Re: [TLS] Update spec to match current practices for certificate chain order

"Ryan Sleevi" <ryan-ietftls@sleevi.com> Tue, 12 May 2015 19:22 UTC

Return-Path: <ryan-ietftls@sleevi.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 542961ACE81 for <tls@ietfa.amsl.com>; Tue, 12 May 2015 12:22:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.266
X-Spam-Level:
X-Spam-Status: No, score=-2.266 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_I_INVITATION=-2, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFlTOntFc-aH for <tls@ietfa.amsl.com>; Tue, 12 May 2015 12:22:39 -0700 (PDT)
Received: from homiemail-a96.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 907861A8955 for <tls@ietf.org>; Tue, 12 May 2015 12:22:38 -0700 (PDT)
Received: from homiemail-a96.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a96.g.dreamhost.com (Postfix) with ESMTP id 5AB9C3B80A0; Tue, 12 May 2015 12:22:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=message-id :in-reply-to:references:date:subject:from:to:cc:reply-to :mime-version:content-type:content-transfer-encoding; s= sleevi.com; bh=DADSz0rT/i6VOxfiXqOypwt/m94=; b=FazH5UpfOkPPZujHi k3YapaFk3WmoxFsRCF5EU/K2oUeJKyCan6Wia7z7QH5Kb9NDmiR9drc+bGJZFvK2 pPcgfuuRdZ2SkxrlE3uAmVGxlBXRwAR27i4UkAgpP+L12BBapCC40lxUBaUXinVR 7Y7asYcDb07yj7AJvK9+YYxJAc=
Received: from webmail.dreamhost.com (caiajhbihbdd.dreamhost.com [208.97.187.133]) (Authenticated sender: ryan@sleevi.com) by homiemail-a96.g.dreamhost.com (Postfix) with ESMTPA id 6A44C3B8057; Tue, 12 May 2015 12:22:37 -0700 (PDT)
Received: from 173.8.157.162 (SquirrelMail authenticated user ryan@sleevi.com) by webmail.dreamhost.com with HTTP; Tue, 12 May 2015 12:22:38 -0700
Message-ID: <edaaec8e6cef8d756c6308ebfabea563.squirrel@webmail.dreamhost.com>
In-Reply-To: <20150512191445.8FB0A1B2EB@ld9781.wdf.sap.corp>
References: <20150512191445.8FB0A1B2EB@ld9781.wdf.sap.corp>
Date: Tue, 12 May 2015 12:22:38 -0700
From: Ryan Sleevi <ryan-ietftls@sleevi.com>
To: mrex@sap.com
User-Agent: SquirrelMail/1.4.21
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/qcENHI9sxdLyPyxt8D2au-1wIBo>
Cc: tls@ietf.org
Subject: Re: [TLS] Update spec to match current practices for certificate chain order
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ryan-ietftls@sleevi.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2015 19:22:41 -0000

On Tue, May 12, 2015 12:14 pm, Martin Rex wrote:
>  there is no "shouldn't have done (3a)/(3b)".  They can simple create
>  that crossCA cert *NOW* and start distributing it, and things will
>  work just fine.

Again, that's an assumption about the possibilities of change that are not
bourne out by the realities of the PKI.

In a variety of circumstances, there are actively reasons why creating a
crossCA is *not* valid or will *not* resolve issues for clients. In
particular, issuing such a cross-CA may violate appropriate WebTrust or
ETSI guidelines that CAs are required to adhere to, or violate the CA's
own CP/CPS. I'm sure that's an invitation for more decrying, but it's the
reality we live in, and compared to the alternatives, it's actually a
*good* thing, even if it makes spec purity hard.

>  The problem with your original proposal is, that no *CORRECT* TLS
>  implementation will allow you to send such junk in a TLS Certificate
>  handshake message, so this will simply not be an option.

Not an option conforming with the TLS spec, I fully acknowledge.

But it's an area where a number of clients never implemented (again,
layering - it's more work and more attack surface to actually enforce that
requirement), and it's an area where a number of servers actively ignore
because "working for clients" is more important than theoretical spec
purity.

Which is sort of why we're here discussing this in the first place -
whether or not we want to acknowledge reality or not.

But I don't think we're making productive progress here, so it's probably
worth me bowing out. It does seem like we're at a fundamental and
ideological impasse with regards to path discovery, and while I can try to
convince you that RFC 4158-like behaviours are good for all clients, I
suspect neither this list nor this issue is the right medium for it.

I leave it up to the editors & chairs to evaluate consensus, the relevant
arguments for and against, and the behaviours of clients (both for and
against).