Re: [TLS] Update spec to match current practices for certificate chain order
mrex@sap.com (Martin Rex) Tue, 12 May 2015 16:06 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 945EF1A6EFB for <tls@ietfa.amsl.com>; Tue, 12 May 2015 09:06:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.351
X-Spam-Level:
X-Spam-Status: No, score=-5.351 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, J_CHICKENPOX_28=0.6, J_CHICKENPOX_29=0.6, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMM7WBKThbwP for <tls@ietfa.amsl.com>; Tue, 12 May 2015 09:06:03 -0700 (PDT)
Received: from smtpde01.smtp.sap-ag.de (smtpde01.smtp.sap-ag.de [155.56.68.170]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFDD91ACD56 for <tls@ietf.org>; Tue, 12 May 2015 09:05:58 -0700 (PDT)
Received: from mail05.wdf.sap.corp (mail05.sap.corp [194.39.131.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpde01.smtp.sap-ag.de (Postfix) with ESMTPS id 7E3462AA1F; Tue, 12 May 2015 18:05:56 +0200 (CEST)
X-purgate-ID: 152705::1431446756-00000B48-0D9C8549/0/0
X-purgate-size: 3823
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate-type: clean
X-SAP-SPAM-Status: clean
Received: from ld9781.wdf.sap.corp (ld9781.wdf.sap.corp [10.21.82.193]) by mail05.wdf.sap.corp (Postfix) with ESMTP id 4619441283; Tue, 12 May 2015 18:05:56 +0200 (CEST)
Received: by ld9781.wdf.sap.corp (Postfix, from userid 10159) id 3923C1B2EB; Tue, 12 May 2015 18:05:56 +0200 (CEST)
In-Reply-To: <a46388945a43eb199f843e505fcea6d9.squirrel@webmail.dreamhost.com>
To: ryan-ietftls@sleevi.com
Date: Tue, 12 May 2015 18:05:56 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20150512160556.3923C1B2EB@ld9781.wdf.sap.corp>
From: mrex@sap.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/WnbpAhnzMICuKDfnPtJViK_Uio4>
Cc: tls@ietf.org
Subject: Re: [TLS] Update spec to match current practices for certificate chain order
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2015 16:06:05 -0000
Ryan Sleevi wrote: > > If you're going to write a client that works on the Internet at large and > is capable of moving at the speed of the Internet, the best I can say is > "Cheer up and deal with it". Clients doing what you propose, rather than > the thing you hate, hold Internet security back, so I'm not terribly > sympathetic (e.g. https://access.redhat.com/articles/1413643 for the most > recent example) New 2048-bit rootCA certs have been around for several years, and the transition from old 1024-bit rootCAs to 2048-bit rootCAs is a non-problem. It definitely is *NOT* a problem for the existing requirements on the Certificate handshake message. Let's use the Web-Server above (https://access.redhat.com/) as example. (1) Server cert: (2048-bit RSA) Subject: CN=access.redhat.com Issuer: CN=VeriSign Akamai SureServer CA G14-SHA1 (2) ServerCA cert: (2048-bit RSA) Subject: CN=VeriSign Akamai SureServer CA G14-SHA1 Issuer: CN=Baltimore CyberTrust Root (3) CrossCA cert (2048-bit RSA, sha1WithRsaEncryption signature): Subject: CN=Baltimore CyberTrust Root Issuer: CN=GTE CyberTrust Global Root (4) (old) RootCA cert (1024-bit RSA) Subject: CN=GTE CyberTrust Global Root Issuer: CN=GTE CyberTrust Global Root The server https://access.redhat.com sends (1)+(2)+(3) from the above certificate path (and in the correct order), and is omitting only the self-signed 1024-bit RootCA cert (4) from the end of the path in the TLS Certificate Handshake message. FireFox 34.0.5 is a little weird, because it verifies the above path against the old 1024-bit RootCA, although it is in possession of the new Baltimore 2048-bit rootCA Certificate: (3b) new Baltimore RootCA cert (2048-bit RSA) Subject: CN=Baltimore CyberTrust Root Issuer: CN=Baltimore CyberTrust Root FireFox 37.0.1 seems to have been improved and properly recognize that it only needs (1)+(2) from the Servers certificate handshake message to verify the servers certificate against its (3b) trust anchor. Would the server at https://access.redhat.com/ only be sending (1)+(2) in the Certificate Handshake message, then old clients, which have the old 1024-bit GTE CyberTrust Gobal Root in their trust anchor store but not the new self-signed 2048-bit Baltimore Cybertrust Root, would not be able to verify the server certificate (because of the lack of that CrossCA cert). New clients, which have the new self-signed 2048-bit Baltimore CyberTrust Root should be able to recognize that they only need (1)+(2) from the Server Certificate to chain against a known trust anchor. FireFox 34.0.5 seems a little dense. Given the above path, when the client has the new 2048-bit Baltimore rootCA cert, then the client should always perform the verification against the new RootCA when the server Certificate handshake message starts with certificate (1)+(2), and independent of whether the certificate handshake message futher includes (3) or (3)+(4) or (3b). Valid alternative forward paths for the server are: (a) (1)+(2) (b) (1)+(2)+(3) (c) (1)+(2)+(3)+(4) (d) (1)+(2)+(3b) and (b) or (c) will have a higher likelyhood of interop that (a) or (d) because of the legacy clients in the installed base. Now in case that a client has (2) configured as a trust anchor, it would only be using (1) from the Server certificate handshake message (and ignore the other included certificates), and in case that a client as (1) configured as a trust anchor, it would also only be looking at certificate (1), determining that it has this certificate configured as trust anchor, and perform all checks based on that local trust anchor. -Martin
- [TLS] Update spec to match current practices for … Dave Garrett
- Re: [TLS] Update spec to match current practices … Yoav Nir
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Fabrice Gautier
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Geoffrey Keating
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Ben Laurie
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Kemp, David P.
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Kemp, David P.
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Geoff Keating
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Salz, Rich
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Dave Garrett
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Ben Laurie
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Peter Gutmann
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Ilari Liusvaara
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Watson Ladd
- Re: [TLS] Update spec to match current practices … Viktor Dukhovni
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Ryan Sleevi
- Re: [TLS] Update spec to match current practices … Martin Rex
- Re: [TLS] Update spec to match current practices … Ryan Sleevi