtime) so 'strict' continues to be the default. Regards, Tobias
- [IPsec] Matching of IKE ID on certificate subject… Paul Wouters
- Re: [IPsec] Matching of IKE ID on certificate sub… Tobias Brunner
- [IPsec] Matching of IKE ID on certificate subject… Tero Kivinen