Re: [TLS] Verifying X.509 Certificate Chains out of order

Stefan Santesson <stefans@microsoft.com> Tue, 07 October 2008 22:06 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 67D873A6B82; Tue, 7 Oct 2008 15:06:32 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D164E3A6B82 for <tls@core3.amsl.com>; Tue, 7 Oct 2008 15:06:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.522
X-Spam-Level:
X-Spam-Status: No, score=-10.522 tagged_above=-999 required=5 tests=[AWL=0.077, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DmX8WnWPFjdq for <tls@core3.amsl.com>; Tue, 7 Oct 2008 15:06:30 -0700 (PDT)
Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.181]) by core3.amsl.com (Postfix) with ESMTP id B7E9D3A689F for <tls@ietf.org>; Tue, 7 Oct 2008 15:06:29 -0700 (PDT)
Received: from DUB-EXHUB-C303.europe.corp.microsoft.com (65.53.213.93) by DUB-EXGWY-E802.partners.extranet.microsoft.com (10.251.129.2) with Microsoft SMTP Server (TLS) id 8.1.291.1; Tue, 7 Oct 2008 23:07:08 +0100
Received: from EA-EXMSG-C332.europe.corp.microsoft.com ([169.254.2.73]) by DUB-EXHUB-C303.europe.corp.microsoft.com ([65.53.213.93]) with mapi; Tue, 7 Oct 2008 23:07:07 +0100
From: Stefan Santesson <stefans@microsoft.com>
To: "martin.rex@sap.com" <martin.rex@sap.com>
Date: Tue, 7 Oct 2008 23:07:06 +0100
Thread-Topic: [TLS] Verifying X.509 Certificate Chains out of order
Thread-Index: AckoxBMS/YkJDlszQXOg9yNbE0M6TQABK7gg
Message-ID: <9F11911AED01D24BAA1C2355723C3D3218DDA55DAF@EA-EXMSG-C332.europe.corp.microsoft.com>
References: <9F11911AED01D24BAA1C2355723C3D3218DDA55CF6@EA-EXMSG-C332.europe.corp.microsoft.com> from "Stefan Santesson" at Oct 7, 8 06:01:12 pm <200810072130.m97LUPJL021730@fs4113.wdf.sap.corp>
In-Reply-To: <200810072130.m97LUPJL021730@fs4113.wdf.sap.corp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
MIME-Version: 1.0
Cc: "simon@josefsson.org" <simon@josefsson.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

Martin,

I'm not discussing the issue from the context of MS API. I was trying to answer a direct question.

The first certificate is the EE cert. the rest of the order does not matter for the verifier.


Stefan Santesson
Senior Program Manager
Windows Security, Standards


> -----Original Message-----
> From: Martin Rex [mailto:Martin.Rex@sap.com]
> Sent: den 7 oktober 2008 23:30
> To: Stefan Santesson
> Cc: simon@josefsson.org; tls@ietf.org
> Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
>
> Stefan Santesson wrote:
> >
> > On the original question:
> >
> > > It is claimed that OpenSSL, IE and Firefox does not enforce the
> second
> > > MUST in the paragraph above, and succeeds in verifying an
> > > out-of-sequence chain.  I haven't verified the claim.
> >
> > A Microsoft based SSL server will insert the certificates in order.
> > A Microsoft based SSL client doesn't require the certificates to be
> > in order. The client simply passes these certificates to the
> > CertGetCertificateChain API in the hAdditionalStore parameter.
> > This will validate the subject certificate regardless of order.
>
> I would appreciate if we could discuss the issue with terms of simple
> facts instead of in terms of a proprietary API.
>
> My familiarity with Microsoft CryptoAPI is close to zero,
> but a first glance suggests that you MUST explicitly provide
> an End Entity cert to CertGetCertificateChain(), parameter pCertContext.
>
> Either you have a hen-and-egg problem, or the certificate_list
> is not as unsorted as you claim it is.  How do you know which one
> is the End Entity cert without either relying that it is the first
> cert (as required by all existings TLS specs) or by first doing
> a manual search and applying heuristics (something that I seriously
> frown upon).
>
> -Martin

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls