Re: [TLS] draft-ietf-tls-cached-info-14
mrex@sap.com (Martin Rex) Wed, 10 April 2013 15:27 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1C3021F9774 for <tls@ietfa.amsl.com>; Wed, 10 Apr 2013 08:27:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.249
X-Spam-Level:
X-Spam-Status: No, score=-10.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nZLJTBJlIi55 for <tls@ietfa.amsl.com>; Wed, 10 Apr 2013 08:27:42 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id E032B21F98DF for <tls@ietf.org>; Wed, 10 Apr 2013 08:27:34 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id r3AFRPrP000512 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 10 Apr 2013 17:27:25 +0200 (MEST)
In-Reply-To: <0a1801ce35fa$10283650$3078a2f0$@ditenity.com>
To: Piyush Jain <piyush@ditenity.com>
Date: Wed, 10 Apr 2013 17:27:25 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20130410152725.504F61A6A1@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-cached-info-14
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2013 15:27:43 -0000
Piyush Jain wrote: > > Please keep in mind that the certificate chain sequence can be changed at > > any time. Any mechanism used would need to take that into consideration. > > [Piyush] Not sure if I understood it correctly. TLS has strict guidelines on > sequence of certificates in the chain. This is the theory. In theory, theory and practice are the same, in practice, they differ. Although the SSLv3 and *ALL* TLS specs have always been very clear that the correct ording of certificates in the TLS Certificate handshake message is a MUST requirement, as well as that only the self-signed rootCA cert at the end of the path may be omitted, a number of TLS implementations are notoriously broken in that they will send arbitrary garbled paths that may include alien certs and even expired certs in Certificate handshake messages (rather than telling the server admin that the configuration is incorrect). Although this is not even mentioned in the TLS spec, a number of SSL and TLS clients will perform various hacks to accomodate for such broken TLS server implementations, ranging from simple reordering of certificate, to the extreme of using only the very first certificate from the servers TLS Certificate handshake message, throw the remaining certificates into a large pool of candidate path certificates and perform a full certificate path discovery. The latter can lead to seemingly non-deterministic behaviour with some TLS servers that omit more than the self-signed rootCA cert from the Certificate handshake message, such as intermediate CA certs, and the client behaviour changes from handshake failure (untrusted cert) to successful handshake when that "large pool" of cached certs coincidentally contains the missing intermediate cert from a prior TLS handshake with a correctly configured TLS Server whose server cert was issued by the same (intermediate) CA. I remember that in march 2001 "https://www.verisign.com" was sending and expired VeriSign rootCA certificate in the server certificate handshake message. When I reported this defect to VeriSign Support, they did (at least initially) not understand that this indicated (a) a defect (or at least significant sloppiness) in their server's SSL/TLS implementation and (b) a server configuration errror. -Martin
- [TLS] draft-ietf-tls-cached-info-14 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-cached-info-14 Sean Turner
- Re: [TLS] draft-ietf-tls-cached-info-14 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-cached-info-14 Sean Turner
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Piyush Jain
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Piyush Jain
- Re: [TLS] draft-ietf-tls-cached-info-14 Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Piyush Jain
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-14 Piyush Jain
- Re: [TLS] draft-ietf-tls-cached-info-14 Piyush Jain
- Re: [TLS] draft-ietf-tls-cached-info-14 Martin Rex