IETF Logo Mail Archive

Re: [TLS] Impact of draft-ietf-mptcp-api on TLS

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 29 November 2012 00:17 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8742421F889F for <tls@ietfa.amsl.com>; Wed, 28 Nov 2012 16:17:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.523
X-Spam-Level:
X-Spam-Status: No, score=-102.523 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, NORMAL_HTTP_TO_IP=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xLNiKLbF+mGc for <tls@ietfa.amsl.com>; Wed, 28 Nov 2012 16:17:43 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id AC25221F8893 for <tls@ietf.org>; Wed, 28 Nov 2012 16:17:42 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 12970BE62; Thu, 29 Nov 2012 00:17:20 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y3rfbvEzeqzo; Thu, 29 Nov 2012 00:17:13 +0000 (GMT)
Received: from [10.87.48.10] (unknown [86.44.77.127]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AF999BE5C; Thu, 29 Nov 2012 00:17:13 +0000 (GMT)
Message-ID: <50B6A989.50408@cs.tcd.ie>
Date: Thu, 29 Nov 2012 00:17:13 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: mrex@sap.com
References: <20121129000521.0CF6D1A3BF@ld9781.wdf.sap.corp>
In-Reply-To: <20121129000521.0CF6D1A3BF@ld9781.wdf.sap.corp>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Florian Weimer <fweimer@redhat.com>, Geoffrey Keating <geoffk@geoffk.org>, tls@ietf.org
Subject: Re: [TLS] Impact of draft-ietf-mptcp-api on TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Nov 2012 00:17:43 -0000

Hiya,

On 11/29/2012 12:05 AM, Martin Rex wrote:
>> Geoffrey Keating wrote:
>>>
>>> Maybe a related example will help: suppose the user is trying to
>>> connect to https://198.51.100.3.  There is an HTTP proxy configured,
>>> so what the browser actually does is make a TCP connection to
>>> 192.0.2.99, send 'CONNECT https://198.51.100.3', and then start the
>>> SSL negotiation.  The certificate still has to mention 198.51.100.3,
>>> and doesn't have to mention 192.0.2.99.
>>>
>>> So, in MPTCP, if the user asks for mphttps://198.51.100.3 (or
>>> whatever), then 198.51.100.3 is the address that has to appear in the
>>> certificate, even if the connection is redirected to some other
>>> endpoint, even if the redirection happens before any data is actually
>>> sent on the connection.
> 
> Thanks for the example!
> That is what I had in mind (but failed to properly explain).
> 
> 
> Stephen Farrell wrote:
>>
>> Right. And I think that ignoring excludedSubtrees that's all
>> fine
> 
> HUH?
> 
> With "excludedSubtrees", are you thinking of X.509 Name Constraints
> (on IP addresses as subject alt names)?
> 
> There is no such thing as an "excludedSubtrees" return parameter
> defined for the PKIX "Basic Path Validation":
> 
>   http://tools.ietf.org/html/rfc5280#section-6.1.6
> 
>    6.1.6. Outputs
> 
>    If path processing succeeds, the procedure terminates, returning a
>    success indication together with final value of the
>    valid_policy_tree, the working_public_key, the
>    working_public_key_algorithm, and the working_public_key_parameters.
> 
> 
> Name Constraints must appear only in CA certificates, Name Constraints
> are meaningful and visible exclusively to the internals of the Certificate
> Path Validation function, and apply exclusively to Names that are
> actually _present_ in subordinate certificates on the path and to the
> value of Names _exactly_ as they appear _in_the_certificate_.

Ah, you're right there, thanks. Silly me.

I think we agree about all the rest.

Thanks,
S.

> 
> 
>>
>>        and the right thing is to say that the TLS implementation
>> ought only compare the address of with which it chose to connect
>> for a client or the 1st subflow for a server against certs, if
>> it needs to bother with that.
> 
> I agree, a note should probably added to very very strongly discourage using
> any of the characteristics from the resulting connection for performing
> server endpoint identification or a real server authentication.  Only
> original/trustworthy information ought to be used that existed before
> trying to establish the actual network connection with the peer.
> 
> An indirection through a "trusted directory" (secure is not sufficient)
> would be OK, such as a trusted local configuration, a lookup in a secure
> directory (something that existed in DCE), or e.g. transformation through
> a DNSSEC-protected TLSA lookup according to DANE.
> 
> 
>>
>> I'm not sure what to say about excludedSubtrees though.
> 
> If this is about X.509 Name Constraints, then IMO nothing should be said
> within mptcp.  It is a matter completely internal to PKIX certificate
> path validation.
> 
> 
> -Martin
> 
>

v2.23.0 | Report a Bug | By Email