Re: [keyassure] Bare keys again
Martin Rex <mrex@sap.com> Mon, 21 March 2011 21:40 UTC
Return-Path: <mrex@sap.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EE3C53A68E4 for <keyassure@core3.amsl.com>; Mon, 21 Mar 2011 14:40:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.223
X-Spam-Level:
X-Spam-Status: No, score=-10.223 tagged_above=-999 required=5 tests=[AWL=0.026, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ub8x+n7zWOs for <keyassure@core3.amsl.com>; Mon, 21 Mar 2011 14:40:46 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by core3.amsl.com (Postfix) with ESMTP id 935543A68E8 for <keyassure@ietf.org>; Mon, 21 Mar 2011 14:40:46 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id p2LLgHL1021046 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 21 Mar 2011 22:42:17 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201103212142.p2LLgHQS017649@fs4113.wdf.sap.corp>
To: paul@xelerance.com
Date: Mon, 21 Mar 2011 22:42:17 +0100
In-Reply-To: <alpine.LFD.1.10.1103211631260.20162@newtla.xelerance.com> from "Paul Wouters" at Mar 21, 11 04:39:01 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Bare keys again
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2011 21:40:54 -0000
Paul Wouters wrote: > > On the contrary, that is *exactly* what the goal of 6066 is. It specifies as > reason "memory starved clients" and "reducing bandwidth", but why is that > list treated as an exclusive list? The real purpose of rfc6066 is really only what the last paragraph of the definition of this TLS extension says: http://tools.ietf.org/html/rfc6066#section-6 Servers that receive a client hello containing the "trusted_ca_keys" extension MAY use the information contained in the extension to guide their selection of an appropriate certificate chain to return to the client. In this event, the server SHALL include an extension of type "trusted_ca_keys" in the (extended) server hello. The "extension_data" field of this extension SHALL be empty. The semantics of a "Server Certificate" handshake message with no Certificates in it is UNDEFINED and therefore prohibited. The semantics of a "Client Certificate" handshake message with no Certificates is "NO client certificate" with _no_ slack. The TLS requirement for the Certificate handshake message says this: http://tools.ietf.org/html/rfc5246#section-7.4.2 Structure of this message: opaque ASN.1Cert<1..2^24-1>; struct { ASN.1Cert certificate_list<0..2^24-1>; } Certificate; certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case. There certainly are no "pre_agreed" semantics for the End-Entity(!) certificate in the TLS Certificate handshake message. What might be permissible (but is not an official part of the TLS spec) is to send the certificate chain only up to a signer known to the TLS peer. The CertificateRequest handshake message conveys the signer trusted by the Server to the client, so certificate path validation should be possible for a cert chain up to one of the announced trusted signers. If the client uses the TrustedAuthorities TLS extension, then personally, I would consider it permissible (but that is not officially part of the spec!) for the server to send his own cert chain only up to one of the trusted signers announced by the client through the TrustedAuthorities TLS extension. -Martin
- Re: [keyassure] Issues that no longer issues? Ondřej Surý
- [keyassure] Issues that no longer issues? Warren Kumari
- Re: [keyassure] Issues that no longer issues? Paul Wouters
- [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Stephen Kent
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Phillip Hallam-Baker
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Jeff Schmidt
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Douglas Otis
- Re: [keyassure] Bare keys again Douglas Otis
- Re: [keyassure] Bare keys again Henry Story
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Ben Laurie
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Matt McCutchen