Re: [TLS] Verifying X.509 Certificate Chains out of order
Martin Rex <Martin.Rex@sap.com> Mon, 13 October 2008 19:54 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 64EC83A692E; Mon, 13 Oct 2008 12:54:56 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CFBA3A692E for <tls@core3.amsl.com>; Mon, 13 Oct 2008 12:54:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.748
X-Spam-Level:
X-Spam-Status: No, score=-5.748 tagged_above=-999 required=5 tests=[AWL=0.501, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HMtKQL1Y3vfV for <tls@core3.amsl.com>; Mon, 13 Oct 2008 12:54:54 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id 6A6F73A67AB for <tls@ietf.org>; Mon, 13 Oct 2008 12:54:54 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id m9DJruoq026405; Mon, 13 Oct 2008 21:53:58 +0200 (MEST)
From: Martin Rex <Martin.Rex@sap.com>
Message-Id: <200810131953.m9DJrmYw016618@fs4113.wdf.sap.corp>
To: nelson@bolyard.me
Date: Mon, 13 Oct 2008 21:53:48 +0200
In-Reply-To: <48F11D66.6040900@bolyard.me> from "Nelson B Bolyard" at Oct 11, 8 02:40:54 pm
MIME-Version: 1.0
X-Scanner: Virus Scanner virwal08
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
Nelson B Bolyard wrote: > [interesting description snipped] > > Believing that these problems will not be quickly solved, Mozilla is working > on implementing the ability for the client to remember the > association of a user-chosen cert with a server, so that it can repeat > that choice thereafter without bothering the user again. However, this > will certainly mask the issues of servers not reusing TLS sessions. One of the very few features that I like about MSIE is that is has been memorizing the users decision on a per-server basis for many years already. With the help of this decision memorizing, MSIE also implements another useful feature: it closes the SSL connection while it is prompting the user for a decision. Leaving the connection open and stalling the server in the SSL handshake while showing the user a Popup UI for an indeterminate amount of time is de-facto running a DoS on the server. There were, however, also two real problems with this approach in MSIE (I haven't check the current situation): 1) on first connect to a server, when a CertificateRequest handshake message was received, MSIE tried to complete the SSL handshake by sending a "No Certificate" Alert or empty ClientCertificate handshake message. the OK-part: When the SSL server terminated the handshake with a fatal error after not receiving a certificate, MSIE closed the connection and prompted the user with a client certificate selection Message box (or tries automatic selection and suppress empty selection dialog box in MSIE >5.0). the NOT OK-part: When the SSL handshake completed successfully without client cert, then MSIE would never tell the user that the server asked for a client certificate and not offer the user to use one. 2) if a server for which MSIE memorized to access without client cert suddenly would change his behaviour and fail the SSL-handshake when receiving the "no client Certificat" alert or empty ClientCert handshake message, MSIE would show a popup reporting "Unkown SSL error ..." instead of prompting the user to select a client certificate. The only method to request a client certificate from MSIE after a server lets him pass the SSL handshake without client cert is to do a renegotiate and ask for the client certificate there. This will not result in the "Unknown SSL error ...". Looking at the issue of "what can or should TLS peers memorize", there seems to be a shortcoming in how IIS caches sessions where it asked for a client cert (via renegotiate) but didn't receive a client certificate. Although resuming that session works, IIS will force the handshake through a renegotiate asking for a client cert on each and every resume (and by doing the renegotiate, it will issue a new SSL session ID -- which is going to fill up the session cache of the server and client significantly... -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] Verifying X.509 Certificate Chains out of o… Simon Josefsson
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Rob Dugal
- Re: [TLS] Verifying X.509 Certificate Chains out … Dr Stephen Henson
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Eric Rescorla
- Re: [TLS] Verifying X.509 Certificate Chains out … Steven M. Bellovin
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Mike
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Stefan Santesson
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Axel.Heider
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Alexander Klink
- Re: [TLS] Verifying X.509 Certificate Chains out … Eric Rescorla
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Sylvester
- Re: [TLS] Verifying X.509 Certificate Chains out … Eric Rescorla
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Sylvester
- Re: [TLS] Verifying X.509 Certificate Chains out … Stefan Santesson
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Stefan Santesson
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Steven M. Bellovin
- [TLS] Antwort: Re: Verifying X.509 Certificate Ch… Axel.Heider
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Nelson B Bolyard
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Ben Laurie
- Re: [TLS] Verifying X.509 Certificate Chains out … Ben Laurie
- Re: [TLS] Verifying X.509 Certificate Chains out … Jeffrey A. Williams
- Re: [TLS] Verifying X.509 Certificate Chains out … Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out … Nelson B Bolyard
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Nelson B Bolyard
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Simon Josefsson
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Yoav Nir
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Nelson B Bolyard
- Re: [TLS] Verifying X.509 Certificate Chains out … Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out … Alexander Klink