Re: [TLS] question about verification of client side certificate for TLS session for mutual authentication
"Tobias Gondrom" <tobias.gondrom@gondrom.org> Mon, 16 April 2018 15:52 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2258412E8DC for <tls@ietfa.amsl.com>; Mon, 16 Apr 2018 08:52:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=tobias.gondrom@gondrom.org header.d=gondrom.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4F4NquJIV-Sv for <tls@ietfa.amsl.com>; Mon, 16 Apr 2018 08:52:52 -0700 (PDT)
Received: from gondrom.org (www.gondrom.org [5.35.241.16]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3FD712EB64 for <tls@ietf.org>; Mon, 16 Apr 2018 08:52:33 -0700 (PDT)
Received: from seraph (unknown [45.56.155.176]) by gondrom.org (Postfix) with ESMTPSA id 13DEF6495F; Mon, 16 Apr 2018 17:52:17 +0200 (CEST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=P2TqT8Z8JciIAXlPd64onuNqP/yylHHNHY5tTF4+7xyMDnlB+xSOGklLYGc3F9Bjtv95OdPMOyHC3v4rKmtdzpM5D+29/MrmbwDq9/CZnAj74mngRgAaZWe9aYGiY/721ihJCEKa7yKrcheV/DcPPmkqj1mDJfR89+OITLsm4jA=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Priority:X-MSMail-Priority:X-Mailer:Thread-Index:Content-Language:Importance;
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
To: 'Kathleen Moriarty' <kathleen.moriarty.ietf@gmail.com>, 'Eric Rescorla' <ekr@rtfm.com>
Cc: tls@ietf.org
References: <064a01d3d569$2a3cdaf0$7eb690d0$@gondrom.org> <CABcZeBPpmJBfA13VzvuspO7QSx46re_UR=e+OvqvgsBpMk8EQw@mail.gmail.com> <0FEA7711-7DC1-487B-A544-FAEFC9377C96@gmail.com>
In-Reply-To: <0FEA7711-7DC1-487B-A544-FAEFC9377C96@gmail.com>
Date: Mon, 16 Apr 2018 23:50:53 +0800
Message-ID: <07ef01d3d59a$ebdb1600$c3914200$@gondrom.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_07F0_01D3D5DD.FA033800"
X-Priority: 5 (Lowest)
X-MSMail-Priority: Low
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQNgGXr0wwxaLPmB2h28wc3ki2Uh3gITVnudAaaDtpigzTGSEA==
Content-Language: en-us
Importance: Low
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/D50uzg2JFCvroiiWlfhfaoCe6A0>
Subject: Re: [TLS] question about verification of client side certificate for TLS session for mutual authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 15:52:55 -0000
Hi Kathleen, Ekr and Tony, Thank you so much for your fast feedback. I did google a bit before asking, but didn’t dig deep enough into the document to find the right one. Your answers were most helpful. And I will dig more into the RFC link from Kathleen and the github link from Tony. Thanks a lot! Tobias From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Sent: Monday, April 16, 2018 9:20 PM To: Eric Rescorla <ekr@rtfm.com> Cc: Tobias Gondrom <tobias.gondrom@gondrom.org>; <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] question about verification of client side certificate for TLS session for mutual authentication Hi Tobias, If you use search terms that include pkix, authorization, access control, and attribute certificate profile, you’ll find a few documents. This one should be helpful based on your description: https://tools.ietf.org/html/rfc5755 Best regards, Kathleen Sent from my mobile device On Apr 16, 2018, at 4:55 AM, Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com> > wrote: I am not aware of anywhere this is documented, primarily because it's so application-specifiic. -Ekr On Mon, Apr 16, 2018 at 2:56 AM, Tobias Gondrom <tobias.gondrom@gondrom.org <mailto:tobias.gondrom@gondrom.org> > wrote: Hi dear TLS experts, Apologies for my stupid question for advise: I am currently working on some design requirements for mutual authentication and have a question regarding verification of client certificate. In many web scenarios the simple use is server authentication by certificate and verification of client id by username & password or by a simple verification of client certificate. Are there any RFCs that speak (beyond the general verification of the certificate in mutual TLS authentication) to the need to also verify the CN inside the client certificate against an additional whitelist _before_ establishing a TLS connection. For example in this scenario: A client with a valid certificate may be allowed to connect to application 1, but would not be allowed to connect to application 2. (for sake of separation application 1 and 2 are on separate servers (application 1 on server 1 and application 2 on server 2).) >From my current understanding, I would establish the TLS connection in both cases, do mutual authentication and then let application 2 reject access based on that the user is not allowed to access it. There is a question whether this would expose to a risk that server resources could be exhausted by allowing to establish the TLS connection before failing, but this does not seem too bad to me. But maybe I am missing something… Are there any informational (or standard) RFCs for TLS that speak about this risk and best practices to address it? (e.g. using additional whitelist checks of parameters inside the client certificate for access control checks already during phase of establishing the TLS connection) Thank you and sorry for bothering, Tobias _______________________________________________ TLS mailing list TLS@ietf.org <mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org <mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
- [TLS] question about verification of client side … Tobias Gondrom
- Re: [TLS] question about verification of client s… Eric Rescorla
- Re: [TLS] question about verification of client s… Kathleen Moriarty
- Re: [TLS] question about verification of client s… Tony Arcieri
- Re: [TLS] question about verification of client s… Tobias Gondrom
- Re: [TLS] question about verification of client s… Viktor Dukhovni
- Re: [TLS] question about verification of client s… Tony Arcieri
- Re: [TLS] question about verification of client s… Nico Williams