Re: [TLS] question about verification of client side certificate for TLS session for mutual authentication
Eric Rescorla <ekr@rtfm.com> Mon, 16 April 2018 11:55 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44478126E64 for <tls@ietfa.amsl.com>; Mon, 16 Apr 2018 04:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qj-ayxKDrEsX for <tls@ietfa.amsl.com>; Mon, 16 Apr 2018 04:55:42 -0700 (PDT)
Received: from mail-ot0-x22d.google.com (mail-ot0-x22d.google.com [IPv6:2607:f8b0:4003:c0f::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0AD91241FC for <tls@ietf.org>; Mon, 16 Apr 2018 04:55:41 -0700 (PDT)
Received: by mail-ot0-x22d.google.com with SMTP id w2-v6so6051846otj.12 for <tls@ietf.org>; Mon, 16 Apr 2018 04:55:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=FDMf7UBEjt7RLdKr40wVQMq+qN/1QOk1OMfg1HyKozo=; b=PsP6/L3WyRPh2WRTGhcBqXcHgqBrmTrioNlhuaZ6CZqodGdnTRzBl6KSRGMVyAFqsE g2ATgBulZVpLYF0nZZTvcDBf/ZJhd2pOOCZ6+Hl/TNWGCP4ps1c2WkfZgH4cO8SSwpNk N/Trl0gnWMQuL0UccOZvsTcJ3NGkn2rYVWWj4bQe2dROtOpy0vxHl3jNO0U1VcC7X4UE Uck0V7EjaCehrpZDQRSCcPaviMzEcmnuTTz3PctkC5otPud1YStSYYo47UyBF0HB7pNN U/kTXZfKcZ6EV8ndGHM7XWVFEArpCsGWwo+ghNgjFjmADszYGhT0vpXo2GxT7DbH/w7C yXuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=FDMf7UBEjt7RLdKr40wVQMq+qN/1QOk1OMfg1HyKozo=; b=XrD4IeDj73yipeCiRvhy84LgzFyBxgrkw/+c6UyddAvu3p786OZK+N8lZpp1R43+JU A4MAnKNawo0M7CiWvhLNX0/RWYma+qdtLJ0bUGK+4KrFwN2ISszee8SWiMSr5gATO0CP abPn9JEXxEgCfe7xjQzOo214Cl8BIGUJyRwI8yzO7+2G/dWpfzT2RVuohuWW/l3CFLVK YGg9Nmx2XnZ5XlfPw2S0tPVhDDzd9NgP1SwrxcoviyjuITDRQLxBokN1maf1KouwkXeA y4nAUMNDeeLCBrpaANpOz4X7trZJg7cNUBH2RMkttEcB2VjW5ioNqY+EQBleYqtc846E 7sHQ==
X-Gm-Message-State: ALQs6tBPynOtaZTjz1UR7x+u/zcFlsDyPspdwlsm3RgG0QbWWGJ3PzX4 8k/jtpH/9VbgkOL+ttWBR6hM0Jj/8WKGrkdljeb6DpZ3
X-Google-Smtp-Source: AIpwx4/dgTiWme1nJKEuhUqGDwtnfsDFVyIBAegMFN65r3/LfiTATi9/pHWuEe0aESutFKlOrqHY35acT9tAFyDDODQ=
X-Received: by 2002:a9d:3636:: with SMTP id w51-v6mr1028304otb.101.1523879741072; Mon, 16 Apr 2018 04:55:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.138.18.132 with HTTP; Mon, 16 Apr 2018 04:55:00 -0700 (PDT)
In-Reply-To: <064a01d3d569$2a3cdaf0$7eb690d0$@gondrom.org>
References: <064a01d3d569$2a3cdaf0$7eb690d0$@gondrom.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 16 Apr 2018 04:55:00 -0700
Message-ID: <CABcZeBPpmJBfA13VzvuspO7QSx46re_UR=e+OvqvgsBpMk8EQw@mail.gmail.com>
To: Tobias Gondrom <tobias.gondrom@gondrom.org>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a5bfce0569f5e685"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DJLTihIAVFTE3G5Q-ODRW5h8LnY>
Subject: Re: [TLS] question about verification of client side certificate for TLS session for mutual authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 11:55:44 -0000
I am not aware of anywhere this is documented, primarily because it's so application-specifiic. -Ekr On Mon, Apr 16, 2018 at 2:56 AM, Tobias Gondrom <tobias.gondrom@gondrom.org> wrote: > Hi dear TLS experts, > > > > Apologies for my stupid question for advise: > > I am currently working on some design requirements for mutual > authentication and have a question regarding verification of client > certificate. > > > > In many web scenarios the simple use is server authentication by > certificate and verification of client id by username & password or by a > simple verification of client certificate. > > > > Are there any RFCs that speak (beyond the general verification of the > certificate in mutual TLS authentication) to the need to also verify the CN > inside the client certificate against an additional whitelist _*before*_ > establishing a TLS connection. > > > > For example in this scenario: > > A client with a valid certificate may be allowed to connect to application > 1, but would not be allowed to connect to application 2. (for sake of > separation application 1 and 2 are on separate servers (application 1 on > server 1 and application 2 on server 2).) > > > > From my current understanding, I would establish the TLS connection in > both cases, do mutual authentication and then let application 2 reject > access based on that the user is not allowed to access it. There is a > question whether this would expose to a risk that server resources could be > exhausted by allowing to establish the TLS connection before failing, but > this does not seem too bad to me. But maybe I am missing something… > > > > *Are there any informational (or standard) RFCs for TLS that speak about > this risk and best practices to address it? * > > *(e.g. using additional whitelist checks of parameters inside the client > certificate for access control checks already during phase of establishing > the TLS connection)* > > > > Thank you and sorry for bothering, Tobias > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
- [TLS] question about verification of client side … Tobias Gondrom
- Re: [TLS] question about verification of client s… Eric Rescorla
- Re: [TLS] question about verification of client s… Kathleen Moriarty
- Re: [TLS] question about verification of client s… Tony Arcieri
- Re: [TLS] question about verification of client s… Tobias Gondrom
- Re: [TLS] question about verification of client s… Viktor Dukhovni
- Re: [TLS] question about verification of client s… Tony Arcieri
- Re: [TLS] question about verification of client s… Nico Williams