[TLS] Followup on RFC 6091 and oob-pubkeys
Eric Rescorla <ekr@rtfm.com> Sat, 01 December 2012 19:42 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFCEE1F0C73 for <tls@ietfa.amsl.com>; Sat, 1 Dec 2012 11:42:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.143
X-Spam-Level:
X-Spam-Status: No, score=-102.143 tagged_above=-999 required=5 tests=[AWL=0.833, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qz+Hn9B8YVmJ for <tls@ietfa.amsl.com>; Sat, 1 Dec 2012 11:42:35 -0800 (PST)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 71AD41F0C6A for <tls@ietf.org>; Sat, 1 Dec 2012 11:42:26 -0800 (PST)
Received: by mail-oa0-f44.google.com with SMTP id n5so1723017oag.31 for <tls@ietf.org>; Sat, 01 Dec 2012 11:42:26 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=Yfzz+HeVfLygMXlWsIAq1ZJebIRu63HOtkv/QlSHbuE=; b=Rdh9ArwMkrs4rW8FyTr9zwvdIP87bVA3ZVqxcgr/UKtF1juswkOjQ4J8t0QlQ/uSGK 7+vZ3oFDB6ZX/Y9HNiPxEYXzNczg8Em9RblJVApYi7Kx4lRFQAxoGZsZsOcNPKwT8+X1 dsC5/PEX1pD5qwoFwdXSgjgOzIgu0ObRcPXZuXnlwsP1mUHjFOpH5WUc1QZuxXzcKQFf SRpRMy5Mr/Ma6c3E+L2JaDn+DdK/UJFDYA2CkhX/rofmLCP5vqoyFrFISmgdZlilbHgC ZhCYakvdwq1ZBOptXhIIG++VpzTj9T6tt7OOCNawzokaP+yLFCxk55EpTO4SI947+ooD hZCg==
Received: by 10.182.177.100 with SMTP id cp4mr739330obc.71.1354390945714; Sat, 01 Dec 2012 11:42:25 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.136.102 with HTTP; Sat, 1 Dec 2012 11:41:45 -0800 (PST)
X-Originating-IP: [74.95.2.169]
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 01 Dec 2012 11:41:45 -0800
Message-ID: <CABcZeBPVhYV_SQmTn+X1wMKLphqpvWErVSHCiUd5bEF9WB6K3g@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="e89a8f838d9f34d25504cfcfb779"
X-Gm-Message-State: ALoCoQmnQN8sErCRMClLbkfwtANTXhQjbBpiA1nmyV4S5ZIbUtUl7QRlKzrQ/xB9EQAQrB7HSwDK
Subject: [TLS] Followup on RFC 6091 and oob-pubkeys
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Dec 2012 19:42:36 -0000
There has been a bunch of discussion on the mailing list and at the IETF meeting in Paris about whether we should reuse the RFC 6091 structures and code points (extending them for raw public keys) or define new structures and code points to handle raw public keys. To recap the state of affairs: - TLS w/o RFC 6091 provides for X.509 certificates - RFC 6091 provides support for OpenPGP as well as a generic structure to negotiate other certificate types by defining new code points. - The intent of the OOB draft is to provide support for raw public keys. The current draft uses new structures. At the meeting it was discussed whether we could reuse the 6091 code points and the discussion centered around whether 6091 allowed asymmetric certificate usage. I.e., was it possible to have the client use a certificate of type A and the server to use a certificate of type B. (I'm speaking loosely here and including raw keys within certificates for this purpose). So, for instance, the server might have a cert but the client merely a raw key. The minutes (http://www.ietf.org/proceedings/85/minutes/minutes-85-tls) reflect that there was a somewhat confusing consensus that this was needed and so if RFC 6091 precluded that we should define new structures/ code points. I volunteered to research this and report back. After reviewing RFC 6091, I believe that it requires that the client and server use the same credentials (assuming client authentication at all). Here's the relevant passage: 3.5. Client Certificate This message is only sent in response to the certificate request message. The client certificate message is sent using the same formatting as the server certificate message, and it is also required to present a certificate that matches the negotiated certificate type. If OpenPGP certificates have been selected and no certificate is available from the client, then a certificate structure of type "empty_cert" that contains an OpenPGPEmptyCert value MUST be sent. The server SHOULD respond with a "handshake_failure" fatal alert if client authentication is required. Based on the above, I believe that the WG consensus implies that we define new structures with the more general semantics. -Ekr
- [TLS] Followup on RFC 6091 and oob-pubkeys Eric Rescorla
- Re: [TLS] Followup on RFC 6091 and oob-pubkeys Nikos Mavrogiannopoulos
- Re: [TLS] Followup on RFC 6091 and oob-pubkeys Hannes Tschofenig
- Re: [TLS] Followup on RFC 6091 and oob-pubkeys Daniel Kahn Gillmor
- Re: [TLS] Followup on RFC 6091 and oob-pubkeys Joseph Salowey (jsalowey)
- Re: [TLS] Followup on RFC 6091 and oob-pubkeys Joseph Salowey (jsalowey)