Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to Proposed Standard
Eric Rescorla <ekr@rtfm.com> Fri, 01 June 2012 21:59 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D715A21F887D for <tls@ietfa.amsl.com>; Fri, 1 Jun 2012 14:59:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.91
X-Spam-Level:
X-Spam-Status: No, score=-102.91 tagged_above=-999 required=5 tests=[AWL=-0.067, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTTP_ESCAPED_HOST=0.134, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r3z+rego6LYI for <tls@ietfa.amsl.com>; Fri, 1 Jun 2012 14:59:34 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 2A91B21F887C for <tls@ietf.org>; Fri, 1 Jun 2012 14:59:34 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so1762284vbb.31 for <tls@ietf.org>; Fri, 01 Jun 2012 14:59:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding :x-gm-message-state; bh=pXDufyz1I9kxuzzZn1vTQl3hC4KzrnJ0H9oUWvMUxOY=; b=OudtDd1eWpyHg3TOK4cGjtOCi7O7TNWZbBYbpqr1mG4TJWF1bz9oABa09hmUrc4ZSQ KVNZhZ1o1aICxnuDLTNGfQVFu00QCD1GExGpmxYTEXDaDh2ukb93G1y7EX5D15AooFbv 8tpfy5vnoenit0+mweWIdZJ3fYYfxMIcFw4EZvJ11Ef0IzkFk5fa+ccregH/P8BmLhGT llP5QfdRIM0U7rp+WcN+vKT/JJt+U0SHKMIBA2OTciRTDDu+nd3L7pNVchkV1GfiYCJm 9dUUvCUMhIg2HjYVSl5pf+v+0LljLA58bWMXnq355csMP9/FFgZI1VkDtEH3BXMdYG+G vzog==
Received: by 10.52.88.170 with SMTP id bh10mr944326vdb.11.1338587973579; Fri, 01 Jun 2012 14:59:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.35.209 with HTTP; Fri, 1 Jun 2012 14:58:53 -0700 (PDT)
X-Originating-IP: [63.245.220.224]
In-Reply-To: <m2wr3qya40.fsf@localhost.localdomain>
References: <20120601164205.25357.54620.idtracker@ietfa.amsl.com> <4FC8F1AF.2040409@stpeter.im> <CABcZeBN4rwJuL8_vvYfPZJyE_WU_+tmSzLf2njPeqx0Ewgx64g@mail.gmail.com> <op.we8nss1yqrq7tp@acorna.invalid.invalid> <CABcZeBMFAXeXBK1Cs5jnvbTmJms7NUqhrmJd4x2N2DxedQUk=A@mail.gmail.com> <m21ulyzr92.fsf@localhost.localdomain> <CABcZeBP6j6sfPs-1xB7ijAVU1HQNZfY8c2Zk3_O7j0fkgQK0xw@mail.gmail.com> <m2wr3qya40.fsf@localhost.localdomain>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 01 Jun 2012 14:58:53 -0700
Message-ID: <CABcZeBMfa++rwDfP5JJxC-qDvkZOTXpPAX_taEUzkPVwaUFKuA@mail.gmail.com>
To: Geoffrey Keating <geoffk@geoffk.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQnsNIbj89Uvi23IKKqKygkIIg2+R46XQGA7qc1ILUojBr9jg0PzZCAjHaJXukBL8mDLOCXu
Cc: tls@ietf.org
Subject: Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 21:59:34 -0000
On Fri, Jun 1, 2012 at 2:51 PM, Geoffrey Keating <geoffk@geoffk.org> wrote: > Eric Rescorla <ekr@rtfm.com> writes: > >> On Fri, Jun 1, 2012 at 1:55 PM, Geoffrey Keating <geoffk@geoffk.org> wrote: >> > Eric Rescorla <ekr@rtfm.com> writes: >> > >> >> On Fri, Jun 1, 2012 at 12:15 PM, Yngve N. Pettersen (Developer Opera >> >> Software ASA) <yngve@opera.com> wrote: >> >> > - Update sec. 3.1 to use RFC 6125 for the server identity. >> >> >> >> I'm not sure I agree with this. 2818 is intended to document HTTPS client >> >> behavior. This may or may not be what we recommend for other protocols >> >> (and indeed, the terms under which 6125 was approved included that >> >> it not override 2818 for HTTPS). >> > >> > One substantive change here is that instead of "MUST" for using the >> > commonName field, it would become "MAY". I think this is an >> > appropriate change, especially given that clients will not always >> > accept the commonName field (for example, if it contains spaces, or if >> > it isn't in DNS 'preferred name syntax', >> >> I'm not sure I follow this. If the CN isn't a valid domain name, then >> won't it fail to match the DNS name it is intended to match? >> What am I missing? > > Suppose you have a cookie for ".example.com" which I'd like to steal. > I MITM you but you're using SSL and the cookie is marked as 'secure' > so I can't just grab it. I manage to acquire a valid e-mail > certificate with a common name of "somename@mail.example.com". Now I > fake your DNS so that 'somename@mail.example.com' appears to be a valid > hostname (that is, I cause your DNS request to return an A record for > 'somename@mail' in the domain 'example.com') pointing at my server, and > wait for you to open a non-TLS web page, in which I inject HTML which > includes a frame or an image from > 'https://somename%40mail.example.com/somefile'. The cookie will be sent > as part of this request, and it'll be sent to my server. > > The name 'somename@mail' is not in the 'preferred name syntax' but DNS > will quite happily serve it---DNS labels are 8-bit strings that can > even contain NUL characters. OK, I see the issue. I do wonder how a browser would actually behave in this case. I.e., I would hope that it would either parse this as https://mail.example.com/ with a username of somename or alternately expect that the certificate contain the %40, but regardless I agree it's not great. > Another approach is that I could get a certificate with a common name > of 'Some Name'. If your DNS search path is set to include > 'example.com' (or if I can force this by controlling your DHCP), I > might be able to do the same thing with a URL of > 'https://Some%20Name/somefile'. Wouldn't this be an issue with or without a space? I.e., I get a certificate with CN "foo" and then serve https://foo/? -Ekr
- [TLS] Last Call: RFC 2818 (HTTP Over TLS) to Prop… IESG Secretary
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Peter Saint-Andre
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Kyle Hamilton
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Eric Rescorla
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Eric Rescorla
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Martin Rex
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Sean Turner
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Paul Hoffman
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Peter Saint-Andre
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Nico Williams
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Eric Rescorla
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Eric Rescorla
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Peter Saint-Andre
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Sean Turner
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Geoffrey Keating
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Eric Rescorla
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Geoffrey Keating
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Peter Saint-Andre
- Re: [TLS] Last Call: RFC 2818 (HTTP Over TLS) to … Eric Rescorla