Re: [keyassure] Bare keys again
Eric Rescorla <ekr@rtfm.com> Mon, 21 March 2011 15:35 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D79173A687E for <keyassure@core3.amsl.com>; Mon, 21 Mar 2011 08:35:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.937
X-Spam-Level:
X-Spam-Status: No, score=-102.937 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uSA8qv75vQQt for <keyassure@core3.amsl.com>; Mon, 21 Mar 2011 08:35:32 -0700 (PDT)
Received: from mail-gx0-f182.google.com (mail-gx0-f182.google.com [209.85.161.182]) by core3.amsl.com (Postfix) with ESMTP id BE57F3A687C for <keyassure@ietf.org>; Mon, 21 Mar 2011 08:35:32 -0700 (PDT)
Received: by gxk28 with SMTP id 28so3421368gxk.27 for <keyassure@ietf.org>; Mon, 21 Mar 2011 08:37:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.91.82.1 with SMTP id j1mr1930157agl.15.1300721824872; Mon, 21 Mar 2011 08:37:04 -0700 (PDT)
Received: by 10.90.72.16 with HTTP; Mon, 21 Mar 2011 08:37:01 -0700 (PDT)
In-Reply-To: <2DDA94E3-3DF7-4A41-8C80-F1790B07C45C@vpnc.org>
References: <92D68A5E-5CB7-4C80-8D7B-0B8D55D93608@kumari.net> <alpine.LFD.1.10.1103201932370.20162@newtla.xelerance.com> <9D285351-8D73-4C15-BE2C-5DF731C08DCE@vpnc.org> <alpine.LFD.1.10.1103202028110.20162@newtla.xelerance.com> <2DDA94E3-3DF7-4A41-8C80-F1790B07C45C@vpnc.org>
Date: Mon, 21 Mar 2011 08:37:01 -0700
Message-ID: <AANLkTinj=OKZeShVxid0AQvmxkabFsB2OhBtZS7QFqt0@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Bare keys again
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2011 15:35:34 -0000
On Sun, Mar 20, 2011 at 6:10 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On Mar 20, 2011, at 5:40 PM, Paul Wouters wrote: >> Yes, we could make a TLS extension for "public_key" that works like server_name, >> or we could extend server_name to take a new type "public_key", but there >> is simply no need for such an extension, as the server does not need this >> information and cannot do anyting with this information that is not already >> covered with trusted_ca_keys. > > We fully disagree about what the TLS 1.2 spec says. I'm happy to be wrong about this if folks in the TLS WG agree with you, but your interpretation seems novel, to say the least. I understand you not wanting to spend the effort to do this properly with an extension to TLS; however, this WG cannot just say that we don't care about the requirements in TLS 1.2. [Speaking as an individual] IMO the requirements of 5246 are fairly clear here: 7.4.2. Server Certificate When this message will be sent: The server MUST send a Certificate message whenever the agreed- upon key exchange method uses certificates for authentication (this includes all key exchange methods defined in this document except DH_anon). This message will always immediately follow the ServerHello message. Meaning of this message: This message conveys the server's certificate chain to the client. The certificate MUST be appropriate for the negotiated cipher suite's key exchange algorithm and any negotiated extensions. Structure of this message: opaque ASN.1Cert<1..2^24-1>; struct { ASN.1Cert certificate_list<0..2^24-1>; } Certificate; certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case. In other words, when using any of the ordinarily certificate-based cipher suites (i.e., all the ones that everyone actually uses), it is not permissible either to omit the Certificate message or to have it be empty. This is not to say, of course, that you could not design an extension which would modify this behavior, but in the absence of such an extension, any server which does not send its certificate would not comply with RFC 5246. [Speaking as TLS WG Chair] An extension along the lines indicated would change basic properties of TLS and IMO would need to go through the TLS WG, and certainly is outside the remit of this WG. -Ekr
- Re: [keyassure] Issues that no longer issues? Ondřej Surý
- [keyassure] Issues that no longer issues? Warren Kumari
- Re: [keyassure] Issues that no longer issues? Paul Wouters
- [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Stephen Kent
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Phillip Hallam-Baker
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Jeff Schmidt
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Douglas Otis
- Re: [keyassure] Bare keys again Douglas Otis
- Re: [keyassure] Bare keys again Henry Story
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Ben Laurie
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Matt McCutchen