IETF Logo Mail Archive

Re: [TLS] Review of PR #209

Andrei Popov <Andrei.Popov@microsoft.com> Tue, 15 September 2015 23:19 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDF631B2DE4 for <tls@ietfa.amsl.com>; Tue, 15 Sep 2015 16:19:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3DjO2E4yMUN3 for <tls@ietfa.amsl.com>; Tue, 15 Sep 2015 16:19:43 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0128.outbound.protection.outlook.com [207.46.100.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B0EC1B2DE3 for <tls@ietf.org>; Tue, 15 Sep 2015 16:19:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2W6TYUqFA6XyR9awUdJULc5PvABzGkn9vCi3E9DLSeE=; b=P94JTEdblr+D4ilS4waR2bSWteohQjgFlkLqQkIllDC0VDfLFRJ/0OCXGoxYRhfDJcLBRA2CDyH4u3jHiGEJKqHfA7/93WLzTTH1cdnYVA7JozhVG5VIa0n48+fXknw/nfEJECzMuW4TspcT5qntS3F5afZtUbhSPG0WOHNyG1I=
Received: from BLUPR03MB1396.namprd03.prod.outlook.com (10.163.81.142) by BLUPR03MB1396.namprd03.prod.outlook.com (10.163.81.142) with Microsoft SMTP Server (TLS) id 15.1.268.17; Tue, 15 Sep 2015 23:19:42 +0000
Received: from BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) by BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) with mapi id 15.01.0268.017; Tue, 15 Sep 2015 23:19:42 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [TLS] Review of PR #209
Thread-Index: AQHQxuqZE5b0AgbP4UGzDBeqZzcHy54+TSMggAAif4CAAAGN4IAAC/mAgAAJcAA=
Date: Tue, 15 Sep 2015 23:19:41 +0000
Message-ID: <BLUPR03MB1396CB3E120A8ED9DF7BC6C08C5C0@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <CABkgnnWtUjH1b3xm_peffNxNpxXE9rudJLJpn1ExNpE7B29AhA@mail.gmail.com> <BLUPR03MB13962416E8D8AD71CFFE13C08C5C0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABkgnnX5VrvWwEiPq2DvEWexPSjLjpjy_1JDSmj31bytZTFP6A@mail.gmail.com> <BLUPR03MB139663BBF24BF86EBDAF10C58C5C0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABkgnnXOoW4PkZPi7JBjOC=eJYFU+M1e99KXvoSyJ0AVm+vCRQ@mail.gmail.com>
In-Reply-To: <CABkgnnXOoW4PkZPi7JBjOC=eJYFU+M1e99KXvoSyJ0AVm+vCRQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-originating-ip: [2001:4898:80e8:2::1d2]
x-microsoft-exchange-diagnostics: 1; BLUPR03MB1396; 5:zb66vUJ9NpwqmCbxijcFDQhHadG6Df9jAX0RdqyUQRaiDaUgxxvWmxfbkfU8a+5450foGBt7b6Ck/PEDIHnuvvEqiRS34ms37XDVehN6acjN/Sl3NC4kT2hZ68fciAykedRj8xV+97SuFGi2K/jY8Q==; 24:qIo8D6w9ASIpyXaKUsCpiZwssaRJZVil+8gn7Trb60NOnOscyGHeAmOj5aBoPkmTjy6Wh4NDfZDsc6F5MEEeQTwv9r+/QJHCIDPDdjNLmnE=; 20:9u6x7xLorJ1Wb7XdJvV7VX26YlWTNJAWoflATVtLSJL0EQS7i823ldThwTsBqUXaDbfHwT4htcZ2GCmm/pbXJA==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB1396;
x-microsoft-antispam-prvs: <BLUPR03MB13964AACB3DF27C9470296ED8C5C0@BLUPR03MB1396.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(520078)(5005006)(8121501046)(520075)(3002001); SRVR:BLUPR03MB1396; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB1396;
x-forefront-prvs: 070092A9D3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(24454002)(13464003)(199003)(189002)(10090500001)(8990500004)(106116001)(122556002)(5004730100002)(87936001)(46102003)(105586002)(5007970100001)(19580405001)(93886004)(101416001)(50986999)(19580395003)(86362001)(5005710100001)(40100003)(106356001)(54356999)(10290500002)(99286002)(5001920100001)(68736005)(97736004)(86612001)(5001960100002)(77156002)(189998001)(110136002)(74316001)(2950100001)(2900100001)(62966003)(76176999)(5001830100001)(10400500002)(5003600100002)(11100500001)(77096005)(102836002)(5001860100001)(33656002)(5002640100001)(76576001)(92566002)(81156007)(4001540100001)(64706001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB1396; H:BLUPR03MB1396.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2015 23:19:41.6706 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB1396
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/nLGB4tN1lhKCX4zmWows5KxUej4>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Review of PR #209
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2015 23:19:46 -0000

> I'm concerned that this produces an indeterminate state on the server.
> What if that Certificate doesn't conform to the request in some way: was the Certificate just a unilateral offer that was sent before the client received the CertificateRequest, is the client unable to understand the CertificateRequest, or is the client in error?

Traditionally, it was not an error for the client to send an empty Certificate message, or to offer a credential that does not match the parameters in the CertificateRequest. From the server's perspective, it doesn't matter what went wrong: the server treats the client as unauthenticated in this case (and possibly alerts/disconnects).

Because we want to allow the client to volunteer a certificate, there can be a situation where the server sends a CertificateRequest and receives an unsolicited client cert before the client can respond to CertificateRequest. We can add a flag to the client Certificate message to distinguish unsolicited creds from requested ones. Would this address the concern?

> That doesn't work for clients that send credentials without prompting.

Not sure what you mean, can you elaborate on the scenario?

> Would you be OK with saying that NewSessionTicket can only be sent in response to CertificateVerify or Finished?

Absolutely.

-----Original Message-----
From: Martin Thomson [mailto:martin.thomson@gmail.com] 
Sent: Tuesday, September 15, 2015 3:26 PM
To: Andrei Popov <Andrei.Popov@microsoft.com>
Cc: tls@ietf.org
Subject: Re: [TLS] Review of PR #209

On 15 September 2015 at 15:03, Andrei Popov <Andrei.Popov@microsoft.com> wrote:
>> That is, how does the server identify whether this is unilateral or in response to its own request?
>
> The model I'm thinking of is where the server receives a request from the client, determines that the request requires authentication, then queries session state to see whether a suitable client credential is available.
> If such client credential is not available, the server sends CertificateRequest. In this model, it does not matter whether the client volunteered a credential or responded to the server's request.

I'm concerned that this produces an indeterminate state on the server.
Say that the server receives a Certificate after it sends CertificateRequest.  What if that Certificate doesn't conform to the request in some way: was the Certificate just a unilateral offer that was sent before the client received the CertificateRequest, is the client unable to understand the CertificateRequest, or is the client in error?  Depending on which of these is really the case, the server is unable to decide whether it should continue awaiting a Certificate or not.

It's not a huge issue, but I'd be happier if we nailed this sort of thing down.

>> How does a client determine if the NewSessionTicket that it receives 
>> includes its authentication? That is, how can a client know whether a 
>> resumed session will need a certificate or not?  (I'm not sure about 
>> this one, but the first thought that occurs is that the server could 
>> include an indicator in the NewSessionTicket message.)
>
> I'd say the client should send the latest ticket it has, assume that it has all session context including client identity, and the server will request creds if this is not the case.

That doesn't work for clients that send credentials without prompting.

>> What value do you see in having a spontaneous NewSessionTicket messages?  Is this just a case of not wanting to bind it more formally to something that the client sends?
>
> The reason I want to allow NewSessionTicket messages in mid-stream is to allow the server to include newly obtained client creds in the session state. If the server wants to do this, it can send NewSessionTicket after processing the client's CertificateVerify.

Would you be OK with saying that NewSessionTicket can only be sent in response to CertificateVerify or Finished?

v2.23.0 | Report a Bug | By Email