Re: [TLS] Multiple domain names in SNI (was Questions about TLS
Michael D'Errico <mike-list@pobox.com> Fri, 30 October 2009 19:50 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3464B3A68AE for <tls@core3.amsl.com>; Fri, 30 Oct 2009 12:50:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.574
X-Spam-Level:
X-Spam-Status: No, score=-2.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JwXHhH4y3NRl for <tls@core3.amsl.com>; Fri, 30 Oct 2009 12:50:00 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by core3.amsl.com (Postfix) with ESMTP id D56E53A68B7 for <tls@ietf.org>; Fri, 30 Oct 2009 12:49:58 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 3A3EC6D685 for <tls@ietf.org>; Fri, 30 Oct 2009 15:50:15 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=2nLJacFXPzbC jzbze0kywFG17Ik=; b=tL3alV5AkSuy/E6u+8PR7rYIDqJ3orSroaFfADbXJ9Eh W2Fe8Aq9VRCaPumor+63vFpckdmmhT7mVAYer5F8KV1BMvKtWvOcMSWEQNi2NxbY DvC7UFWRwyQ/xuXhEa0RKredeKABuSO/yE6GyD/dGYRIY9EnRJS9z6bwYHjIsc0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=PlihUW mYkg3pyy6vUB/h3rJecDx8neZyNFax4OvAv+9t0SD86Q7qxJhBXKPlNiWBDhHzMF meP83z/aoY13Z4cZYipq2qD3akih8qpzXUdvXQ5mixzumsiTEhjXx9E0r5tZkvBj ew4WPC4Lfz6J7NMhfKjt9HXSHX6D8yXlJwf1w=
Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 371086D684 for <tls@ietf.org>; Fri, 30 Oct 2009 15:50:15 -0400 (EDT)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 9FC0A6D682 for <tls@ietf.org>; Fri, 30 Oct 2009 15:50:14 -0400 (EDT)
Message-ID: <4AEB43D1.5070800@pobox.com>
Date: Fri, 30 Oct 2009 12:51:45 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: tls@ietf.org
References: <200910301914.n9UJEXD9023612@fs4113.wdf.sap.corp>
In-Reply-To: <200910301914.n9UJEXD9023612@fs4113.wdf.sap.corp>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 71704AFA-C58D-11DE-8925-1B12EE7EF46B-38729857!a-pb-sasl-quonix.pobox.com
Subject: Re: [TLS] Multiple domain names in SNI (was Questions about TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2009 19:50:01 -0000
>> They could share IP addresses. > > You mean that you client performs DNS-lookup for both names, > determines that they point to the same IP-Address and then > decides to address a single request for both? > > How many HTTP Host: Header fields is your client going to send, > and is the semantics for the server defined what to do with > multiple Host: header fields. We also didn't cover this in > the revised text that urges an application to cross-check > SNI vs. Host: Header fields. > > JUST DON'T DO IT. I was merely trying to come up with a possible scenario in which you could hypothetically send two hostnames in the SNI extension, not that I actually do that. The important point is the following: >> But the point is that you and I don't know for certain that there is >> no possible requirement for a client to send multiple hostnames, so >> imposing a limitation of only one hostname could preclude some future >> application from being able to use TLS (without modifications or >> private agreement). > > We should not try to fix a problem before we even know that there is a > problem (with limiting ServerNameList to unique members of each NameType). People ARE trying to "fix" the extension by imposing a restriction that is not currently present in the spec. I maintain that there is no savings of effort implementing the spec as is, versus imposing a one-name-per-name-type restriction. You still need to iterate through the list (since you may not recognize the first name type), and look up the names of types you do recognize. To implement one-name-per-name-type, you need to add a "break" statement to stop processing the list once a lookup failure occurs. So the code to implement one-name-per-name type is actually MORE WORK than doing it the way the spec is written today. Oh, and you now have a bug since you broke out of the loop before finding all the other name types in the list. >> If it was hard to implement checking for a match in a list, I'd agree >> with you, but literally it is a simple while loop that calls your >> lookup function for each name in the SNI extension. > > Past experience regularly demonstrates that this is going to result > in broken implementations. > > Take the list of client ciphersuites in the ClientHello message for > example. It was hard to believe for me that there would be broken > SSL/TLS Servers out there that used the ordering/preference of > the ciphersuites in the ClientHello instead of the preference > of the server to pick a common ciphersuites. At a minimum, > the precendence of the servers preferences over the clients > should be configurable with the servers preferenca/configuration > being the default. The client ultimately overrules the server since it only has to offer those cipher suites it is willing to negotiate. The server can choose whichever it likes, but only from the list it receives. A client can send a single cipher suite if it desires only that one. > A hardcoded "clients list takes precedence" or a default for this > indicates that the implementor didn't think about the security > implications and may have been to easily misguided by obviously > suboptimal wording in the specification. I don't see any issue other than performance. A server will simply refuse to negotiate any cipher suite that doesn't match its security needs. If it negotiates RSA_WITH_RC4_MD5 and that doesn't provide enough security, then whoever configured the list of allowable cipher suites can only blame themselves, not the client. > Every spec contains errors and suboptimal or misleading wording. > It's _MUCH_ easier to realize the problems when trying to implement > a spec. So when implementing specs, it is very important to > use common sense when reading it and strive for consistent > and predictable behaviour. I've implemented lots of specs, so I agree with you that clarity is important. It is just as easy to say, "Note: there may be any number of names of a particular name type" as it is to say, "There MUST NOT be more than one name of a particular name type." If the more restrictive version led to considerably simpler coding, I'd readily agree with changing it, but as I've pointed out above, there is no simplification of the code. Mike
- [TLS] Questions about TLS Server Name Indication … Nelson B Bolyard
- Re: [TLS] Questions about TLS Server Name Indicat… Nelson B Bolyard
- Re: [TLS] Questions about TLS Server Name Indicat… Wan-Teh Chang
- Re: [TLS] Questions about TLS Server Name Indicat… Michael D'Errico
- Re: [TLS] Questions about TLS Server Name Indicat… Nelson B Bolyard
- Re: [TLS] Questions about TLS Server Name Indicat… Michael Gray
- Re: [TLS] Questions about TLS Server Name Indicat… Wan-Teh Chang
- Re: [TLS] Questions about TLS Server Name Indicat… Peter Gutmann
- Re: [TLS] Questions about TLS Server Name Indicat… Martin Rex
- Re: [TLS] Questions about TLS Server Name Indicat… Martin Rex
- Re: [TLS] Questions about TLS Server Name Indicat… Nelson B Bolyard
- Re: [TLS] Questions about TLS Server Name Indicat… Nelson B Bolyard
- Re: [TLS] Questions about TLS Server Name Indicat… Martin Rex
- Re: [TLS] Multiple domain names in SNI (was Quest… Michael D'Errico
- Re: [TLS] Multiple Session Caches and SNI (was Qu… Michael D'Errico
- Re: [TLS] Multiple domain names in SNI (was Quest… Martin Rex
- Re: [TLS] Renegotiation with SNI after initial co… Michael D'Errico
- Re: [TLS] Multiple domain names in SNI (was Quest… Michael D'Errico
- Re: [TLS] Multiple Session Caches and SNI (was Qu… Martin Rex
- Re: [TLS] Multiple domain names in SNI (was Quest… Martin Rex
- Re: [TLS] Questions about TLS Server Name Indicat… Nelson B Bolyard
- Re: [TLS] Multiple Session Caches and SNI Michael D'Errico
- Re: [TLS] Multiple domain names in SNI (was Quest… Michael Gray
- Re: [TLS] Multiple domain names in SNI (was Quest… Michael D'Errico
- Re: [TLS] Requiring SNI for resumption (was Quest… Michael D'Errico
- Re: [TLS] Multiple Session Caches and SNI Martin Rex
- Re: [TLS] Multiple Session Caches and SNI Michael D'Errico
- Re: [TLS] Questions about TLS Server Name Indicat… Michael D'Errico
- Re: [TLS] Questions about TLS Server Name Indicat… Pasi.Eronen