Re: [TLS] Review of PR #209

Andrei Popov <> Wed, 16 September 2015 19:28 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 848941A012D for <>; Wed, 16 Sep 2015 12:28:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dixkV6GIzZXQ for <>; Wed, 16 Sep 2015 12:28:17 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fc10::744]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id ECB5E1A0126 for <>; Wed, 16 Sep 2015 12:28:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fCCUI9nJjcMc4dM34Ss+anxDY2Ng4Q0+jJhgh4kEw1E=; b=AJn+P84/XcavBjiHfUbRHY92AxsoD6a1PBIBBbjbjGxVcEu2rtar5wVHNnQL9u1kbfibwiBlYolPbnIMiLuH0Ld9IeRInKI0pZoAAa0m+XXLE2Lhc6R977C4cdoSsZxWARM6DOxsUy3JGaOUtzEHrtIRcBedT9YdDZINyOdf4A8=
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Wed, 16 Sep 2015 19:28:00 +0000
Received: from ([]) by ([]) with mapi id 15.01.0268.017; Wed, 16 Sep 2015 19:28:00 +0000
From: Andrei Popov <>
To: Ilari Liusvaara <>, Martin Thomson <>
Thread-Topic: [TLS] Review of PR #209
Thread-Index: AQHQxuqZE5b0AgbP4UGzDBeqZzcHy54+TSMggAFOUoCAACZ9gIAACjcAgAAQF3A=
Date: Wed, 16 Sep 2015 19:28:00 +0000
Message-ID: <>
References: <> <> <20150916153041.GA14682@LK-Perkele-VII> <> <20150916182459.GA15546@LK-Perkele-VII>
In-Reply-To: <20150916182459.GA15546@LK-Perkele-VII>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: [2001:4898:80e8:2::1d2]
x-microsoft-exchange-diagnostics: 1; BLUPR03MB1393; 5:SsU8r6RhQ/FRiNJzj5XfObH4Y7ouVQu7ttpPRo0ks8D6xl55UKRvZg7UfBnpGJ1DDpQW+SV03xHaawUG9A7/AUkzrSHD8i6SWc7B4gLzwH+H/xt/VhD4MCY8kxlWjYpiI7jX5Nfgb5rm/UayFc+gsg==; 24:pD1Lneza9TQNqbLQ6oapqXuqO3A/9W/3IszWGxSWYgpoG+eP4H6smyL0G5dWjMvcTbMS7cVDU8iKFNBfOS5HOcq60QzYaUZuAI0imaWgjLs=; 20:jUzAOGRjhESrnQ8UXy6OXk9UEvlmSZuqPGJnfixij3uvtni9I0WIkJBagXR+05NTqw3wSDz9ohtzrKkturvsIA==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB1393;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425019)(601004)(2401001)(8121501046)(520078)(520075)(5005006)(3002001)(61426019)(61427019); SRVR:BLUPR03MB1393; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB1393;
x-forefront-prvs: 07013D7479
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(13464003)(51444003)(189002)(199003)(24454002)(106116001)(99286002)(106356001)(64706001)(87936001)(5003600100002)(76176999)(101416001)(54356999)(5001830100001)(5002640100001)(33656002)(93886004)(189998001)(86362001)(5001960100002)(46102003)(5004730100002)(5001860100001)(68736005)(2950100001)(50986999)(105586002)(92566002)(102836002)(19580405001)(11100500001)(62966003)(5001920100001)(86612001)(40100003)(10090500001)(81156007)(10400500002)(122556002)(77156002)(19580395003)(10290500002)(5005710100001)(5001770100001)(5007970100001)(77096005)(76576001)(97736004)(4001540100001)(8990500004)(2900100001)(74316001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB1393;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2015 19:28:00.3087 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB1393
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] Review of PR #209
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Sep 2015 19:28:20 -0000

> The extension? IIRC, that is what _client_ can verify. This is about what _server_ can verify. 

> Or the equivalent of current field that specifies that? That's inside CertificateRequest, which would be optional.

I don't necessarily buy Martin's argument that signature_algorithms covers this adequately.

But I would argue that the application will only volunteer certs if it has out-of-band knowledge that client auth is required, and also knows exactly which cert is required. Otherwise, CertificateRequest should be used.



-----Original Message-----
From: Ilari Liusvaara [] 
Sent: Wednesday, September 16, 2015 11:25 AM
To: Martin Thomson <>
Cc: Andrei Popov <>om>;
Subject: Re: [TLS] Review of PR #209

On Wed, Sep 16, 2015 at 10:48:27AM -0700, Martin Thomson wrote:
> On 16 September 2015 at 08:30, Ilari Liusvaara 
> <> wrote:
> > Problem with pulling client auth out of the handshake is that it 
> > complicates applications that can't change identities involved with 
> > active connection.
> Why would that be unsupported here?  The server can still send 
> CertificateRequest immediately after its Finished.  That looks exactly 
> like it does today, only the order has changed.
> > As then the application needs to ensure that the authentication 
> > occurs between TLS handshake and actually starting up the protocol.
> I'm not sure that is necessarily a problem.  If the claim is that the 
> authentication attests to everything prior to its appearance, then you 
> have no problem.  I think that claim is reasonable, but I'm happy to 
> discuss it.

I think it is the attesting (even of present in-flight requests) that is the problem, not not attesting something.

> > CertificateRequest contains the permitted signature algorithms for 
> > the PoP signature, which TLS library needs to verify before dumping 
> > the certificate chain on application (which can then figure out 
> > things like trust anchors).
> >
> > Without CertificateRequest, one has little idea what algorithms are 
> > acceptable there.
> Arguably, signature_algorithms covers that adequately.  Though I'll 
> grant that certificate chain validation often happens in a separate 
> component to the TLS stuff.

The extension? IIRC, that is what _client_ can verify. This is about what _server_ can verify. 

Or the equivalent of current field that specifies that? That's inside CertificateRequest, which would be optional.