IETF Logo Mail Archive

Re: [TLS] Awkward Handshake: Possible mismatch of client/server view on client authentication in post-handshake mode in Revision 18

Andrei Popov <Andrei.Popov@microsoft.com> Tue, 14 February 2017 18:15 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3B3312949F for <tls@ietfa.amsl.com>; Tue, 14 Feb 2017 10:15:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SLR_SUkTqyXu for <tls@ietfa.amsl.com>; Tue, 14 Feb 2017 10:15:37 -0800 (PST)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0117.outbound.protection.outlook.com [104.47.34.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C726E129689 for <tls@ietf.org>; Tue, 14 Feb 2017 10:15:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uW83guSmEUWaVKef5UZ9NzlPZiYXeRYcL3fbWjt3fLg=; b=iJX2zGkOoGg3NNV1t3P5gGkrug01hEISFs4xcaAFIuscWrZc2GcTGx5wH6BgBSNF05SBysNUZuQKUGW+YL7LNdvt8O8ls2xYTL5VRsjL6Gh3Scl7eKfmbk2E+mv5eJ/GXmCG9FEOUiSCNX3ep5RsiCT9f5lZRmSaHVVzGLmIOHQ=
Received: from CY1PR0301MB0842.namprd03.prod.outlook.com (10.160.163.148) by CY1PR0301MB0843.namprd03.prod.outlook.com (10.160.163.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Tue, 14 Feb 2017 18:15:37 +0000
Received: from CY1PR0301MB0842.namprd03.prod.outlook.com ([10.160.163.148]) by CY1PR0301MB0842.namprd03.prod.outlook.com ([10.160.163.148]) with mapi id 15.01.0888.030; Tue, 14 Feb 2017 18:15:37 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: David Wong <davidwong.crypto@gmail.com>, David Benjamin <davidben@chromium.org>
Thread-Topic: [TLS] Awkward Handshake: Possible mismatch of client/server view on client authentication in post-handshake mode in Revision 18
Thread-Index: AQHShfVLh43MYmEytkO14a3ComoThqFooDUAgAAGc4CAAAlfgIAAHR8A
Date: Tue, 14 Feb 2017 18:15:36 +0000
Message-ID: <CY1PR0301MB08426CD005E640B9865D1BC38C580@CY1PR0301MB0842.namprd03.prod.outlook.com>
References: <CABdrxL6qupAu+Ztxw7BU1e-eoy-kfJKRQq+ZZyoKokXHNZEoZQ@mail.gmail.com> <local-bdf4ca0e-d529@nylas-mail.nylas.com> <CAF8qwaBQOfW68BcyG_d6wNsGTT+e6XajEYd0OSjjDekEQOD2mw@mail.gmail.com> <local-a70c902a-5994@nylas-mail.nylas.com>
In-Reply-To: <local-a70c902a-5994@nylas-mail.nylas.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-originating-ip: [2001:4898:80e8:a::1d2]
x-ms-office365-filtering-correlation-id: c9f08c2e-3993-4ef5-449f-08d4550579b1
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY1PR0301MB0843;
x-microsoft-exchange-diagnostics: 1; CY1PR0301MB0843; 7:ECbTlWO+Ur93SAuauHGg2M/PVHEM4B44x7H+d95WPlBpNAqIh9NnATYVd7du5IG9iWd1qu4yjPmGeuZdtXPr3s/a/HsT8FlZZdVn8ZCYXfzyQKofGaH8F+1Rteqoe2YKYqMSVlYu/NWxNdws51IjOwqfauGQRQQTlSUCWAfPn8zIns/JIVgA4zY6WHCx5QBU1gUSKUBrNHbA2pzbqWfeHbrokCAGAo0ixKSEFKk0k5PpQRAjtdQscNplrFgDsbf+uoNX68vNoendMT0czK3atHiiGKjZHOnxzh531VgQqyE6byctNJn/Kpt8HIXu5p861rOeCaOXcPM/ham3T9DdorALGJ4QzK87CWKoAxmLip1M7gncn7h3puk6RZW7PDdGxDDrsBNIr8bn6E0k9DulcSZARvGDCHoD6IWcAbxDIzZeZ0zD8SZL9fzZK4n8LDK7YwZ1GZIRUbQJ39wVjldGWPs3vJZuA3A1uQcMIYgBgw1gph8L8yFO1CrAW8QKtDA6+kHGW+brXOd6P6Eni6W/JvHSTzuBYfcJaXeY2uc2p2I=
x-microsoft-antispam-prvs: <CY1PR0301MB0843118484AD70C005C4BC1D8C580@CY1PR0301MB0843.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123562025)(20161123564025)(20161123555025)(20161123558025)(20161123560025)(6072148); SRVR:CY1PR0301MB0843; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB0843;
x-forefront-prvs: 0218A015FA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39410400002)(39450400003)(39860400002)(39850400002)(39840400002)(24454002)(199003)(377454003)(189002)(74316002)(54906002)(10090500001)(2950100002)(6506006)(106116001)(3660700001)(6306002)(8676002)(77096006)(97736004)(9686003)(54896002)(5005710100001)(68736007)(39060400002)(81003)(50986999)(8990500004)(53936002)(54356999)(76176999)(101416001)(2900100001)(81166006)(6246003)(8936002)(10290500002)(92566002)(81156014)(229853002)(790700001)(93886004)(38730400002)(189998001)(236005)(86362001)(106356001)(3280700002)(99286003)(6436002)(55016002)(33656002)(7696004)(7736002)(5660300001)(2906002)(86612001)(4326007)(105586002)(25786008)(6116002)(122556002)(102836003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB0843; H:CY1PR0301MB0842.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR0301MB08426CD005E640B9865D1BC38C580CY1PR0301MB0842_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2017 18:15:36.9981 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB0843
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cOCTAuNZ9pO7KxKaf5MWLuwsm9g>
Cc: Cas Cremers <cas.cremers@cs.ox.ac.uk>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Awkward Handshake: Possible mismatch of client/server view on client authentication in post-handshake mode in Revision 18
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 18:15:40 -0000

Is it important for the client to know, from the TLS stack itself, whether client authentication succeeded or not? My assumption (perhaps incorrect) has been that it is the server that cares about the client's identity (or identities) in order to make an authorization decision.

This thread also seems to consider client authentication a binary state: the client is either authenticated, or not. In practice, the client may assert multiple identities, and the server may grant various levels of access.

Also, why should the client care whether session ticket X includes client identity Y? If a client resumes a TLS session with a session ticket that does not include (or point to) a client authenticator needed to satisfy the client's request, the server can initiate client auth (or deny the request).

Cheers,

Andrei

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of David Wong
Sent: Tuesday, February 14, 2017 8:18 AM
To: David Benjamin <davidben@chromium.org>
Cc: Cas Cremers <cas.cremers@cs.ox.ac.uk>; tls@ietf.org
Subject: Re: [TLS] Awkward Handshake: Possible mismatch of client/server view on client authentication in post-handshake mode in Revision 18




On Feb 14 2017, at 4:44 pm, David Benjamin <davidben@chromium.org<mailto:davidben@chromium.org>> wrote:
NewSessionTicket always includes in-handshake client auth. The resumption secret can't even be derived without it.


Oups, my bad. What about if the client do send a certificate, but the server decides not to accept it, but goes on with the connection (I think nothing in the spec says that the server needs to terminate the connection if the client cert is not good).

v2.23.0 | Report a Bug | By Email