[secdir] Security review of draft-ietf-tls-multiple-cert-status-extension-04

"Hilarie Orman" <ho@alum.mit.edu> Fri, 29 March 2013 20:35 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id C97DA21F8F01; Fri, 29 Mar 2013 13:35:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id KiosWgAsG5Qb; Fri, 29 Mar 2013 13:35:17 -0700 (PDT)
Received: from out03.mta.xmission.com (out03.mta.xmission.com []) by ietfa.amsl.com (Postfix) with ESMTP id 55BCA21F8EF2; Fri, 29 Mar 2013 13:35:11 -0700 (PDT)
Received: from mx03.mta.xmission.com ([]) by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from <hilarie@purplestreak.com>) id 1ULg0z-0004ML-VY; Fri, 29 Mar 2013 14:35:10 -0600
Received: from 166-70-57-249.ip.xmission.com ([] helo=sylvester.rhmr.com) by mx03.mta.xmission.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from <hilarie@purplestreak.com>) id 1ULg0u-00016M-NY; Fri, 29 Mar 2013 14:35:09 -0600
Received: from sylvester.rhmr.com (localhost []) by sylvester.rhmr.com (8.14.4/8.14.3/Debian-9.1ubuntu1) with ESMTP id r2TKYuPu025063; Fri, 29 Mar 2013 14:34:56 -0600
Received: (from hilarie@localhost) by sylvester.rhmr.com (8.14.4/8.14.4/Submit) id r2TKYtu4025061; Fri, 29 Mar 2013 14:34:55 -0600
Date: Fri, 29 Mar 2013 14:34:55 -0600
Message-Id: <201303292034.r2TKYtu4025061@sylvester.rhmr.com>
From: "Hilarie Orman" <ho@alum.mit.edu>
To: iesg@ietf.org, secdir@ietf.org
X-XM-SPF: eid=; ; ; mid=; ; ; hst=mx03.mta.xmission.com; ; ; ip=; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ;iesg@ietf.org, secdir@ietf.org
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
X-SA-Exim-Scanned: Yes (on mx03.mta.xmission.com)
Cc: draft-ietf-tls-multiple-cert-status-extension@tools.ietf.org
Subject: [secdir] Security review of draft-ietf-tls-multiple-cert-status-extension-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Hilarie Orman <ho@alum.mit.edu>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2013 20:35:17 -0000

Security review of draft-ietf-tls-multiple-cert-status-extension-04

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call

The final paragraph in section 2.2 discusses using an unauthenticated
session for the purpose of obtaining certificates in order to
authenticate the session.  Sending usernames and passwords over the
connection while unauthenticated is regarded as "inappropriate".  This
seems to be a serious problem, deserving of at least a "MUST NOT".

In section 2.2, "A server that receive a client hello" should be
"A server that receives a client hello".  Later,
"require trust in the server, and the server certificate has not been"
reads better without the comma.