Re: [TLS] WWW-Authenticate challenge for client-certificates

Marsh Ray <> Wed, 20 January 2010 16:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B13C43A6855 for <>; Wed, 20 Jan 2010 08:06:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id I4OJiM8bF-i5 for <>; Wed, 20 Jan 2010 08:06:07 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 95CBE3A681E for <>; Wed, 20 Jan 2010 08:06:07 -0800 (PST)
Received: from ([]) by with esmtpa (Exim 4.68) (envelope-from <>) id 1NXd4E-0004gW-U5; Wed, 20 Jan 2010 16:06:03 +0000
Received: from [] (localhost []) by (Postfix) with ESMTP id 1DA6C631F; Wed, 20 Jan 2010 16:05:57 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Report-Abuse-To: (see for abuse reporting information)
X-MHO-User: U2FsdGVkX1+7AlvuOxZDSE209QgIiu3kCye8Djw4B68=
Message-ID: <>
Date: Wed, 20 Jan 2010 10:05:57 -0600
From: Marsh Ray <>
User-Agent: Thunderbird (Windows/20090812)
MIME-Version: 1.0
To: Bruno Harbulot <>
References: <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 0.96.0
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] WWW-Authenticate challenge for client-certificates
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Jan 2010 16:06:08 -0000

Bruno Harbulot wrote:
> IIS (and the .Net HTTP framework) seems to be configured by default not
> to request a certificate, but to request one only at a later point,
> depending on what the HTTP request is trying to access. I'm not sure if
> this is the commercial vendor you had in mind, but this one does indeed
> use re-negotiation by default (unless configured with
> clientcertnegotiation=true with netsh), but I can't find much
> information from MS about CVE-2009-3555 anyway.

Configuring a multi-purpose web server to allow an optional client
certificate can have the side effect of popping up a 'choose cert'
dialog in the user's web browser, whether they are likely to need one or
not. Not something you want on your home page.

I think it's mainly for this reason that certs are not accepted on the
initial connection.

> Yes, I think such a header 'WWW-Authenticate' could also include a
> parameter to have a hint of which certificate to send. I'm not sure
> whether the request resent should have an 'Authorization' header, since
> the credentials would be obtainable from the the TLS layer anyway.

You might have to specify everything that would be specified in the TLS
Certificate Request message, and add to that your enhancements.

RFC 2246:
>        enum {
>            rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
>            (255)
>        } ClientCertificateType;
>        opaque DistinguishedName<1..2^16-1>;
>        struct {
>            ClientCertificateType certificate_types<1..2^8-1>;
>            DistinguishedName certificate_authorities<3..2^16-1>;
>        } CertificateRequest;
>        certificate_types
>               This field is a list of the types of certificates requested,
>               sorted in order of the server's preference.
>        certificate_authorities
>            A list of the distinguished names of acceptable certificate
>            authorities. These distinguished names may specify a desired
>            distinguished name for a root CA or for a subordinate CA;
>            thus, this message can be used both to describe known roots
>            and a desired authorization space.
>  Note: DistinguishedName is derived from [X509].
>  Note: It is a fatal handshake_failure alert for an anonymous server to
>        request client identification.

- Marsh