Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert

"Yngve Nysaeter Pettersen" <yngve@opera.com> Fri, 04 June 2010 16:00 UTC

Return-Path: <yngve@opera.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 43BCE3A69B9 for <tls@core3.amsl.com>; Fri, 4 Jun 2010 09:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nuM2HnahNZiR for <tls@core3.amsl.com>; Fri, 4 Jun 2010 09:00:27 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id 3B2BF3A67AD for <tls@ietf.org>; Fri, 4 Jun 2010 09:00:27 -0700 (PDT)
Received: from killashandra.oslo.osa (pat-tdc.opera.com [213.236.208.22]) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o54FxQWc031474 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 4 Jun 2010 15:59:37 GMT
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: "Nikos Mavrogiannopoulos" <nmav@gnutls.org>, "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
References: <201005251657.o4PGvZkE006346@fs4113.wdf.sap.corp> <4BFC0FB9.5030908@pobox.com> <AC1CFD94F59A264488DC2BEC3E890DE50A9ED6F5@xmb-sjc-225.amer.cisco.com> <AANLkTilRO_rj68yZlX3WenciASNybJqHTSsnIMHHoLBU@mail.gmail.com> <AC1CFD94F59A264488DC2BEC3E890DE50A9ED759@xmb-sjc-225.amer.cisco.com> <op.vdqdftkkvqd7e2@killashandra.oslo.osa> <AC1CFD94F59A264488DC2BEC3E890DE50A9EDC4E@xmb-sjc-225.amer.cisco.com>
Date: Fri, 04 Jun 2010 17:59:24 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: "Yngve Nysaeter Pettersen" <yngve@opera.com>
Organization: Opera Software
Message-ID: <op.vdr9damivqd7e2@killashandra.oslo.osa>
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE50A9EDC4E@xmb-sjc-225.amer.cisco.com>
User-Agent: Opera Mail/10.53 (Win32)
Cc: tls@ietf.org
Subject: Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: yngve@opera.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2010 16:00:29 -0000

On Fri, 04 Jun 2010 08:38:33 +0200, Joseph Salowey (jsalowey)  
<jsalowey@cisco.com> wrote:

> Hi Yngve,
>
> Thanks for the text, some questions below:
>
>> -----Original Message-----

> [Joe] It seems we still have the same problem, this just replaces the
> warning with a lack of empty server_name extension.  I'm not sure I see
> what this gains.  It also doesn't seem appropriate in this case to
> mandate a change in behavior on the server.  It seems that the server
> should return a server_name extension if it understands the extension
> (its implemented and enabled).

I think the questions that needs answering are "What does this extension  
and alert mean?" and "What do we want the client to do when it receives  
the alert?" (A thought: Are there other extensions and warning alerts that  
suffer from the same problem?)

The problem is that most warnings are not very useful to client, as  
mentioned in your quote from 5246, and most alerts are fatal anayway. This  
is part of the background for why I separated out the handful of warning  
we can handle automatically, and handled all other as fatal.

Regarding the extension what to do depends on what the extension from the  
server means. Is it "I support the extension" or "I recognized the name"?  
In the latter case it could be used to decide what to do if the presented  
certificate does not match the hostname (In which case the question  
becomes whether or not to throw a fatal alert, or present a warning to the  
user)

> Maybe we should change the second paragraph text to
>
> "If the server understood the client hello extension but does not
>  recognize the server name, and it refuses to continue it MUST
>  send a fatal "unrecognized_name" alert.  If the server continues the
>  handshake, sending a "unrecognized_name"
>  alert with a warning level is NOT RECOMMENDED, since the
>  client behavior is unpredictable.  Some clients
>  may respond by aborting the handshake while others may allow it
>  to continue to certificate validation, which may fail as a result
>  of a name mismatch. "

Looks acceptable to me.

-- 
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer		     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 23 69 32 60              Fax:    +47 23 69 24 01
********************************************************************