IETF Logo Mail Archive

Re: [TLS] Summary of discussion regarding spontaneuous authentication

Joseph Salowey <joe@salowey.net> Wed, 22 October 2014 16:51 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B7201ACDAA for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 09:51:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7TmLGmJ1tPl for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 09:51:52 -0700 (PDT)
Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D316D1ACE23 for <tls@ietf.org>; Wed, 22 Oct 2014 09:51:51 -0700 (PDT)
Received: by mail-qc0-f182.google.com with SMTP id i17so3035420qcy.27 for <tls@ietf.org>; Wed, 22 Oct 2014 09:51:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=pTZ5tIECa6hkxpbs2N907cUZJj8gN6jhzds1mjrDvw4=; b=C6y5IyZCyjS+Ray2NPGd/L3AGcbhi67DImgXL1jeav7uLfez6RBvBccj2u/bFo4pLU ItOTWiShGlwxdLIfEcd6kfQyNLnXEFHKvTNwd71ZZI4wPJrEfScwrzq9KNFD/2EkDr/3 RlKkMqCaTlbcrCZehwHn5nMPqxiIMzt1REhSLrUTaA8PUfTfVUoUvzVifUhJNC42wN1s XjpZcQxWMdhkzyfT99j0aNTy4BCg/QD1u8AoBOEgwH90eCG4cf1UFj+IiN3KxoAQpPZ+ opFlZ+ANlrBvuPeSNCGYmDTTiAb+p68OKOcQ4C2JYpQgJ+3ulh4rdOLU4epLrb8yRq+S WTow==
X-Gm-Message-State: ALoCoQkhZw24GpoANbtrSgnf7M2biCL3tN/uFV/TJzjyXTP+/aewRaLyjZEgfJtJimlrt2CpgWPH
MIME-Version: 1.0
X-Received: by 10.140.17.67 with SMTP id 61mr54146650qgc.59.1413996706446; Wed, 22 Oct 2014 09:51:46 -0700 (PDT)
Received: by 10.96.166.35 with HTTP; Wed, 22 Oct 2014 09:51:46 -0700 (PDT)
X-Originating-IP: [2601:8:b300:a5:e403:155c:52c9:7844]
In-Reply-To: <20141022151819.44A791AF05@ld9781.wdf.sap.corp>
References: <CABkgnnXAk+HU2yaUJdOQ0w-heHwYrPK6Zf3HrH5tU+2Tk7_cCA@mail.gmail.com> <20141022151819.44A791AF05@ld9781.wdf.sap.corp>
Date: Wed, 22 Oct 2014 09:51:46 -0700
Message-ID: <CAOgPGoABYDNRNuga5Y2s=8eBFTAp3CD48bsSSv5Wy986XE=Pkw@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
To: mrex@sap.com
Content-Type: multipart/alternative; boundary="001a11c0fa2866d68f050605c368"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/b0pN3ZNWWaQM1lhs3cY4GpjNNPU
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 16:51:54 -0000

On Wed, Oct 22, 2014 at 8:18 AM, Martin Rex <mrex@sap.com> wrote:

> Martin Thomson wrote:
> >
> > We discussed the removal of the CertificateRequest and we will permit
> > the client to unilaterally send authentication.
> >
> > The theory here is that clients tend to know whether they need to
> > authenticate.
>
> This looks like a bad idea to me.
> The by far most important information in the current CertificateRequest
> handshake message is the "certification_authorities" field, which indicates
> certificate issuers which the server considers acceptable.
> In SSLv3 and TLSv1.0 the certificate_authorities field was required
> to be non-empty and no (server) behaviour was defined for the meaning
> of an empty certification_authorities field in CertificateRequest.
>
> The TLSv1.1 and TLSv1.2 specification contain a defect in that they
> modified the PDU definition to allow an empty certification_authorities
> field in CertificateRequest, but failed to define (require) a server
> behaviour when the server does not send this information.
> Without the requirement, that the serer MUST NOT abort the TLS handshake
> when sending an empty certificate_authorities and receiving a certificate
> which it does not trust, the use of an empty certificate_authorities
> field does not make sense.
>
>
> With recent versions of Lync, Microsoft seems to automatically create a
> Lync-specific "SSL client identity" that works for nothing but Lync, but
> will successfully interfere with SSL client credentials selections when
> browsers are using an SSL client identity for accessing regular Web sites.
>
> To make SSL client certificate authentication work reasonably
> a CertificateRequest that conveys acceptable certificate_authorities
> for the specific handshake is absolutely necessary.
>
> Apple Safari seems to be notoriously broken when it comes to SSL client
> certificate selection, because it fails to process the
> certificate_authorities
> field from a CertificateRequest handshake message and remove obviously
> unacceptable certs from the list of credentials that the user is
> presented to select from.   I've had customers report connection
> failures to our AppServers, and from the server-side error messages
> I could see that the client was trying to connect with some appleid
> certificate that our server didn't trust (and certainly never announced
> in the CertificateRequest.certificate_authorities field.
>
> Microsoft had a similar problem in WinHTTP in 2005
> http://support.microsoft.com/kb/909425/en
>
> After WinHTTP was fixed to provide the necessary information
> to application callers, it is still necessary for application callers
> to actually _use_ that information to select only acceptable certificates,
> and that seems to take years to happen.
> This is the fix for Office/WebDAV:
> http://support.microsoft.com/kb/2647954/en
>
> And Apple Safari 4 Windows also still has this bug today.
>
>
> With the certificate_authorities field in the current CertificateRequest
> handshake message, these are only (fixable) bugs.  With the removal
> of the CertificateRequest handshake message, this problem would be
> promoted to a TLSv1.3 protocol design flaw, and become unfixable.
>
>
[Joe]  I'm also concerned that removing the certificate request in favor of
some application indication will leave behind applications that do not
currently have a mechanism to communicate this.   If we are going to remove
the certificate request I think we will need to communicate this
information in the handshake itself or perhaps have a "reconnection
request".




>
> -Martin
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email