Re: [TLS] Comments on TLS identity protection
<home_pw@msn.com> Mon, 25 December 2006 23:05 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gyyt3-0002Lj-Rm; Mon, 25 Dec 2006 18:05:41 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gyyt1-0002L0-Vh for tls@ietf.org; Mon, 25 Dec 2006 18:05:39 -0500
Received: from bay0-omc1-s5.bay0.hotmail.com ([65.54.246.77]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gyysz-0004zr-8o for tls@ietf.org; Mon, 25 Dec 2006 18:05:39 -0500
Received: from hotmail.com ([65.54.174.88]) by bay0-omc1-s5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 25 Dec 2006 15:05:36 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 25 Dec 2006 15:05:36 -0800
Message-ID: <BAY103-DAV16CA488319082D81A3B00C92C20@phx.gbl>
Received: from 69.227.152.254 by BAY103-DAV16.phx.gbl with DAV; Mon, 25 Dec 2006 23:05:34 +0000
X-Originating-IP: [69.227.152.254]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: Bodo Moeller <bmoeller@acm.org>, Martin Rex <martin.rex@sap.com>
References: <86vek7pph4.fsf@raman.networkresonance.com><200612192115.WAA22812@uw1048.wdf.sap.corp> <20061220123640.GB21201@tau.invalid>
Subject: Re: [TLS] Comments on TLS identity protection
Date: Tue, 26 Dec 2006 10:14:49 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 25 Dec 2006 23:05:36.0759 (UTC) FILETIME=[302A7070:01C72879]
X-Spam-Score: 2.5 (++)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Normally, client auth is not allowed on a PKI-class ciphersuite, if the server has not performed server auth. (In a mix of PKIand non-pki ciphersuites -during a change-ciher-spec between the two - things are admittedly more ambiguous.) On a PKI-class limited renegotiation case (or a session resumption case), server auth is implied, of course - assuming both enc and mac ciphers mechanism are not NULL. For SSL3 using the RSA ciphersuites, one can ask for client auth on handshake#2, without having provided server cert chain on that second 'shake; server auth being established in the TLS resumed session (and renewed Connection) state. (I've still simply (and honestly) no idea what TLS1.0 TLS1.1 (or either of those stds with their "RFC updates" demands) being entirely different beasts to SSL3.) What https requires - and then what SLS3/TLSx.y+upd. requires - are of course different things. By virtue of its definition, https or other "SSL application" gets to set what the usage profile and the cert requirements are for an SSL/TLS layer 4.51 port. "Usage profile" includes: constraints on cert contents, cert chains rules,root certs, TLS transport handling, handling of cleartext and SSLtext data upon TLS upgrade/downgrade events (LDAP, HTTP1.1). By analogy, the implementor of https gets to set rules like: (1) client cert always requires a new handshake, even on the same TLS Transport connection (2) new server auth via certs is also required, on that second round ----- Original Message ----- From: "Bodo Moeller" <bmoeller@acm.org> To: "Martin Rex" <martin.rex@sap.com> Cc: <tls@ietf.org> Sent: Wednesday, December 20, 2006 4:36 AM Subject: Re: [TLS] Comments on TLS identity protection > On Tue, Dec 19, 2006 at 10:15:01PM +0100, Martin Rex wrote: > >>> However, as you say in most cases the request for client auth >>> is contingent upon seeing the request and so a rehandshake is >>> required here in any case. A one-pass protocol wouldn't work >>> here. > >> I had the same thought but completely failed to point this out. >> >> In the not uncommon case with IIS renegotiating after having >> evaluated the HTTP(S)-request, [...] > > This, by the way, applies not only to IIS servers. The Apache HTTP > server with mod_ssl can also be configured to request client > certificates only for specific requests, which of course is achieved > through a renegotiation. This approach is reasonable not only for > HTTP applications: An SMTP server supporting TLS might perform > certificate-based client authentication only when used as a mail > relay, and finish without attempting client authentication if > a connection only involves local mail delivery. > > Bodo > > > _______________________________________________ > TLS mailing list > TLS@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection badra
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Kyle Hamilton
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- RE: [TLS] Comments on TLS identity protection Peter Williams
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection Bodo Moeller
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection badra
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection badra
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection Badra
- Re: [TLS] Comments on TLS identity protection Omirjan Batyrbaev
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection Martin Rex
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection home_pw