IETF Logo Mail Archive

Re: [TLS] RFC7301 ALPN conflicting objectives about app-specific server certificates

Andrei Popov <Andrei.Popov@microsoft.com> Wed, 01 July 2015 17:02 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 827811A90F1 for <tls@ietfa.amsl.com>; Wed, 1 Jul 2015 10:02:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ylx34g4RQ1A2 for <tls@ietfa.amsl.com>; Wed, 1 Jul 2015 10:02:04 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0117.outbound.protection.outlook.com [207.46.100.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67D241A90E6 for <tls@ietf.org>; Wed, 1 Jul 2015 10:02:04 -0700 (PDT)
Received: from BLUPR03MB1396.namprd03.prod.outlook.com (10.163.81.142) by BLUPR03MB1393.namprd03.prod.outlook.com (10.163.81.14) with Microsoft SMTP Server (TLS) id 15.1.195.15; Wed, 1 Jul 2015 17:02:03 +0000
Received: from BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) by BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) with mapi id 15.01.0195.005; Wed, 1 Jul 2015 17:02:02 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] RFC7301 ALPN conflicting objectives about app-specific server certificates
Thread-Index: AQHQs3MRkef6bIVx+0iShvNHWvsYnZ3FuRMAgAETQoCAAAQzgIAABWyw
Date: Wed, 01 Jul 2015 17:02:02 +0000
Message-ID: <BLUPR03MB1396CB5B90F8F921981A7CF78CA80@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <20150630235340.GI14121@mournblade.imrryr.org> <20150701161851.22FE31A1B2@ld9781.wdf.sap.corp> <20150701163352.GK14121@mournblade.imrryr.org>
In-Reply-To: <20150701163352.GK14121@mournblade.imrryr.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;
x-originating-ip: [2001:4898:80e8:ee31::5]
x-microsoft-exchange-diagnostics: 1; BLUPR03MB1393; 5:nXEgVRJmf5Zx7NSwP7a5RJLrlIGuCFR0a6/oxR9uOTVnJ/XqyG+AhKfqweQlRDC7muLDZMUQkBh81ivCT0L3vEt2vPGrMi4jwQ61LvRoJcDNnHMNkqsAQ3sR+e63qQtTV+vZ/IKypmMJq72EoFs1Mw==; 24:VsR672gfCGsr87Ell1rafQPtBkfF5lclKdnSg36uT4ITDKAm1d8v4aOeLHPGXv44PEKF9LK2k7BnZ8lXMl94H/ryrsUElMN+wVmMTMCOHDk=; 20:xwrz/0aej/bhJZKhRZyTqoD8nEFTEgQBvl2uJ4m6OeyoKiJsFcSMagxx+Lw0qbFiWDy7UJxqvCTSibOm72CF4g==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB1393;
x-microsoft-antispam-prvs: <BLUPR03MB1393FE9EA235980F0E0ADF5E8CA80@BLUPR03MB1393.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:BLUPR03MB1393; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB1393;
x-forefront-prvs: 0624A2429E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(24454002)(51704005)(377454003)(2900100001)(77096005)(15975445007)(102836002)(2501003)(2950100001)(107886002)(189998001)(5001960100002)(92566002)(106116001)(5002640100001)(76576001)(99286002)(19580405001)(46102003)(19580395003)(40100003)(74316001)(33656002)(2351001)(86362001)(2656002)(87936001)(122556002)(77156002)(5003600100002)(62966003)(86612001)(450100001)(50986999)(54356999)(76176999)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB1393; H:BLUPR03MB1396.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jul 2015 17:02:02.8770 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB1393
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/1rA2gsy_zTxxgBqUrac0ayBmhoM>
Subject: Re: [TLS] RFC7301 ALPN conflicting objectives about app-specific server certificates
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2015 17:02:06 -0000

I agree with Victor that there is no conflict. If the server chooses to offer different certificates for different application protocols, such server needs to consider the negotiated ALPN ID while making the resumption decision.

And yes, if the same client alternates between different application protocols, such client can be optimized by caching session state per negotiated application protocol ID.

To me, these are implementation details, and probably not something a mainstream implementation will support. But perhaps a better-written RFC would have included this implementation guidance. I'll try to do better next time:).

Cheers,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Viktor Dukhovni
Sent: Wednesday, July 1, 2015 9:34 AM
To: tls@ietf.org
Subject: Re: [TLS] RFC7301 ALPN conflicting objectives about app-specific server certificates

On Wed, Jul 01, 2015 at 06:18:51PM +0200, Martin Rex wrote:

> >>    Unlike many other TLS extensions, this extension does not establish
> >>    properties of the session, only of the connection.  When session
> >>    resumption or session tickets [RFC5077] are used, the previous
> >>    contents of this extension are irrelevant, and only the values in the
> >>    new handshake messages are considered.
> > 
> > I don't think there's a conflict here.  All that's said is that ALPN 
> > is not a session property, and its value for a previous connection 
> > is not directly relevant for a new connection.  Each connection 
> > signals its own ALPN value.
> 
> There is a very clear conflict here.
> 
> A TLS session resume skips the exchange of credentials&identities 
> (such as certificates), so as a result of a session resumption the 
> session will have the _cached_ certificates from the original full TLS 
> handshake as session attributes.

And yet it is not a conflict.  The specification says ALPN is per-connection.  Since certificates are per-session, either the client or the server need to do the right thing and not re-use sessions that are not compatible with the requested ALPN.

Clients can try to maximize session re-use and leave the logic up to the server (to perform a new handshake when the initial ALPN is associated with a different server identity), or clients can maximize correctness in the face of sloppily implemented servers and avoid reuse of sessions for a different ALPN value.

So indeed most clients should create one session per ALPN value, thus turning ALPN into a session property.  Clients that can reasonably expect correct server logic might leave it up to the server to decide whether to create a new session, or allow re-use, because both the new and the old ALPN value map to the same server identity.

-- 
	Viktor.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email