Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert

Nikos Mavrogiannopoulos <nmav@gnutls.org> Mon, 07 June 2010 18:06 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DDBAC3A67AC for <tls@core3.amsl.com>; Mon, 7 Jun 2010 11:06:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fl13-+HYLstu for <tls@core3.amsl.com>; Mon, 7 Jun 2010 11:06:08 -0700 (PDT)
Received: from mail-ew0-f209.google.com (mail-ew0-f209.google.com [209.85.219.209]) by core3.amsl.com (Postfix) with ESMTP id D9A813A67AD for <tls@ietf.org>; Mon, 7 Jun 2010 11:06:07 -0700 (PDT)
Received: by ewy1 with SMTP id 1so816315ewy.13 for <tls@ietf.org>; Mon, 07 Jun 2010 11:06:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=0XmP83BA0uLGXc+AJvgHT/5PpSVudz40h1C6BHHaw+4=; b=qBkMeSzV+FPs9bZ7TRnTTfAlEGBeQvkDLICFIUvrxBh09jEPZBX87qhUnklCGkvQ/D vorrOzKf2pUopQ1DltiktjjRiXk+N6QqQ5S9ja5Rk4M4JN6y/6HbYrDHsTL12Y/s+zNQ oLX+tPZf19QlSH1XQ0/zhSZ4cSCACztaqnvmw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=hzOFKHney9KG+EVJ9i5IlvZOtsNg7yTBZ/hnsyGbmlgLZsoxeuCDofU1tX/Jor35Cv u4oSRvh5dQZC0lZ0a77dxUAct/uZG/MMsV9zL0/GzkJgq9GsEc4JuPLvVk/NTg/0m2t2 rv+3inprySjF6nGI+ozyphEb1ynXjOYXxTitk=
Received: by 10.213.9.70 with SMTP id k6mr1085230ebk.54.1275933960909; Mon, 07 Jun 2010 11:06:00 -0700 (PDT)
Received: from [10.100.2.14] (78-23-67-218.access.telenet.be [78.23.67.218]) by mx.google.com with ESMTPS id 14sm2824008ewy.10.2010.06.07.11.06.00 (version=SSLv3 cipher=RC4-MD5); Mon, 07 Jun 2010 11:06:00 -0700 (PDT)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <4C0D3507.10803@gnutls.org>
Date: Mon, 07 Jun 2010 20:05:59 +0200
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Michael D'Errico <mike-list@pobox.com>
References: <201006071446.o57EkTuW029119@fs4113.wdf.sap.corp> <4C0D321F.4040001@pobox.com>
In-Reply-To: <4C0D321F.4040001@pobox.com>
X-Enigmail-Version: 0.95.7
OpenPGP: id=96865171
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2010 18:06:10 -0000

Michael D'Errico wrote:
> Martin Rex wrote:
>>
>> I actually fail to see the exact purpose of a warning-level alert
>> "unrecognized_name".  The client is supposed to perform the server
>> endpoint
>> identification in any case, and that warning should not affect the
>> outcome of that process at all.
> 
> I feel like I'm "guilty until proven innocent" on this one.
> 
> Have you ever connected to a secure site only to have the HTML contain a
> warning that inadequate security was established?  This used to happen
> if you connected to www.paypal.com with DES3 (but now it is just closing
> the connection).  The purpose of that behavior was to give the end user
> more diagnostic information than they get when the connection is merely
> dropped after sending a fatal handshake_failure alert.

TLS doesn't handle this. TLS doesn't even specify a security level for a
connection (and it isn't easy to).

> It would help if a no_common_ciphers alert was added to TLS.  That alert
> would be sent when the server doesn't support any of the client's
> proposed cipher suites.  It could also be used at the warning level in
> the case of paypal's former behavior.  The handshake would complete
> (after sending the warning)

How would it complete if they don't have common ciphers?

> The unrecognized_name warning alert can provide similar information to a
> client application.  If something goes wrong and the client application
> is looking for a reason why, it can ask the TLS layer if anything strange
> happened.  If this warning alert was received, that information might
> help the client diagnose the problem and determine what corrective action
> to take.

For the current example it is obvious what went wrong by viewing the
certificate sent isn't it?

> Clearly you don't see much use for this alert, but you should not impose
> that bias on others.  It is up to the application to decide what to do
> with the facilities provided by the TLS protocol.

I think it is important to have a good case of a thing to be handled in
code. If a TLS warning alert is _never_ going to be used, or it does not
provide valuable information to the peer. However if you think that this
information is valuable and it might even save debugging time for
implementors then I think it would be a nice opportunity to reconsider
(at least for me). Otherwise I think that the information provided by
this alert is redundant since it can be also seen by the certificate sent.

regards,
Nikos