Re: [TLS] What would make TLS cryptographically better for TLS 1.3

Santosh Chokhani <> Tue, 05 November 2013 18:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BEE1C11E81F8 for <>; Tue, 5 Nov 2013 10:00:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Jczxbf4EHLnf for <>; Tue, 5 Nov 2013 10:00:49 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 8152E11E816F for <>; Tue, 5 Nov 2013 09:59:38 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.93,640,1378872000"; d="scan'208";a="1031648"
Received: from unknown (HELO ([]) by with ESMTP; 05 Nov 2013 12:59:19 -0500
Received: from ([::1]) by ([fe80::d8df:b0bd:28be:ad62%15]) with mapi id 14.02.0247.003; Tue, 5 Nov 2013 12:59:19 -0500
From: Santosh Chokhani <>
To: Dan Harkins <>, Ralf Skyper Kaiser <>
Thread-Topic: [TLS] What would make TLS cryptographically better for TLS 1.3
Date: Tue, 5 Nov 2013 17:59:18 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [TLS] What would make TLS cryptographically better for TLS 1.3
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 05 Nov 2013 18:00:54 -0000

I am failing to see the security benefit or threat the server verification of client's hygiene on certification path validation provides.

If the client ends up trusting the wrong key, it will go to a bad server.

If the client is connected to the good server, certification path validation does not matter since it is already at the right place no matter how it got there.

-----Original Message-----
From: [] On Behalf Of Dan Harkins
Sent: Tuesday, November 05, 2013 12:51 PM
To: Ralf Skyper Kaiser
Subject: Re: [TLS] What would make TLS cryptographically better for TLS 1.3


On Mon, November 4, 2013 6:03 pm, Ralf Skyper Kaiser wrote:
> Hi Martin,
> exactly, and that's the problem: "What policy the client applies when 
> checking the server's certificate chain is at the discretion of the 
> client."
> There is no easy way to solve this. The client (and user) can always 
> cheat if he wants to. But we are not discussing dishonest users. Let's 
> assume a honest user who wants to connect to a TLS service securely.
> The user uses a TLS client (say pidgin for jabber). This client has 
> several options to configure the TLS connection. These options include 
> if the chain should be checked at all, if the user is allowed to 
> accept self-signed certificates and against which CA-bundle to verify 
> the server's certificate.
> A securely configured TLS client would verify the certificate chain.
> The server has no way to check if the TLS client is configured securely.
> The server blindly trusts the client that it is configured securely. 
> That does not scale. Users make mistakes. Users will connect to a 
> service not knowing that the connection is not secure (even over TLS) 
> because they did not configure the TLS correctly.
> A flag that would tell the server how the client has verified the 
> connection would enable the server to block the user from using the 
> service UNTIL his client is configured securely.

  Doesn't RFC 3514 solve this problem for you? If not, then maybe it's time for a 3514-bis.



TLS mailing list