Re: [TLS] Update spec to match current practices for certificate chain order

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 07 May 2015 20:18 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 976791A92DE for <tls@ietfa.amsl.com>; Thu, 7 May 2015 13:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 91VmjulFSIxU for <tls@ietfa.amsl.com>; Thu, 7 May 2015 13:18:35 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ABFC1A86F3 for <tls@ietf.org>; Thu, 7 May 2015 13:18:35 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id F38E3283031; Thu, 7 May 2015 20:18:33 +0000 (UTC)
Date: Thu, 7 May 2015 20:18:33 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150507201833.GY17272@mournblade.imrryr.org>
References: <9A043F3CF02CD34C8E74AC1594475C73AB0165D9@uxcn10-tdc05.UoA.auckland.ac.nz> <20150507155147.GO17272@mournblade.imrryr.org> <f06dfb0c50e3044f85a52ffa55089f2c.squirrel@webmail.dreamhost.com> <201505071435.15754.davemgarrett@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201505071435.15754.davemgarrett@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/oWjpCEgDsrunNTapqHtPFgeLoX0>
Subject: Re: [TLS] Update spec to match current practices for certificate chain order
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2015 20:18:37 -0000

On Thu, May 07, 2015 at 02:35:15PM -0400, Dave Garrett wrote:

> Current:  https://tools.ietf.org/html/rfc5246#section-7.4.2
> 
> certificate_list requirements draft 3a:
> ------------------------------------------------------------
>   certificate_list
>      This is a list of certificates needed for authentication.
>      The sender's certificate MUST come first in the list.
>      Additional certificates needed to construct a valid certificate
>      chain SHOULD be ordered by increasing scope of authority.
>      (e.g. sender, intermediate(s), certificate authority)
>      Root certificate authority certificates MAY be omitted from
>      this list under the assumption that the peer possesses it
>      in its trust store.
> ------------------------------------------------------------

That's mostly fine (singular/plural conflict), though one might
clarify the MAY further:

  certificate_list
     This is a list of certificates needed for authentication.
     The sender's certificate MUST come first in the list.  Additional
     certificates needed to construct a valid certificate chain
     SHOULD be ordered by increasing scope of authority.  (e.g.
     sender, intermediate(s), certificate authority).  Root
     certificate authority certificates MAY be omitted from the
     list, provided supported peers are known to possesses any
     omitted certificates they may require in their trust stores.
     (When DANE-TA(2) trust-anchors are self-signed roots, they
     MUST not be omitted [draft-ietf-dane-ops]).

Note, [draft-ietf-dane-ops] will be an RFC long before TLS 1.3 is
done.

> certificate_list requirements draft 3b:
> ------------------------------------------------------------
>   certificate_list
>      This is a list of certificates needed for authentication.
>      The sender's certificate MUST come first in the list.
>      Additional certificates needed to construct a valid certificate
>      chain SHOULD be ordered by increasing scope of authority.
>      (e.g. sender, intermediate(s), certificate authority)
>      It is NOT RECOMMENDED to include root certificates that
>      peers must already possess in order to validate the
>      given chain.
> ------------------------------------------------------------

I think, that's still too strong.  Note that often the chain
construction is done by a library that augments the server leaf
certificate  with additional certificaets from the server's trust
store, and this code does not know whether the root is needed in
the chain or not.

-- 
	Viktor.