[TLS] draft-ietf-tls-rfc4366-bis-02
Alfred Hönes <ah@tr-sys.de> Wed, 05 March 2008 10:55 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: ietfarch-tls-archive@core3.amsl.com
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AE0EF28C2D9; Wed, 5 Mar 2008 02:55:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.179
X-Spam-Level: ****
X-Spam-Status: No, score=4.179 tagged_above=-999 required=5 tests=[AWL=-0.637, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sUo2PXwHkWpL; Wed, 5 Mar 2008 02:54:58 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 637CC28C35B; Wed, 5 Mar 2008 02:54:55 -0800 (PST)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D6D383A68D2 for <tls@core3.amsl.com>; Thu, 28 Feb 2008 03:07:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRnSRwrKGHgo for <tls@core3.amsl.com>; Thu, 28 Feb 2008 03:07:51 -0800 (PST)
Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by core3.amsl.com (Postfix) with ESMTP id 479303A6B36 for <tls@ietf.org>; Thu, 28 Feb 2008 03:07:19 -0800 (PST)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA053006823; Thu, 28 Feb 2008 12:07:03 +0100
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id MAA27483; Thu, 28 Feb 2008 12:07:02 +0100 (MEZ)
From: Alfred Hönes <ah@tr-sys.de>
Message-Id: <200802281107.MAA27483@TR-Sys.de>
To: Donald.Eastlake@motorola.com
Date: Thu, 28 Feb 2008 12:07:02 +0100
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
X-Mailman-Approved-At: Wed, 05 Mar 2008 02:54:54 -0800
Cc: tls@ietf.org
Subject: [TLS] draft-ietf-tls-rfc4366-bis-02
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: base64
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
Hello,
after studying the Internet-Draft authored/edited by you,
draft-ietf-tls-rfc4366-bis-02,
I'd like to submit a few comments.
(1) General: Hash Algorithm agility
4346bis introduces hash algorithm agility in a pervasive manner
into TLS 1.2, and it has shifted from SHA-1 to SHA-256 as the
basic required hash algorithm.
This draft, considered a companion to 4346bis (and hopefully to be
published with it in a coordinated manner, to avoid confusion about
the state of RFC 4366!), is stuck with SHA-1.
IMO, it should be considered to not only copy the information from
RFC 4366 into this draft, but instead also proactively introduce
hash algorithm agility into the extensions making use of hashes.
Below, I give an rough example (for section 5) of how that could
be done in a backward-compatible manner.
(2) General: STD 66 terminology
I suggest to reconsider the use of "URI" vs. "URL" throughout
this draft, for conformance with Section 1.1.3 of RFC 3986.
In particular, the use of "URL scheme" should be avoided in
favor of "URI scheme".
Also, section 4 of STD 66 should be taken into account.
I'll give some detailed change proposals below to exemplify that.
(3) Section 5
(3a) Syntax evolution for hash alg. agility
Hash algorithm agility could be introduced into the
"Client Certificate ULR" extension in the following manner,
which (hopefully) is backward compatible as far as possible,
by performing the following changes:
enum {
| false(0), true(1)
| } Boolean;
---
enum {
| absent(0), implicitsha1(1), explicit(2)
| } HashType;
struct {
opaque url<1..2^16-1>;
| Boolean hash_present;
select (hash_present) {
| case false: struct {};
| case true: SHA1Hash;
} hash;
} URLAndOptionalHash;
---
struct {
opaque url<1..2^16-1>;
| HashType hash_present;
select (hash_present) {
| case absent: struct {};
| case implicitsha1: SHA1Hash;
| case explicit: ExplicitHash;
} hash;
} URLAndOptionalHash;
|
| struct {
| HashAlgorithm hashalg;
| opaque Hash[hashalg.hashsize];
| } ExplicitHash;
(This makes use of implicit sizing for Hash, depending on hashalg;
explicit sizing might be an alternative.
HashAlgorithm is from 4346bis-09, Section 7.4.1.4.1.)
(3b) clarification of "URL"
To clarify the intended restrictions (as indicated above), I suggest
to amend the first paragraph below the syntax as follows:
Here "url_and_hash_list" contains a sequence of URLs and optional
hashes.
---
Here "url_and_hash_list" contains a sequence of URLs and optional
hashes. Each "url" MUST be an absolute URI reference according to
[RFC3986] that can be immediately used to fetch the certificate(s).
This change is intended to explicitely exclude relative URI references
and the use of URI schemes that do not lead to "immediate access",
e.g., the 'mailto', 'cid', 'go', or 'tel' URI schemes.
(3c) ordering of URLs
The paragraph starting,
Note that when a list of URLs for X.509 certificates is used, the
ordering of URLs is the same ...
should preferably be more explicit and precisely state the order
required, to improve the readability and not urging the reader
to refer to other documents for this information.
(If deemed necessary, a 'salvatory clause' could be added to the end
of Section 1, for instance:
| For the ease of the reader, some normative text from [RFCTLS] is
| restated below. Any possible deviation from [RFCTLS] has not been
| intended, and [RFCTLS] shall remain the normative document in such
| cases.
(3d) notation of URI schemes
In the second-to-next paragraph in Section 5, I suggest to harmonize
the spelling of, and emphasis (quoting) applied to, URI schemes;
for instance:
vvvvvvvvvv
| Servers that support this extension MUST support the http: URL scheme
for certificate URLs, and MAY support other schemes. Use of other
| schemes than "http", "https", or "ftp" may create unexpected
problems.
--- ^ ^ ^ ^ ^ ^
| Servers that support this extension MUST support the 'http' URI
^ ^ ^
scheme for certificate URLs, and MAY support other schemes. Use of
| other schemes than 'http', 'https', or 'ftp' may create unexpected
^ ^ ^ ^ ^ ^
problems.
(4) Section 8
Near the end of section 8, two Notes specify the preconditions for
using the Certificate Status Request extension, but unfortunately,
the conditions apparently are incomplete.
I propose to change:
Note that a server MAY also choose not to send a "CertificateStatus"
| message, even if it receives a "status_request" extension in the
| client hello message.
| Note in addition that servers MUST NOT send the "CertificateStatus"
| message unless it received a "status_request" extension in the client
| hello message.
---
Note that a server MAY also choose not to send a "CertificateStatus"
| message, even if has received a "status_request" extension in the
| client hello message and has sent a "status_request" extension in the
| server hello message.
| Note in addition that a server MUST NOT send the "CertificateStatus"
message unless it received a "status_request" extension in the client
| hello message and sent a "status_request" extension in the server
| hello message.
(5) Section 10
IANA should be explicitely requested to re-parent the extensions
registered by RFC 4366 to this document.
(6) Section 11.3 -- "URI" related clarifications
(6a) 5th paragraph
The second major issue is that support for client_certificate_url
| involves the server's acting as a client in another URL protocol.
The server therefore becomes subject to many of the same security
| concerns that clients of the URL scheme are subject to, with the
added concern that the client can attempt to prompt the server to
connect to some (possibly weird-looking) URL.
---
The second major issue is that support for client_certificate_url
| involves the server's acting as a client in another URI scheme
vvvvvvvvvv ^^^^^^^^
| dependent protocol. The server therefore becomes subject to many of
| the same security concerns that clients of the URI scheme are subject
^
to, with the added concern that the client can attempt to prompt the
server to connect to some (possibly weird-looking) URL.
(6b) 9th paragraph
- s/URI protocols/URI schemes/
- s/set of protocols/set of schemes/
Kind regards,
Alfred Hönes.
--
+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. |
| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 |
| D-71254 Ditzingen | E-Mail: ah@TR-Sys.de |
+------------------------+--------------------------------------------+
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
- [TLS] draft-ietf-tls-rfc4366-bis-02 Alfred Hönes