Re: [TLS] Summary of discussion regarding spontaneuous authentication
Joseph Salowey <joe@salowey.net> Wed, 22 October 2014 16:51 UTC
Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B7201ACDAA for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 09:51:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7TmLGmJ1tPl for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 09:51:52 -0700 (PDT)
Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D316D1ACE23 for <tls@ietf.org>; Wed, 22 Oct 2014 09:51:51 -0700 (PDT)
Received: by mail-qc0-f182.google.com with SMTP id i17so3035420qcy.27 for <tls@ietf.org>; Wed, 22 Oct 2014 09:51:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=pTZ5tIECa6hkxpbs2N907cUZJj8gN6jhzds1mjrDvw4=; b=C6y5IyZCyjS+Ray2NPGd/L3AGcbhi67DImgXL1jeav7uLfez6RBvBccj2u/bFo4pLU ItOTWiShGlwxdLIfEcd6kfQyNLnXEFHKvTNwd71ZZI4wPJrEfScwrzq9KNFD/2EkDr/3 RlKkMqCaTlbcrCZehwHn5nMPqxiIMzt1REhSLrUTaA8PUfTfVUoUvzVifUhJNC42wN1s XjpZcQxWMdhkzyfT99j0aNTy4BCg/QD1u8AoBOEgwH90eCG4cf1UFj+IiN3KxoAQpPZ+ opFlZ+ANlrBvuPeSNCGYmDTTiAb+p68OKOcQ4C2JYpQgJ+3ulh4rdOLU4epLrb8yRq+S WTow==
X-Gm-Message-State: ALoCoQkhZw24GpoANbtrSgnf7M2biCL3tN/uFV/TJzjyXTP+/aewRaLyjZEgfJtJimlrt2CpgWPH
MIME-Version: 1.0
X-Received: by 10.140.17.67 with SMTP id 61mr54146650qgc.59.1413996706446; Wed, 22 Oct 2014 09:51:46 -0700 (PDT)
Received: by 10.96.166.35 with HTTP; Wed, 22 Oct 2014 09:51:46 -0700 (PDT)
X-Originating-IP: [2601:8:b300:a5:e403:155c:52c9:7844]
In-Reply-To: <20141022151819.44A791AF05@ld9781.wdf.sap.corp>
References: <CABkgnnXAk+HU2yaUJdOQ0w-heHwYrPK6Zf3HrH5tU+2Tk7_cCA@mail.gmail.com> <20141022151819.44A791AF05@ld9781.wdf.sap.corp>
Date: Wed, 22 Oct 2014 09:51:46 -0700
Message-ID: <CAOgPGoABYDNRNuga5Y2s=8eBFTAp3CD48bsSSv5Wy986XE=Pkw@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
To: mrex@sap.com
Content-Type: multipart/alternative; boundary="001a11c0fa2866d68f050605c368"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/b0pN3ZNWWaQM1lhs3cY4GpjNNPU
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 16:51:54 -0000
On Wed, Oct 22, 2014 at 8:18 AM, Martin Rex <mrex@sap.com> wrote: > Martin Thomson wrote: > > > > We discussed the removal of the CertificateRequest and we will permit > > the client to unilaterally send authentication. > > > > The theory here is that clients tend to know whether they need to > > authenticate. > > This looks like a bad idea to me. > The by far most important information in the current CertificateRequest > handshake message is the "certification_authorities" field, which indicates > certificate issuers which the server considers acceptable. > In SSLv3 and TLSv1.0 the certificate_authorities field was required > to be non-empty and no (server) behaviour was defined for the meaning > of an empty certification_authorities field in CertificateRequest. > > The TLSv1.1 and TLSv1.2 specification contain a defect in that they > modified the PDU definition to allow an empty certification_authorities > field in CertificateRequest, but failed to define (require) a server > behaviour when the server does not send this information. > Without the requirement, that the serer MUST NOT abort the TLS handshake > when sending an empty certificate_authorities and receiving a certificate > which it does not trust, the use of an empty certificate_authorities > field does not make sense. > > > With recent versions of Lync, Microsoft seems to automatically create a > Lync-specific "SSL client identity" that works for nothing but Lync, but > will successfully interfere with SSL client credentials selections when > browsers are using an SSL client identity for accessing regular Web sites. > > To make SSL client certificate authentication work reasonably > a CertificateRequest that conveys acceptable certificate_authorities > for the specific handshake is absolutely necessary. > > Apple Safari seems to be notoriously broken when it comes to SSL client > certificate selection, because it fails to process the > certificate_authorities > field from a CertificateRequest handshake message and remove obviously > unacceptable certs from the list of credentials that the user is > presented to select from. I've had customers report connection > failures to our AppServers, and from the server-side error messages > I could see that the client was trying to connect with some appleid > certificate that our server didn't trust (and certainly never announced > in the CertificateRequest.certificate_authorities field. > > Microsoft had a similar problem in WinHTTP in 2005 > http://support.microsoft.com/kb/909425/en > > After WinHTTP was fixed to provide the necessary information > to application callers, it is still necessary for application callers > to actually _use_ that information to select only acceptable certificates, > and that seems to take years to happen. > This is the fix for Office/WebDAV: > http://support.microsoft.com/kb/2647954/en > > And Apple Safari 4 Windows also still has this bug today. > > > With the certificate_authorities field in the current CertificateRequest > handshake message, these are only (fixable) bugs. With the removal > of the CertificateRequest handshake message, this problem would be > promoted to a TLSv1.3 protocol design flaw, and become unfixable. > > [Joe] I'm also concerned that removing the certificate request in favor of some application indication will leave behind applications that do not currently have a mechanism to communicate this. If we are going to remove the certificate request I think we will need to communicate this information in the handshake itself or perhaps have a "reconnection request". > > -Martin > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Summary of discussion regarding spontaneuou… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Tom Ritter
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Watson Ladd
- Re: [TLS] Summary of discussion regarding spontan… Eric Rescorla
- Re: [TLS] Summary of discussion regarding spontan… Watson Ladd
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Martin Rex
- Re: [TLS] Summary of discussion regarding spontan… Salz, Rich
- Re: [TLS] Summary of discussion regarding spontan… Tom Ritter
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Andrei Popov
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Eric Rescorla
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Peter Gutmann
- Re: [TLS] Summary of discussion regarding spontan… Santosh Chokhani