Re: [TLS] Update spec to match current practices for certificate chain order

Peter Gutmann <> Mon, 11 May 2015 15:03 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id D85551A8A9B for <>; Mon, 11 May 2015 08:03:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Y3djCG2l3B15 for <>; Mon, 11 May 2015 08:03:28 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4AA521A8A29 for <>; Mon, 11 May 2015 08:03:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=uoa; t=1431356609; x=1462892609; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=Q/u1TjVzY/BB9VY38EAlF5A5lIC7RCLWL7xD9qN30m8=; b=rwWRy7VKkGVYPEDlqzGW44RYJhV1gyPaGFrsvfzOgr8X9LpKMrD5EcTs UJuQLlb6x2mtyRW/FVpWJfYTmsIqJUJHn9HLGptvPjpLN93adFfKkDYSq stJU+M24HVYao3HH3tusSKQIgs2NWbZW/Vc21sEKoe6K/hiKKNoLqf1KM U=;
X-IronPort-AV: E=Sophos;i="5.13,408,1427713200"; d="scan'208";a="4348932"
X-Ironport-Source: - Outgoing - Outgoing
Received: from ([]) by with ESMTP/TLS/AES128-SHA; 12 May 2015 03:03:27 +1200
Received: from ([]) by ([]) with mapi id 14.03.0174.001; Tue, 12 May 2015 03:03:26 +1200
From: Peter Gutmann <>
To: "<>" <>
Thread-Topic: [TLS] Update spec to match current practices for certificate chain order
Thread-Index: AdCL+6Ggvko2QiXYRsOnC3jKu9WpAg==
Date: Mon, 11 May 2015 15:03:25 +0000
Message-ID: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [TLS] Update spec to match current practices for certificate chain order
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 May 2015 15:03:31 -0000

Martin Rex <> writes:

>As previously mentioned, all TLS specifications up to and including TLSv1.2
>have been extremely clear that the name contained in the certifcates is a
>matter of the protocols & software layers on top of TLS, and none of TLS
>                                  the decisions on how to initiate TLS
>   handshaking and how to interpret the authentication certificates
>   exchanged are left to the judgment of the designers and implementors
>   of protocols that run on top of TLS.

Oh, I thought that was just marketing fluff rather than a hard-and-fast
requirement.  If it is a set requirement for the protocol though then it shows
a major disconnect between the protocol designers and its users, you've got a
protocol that promises to do cryptographic authentication of the server so
that developers of apps running on top of it don't have to deal with this, and
yet in that one sentence it quietly makes it Someone Else's Problem.  So the
developers of the thousands of vulnerable apps will be assuming that the TLS
layer [0] will do the checking for them, while the TLS layer can conveniently
say "well, it's not my problem, and I've got the weasel-words to prove it".


[0] There's probably a better term to use here than Transport Layer Security