Re: [TLS] MITM Attacks on Client Authentication after Resumption

Adam Langley <agl@google.com> Tue, 04 March 2014 16:11 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 670F41A00B9 for <tls@ietfa.amsl.com>; Tue, 4 Mar 2014 08:11:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Level:
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g5NfkiwYOMCu for <tls@ietfa.amsl.com>; Tue, 4 Mar 2014 08:11:43 -0800 (PST)
Received: from mail-ve0-x22b.google.com (mail-ve0-x22b.google.com [IPv6:2607:f8b0:400c:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 6E2A51A0194 for <tls@ietf.org>; Tue, 4 Mar 2014 08:11:34 -0800 (PST)
Received: by mail-ve0-f171.google.com with SMTP id cz12so6047695veb.30 for <tls@ietf.org>; Tue, 04 Mar 2014 08:11:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Zpx4YsUIFCQsxED3VySzytLC8PRva2McKke/2qVsWes=; b=jWLAAGaZAkl5ul8/p/Ho2O/EeW4qf8ldBAqBs29Qa7Hv7HYnqb29mZSRlDws3ko3MX l0kL5WwutEKpB6hqwbBXD3V/9x4qxjzOvWoCW8B3fppvWgYNI6adCYf0V6A72mhg8wIo j+uK3uNrrmtu2xHMvrtQ8KJzNVzMCMg4mU88o3iPra/4636XPu3IdItCoC0MOYm/44Me msbUhP4LUhYljYUYHfPCDkQbDGYaTOLiFRHSfRq1IU1onncks45jOhv2Z18hCmtY2sbG 2CK8iBUYXOBdHDIG9FAlHiqmE5xDumNi2y6yGTQDWwt/fs2200Vd2u47+wTYkGgAuhW9 Sd7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Zpx4YsUIFCQsxED3VySzytLC8PRva2McKke/2qVsWes=; b=kdz0BfgSIM5LhHffJgfOmJ6RiU5brGQ1jADERNv7lmlJV7R08RDsZ5nUY0uKZgzDHH W83zWNLFFk9nVUfzNLTumSGPMSaYlxjym65ow3UbuclnvphjYFzQy6KX2RrLkSPuFDkC eD9vopP61UgDuSMa2CVuLoX2gwYcz9KE2v7cCWsJT6rGzQIl9vHwoHw4r3+uIq9pBiPt MdSXaPtsUVNsIXPsZDLJrnKJkb1Err7W15yR+sBLrnrGXxAO6qIKIRxMcQuBbdLKUYKx Glqgs7tlK5GkD0x1lhiSy+ud8h0i+wDWwrDrlKAjGEMROzBAy5/lz6bDghI8odCFMmJh ukHg==
X-Gm-Message-State: ALoCoQlL8ugql7oXc59LEm/bwgMzqtJG0HD2Wif/h7pOixRgZLsIlz4OSAObAUb7HtYHKGPRodvpBb9GBiLCZ57R/5ppIgcuHHNwOD77jX+UtJIJz133wIQ+x9aJvLGT6FNtHsLzWJIBtcn+6nnEfv+YfH9I7/pYBacraFHNWNuEXJhTSLxGs9cFFTWC65Z0Kv8ZDs0/9Og9
X-Received: by 10.58.200.229 with SMTP id jv5mr151942vec.15.1393949490629; Tue, 04 Mar 2014 08:11:30 -0800 (PST)
MIME-Version: 1.0
Received: by 10.52.104.37 with HTTP; Tue, 4 Mar 2014 08:11:10 -0800 (PST)
In-Reply-To: <5315F9BA.4060805@drh-consultancy.co.uk>
References: <20140303193737.2A2251AC36@ld9781.wdf.sap.corp> <5315DD23.30901@drh-consultancy.co.uk> <CABkgnnVYj-2BKwMLTgH-hVxSSGncoppOv-gZhbdBQB=QCBB-Ew@mail.gmail.com> <5315F9BA.4060805@drh-consultancy.co.uk>
From: Adam Langley <agl@google.com>
Date: Tue, 4 Mar 2014 11:11:10 -0500
Message-ID: <CAL9PXLy4KM_bqS3biRqOMsZ7j+mA6uu75GqJVmBF9wC98_3aQA@mail.gmail.com>
To: Dr Stephen Henson <lists@drh-consultancy.co.uk>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/-dR-f8P_t9ty0fJhHCcvjhzsnkg
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] MITM Attacks on Client Authentication after Resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Mar 2014 16:11:50 -0000

On Tue, Mar 4, 2014 at 11:05 AM, Dr Stephen Henson
<lists@drh-consultancy.co.uk> wrote:
> I'd be interested if anyone knows of examples where the server certificate does
> have to change during renegotiation and how common that practice is.

Chrome outright rejects renegotiations where the leaf certificate
changes and we've had no reported issues.


Cheers

AGL