IETF Logo Mail Archive

Re: [keyassure] Interpreting certificates (and summary)

Martin Rex <mrex@sap.com> Wed, 23 February 2011 20:38 UTC

Return-Path: <mrex@sap.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BD79B3A6A5E for <keyassure@core3.amsl.com>; Wed, 23 Feb 2011 12:38:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.232
X-Spam-Level:
X-Spam-Status: No, score=-10.232 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdewbWTg9yCI for <keyassure@core3.amsl.com>; Wed, 23 Feb 2011 12:38:49 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 79F113A6A5F for <keyassure@ietf.org>; Wed, 23 Feb 2011 12:38:49 -0800 (PST)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id p1NKdXCT007210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 23 Feb 2011 21:39:34 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201102232039.p1NKdXR2008868@fs4113.wdf.sap.corp>
To: hallam@gmail.com
Date: Wed, 23 Feb 2011 21:39:32 +0100
In-Reply-To: <AANLkTi=-bGc1ws0VvrsudV55GRk6KasSsydtiWMTNyua@mail.gmail.com> from "Phillip Hallam-Baker" at Feb 23, 11 02:45:31 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: keyassure@ietf.org, i.grok@comcast.net
Subject: Re: [keyassure] Interpreting certificates (and summary)
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2011 20:38:50 -0000

It seems were quoting / replying to the wrong mail.

Phillip Hallam-Baker wrote:
> 
> BER encoding is supported by practically every ASN.1 library. It is
> identical semantically to DER which is a pain in the patootie.
> 
> From a drafting perspective, I would first state that the identifier
> corresponds to an X.509v3 cert without mentioning encoding at all.

I don't think that mentioning the encoding creates a problem.  My main
concern at this point was about "DER" alone rather than "ASN.1 DER".


> 
> Then I would follow that with a statement that the TLS protocol requires
> certificates to conform to the X.509v3 requirement for DER encoding and the
> requirements of the PKIX certificate profile.

Which is pretty much plain wrong.  ;-)

Nothing in TLS precludes the use of X.509v1 certs,
The last sentence of Section 1 of all TLS documents (2246,4346,5246) reads:

                         The TLS standard, however, does not specify how
   protocols add security with TLS; the decisions on how to initiate TLS
   handshaking and how to interpret the authentication certificates
   exchanged are left to the judgment of the designers and implementors
   of protocols that run on top of TLS.

Which clearly explains that PKIX is just one possible approach to
interpreting the certificates exchange -- and definitely not the
only one.

Similarily, RFC-2818, the informational RFC which describes how
"HTTP Over TLS" is commonly performed says this:

   If the client has external information as to the expected identity of
   the server, the hostname check MAY be omitted. (For instance, a
   client may be connecting to a machine whose address and hostname are
   dynamic but the client knows the certificate that the server will
   present.)

Which describes a case where the TLS server certificate matching
is a PKIX-free memcmp() on X.509 certificates.


> 
> Specifying X.509v3

If you keep sticking the v3 onto X.509, then you're creating
a necessity for a bare public key format.

While I'm pretty sure that self-signed end-entity X.509v1 certs
interoperate with all TLS implementations I've tested, I'm not aware
of a definition of a self-signed EndEntity X.509v3 cert (that isn't
in conflict with some version of X.509v3).


>                    in DER encoding may appear to be more precise and less
> ambiguous, but might well actually introduces ambiguity since another
> interpretation of the statement is that there should be an additional ASN.1
> structure wrapping the cert.

If there was a wrapping ASN.1 structure, it would be named and its
ASN.1 definition appear in an Appendix of the document.  I don't think
that the document will grow the necessary level of ambiguity for this
to happen.

-Martin

v2.23.0 | Report a Bug | By Email