Re: [TLS] Summarizing identity change discussion so far
<Pasi.Eronen@nokia.com> Wed, 23 December 2009 07:35 UTC
Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB68D3A67A8 for <tls@core3.amsl.com>; Tue, 22 Dec 2009 23:35:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.553
X-Spam-Level:
X-Spam-Status: No, score=-6.553 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id atYlayOJWV3r for <tls@core3.amsl.com>; Tue, 22 Dec 2009 23:35:48 -0800 (PST)
Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233]) by core3.amsl.com (Postfix) with ESMTP id 6F89D3A65A6 for <tls@ietf.org>; Tue, 22 Dec 2009 23:35:48 -0800 (PST)
Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-mx06.nokia.com (Switch-3.3.3/Switch-3.3.3) with ESMTP id nBN7Z9bb024366; Wed, 23 Dec 2009 09:35:25 +0200
Received: from vaebh104.NOE.Nokia.com ([10.160.244.30]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 23 Dec 2009 09:35:13 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.5]) by vaebh104.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 23 Dec 2009 09:35:08 +0200
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-01.mgdnok.nokia.com ([65.54.30.5]) with mapi; Wed, 23 Dec 2009 08:35:07 +0100
From: Pasi.Eronen@nokia.com
To: jsalowey@cisco.com, tls@ietf.org
Date: Wed, 23 Dec 2009 08:35:05 +0100
Thread-Topic: [TLS] Summarizing identity change discussion so far
Thread-Index: AcqAGzeDAkldwC8qQjWRqwGgxqQqxQAVK08QAMx9ZaA=
Message-ID: <808FD6E27AD4884E94820BC333B2DB775840CE3382@NOK-EUMSG-01.mgdnok.nokia.com>
References: <Acp35q+5MB/IK2o8TM+TSRCqs64JxA==><808FD6E27AD4884E94820BC333B2DB774F31A4FD08@NOK-EUMSG-01.mgdnok.nokia.com><6b9359640912171337j7ed5be63gf431e0fb12070944@mail.gmail.com> <808FD6E27AD4884E94820BC333B2DB774F31F77BDC@NOK-EUMSG-01.mgdnok.nokia.com><AC1CFD94F59A264488DC2BEC3E890DE5095131C5@xmb-sjc-225.amer.cisco.com> <4B2BDCAC.1040802@bolyard.me> <AC1CFD94F59A264488DC2BEC3E890DE50951355D@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE50951355D@xmb-sjc-225.amer.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 23 Dec 2009 07:35:08.0471 (UTC) FILETIME=[73D43C70:01CA83A2]
X-Nokia-AV: Clean
Subject: Re: [TLS] Summarizing identity change discussion so far
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Dec 2009 07:35:50 -0000
Based on earlier discussions, I don't think we have consensus for this strong change ("SHOULD disable renegotiation by default"). If you ship an updated TLS library with that change, it will break all existing applications that use renegotiation (since they are not aware of the API call to re-enable it, which was probably added in the same update). I think we have rough consensus for "SHOULD have an API to disable/enable renegotiation (depending on which is the default setting)", but not for what the default setting should be. Best regards, Pasi (wearing AD hat) > -----Original Message----- > From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of > ext Joseph Salowey (jsalowey) > Sent: 19 December, 2009 08:03 > To: Nelson B Bolyard; IETF TLS Working Group > Subject: Re: [TLS] Summarizing identity change discussion so far > > > > > > -----Original Message----- > > From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On > > Behalf Of Nelson B Bolyard > > Sent: Friday, December 18, 2009 11:49 AM > > To: IETF TLS Working Group > > Subject: Re: [TLS] Summarizing identity change discussion so far > > > > On 2009-12-17 23:27 PST, Joseph Salowey (jsalowey) wrote: > > > I share the opinion that identity checking belongs in the > > application, > > > performed according to whatever mechanism is appropriate. > > We should > > > not be mandating any particular PKIX processing in the TLS specs. > > > > > > I also think if an application is not prepared to be aware of > > > renegotiation and handle any identity change associated > > with it then > > > renegotiation should be disabled. This implies that renegotiation > > > should be disabled by default and specifically enabled by an > > > application. So I would say > > > > > > "TLS implementations SHOULD disable renegotiation by > > default and offer > > > the applications the option to enable renegotiation. When an > > > application enables renegotiation it must handle identity > > processing > > > for each handshake." > > > > With my Idealist hat on, I agree with that 100%. But after > > 13.25 years of working on SSL/TLS libraries, I know that 98+% > > of the app developers who use TLS have no idea what that > > means or how to do it. IMO, they are likely to just call a > > function for each handshake that does the same thing as for > > the first handshake, validating the cert chain and (if we're > > lucky) checking that some aspect of the cert contains some > > expected name, without any regard to what prior certificates > > may have contained. > > > > > > So, IMO, it makes sense of TLS implementations to offer some > > sort of "default" handling of certs to attempt to ensure > > continuity of identity in the absence of something much > > better from the application. I'd suggest that, unless the > > applications direct them to do otherwise, perhaps by > > registering some callback, TLS implementations should check > > that the cert in a renegotiation is the same one as in the > > previous full handshake, either by memcmp of the entire cert, > > or by memcmp of the subject name and > > subjectAltName (if any). Anything less will ensure that > > most apps continue > > to get this wrong, IMO. > > [Joe] So ideally renegotiation would be disabled (perhaps after the > client is authenticated in a TLS handshake) unless application enables > it. The TLS implementation can implement some policy on how to match > identity from on handshake to the next, but I'm not confident that any > single specific policy will be the right policy for different > applications and deployments. > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Summarizing identity change discussion so f… Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] Summarizing identity change discussion … Stephen Farrell
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Eric Rescorla
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Stefan Santesson
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Michael Gray
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Kyle Hamilton
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Michael Gray
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Michael Gray
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Michael Gray
- Re: [TLS] Summarizing identity change discussion … Kyle Hamilton
- [TLS] OpenPGP Certs for TLS [was: Re: Summarizing… Daniel Kahn Gillmor
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] Summarizing identity change discussion … Kyle Hamilton
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Kyle Hamilton
- Re: [TLS] Summarizing identity change discussion … Peter Saint-Andre
- Re: [TLS] Summarizing identity change discussion … Peter Saint-Andre
- Re: [TLS] Summarizing identity change discussion … Peter Saint-Andre
- Re: [TLS] Summarizing identity change discussion … Peter Saint-Andre
- Re: [TLS] Summarizing identity change discussion … David-Sarah Hopwood
- Re: [TLS] Summarizing identity change discussion … Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] Summarizing identity change discussion … Marsh Ray
- Re: [TLS] Summarizing identity change discussion … Joseph Salowey (jsalowey)
- Re: [TLS] Summarizing identity change discussion … Stephen Farrell
- Re: [TLS] Summarizing identity change discussion … Martin Rex
- Re: [TLS] Summarizing identity change discussion … Nelson B Bolyard
- Re: [TLS] Summarizing identity change discussion … Nasko Oskov
- Re: [TLS] Summarizing identity change discussion … David-Sarah Hopwood
- Re: [TLS] Summarizing identity change discussion … David-Sarah Hopwood
- Re: [TLS] Summarizing identity change discussion … Joseph Salowey (jsalowey)
- Re: [TLS] Summarizing identity change discussion … Pasi.Eronen
- Re: [TLS] Summarizing identity change discussion … Joseph Salowey (jsalowey)