Re: [TLS] Update spec to match current practices for certificate chain order
mrex@sap.com (Martin Rex) Fri, 08 May 2015 15:04 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D10C1A8A83 for <tls@ietfa.amsl.com>; Fri, 8 May 2015 08:04:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.551
X-Spam-Level:
X-Spam-Status: No, score=-6.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FbhBfHcDU6d1 for <tls@ietfa.amsl.com>; Fri, 8 May 2015 08:04:01 -0700 (PDT)
Received: from smtpde01.smtp.sap-ag.de (smtpde01.smtp.sap-ag.de [155.56.68.170]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CE421A8A89 for <tls@ietf.org>; Fri, 8 May 2015 08:04:01 -0700 (PDT)
Received: from mail05.wdf.sap.corp (mail05.sap.corp [194.39.131.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpde01.smtp.sap-ag.de (Postfix) with ESMTPS id F3DFB2B030; Fri, 8 May 2015 17:03:58 +0200 (CEST)
X-purgate-ID: 152705::1431097439-00000B48-19D04732/0/0
X-purgate-size: 2674
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate-type: clean
X-SAP-SPAM-Status: clean
Received: from ld9781.wdf.sap.corp (ld9781.wdf.sap.corp [10.21.82.193]) by mail05.wdf.sap.corp (Postfix) with ESMTP id E3DFF43F1E; Fri, 8 May 2015 17:03:58 +0200 (CEST)
Received: by ld9781.wdf.sap.corp (Postfix, from userid 10159) id D695F1B2DE; Fri, 8 May 2015 17:03:58 +0200 (CEST)
In-Reply-To: <5B1D7E570380A64989D4C069F7D14BC8D7F62F04@PINTO.missi.ncsc.mil>
To: "Kemp, David P." <DPKemp@missi.ncsc.mil>
Date: Fri, 08 May 2015 17:03:58 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20150508150358.D695F1B2DE@ld9781.wdf.sap.corp>
From: mrex@sap.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/BRr75aEc52O3_Knr-NzGKwpXENA>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Update spec to match current practices for certificate chain order
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2015 15:04:03 -0000
Kemp, David P. wrote: > There is nothing wrong with the client accepting a bag 'o certs that > is 1) incomplete, 2) has extra certs, or 3) has the exact number of > certs in the exact order needed to chain back to a server-trusted > root, as long as the client can validate a path back to a > client-trusted root (using either cached or fetched certs if the > bag doesn't work). This is the TLS WG mailing list and the TLS protocol. You might be confusing this discussion with PKIX and CMS. None of what you enumerate applies to the TLS Certificate handshake message, because this carries well-explained MUSTs. > > PKIX specifies validation requirements that > do not require servers to send anything, and sending a full path > with every handshake is an efficiency gain for the first connection > but a waste for all the rest. For PKIX (rfc5280), the building of a certification path has been EXPLICITLY declared "out of scope", and it is pretty normal for TLS peers to not contain any kind of path building functionality and not to know more than "trust anchors" for verification of certificate chains provided by peers. What we're looking at here, is **interoperability** requirements. > > Servers can be strict in what they send by sending a server-trusted > path in chaining order as you suggest. This is an obvious misunderstanding of the TLS specification and the requirements keyword MUST: https://tools.ietf.org/html/rfc2119#section-1 1. MUST This word, or the terms "REQUIRED" or "SHALL", mean that the definition is an absolute requirement of the specification. Sending a complete and ordered certificate chain in the "certificate_list" element of the TLS Server Certificate handshake message is not an option, is is an "ABSOLUTE REQUIREMENT". > > But clients that cannot construct a valid path on their own if the > server's doesn't satisfy them are insufficiently liberal. Clients do not have to accomodate server that violate MUSTS. In most cases, it is detrimental and often dangerous to work around such protocol violations by the peer. And if all of what the client has is a very short list of trust anchors (in the optimal and safe configuration just one single trust anchor), then there is nothing besides a simple reordering and duplicate cert elimination that a sensible client can do about a misconfigured server that is using a defective TLS implementation. Either the certification path presented by the server crosses through the trust anchor(s) of the client or ends there -- then you get interop, or it doesn't then you get interop failure. -Martin
- [TLS] Update spec to match current practices for … Dave Garrett
- Re: [TLS] Update spec to match current practices … Yoav Nir
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Fabrice Gautier
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Geoffrey Keating
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Ben Laurie
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Kemp, David P.
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Kemp, David P.
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Geoff Keating
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Salz, Rich
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Ben Laurie
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Ilari Liusvaara
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Watson Ladd
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Ryan Sleevi