Re: [TLS] What would make TLS cryptographically better for TLS 1.3

Jeff Jarmoc <jeff@jarmoc.com> Tue, 05 November 2013 02:45 UTC

Return-Path: <jeff@jarmoc.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1116811E825A for <tls@ietfa.amsl.com>; Mon, 4 Nov 2013 18:45:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.203
X-Spam-Level:
X-Spam-Status: No, score=-1.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2688khISGanm for <tls@ietfa.amsl.com>; Mon, 4 Nov 2013 18:45:38 -0800 (PST)
Received: from mail-yh0-x22f.google.com (mail-yh0-x22f.google.com [IPv6:2607:f8b0:4002:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 5CDF121E80F1 for <tls@ietf.org>; Mon, 4 Nov 2013 18:45:34 -0800 (PST)
Received: by mail-yh0-f47.google.com with SMTP id t59so1391712yho.20 for <tls@ietf.org>; Mon, 04 Nov 2013 18:45:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jarmoc.com; s=jarmoc; h=from:content-type:content-transfer-encoding:mime-version:subject :message-id:date:references:in-reply-to:to; bh=agvKYQTFYU7ZuuEuBUo1K8QGtP20fsP/v2qdhkxxuic=; b=TnS3yZ/1KpkIAFXpcvIL/9NW9eRFHgqPeYAUnkhd24H2hEfj5XFN0PS+TWnkhVyrrG VkyuWZjrRXB8m5FVz2Jzh2DBikqloyJclqIZk3IL7/I+M+Wp9SCkbMVsfU8/O2eoiqyf mBeWDjk5E84Rmad0M9nfkxq7xJoHt77J8ZhWo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:content-transfer-encoding :mime-version:subject:message-id:date:references:in-reply-to:to; bh=agvKYQTFYU7ZuuEuBUo1K8QGtP20fsP/v2qdhkxxuic=; b=mD89c20j+GI9ZXbL2pYTkwJ+5u8JHjUjMpnxD/2/rYOaQzwHzXHTtDL+WUZ/F5Fh1u aVg8hM2h5evmX/4ztOlJ6p5XcXi6i0Tavb0mP2DcqO8q190sS4M7p3vIFr4UeJ6JgnQp HAR4BNBmvxy1d8hLJPG+F38EiUx1RAmkpR3C7aS2Ncus/MhaTPlAlkvrMpNYl/PyupNM 9ybrOGr64HagY4cL82/y8fRpptiid97mn2P47CyjLxwC3R81RGKHjXMoVlu1D2iDjm+g 1thUGk75WS9dAeDBpX+ZZEkYbj+FW0QW/YRaZtHF4QG4kpRav7tiL8WkdjQWAAUY2F6F PQKQ==
X-Gm-Message-State: ALoCoQm1NvGVX2AN4lvCBT3KQxqo1d5m+eLBBxzkSx+TEGhLF3IIQeaS7mlpa5jkEFtWLrAxH/d1
X-Received: by 10.236.20.138 with SMTP id p10mr51446yhp.111.1383619533898; Mon, 04 Nov 2013 18:45:33 -0800 (PST)
Received: from ?IPv6:2601:d:8c00:20b:594c:3a8d:f8b6:a5e0? ([2601:d:8c00:20b:594c:3a8d:f8b6:a5e0]) by mx.google.com with ESMTPSA id o27sm31844137yhb.19.2013.11.04.18.45.32 for <tls@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 04 Nov 2013 18:45:32 -0800 (PST)
From: Jeff Jarmoc <jeff@jarmoc.com>
Content-Type: multipart/alternative; boundary=Apple-Mail-9CD492D1-02D4-4A85-A7EB-983B12062E06
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Message-Id: <EF5EE024-DBDE-4D7E-B4DC-8A9E6C603E2F@jarmoc.com>
Date: Mon, 4 Nov 2013 20:45:32 -0600
References: <CA+BZK2pZ=AFs5qw8dTbiV+s0KdSeFJH1-Z+UbaJZnQwHNgdXuA@mail.gmail.com> <20131105003652.5B7AF1AA54@ld9781.wdf.sap.corp> <CA+BZK2rG4L_+oMOQ3xBEogWNtrspeFM5cUJw9ciwtmEQpvgGjQ@mail.gmail.com>
In-Reply-To: <CA+BZK2rG4L_+oMOQ3xBEogWNtrspeFM5cUJw9ciwtmEQpvgGjQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
X-Mailer: iPhone Mail (11B511)
Subject: Re: [TLS] What would make TLS cryptographically better for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2013 02:45:39 -0000

And what prevents the client from setting the flag despite not checking?

It's the client's responsibility to validate the server's identity (or not) to the extent it chooses to do so.  It's the server's responsibility to validate the client's identity (or not) to the extent it chooses to do so.  

Neither end can take on that responsibility for the other.

> On Nov 4, 2013, at 8:03 PM, Ralf Skyper Kaiser <skyper@thc.org> wrote:
> 
> Hi Martin,
> 
> exactly, and that's the problem: "What policy the client applies when checking the server's certificate chain is at the discretion of the client."
> 
> There is no easy way to solve this. The client (and user) can always cheat if he wants to. But we are not discussing dishonest users. Let's assume a honest user who wants to connect to a TLS service securely.
> 
> The user uses a TLS client (say pidgin for jabber). This client has several options to configure the TLS connection. These options include if the chain should be checked at all, if the user is allowed to accept self-signed certificates and against which CA-bundle to verify the server's certificate.
> 
> A securely configured TLS client would verify the certificate chain.
> 
> The server has no way to check if the TLS client is configured securely. The server blindly trusts the client that it is configured securely. That does not scale. Users make mistakes. Users will connect to a service not knowing that the connection is not secure (even over TLS) because they did not configure the TLS correctly.
> 
> A flag that would tell the server how the client has verified the connection would enable the server to block the user from using the service UNTIL his client is configured securely.
> 
> Tata. Better security.
> 
> regards,
> 
> ralf
> 
> 
> 
>> On Tue, Nov 5, 2013 at 12:36 AM, Martin Rex <mrex@sap.com> wrote:
>> Ralf Skyper Kaiser wrote:
>> >
>> > (An example are jabber servers using TLS. Most clients allow the user to
>> > accept any server certificate without verification. The jabber server has
>> > no way to detect which client performed proper certificate verification and
>> > CN<>URI match).
>> 
>> Huh?
>> 
>> What policy the client applies when checking the server's certificate
>> chain is none of the server's business.  This is entirely at the
>> discretion of the client.
>> 
>> -Martin
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls