Re: [TLS] Summary of discussion regarding spontaneuous authentication
Andrei Popov <Andrei.Popov@microsoft.com> Wed, 22 October 2014 19:20 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 983991AD1BA for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 12:20:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S3EiwFUwTr-A for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 12:20:07 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0116.outbound.protection.outlook.com [65.55.169.116]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAA1D1AD03D for <tls@ietf.org>; Wed, 22 Oct 2014 12:20:06 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB418.namprd03.prod.outlook.com (10.141.92.13) with Microsoft SMTP Server (TLS) id 15.0.1054.13; Wed, 22 Oct 2014 19:20:04 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.1054.004; Wed, 22 Oct 2014 19:20:04 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Joseph Salowey <joe@salowey.net>, "mrex@sap.com" <mrex@sap.com>
Thread-Topic: [TLS] Summary of discussion regarding spontaneuous authentication
Thread-Index: AQHP7fDMBbHKs/HZikCNW7QhrPmUL5w8OvCAgAAaHACAACXv0A==
Date: Wed, 22 Oct 2014 19:20:04 +0000
Message-ID: <4d4ef6ab70914023988340e2ca9f02d1@BL2PR03MB419.namprd03.prod.outlook.com>
References: <CABkgnnXAk+HU2yaUJdOQ0w-heHwYrPK6Zf3HrH5tU+2Tk7_cCA@mail.gmail.com> <20141022151819.44A791AF05@ld9781.wdf.sap.corp> <CAOgPGoABYDNRNuga5Y2s=8eBFTAp3CD48bsSSv5Wy986XE=Pkw@mail.gmail.com>
In-Reply-To: <CAOgPGoABYDNRNuga5Y2s=8eBFTAp3CD48bsSSv5Wy986XE=Pkw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [2001:4898:80e8:ed31::3]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB418;
x-exchange-antispam-report-test: UriScan:;
x-forefront-prvs: 037291602B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(3905003)(377454003)(199003)(189002)(24454002)(19609705001)(40100003)(15975445006)(87936001)(2656002)(85306004)(108616004)(92566001)(122556002)(85852003)(19580395003)(86362001)(19580405001)(15202345003)(76576001)(74316001)(19300405004)(106116001)(33646002)(19617315012)(105586002)(16236675004)(107046002)(99396003)(120916001)(106356001)(76482002)(21056001)(80022003)(95666004)(46102003)(99286002)(64706001)(86612001)(20776003)(4396001)(54356999)(31966008)(50986999)(97736003)(76176999)(101416001)(19625215002)(2501002)(24736002)(562404015); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB418; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_4d4ef6ab70914023988340e2ca9f02d1BL2PR03MB419namprd03pro_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/RSZyOxdZyWU2ibLfUk_Qgb5zDs8
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 19:20:16 -0000
I have the same concern as Joe: not all applications have a mechanism in place to request TLS client auth; such apps would not be able to use TLS1.3. Nor is it desirable to update all the application protocols that use TLS client auth. We need this mechanism in the TLS handshake, and perhaps we can do better than CertificateRequest: certificate type and trusted issuers list are not the only useful credential selection criteria. Cheers, Andrei From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Joseph Salowey Sent: Wednesday, October 22, 2014 9:52 AM To: mrex@sap.com Cc: tls@ietf.org Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication On Wed, Oct 22, 2014 at 8:18 AM, Martin Rex <mrex@sap.com<mailto:mrex@sap.com>> wrote: Martin Thomson wrote: > > We discussed the removal of the CertificateRequest and we will permit > the client to unilaterally send authentication. > > The theory here is that clients tend to know whether they need to > authenticate. This looks like a bad idea to me. The by far most important information in the current CertificateRequest handshake message is the "certification_authorities" field, which indicates certificate issuers which the server considers acceptable. In SSLv3 and TLSv1.0 the certificate_authorities field was required to be non-empty and no (server) behaviour was defined for the meaning of an empty certification_authorities field in CertificateRequest. The TLSv1.1 and TLSv1.2 specification contain a defect in that they modified the PDU definition to allow an empty certification_authorities field in CertificateRequest, but failed to define (require) a server behaviour when the server does not send this information. Without the requirement, that the serer MUST NOT abort the TLS handshake when sending an empty certificate_authorities and receiving a certificate which it does not trust, the use of an empty certificate_authorities field does not make sense. With recent versions of Lync, Microsoft seems to automatically create a Lync-specific "SSL client identity" that works for nothing but Lync, but will successfully interfere with SSL client credentials selections when browsers are using an SSL client identity for accessing regular Web sites. To make SSL client certificate authentication work reasonably a CertificateRequest that conveys acceptable certificate_authorities for the specific handshake is absolutely necessary. Apple Safari seems to be notoriously broken when it comes to SSL client certificate selection, because it fails to process the certificate_authorities field from a CertificateRequest handshake message and remove obviously unacceptable certs from the list of credentials that the user is presented to select from. I've had customers report connection failures to our AppServers, and from the server-side error messages I could see that the client was trying to connect with some appleid certificate that our server didn't trust (and certainly never announced in the CertificateRequest.certificate_authorities field. Microsoft had a similar problem in WinHTTP in 2005 http://support.microsoft.com/kb/909425/en After WinHTTP was fixed to provide the necessary information to application callers, it is still necessary for application callers to actually _use_ that information to select only acceptable certificates, and that seems to take years to happen. This is the fix for Office/WebDAV: http://support.microsoft.com/kb/2647954/en And Apple Safari 4 Windows also still has this bug today. With the certificate_authorities field in the current CertificateRequest handshake message, these are only (fixable) bugs. With the removal of the CertificateRequest handshake message, this problem would be promoted to a TLSv1.3 protocol design flaw, and become unfixable. [Joe] I'm also concerned that removing the certificate request in favor of some application indication will leave behind applications that do not currently have a mechanism to communicate this. If we are going to remove the certificate request I think we will need to communicate this information in the handshake itself or perhaps have a "reconnection request". -Martin _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
- [TLS] Summary of discussion regarding spontaneuou… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Tom Ritter
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Watson Ladd
- Re: [TLS] Summary of discussion regarding spontan… Eric Rescorla
- Re: [TLS] Summary of discussion regarding spontan… Watson Ladd
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Martin Rex
- Re: [TLS] Summary of discussion regarding spontan… Salz, Rich
- Re: [TLS] Summary of discussion regarding spontan… Tom Ritter
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Andrei Popov
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Eric Rescorla
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Peter Gutmann
- Re: [TLS] Summary of discussion regarding spontan… Santosh Chokhani