IETF Logo Mail Archive

Re: [TLS] Comments on TLS identity protection

<home_pw@msn.com> Mon, 25 December 2006 23:05 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gyyt3-0002Lj-Rm; Mon, 25 Dec 2006 18:05:41 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gyyt1-0002L0-Vh for tls@ietf.org; Mon, 25 Dec 2006 18:05:39 -0500
Received: from bay0-omc1-s5.bay0.hotmail.com ([65.54.246.77]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gyysz-0004zr-8o for tls@ietf.org; Mon, 25 Dec 2006 18:05:39 -0500
Received: from hotmail.com ([65.54.174.88]) by bay0-omc1-s5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 25 Dec 2006 15:05:36 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 25 Dec 2006 15:05:36 -0800
Message-ID: <BAY103-DAV16CA488319082D81A3B00C92C20@phx.gbl>
Received: from 69.227.152.254 by BAY103-DAV16.phx.gbl with DAV; Mon, 25 Dec 2006 23:05:34 +0000
X-Originating-IP: [69.227.152.254]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: Bodo Moeller <bmoeller@acm.org>, Martin Rex <martin.rex@sap.com>
References: <86vek7pph4.fsf@raman.networkresonance.com><200612192115.WAA22812@uw1048.wdf.sap.corp> <20061220123640.GB21201@tau.invalid>
Subject: Re: [TLS] Comments on TLS identity protection
Date: Tue, 26 Dec 2006 10:14:49 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 25 Dec 2006 23:05:36.0759 (UTC) FILETIME=[302A7070:01C72879]
X-Spam-Score: 2.5 (++)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Normally, client auth is not allowed on a PKI-class ciphersuite, if the 
server has not performed server auth. (In a mix of PKIand non-pki 
ciphersuites -during a change-ciher-spec between the two - things are 
admittedly more ambiguous.)

On a PKI-class limited renegotiation case (or a session resumption case), 
server auth is implied, of course - assuming both enc and mac ciphers 
mechanism are not NULL.

For SSL3 using the RSA ciphersuites, one can ask for client auth on 
handshake#2, without having provided server cert chain on that second 
'shake; server auth being established in the TLS resumed session (and 
renewed Connection) state.

(I've still simply (and honestly) no idea what TLS1.0 TLS1.1 (or either of 
those stds with their "RFC updates" demands) being entirely different beasts 
to SSL3.)

What https requires - and then what SLS3/TLSx.y+upd. requires   - are of 
course different things. By virtue of its definition, https or other "SSL 
application" gets to set  what the usage profile and the cert requirements 
are for an SSL/TLS layer 4.51 port. "Usage profile" includes: constraints on 
cert contents, cert chains rules,root certs, TLS transport handling, 
handling of cleartext and SSLtext data upon TLS upgrade/downgrade events 
(LDAP, HTTP1.1). By analogy, the implementor of https gets to set rules 
like: (1) client cert always requires a new handshake, even on the same TLS 
Transport connection (2) new server auth via certs is also required, on that 
second round


----- Original Message -----
From: "Bodo Moeller" <bmoeller@acm.org>
To: "Martin Rex" <martin.rex@sap.com>
Cc: <tls@ietf.org>
Sent: Wednesday, December 20, 2006 4:36 AM
Subject: Re: [TLS] Comments on TLS identity protection

> On Tue, Dec 19, 2006 at 10:15:01PM +0100, Martin Rex wrote:
>
>>> However, as you say in most cases the request for client auth
>>> is contingent upon seeing the request and so a rehandshake is
>>> required here in any case. A one-pass protocol wouldn't work
>>> here.
>
>> I had the same thought but completely failed to point this out.
>>
>> In the not uncommon case with IIS renegotiating after having
>> evaluated the HTTP(S)-request, [...]
>
> This, by the way, applies not only to IIS servers.  The Apache HTTP
> server with mod_ssl can also be configured to request client
> certificates only for specific requests, which of course is achieved
> through a renegotiation.  This approach is reasonable not only for
> HTTP applications: An SMTP server supporting TLS might perform
> certificate-based client authentication only when used as a mail
> relay, and finish without attempting client authentication if
> a connection only involves local mail delivery.
>
> Bodo
>
>
> _______________________________________________
> TLS mailing list
> TLS@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/tls
> 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email