Re: [TLS] TLS specification clarification in case of client authentication: different CA with DN different only in case
Geoffrey Keating <geoffk@geoffk.org> Mon, 25 September 2017 18:54 UTC
Return-Path: <geoffk@geoffk.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C77313454D for <tls@ietfa.amsl.com>; Mon, 25 Sep 2017 11:54:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jH1i_WgYa5FI for <tls@ietfa.amsl.com>; Mon, 25 Sep 2017 11:54:54 -0700 (PDT)
Received: from dragaera.releasedominatrix.com (dragaera.releasedominatrix.com [198.0.208.83]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2259134546 for <tls@ietf.org>; Mon, 25 Sep 2017 11:54:53 -0700 (PDT)
Received: by dragaera.releasedominatrix.com (Postfix, from userid 501) id 9E4A333D1A9; Mon, 25 Sep 2017 18:54:52 +0000 (UTC)
Sender: geoffk@localhost.localdomain
To: devzero2000 <pinto.elia@gmail.com>
Cc: tls@ietf.org
References: <CAH5b-BXvZRYNfn-R6cyO-1judwVYUXktaJtRVFwevUfWD5q8Jg@mail.gmail.com>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: Mon, 25 Sep 2017 11:54:52 -0700
In-Reply-To: <CAH5b-BXvZRYNfn-R6cyO-1judwVYUXktaJtRVFwevUfWD5q8Jg@mail.gmail.com>
Message-ID: <m2377ak3r7.fsf@localhost.localdomain>
Lines: 45
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/sWZFIC1z-0YqZCK9L5cbrc95qb4>
Subject: Re: [TLS] TLS specification clarification in case of client authentication: different CA with DN different only in case
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Sep 2017 18:54:56 -0000
devzero2000 <pinto.elia@gmail.com> writes: > Hello everyone > > >From the tls 1.2 specification, speaking of client authentication, > https://tools.ietf.org/html/rfc5246#section-7.4.4 par 7.4.4 (but it is the > same for the last tls draft 1.3 par. 4.2.4.) > > when he says: > > certificate_authorities > A list of the distinguished names [X501] of acceptable > certificate_authorities, represented in DER-encoded format. > > What would be the right behavior if the server has the certificates of two > different CAs (different subject key info, public key parameter) but whose > subject DN differs only for the case (for example > something like this > > Subject: /C=US/ST=California/L=Mountain View/O=XXX Inc/CN=mail.xxx.com > > and > > > Subject: /C=US/ST=California/L=mountain View/O=XXX Inc/CN=mail.xxx.com These are the same distinguished name under RFC 5280 section 7.1, although in practice implementations may treat them as different, most notably under the older RFC 3280 rules. I believe the correct behaviour is to Not Do That---do not generate certificates which have distinguished names that match under RFC 5280 and are not byte-for-byte identical in DER format, if you must do that make sure they are not valid at the same time, and if you must do that, try to ensure no piece of software is aware of both of them, and if you must do that, don't be surprised if the behaviour is inconsistent and especially don't be surprised if the LDAP StringPrep rules are not implemented correctly or at all. And if you value your sanity, don't rely on anything that might change if the Unicode standard is revised. However, the TLS specification doesn't say that the list must contain each DN only once. So in this situation I would suggest the software should list both. Indeed I would recommend listing every distinct DER representation that's present in any acceptable certificate.
- [TLS] TLS specification clarification in case of … devzero2000
- Re: [TLS] TLS specification clarification in case… Geoffrey Keating