Re: [TLS] Update spec to match current practices for certificate chain order

mrex@sap.com (Martin Rex) Fri, 08 May 2015 15:51 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 180191A9235 for <tls@ietfa.amsl.com>; Fri, 8 May 2015 08:51:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.551
X-Spam-Level:
X-Spam-Status: No, score=-6.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbr7g94s5vfk for <tls@ietfa.amsl.com>; Fri, 8 May 2015 08:51:57 -0700 (PDT)
Received: from smtpde01.smtp.sap-ag.de (smtpde01.smtp.sap-ag.de [155.56.68.170]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A7611A90A2 for <tls@ietf.org>; Fri, 8 May 2015 08:51:57 -0700 (PDT)
Received: from mail05.wdf.sap.corp (mail05.sap.corp [194.39.131.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpde01.smtp.sap-ag.de (Postfix) with ESMTPS id 46F942AFFA; Fri, 8 May 2015 17:51:56 +0200 (CEST)
X-purgate-ID: 152705::1431100316-00000B48-7EB6F153/0/0
X-purgate-size: 931
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate-type: clean
X-SAP-SPAM-Status: clean
Received: from ld9781.wdf.sap.corp (ld9781.wdf.sap.corp [10.21.82.193]) by mail05.wdf.sap.corp (Postfix) with ESMTP id 3489843EED; Fri, 8 May 2015 17:51:56 +0200 (CEST)
Received: by ld9781.wdf.sap.corp (Postfix, from userid 10159) id 2AF6F1B2DE; Fri, 8 May 2015 17:51:56 +0200 (CEST)
In-Reply-To: <m2oalwypd8.fsf@localhost.localdomain>
To: Geoffrey Keating <geoffk@geoffk.org>
Date: Fri, 8 May 2015 17:51:56 +0200 (CEST)
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20150508155156.2AF6F1B2DE@ld9781.wdf.sap.corp>
From: mrex@sap.com (Martin Rex)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/_G1PqYr9WM-UEijp2FaZGKssHNE>
Cc: tls@ietf.org
Subject: Re: [TLS] Update spec to match current practices for certificate chain order
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2015 15:51:59 -0000

The _existing_ description of the Contents of the TLS Certificate
handshake message is among the few things that I really like in the TLS
specification, and I believe that none of the proposed changes improves
it, but many break it, or break it badly.

Geoffrey Keating wrote:
> 
> This explicitly allows the sender to send multiple certificates for
> itself, which would simplify a bunch of problems; SNI is no longer
> necessary (but still desirable), and it's no longer necessary to
> negotiate the certificate signing algorithms.

Huh???

This doesn't compute.  There is just one digitally-signed object
(or static RSA key exchange in TLS up to v1.2), so there is no
"choice" among multiple server certificates.

And every sensibly managed public CA ought to refuse signing the
same public key for different names/identities/attributes (i.e.
issuing different certs with the same public key).


-Martin