Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert

Michael D'Errico <mike-list@pobox.com> Wed, 09 June 2010 14:29 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6ACA328C0E6 for <tls@core3.amsl.com>; Wed, 9 Jun 2010 07:29:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.259
X-Spam-Level:
X-Spam-Status: No, score=-1.259 tagged_above=-999 required=5 tests=[AWL=0.740, BAYES_00=-2.599, J_CHICKENPOX_15=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4qkDUnmLuEKY for <tls@core3.amsl.com>; Wed, 9 Jun 2010 07:29:21 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by core3.amsl.com (Postfix) with ESMTP id 0DA923A679F for <tls@ietf.org>; Wed, 9 Jun 2010 07:29:19 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 715BDBAC8C; Wed, 9 Jun 2010 10:29:20 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=jqGajdugSoWQ sFdpdwfSUgwHHuc=; b=Ht9f5hQodTNcGCTaI4O5b6iuO5VvdSL8vFh/JHN/1an6 0ye93VnFrSsnBc6NekkFtwdwbC0sXeWNuCZsL2M1WjGks+VHkcY4OmdLRawJlrDY IPk2M6c4SaRLE4xpIziRry2WNlgktD/mgklU5Jcx5oKCUvKSk5t5aEMSj7Bci08=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=DQXQkJ IxKYe821U4gr6sXiM0fK45VVAddd3o6JeRnSXY/vrGW/GhnL95KaXV02asQpdNtk qLBBZEJZWoh1YeNcQtyCFjKZ+VaOpDMYR/waEM9Suy2MdlYEc0Pp/8GtwDUEdSLO hO1Y9bKtX1I97L7a6gF6zwg2SIMWYM/AzoGXA=
Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 5E3FBBAC8B; Wed, 9 Jun 2010 10:29:19 -0400 (EDT)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id A46F5BAC8A; Wed, 9 Jun 2010 10:29:17 -0400 (EDT)
Message-ID: <4C0FA538.7050309@pobox.com>
Date: Wed, 09 Jun 2010 07:29:12 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
References: <AC1CFD94F59A264488DC2BEC3E890DE50AA7DD71@xmb-sjc-225.amer.cisco.com>from "Joseph Salowey" at Jun 7, 10 01:29:11 pm <201006072203.o57M3xeo025635@fs4113.wdf.sap.corp> <AC1CFD94F59A264488DC2BEC3E890DE50AA7DE90@xmb-sjc-225.amer.cisco.com> <012d01cb071d$7ef013a0$4001a8c0@gateway.2wire.net> <AC1CFD94F59A264488DC2BEC3E890DE50AA7E497@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE50AA7E497@xmb-sjc-225.amer.cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 63C452BC-73D3-11DF-B186-6730EE7EF46B-38729857!a-pb-sasl-quonix.pobox.com
Cc: tls@ietf.org
Subject: Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2010 14:29:22 -0000

Joseph Salowey (jsalowey) wrote:
> 
> "The ServerNameList MUST NOT contain more than one name of the same
> name_type. If the server understood the client hello extension, but
> decides not to continue because it does not recognize the server name,
> it MUST send a fatal unrecognized_name(112) alert and terminate the
> handshake.

OK.

> If the server understood the client hello extension, but
> decides to continue the  handshake, sending a warning-level
> unrecognized_name(112) alert is NOT RECOMMENDED, since existing  client
> behavior is unpredictable.

After reading this again, I think it's missing something:  If the
server understood the extension but did not recognize the server name,
yet continues with the handshake anyway using default configuration
parameters, sending a warning-level....

Mike


> A TLS client implementation that receives a
> warning-level unrecognized_name(112) alert SHOULD ignore this alert and
> continue the TLS handshake.  If there is a mismatch between the server
> name used by the client application and the server name of the default
> credential chosen by the server, this mismatch will become apparent when
> the client application performs the server endpoint identification, at
> which point the client application will have to decide whether to
> proceed with the communication.  TLS implementations are encouraged to
> make information available to application callers about warning-level
> alerts that were received or sent during a TLS handshake.  Such
> information can be useful for diagnostic purposes."
> 
>> -----Original Message-----
>> From: t.petch [mailto:ietfc@btconnect.com]
>> Sent: Tuesday, June 08, 2010 5:45 AM
>> To: Joseph Salowey (jsalowey)
>> Cc: tls@ietf.org
>> Subject: Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert
>>
>> I was about to say that ... but eventually realised I was
> misinterpreting
>> the
>> text, so I suggest adding a clause to express the 'if-then-else' more
>> rigourously ie
>>
>> "The ServerNameList MUST NOT contain more than one name of the same
>> name_type.
>>
>> If the server understood the client hello extension, but
>> **decides not to continue because it does not recognize the server
> name,
>> it
>> MUST send a fatal unrecognized_name(112) alert and terminate the
>> handshake.
>>
>> **If the server understood the client hello extension but** decides to
>> continue
>> the  handshake, sending a warning-level unrecognized_name(112) alert
> is
>> NOT
>> RECOMMENDED, since existing  client behavior is unpredictable.
>>
>> ...."
>>
>> which also makes it clear we are not covering the case of client hello
>> extension
>> not understood.
>>
>> Tom Petch
>>
>> ----- Original Message -----
>> From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
>> To: <mrex@sap.com>
>> Cc: <tls@ietf.org>
>> Sent: Tuesday, June 08, 2010 1:10 AM
>> Subject: Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert
>>
>>
>>> OK with me, so we have:
>>>
>>> "The ServerNameList MUST NOT contain more than one name of the same
>>> name_type. If the server understood the client hello extension, but
>>> refuses to continue because it does not recognize the server name,
> it
>>> MUST send a fatal unrecognized_name(112) alert and terminate the
>>> handshake.  If the server decides to continue the  handshake,
> sending a
>>> warning-level unrecognized_name(112) alert is NOT RECOMMENDED, since
>>> existing  client behavior is unpredictable. A TLS client
> implementation
>>> that receives a warning-level unrecognized_name(112) alert SHOULD
> ignore
>>> this alert and continue the TLS handshake.  If there is a mismatch
>>> between the server name used by the client application and the
> server
>>> name of the default credential chosen by the server, this mismatch
> will
>>> become apparent when the client application performs the server
> endpoint
>>> identification, at which point the client application will have to
>>> decide whether to proceed with the communication.  TLS
> implementations
>>> are encouraged to make information available to application callers
>>> about warning-level alerts that were received during a TLS
> handshake.
>>> Such information can be useful for diagnostic purposes. "
>>>
>>>
>>>
>>>> -----Original Message-----
>>>> From: Martin Rex [mailto:mrex@sap.com]
>>>> Sent: Monday, June 07, 2010 3:04 PM
>>>> To: Joseph Salowey (jsalowey)
>>>> Cc: tls@ietf.org
>>>> Subject: Re: [TLS] RFC-4366-bis and the unrecognized_name(112)
> alert
>>>> Joseph Salowey wrote:
>>>>> OK, here is some new suggested text.  Let me know if you can
> live
>>> with
>>>>> this.
>>>>>
>>>>> "The ServerNameList MUST NOT contain more than one name of the
> same
>>>>> name_type. If the server understood the client hello extension,
> but
>>>>> refuses to continue because it does not recognize the server
> name,
>>> it
>>>>> MUST send a fatal unrecognized_name(112) alert and terminate the
>>>>> handshake.  If the server decides to continue the  handshake,
>>> sending a
>>>>> unrecognized_name(112) alert with a warning level is NOT
>>> RECOMMENDED,
>>>>> since existing  client behavior is unpredictable.  A client that
>>>>> receives a warning-level unrecognized_name(112) alert SHOULD
> ignore
>>> this
>>>>> alert and continue the TLS handshake, which may fail as a result
> of
>>> a
>>>>> name mismatch.  The warning MAY be logged as part of diagnostic
>>>>> information recorded for a failed handshake."
>>>>
>>>> I am fine with what I think is the intention of this wording,
>>>> but I would actually appreciate to be more specific about what
>>>> "may fail as a result of a name mismatch" applies to exactly.
>>>>
>>>>                                                      A TLS client
>>>>   implementation that receives a warning-level
> unrecognized_name(112)
>>>>   alert SHOULD ignore this alert and continue the TLS handshake.
>>>>   If there is a mismatch between the server name used by the
> client
>>>>   application and the server name of the default credential chosen
>>>>   by the server, this mismatch will become apparent when the
> client
>>>>   application performs the server endpoint identification, at
> which
>>>>   point the client application will have to decide wether to
> proceed
>>>>   with the communication.  TLS implementations are encouraged to
>>>>   make information available to application callers about
>>> warning-level
>>>>   alerts that were received during a TLS handshake. Such
> information
>>>>   can be useful for diagnostic purposes.
>>>>
>>>>
>>>> -Martin
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>