Re: [TLS] stapling OCSP/CT for client cert?
Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 22 February 2017 20:28 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E4B129B0F for <tls@ietfa.amsl.com>; Wed, 22 Feb 2017 12:28:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y9oRegSWn7sT for <tls@ietfa.amsl.com>; Wed, 22 Feb 2017 12:28:56 -0800 (PST)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) by ietfa.amsl.com (Postfix) with ESMTP id 2DF70129AE2 for <tls@ietf.org>; Wed, 22 Feb 2017 12:28:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 96F3F1F76D; Wed, 22 Feb 2017 22:28:42 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id tuHPPC2iYo1d; Wed, 22 Feb 2017 22:28:42 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id 205EF285; Wed, 22 Feb 2017 22:28:42 +0200 (EET)
Date: Wed, 22 Feb 2017 22:28:38 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: David Benjamin <davidben@chromium.org>
Message-ID: <20170222202838.GA31310@LK-Perkele-V2.elisa-laajakaista.fi>
References: <f4a5f57179384290859f8ff1afba73b0@usma1ex-dag1mb1.msg.corp.akamai.com> <CAF8qwaCZdqoDr7QqtOPyMTD_TpxHOKha8y3SWgpOcqC9vrH+Ww@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAF8qwaCZdqoDr7QqtOPyMTD_TpxHOKha8y3SWgpOcqC9vrH+Ww@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DB-XKCGNpTt6pGCSRKo3nr1D3_g>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] stapling OCSP/CT for client cert?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 20:28:58 -0000
On Wed, Feb 22, 2017 at 05:23:22PM +0000, David Benjamin wrote: > Looks like TLS 1.3 already allows this for CT, though not OCSP. Would take > all of four characters to fix. See this table: > https://tlswg.github.io/tls13-spec/#rfc.section.4.2 > > One of the nice things about using TLS-style extensions in > CertificateRequest is any ClientHello => (Server)Certificate extensions > naturally extend to CertificateRequest => (Client)Certificate extensions. That got me to review the message assignments of extensions. I found several problematic definitions: 1) Client_certificate_url (CH, EE): This is related to client certificate, but it also has more serious problem: It uses its own handshake type in way that is seemingly ill-defined in context of TLS 1.3. 2) User_mapping (CH, EE): This is pretty special in TLS 1.2, by being three-pass, instead of the usual two-pass. It also has its own message in TLS 1.2. How exactly is that supposed to work in TLS 1.3, is the SupplementalData really supposed to become the first message in client 2nd flight (that should be specified) or is the message supposed to be chucked inside certificate extension (which would need adding CT to message assignments for the extension). 3) Cert_type (CH, EE): This is related to either client or server certificate. However, cert_type is older extension that was superceded by client_certificate_type and server_certificate_type. Deprecate? 4) Client_certificate_type (CH, EE): This extension is about client certificates, which would logically imply assignment of CR, CT. This comes rather important if there ever will be certificate type that make sense to mix and match with X.509 certificates from client context. E.g. Subcertificates implemented as certificate type. -Ilari
- [TLS] stapling OCSP/CT for client cert? Salz, Rich
- Re: [TLS] stapling OCSP/CT for client cert? David Benjamin
- Re: [TLS] stapling OCSP/CT for client cert? Salz, Rich
- Re: [TLS] stapling OCSP/CT for client cert? Ilari Liusvaara