[TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: TLS Client Certificates; a survey
Nico Williams <nico@cryptonector.com> Wed, 01 April 2026 22:45 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 26FA7D529D0B; Wed, 1 Apr 2026 15:45:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775083518; bh=fnH5uXLGhVl0dTz0EOeHXbvORwPOh20Uyvq9Gbqme0M=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=s5AHJLkCmGOHEk5KLewn3202JA4rYVcYVJ8eLOF/MI63zt0pked4NOySnSmy0ZweJ eMvR/5O5y6zpIQ7KXnMgr/T0eblHBW3A9cKWwhlMH/9JYxg7YloHOX7Hw/YbiGM5Jk GyM9+uG8SwQfzLAXbAYvAXf1WslZCcD3C2STbW0o=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3epavO0o0u8V; Wed, 1 Apr 2026 15:45:17 -0700 (PDT)
Received: from bongo.cedar.relay.mailchannels.net (bongo.cedar.relay.mailchannels.net [23.83.210.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 48C42D529D06; Wed, 1 Apr 2026 15:45:17 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 857EF4C25BE; Wed, 01 Apr 2026 22:45:10 +0000 (UTC)
Received: from pdx1-sub0-mail-a244.dreamhost.com (trex-green-0.trex.outbound.svc.cluster.local [100.98.67.68]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 08A4D4C25A6; Wed, 01 Apr 2026 22:45:10 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1775083510; b=eKbQato2ddcc7cITCrIQCxamgGve1gZb4OFpqF7jPIyyK6DcUIFnJAAc0BuK7kAKthBXGY 9503HXogM8iM91OXWBYP0wgJtDnZJYnedPv74T7/jZi1xKZoswnGOUvtDlEEaauVkPGpLP iYt+Kd96DPmC3z1EoI++IrILuLfg219FbODzi03qZLtKRwhjQGpuxs6+9bmVNnYfxWKVT2 GQzft8kbjjpYTxdZWda3bgZxUB9VN9LIE5Ajyvle8N29stHE7XkRfamZeooLPU7nZWX2nD WDba5CiJEGnvVGhv67HDDFcJ90awDofe9Z9lQAV1IE8uOhtrmqChWhCrGAfWNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1775083510; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=toy5eY8sNDqXtk4sSuEYvzzYy4Umzgor5gVyCGcElZE=; b=FXhU1SJvG9EPPZwVSgUGt+HKLYj9HGVUzi0OZ3PHXQMdIMOMqfG8Y5MGAa/CC/6S148Q5F BbtagiKx/ffB4qkOyNhBk/jGtrmEKcosrFgnGSp4OjGi9nAzhnLKR8jdhswBE1QGXbIpju f3wyBfWT4yY9vMf5hxCS8Ztz2lOK6xUJe6JGU1Tj/lMfKrGEQthHMI7onJBxq3GLqiaiXe iWNcXQuw8dQRmBzPX+lhU7AYwybowNdnhMOVG/FGzMJ7/2RQXpNX9kMEXvYnYdYBAJvhw8 1zuWFnrlUzcLcaL+xPpyBLZhHcSWiPoY+C1p1pljTZvIcVvuWYzdvyKn/c2vDg==
ARC-Authentication-Results: i=1; rspamd-bd48b9d95-5bmzq; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Good
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Abortive-Reign: 3bc53dc024ae27db_1775083510392_348590570
X-MC-Loop-Signature: 1775083510392:1925195339
X-MC-Ingress-Time: 1775083510392
Received: from pdx1-sub0-mail-a244.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.98.67.68 (trex/7.1.5); Wed, 01 Apr 2026 22:45:10 +0000
Received: from ubby (unknown [75.81.95.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a244.dreamhost.com (Postfix) with ESMTPSA id 4fmKnK1Yvcz1082; Wed, 1 Apr 2026 15:45:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1775083509; bh=toy5eY8sNDqXtk4sSuEYvzzYy4Umzgor5gVyCGcElZE=; h=Date:From:To:Cc:Subject:Content-Type; b=cAjRvnX076Ou11rzs+m7n60punTu6rYIN2IC2QpxIBzuBpqxxQG3KO0KlLgyVo4hM N9PuA1h5J18RKmd6q0QHuxr3TETBQxlWOJExubvTrgys1qjTF4jdSogJhaLde9/9ZY HXGKQpIaO0PMbeypYei+Rx8K18uKcr4R29x9myQxTHvnAzBGW9hArvRED9PNL/wwAh x6v7MH2qgx6yeEGKnlsaF5Z6ax7EpesY/OzHvvQKbMi4ETsJak1ov9wTjjJoQETPfQ 1tvSB/znQ7ypUxGx6pPVBJ/c3iGOwEU1x17nB0BpfxhhleNaIIDsdfaWMq6QDFJz5P c9Fs9upCUp1dg==
Date: Wed, 01 Apr 2026 17:45:06 -0500
From: Nico Williams <nico@cryptonector.com>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <ac2f8oID934kSCFF@ubby>
References: <MN2PR17MB40314193002D42E6ED4F465ACD4CA@MN2PR17MB4031.namprd17.prod.outlook.com> <MN2PR17MB40315028C6985BD9F4F0C886CD52A@MN2PR17MB4031.namprd17.prod.outlook.com> <acrfWoDSHUrYj1if@ubby> <CAKZgXHqKBwYqjB3SOexT1B3=P2m83esgQTV74PJtjk+LGwAhcA@mail.gmail.com> <CACf5n7-n6xj35ukPznkes8rDx9-QWi+CDntt2Z5jcM1L+uo1RQ@mail.gmail.com> <MEAPR01MB3654DAD44EEA7037763885D0EE50A@MEAPR01MB3654.ausprd01.prod.outlook.com> <LV0PR21MB66235C39FFCC9E350BC982DA8C50A@LV0PR21MB6623.namprd21.prod.outlook.com> <AE27DD88-67C5-43DE-B23E-A2DD84714F36@vigilsec.com> <CABcZeBNPsiG8qAWaAGLc665-jQMu-aBTDf34kbVGcSdRN-NqJA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABcZeBNPsiG8qAWaAGLc665-jQMu-aBTDf34kbVGcSdRN-NqJA@mail.gmail.com>
Message-ID-Hash: BFO4LIFUSAS4YQPHKZA6E7OJESEWVJGS
X-Message-ID-Hash: BFO4LIFUSAS4YQPHKZA6E7OJESEWVJGS
X-MailFrom: nico@cryptonector.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Andrei Popov <Andrei.Popov@microsoft.com>, Tls <tls@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: TLS Client Certificates; a survey
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ti-IZhDZfy1Zk9V161NbFm78Rc0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Wed, Apr 01, 2026 at 02:55:24PM -0700, Eric Rescorla wrote:
> WARNING: Potentially bad idea ahead.
>
> id-kp-serverAuth is actually defined for "TLS WWW server
> authentication", so ISTM that using it for an SMTP server is actually
> already not really conforming to the Extended Key Usage requirements
> in RFC 5280. I'm not as familiar with the specifications for SMTP and
> XMPP, but AFAICT they don't update RFC 5280 to expand the meaning
> of serverAuth.
Which is why I was suggesting new EKUs, but yeah, deploying new EKUs for
existing protocols is not easy.
> [...]
>
> Given that using certificates with {client,server}Auth in these
> other protocols is already off the fairway, it seems like we could,
> if we wanted, clarify matters by (1) explicitly permitting
> serverAuth in these protocols and (2) stating that for at
> least some of them, server-to-server connections needed the
> TLS client to have a serverAuth certificate rather than
> (or more likely in addition to) a clientAuth one, but with
> serverAuth preferred going forward.
>
> This may well be a bad idea, and people should definitely feel
> free to say so, but it seems like at least one potential
> way out of this mess, given that we know that a lot of
> endpoints are going to do this in any case.
Ironically this _could_ be a bad idea if the Chrome Root Program policy
change was a good idea, unless there is something about this use case
that elides whatever problems there were with clientAuth cert issuance
by WebPKI CAs.
On the other hand, this could be a desirable change anyways. Which
would also be ironic given my complaints about ending up here (but my
complaints are about process or lack thereof).
To take this proposal seriously -which we should- we need to understand
the vulnerabilities that the Chrome Root Program policy change was meant
to prevent. So far we've not seen a reference to a single CVE.
But also: how much does this differ from changing the Chrome Root
Program policy to say that intermediate CAs chaining to WebPKI roots can
only issue EE certs with clientAuth when they have only dNSName SANs
(and either empty DNs or just CN=<FQDN>)? Because this alternative is
much cheaper in terms of code that needs to change.
Nico
--
- [TLS] TLS Client Certificates; a survey Salz, Rich
- [TLS] Re: TLS Client Certificates; a survey John Mattsson
- [TLS] Re: [lamps] TLS Client Certificates; a surv… Viktor Dukhovni
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Nico Williams
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Tomas Gustavsson
- [TLS] Re: [lamps] TLS Client Certificates; a surv… Michael Richardson
- [TLS] Re: [lamps] TLS Client Certificates; a surv… Salz, Rich
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Nico Williams
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Eliot Lear
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Tomas Gustavsson
- [TLS] Re: [lamps] TLS Client Certificates; a surv… Alan DeKok
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Jeffrey Walton
- [TLS] Re: [lamps] TLS Client Certificates; a surv… Alan DeKok
- [TLS] [lamps] Re: TLS Client Certificates; a surv… Nico Williams
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Nico Williams
- [TLS] Re: TLS Client Certificates; a survey Phillip Hallam-Baker
- [TLS] Re: TLS Client Certificates; a survey Raghu Saxena
- [TLS] Re: TLS Client Certificates; a survey Peter Gutmann
- [TLS] Re: TLS Client Certificates; a survey Peter Gutmann
- [TLS] Re: TLS Client Certificates; a survey Salz, Rich
- [TLS] Re: TLS Client Certificates; a survey Raghu Saxena
- [TLS] Re: [lamps] TLS Client Certificates; a surv… John Kemp
- [TLS] Re: [lamps] TLS Client Certificates; a surv… Peter Gutmann
- [TLS] Re: [EXT] [lamps] Re: TLS Client Certificat… Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Jeffrey Walton
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Viktor Dukhovni
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Viktor Dukhovni
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Wei Chuang
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Nico Williams
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … John Levine
- [TLS] Re: TLS Client Certificates; a survey ml+ietf-tls
- [TLS] Re: TLS Client Certificates; a survey Nico Williams
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Viktor Dukhovni
- [TLS] Re: TLS Client Certificates; a survey Salz, Rich
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Nico Williams
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Mike Ounsworth
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … David Adrian
- [TLS] Re: [lamps] Re: Re: Re: TLS Client Certific… Stephen Farrell
- [TLS] Re: [EXT] [lamps] Re: Re: Re: TLS Client Ce… Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: [lamps] Re: Re: Re: TLS Client Certific… Phillip Hallam-Baker
- [TLS] Re: [lamps] Re: Re: Re: TLS Client Certific… Peter Gutmann
- [TLS] Re: [lamps] Re: Re: Re: TLS Client Certific… Jeffrey Walton
- [TLS] Re: [EXTERNAL] Re: [lamps] Re: Re: Re: TLS … Andrei Popov
- [TLS] Re: [lamps] [EXTERNAL] Re: Re: Re: Re: TLS … Russ Housley
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Eric Rescorla
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … John Mattsson
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Eric Rescorla
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Viktor Dukhovni
- [TLS] Re: TLS Client Certificates; a survey Salz, Rich
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Mike Ounsworth
- [TLS] Re: [lamps] Re: Re: Re: TLS Client Certific… David Adrian
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Rob Sayre
- [TLS] Re: [lamps] Re: Re: Re: TLS Client Certific… Phillip Hallam-Baker
- [TLS] Re: [EXT] [lamps] Re: [EXTERNAL] Re: Re: Re… Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Nico Williams
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Eric Rescorla
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Michael Richardson
- [TLS] Re: [lamps] [EXTERNAL] Re: Re: Re: Re: TLS … Andrei Popov
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Nico Williams
- [TLS] Re: [lamps] [EXTERNAL] Re: Re: Re: Re: TLS … Alan DeKok
- [TLS] Re: [lamps] [EXTERNAL] Re: Re: Re: Re: TLS … David Adrian
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Andrei Popov
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Nico Williams
- [TLS] Re: TLS Client Certificates; a survey Peter Gutmann
- [TLS] Re: [lamps] [EXTERNAL] Re: Re: Re: Re: TLS … Nico Williams
- [TLS] Re: [EXT] [lamps] Re: [EXTERNAL] Re: Re: Re… Andrei Popov
- [TLS] Re: [lamps] Re: Re: TLS Client Certificates… Alan DeKok
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Michael Richardson
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Nico Williams
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Mike Shaver
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Nico Williams
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Nico Williams
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Jeffrey Walton
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Viktor Dukhovni
- [TLS] Re: [lamps] [EXTERNAL] Re: Re: Re: Re: TLS … Mike Shaver
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Nico Williams
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Ilari Liusvaara
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Nico Williams
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Peter Gutmann
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Nico Williams
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Peter Gutmann
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Andrei Popov
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Nico Williams
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Mike Shaver
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Rob Sayre
- [TLS] Re: [lamps] [EXTERNAL] Re: Re: Re: Re: TLS … Alan DeKok
- [TLS] Re: [lamps] [EXTERNAL] Re: Re: Re: Re: TLS … Nico Williams
- [TLS] Re: [lamps] [EXTERNAL] Re: Re: Re: Re: TLS … Ilari Liusvaara
- [TLS] Re: [lamps] [EXTERNAL] Re: Re: Re: Re: TLS … Andrei Popov
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … 刘鹏辉
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Peter Gutmann
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Nico Williams
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Viktor Dukhovni
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Nico Williams
- [TLS] Re: [lamps] Re: [EXTERNAL] Re: Re: Re: Re: … Michael Richardson
- [TLS] Re: [lamps] Re: TLS Client Certificates; a … Nico Williams