Re: [TLS] Certificate keyUsage enforcement question (new in RFC8446 Appendix E.8)

Andrei Popov <Andrei.Popov@microsoft.com> Tue, 13 November 2018 20:19 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFC88130DF1 for <tls@ietfa.amsl.com>; Tue, 13 Nov 2018 12:19:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.471
X-Spam-Level:
X-Spam-Status: No, score=-2.471 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BzuFg7zOC6AR for <tls@ietfa.amsl.com>; Tue, 13 Nov 2018 12:18:58 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780132.outbound.protection.outlook.com [40.107.78.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C198912D4EA for <tls@ietf.org>; Tue, 13 Nov 2018 12:18:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VAfeJVpwJ97MrPGPbLiOtN24TyhAvoI3gNdtj0kL1A4=; b=iprlGcCz3N/NvkVCYEpOeapwO3mmVX78WypJHX49XPim3JpbEd/U0YUosJhAZaMmXe5+OlWHis+NnlbL0pLe8wUnLwH/bR8exkvxIruOkCssfr7gVwN2uvxsAlJVoGm75hz9utuj1pORfl42jEH+95JNcjYnBGqymr/C4fg83ag=
Received: from SN6PR2101MB1055.namprd21.prod.outlook.com (52.132.115.16) by SN6PR2101MB1021.namprd21.prod.outlook.com (52.132.116.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1361.1; Tue, 13 Nov 2018 20:18:57 +0000
Received: from SN6PR2101MB1055.namprd21.prod.outlook.com ([fe80::a402:5e7d:f1cb:58d4]) by SN6PR2101MB1055.namprd21.prod.outlook.com ([fe80::a402:5e7d:f1cb:58d4%4]) with mapi id 15.20.1361.004; Tue, 13 Nov 2018 20:18:57 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Certificate keyUsage enforcement question (new in RFC8446 Appendix E.8)
Thread-Index: AQHUdXfoWWAtenTR6EO8mT/ORMO5xqVCIpEAgAHFAQCAAQrqgIAAWREAgACqoICAAINUAIAAEe+AgABx+wCAAAXRgIAHKZmw
Date: Tue, 13 Nov 2018 20:18:57 +0000
Message-ID: <SN6PR2101MB1055F5BC0F0BF8B2B0B4CAB98CC20@SN6PR2101MB1055.namprd21.prod.outlook.com>
References: <79CF87E7-E263-4457-865E-F7BE8251C506@dukhovni.org> <m236seg80v.fsf@localhost.localdomain> <DE213706-285A-4FF4-BA25-3DFC69966BE6@dukhovni.org> <m2y3a4ebau.fsf@localhost.localdomain> <FF305E4A-B304-4C72-9D70-0D65116DD8B9@dukhovni.org> <F04642CF-132E-48EF-B17F-36CC57F245FC@ll.mit.edu> <1541716036588.29769@cs.auckland.ac.nz> <62FC16EB-9567-408E-B3A1-62B868F5A2BB@dukhovni.org> <1541744362984.15559@cs.auckland.ac.nz> <82B55ED0-06D5-416F-8EBE-CCA4808CC32D@dukhovni.org>
In-Reply-To: <82B55ED0-06D5-416F-8EBE-CCA4808CC32D@dukhovni.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:a:28b3:a023:971b:e42c]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR2101MB1021; 6:1pi/NBhq8l2DgsVm5Y5JwIwmpKvbvc6k5JDokxuy2V21ugccrwMPr+NvkvpxEs4uZamFJis4/82VHaZuroxXjgHaxup0TszFiJwYuEO8FRzJ5EZcAfJm5KLCRpY6S/UldlEdeRYmieY1Nr7/etgVGyMU7Ry4hTJknY+kZbfUwZW58F2ufgudqXmArwdBnl914S0PHt3TRRgKrVzBj07kQl3WPoyXRmTCCW9JUK2dv31elHe4IrR6bRIRwyg5rB0qyKyNULA1HTeRJtMmkp4XsRjud5HOx+EFM8FIL3G25JlRuWfQLmRCosEcbsdTebq/xfnQM1EldsIOMQdHmAEeOzkUQ9Mj2xJGe0zXBEmVKwvf9Bm6MSDCv4/MXAi1KrMOfSGViPpZPk8fxXKAy3tgv892jU/FCNcDzJ6+AztXmKgb+54H4i3Ial9AU+tU33FoFTe9lrmO/4hpJM/ZflpBqA==; 5:Ecv0ETjOKhS+R149R68WptJSNRZ2ucG1VhHl/ox4KKhKAZ63RWiA0SIFgQxfay9xo6I+efL+rxW4VfGHUltzXYnTxh8AgMA3Dl50RKJwHwvqgz3oXdbSsC3OC0X3wjuYCWrJCR74HWkxReY3x4ntaJgphmsH8ot9hIsj348WMfU=; 7:GszoIgvHMyNAuJPGONie69vOOnjDQ2MktHsE8EFAflJcUsDoBjyhgH0HdD/Fp6jh2LcA/XUGVOvt3hFNg960Ueyz5RgpuuaMy1tlZuBZxyjBFcnBR4YYsYxLYzcrWQl6ULJMOMLwBE/htbrbTQFiyQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 30b768f8-f96f-444b-f96f-08d649a53dbe
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390060)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:SN6PR2101MB1021;
x-ms-traffictypediagnostic: SN6PR2101MB1021:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-microsoft-antispam-prvs: <SN6PR2101MB10213A858D708BCEDC4DE3A48CC20@SN6PR2101MB1021.namprd21.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(8220035)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(10201501046)(3231409)(944501410)(2018427008)(6055026)(148016)(149066)(150057)(6041310)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(201708071742011)(7699051)(76991095); SRVR:SN6PR2101MB1021; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB1021;
x-forefront-prvs: 085551F5A8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(346002)(376002)(39860400002)(136003)(396003)(199004)(189003)(46003)(446003)(8936002)(97736004)(2900100001)(476003)(486006)(68736007)(966005)(10290500003)(33656002)(478600001)(72206003)(186003)(8676002)(11346002)(81166006)(99286004)(86362001)(76176011)(93886005)(22452003)(25786009)(81156014)(7696005)(102836004)(229853002)(71190400001)(71200400001)(256004)(6506007)(316002)(14454004)(105586002)(74316002)(5660300001)(106356001)(6116002)(86612001)(10090500001)(55016002)(53936002)(6246003)(8990500004)(9686003)(7736002)(305945005)(6306002)(6436002)(2906002)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB1021; H:SN6PR2101MB1055.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: fduAUe+rinTXY6zYUMVcDT77Db1XufXD6Jnl6yEtOUqpTZjk302HhA8aVNcvFdfy2+WO567T5AK6G2uqNcl/CCTTXVIvjNLJEidGuPdfgBtefVSGGUbBIedNKUlQqtYu0ByIQIUFwqIroZWjnl3u31+uTnc1PB3fDYP/OQ1ykVC7RiZRQlBpmUP5HnFriT1htlwXZT+XHwCBzZA+G3Iu9LGOQEVcPiX9b2cvk6YeBmiaaTYhQjeGIc4jS3sNjGRKrkPs5lKcvGEpK1mAff+o8G8xw1S+YTHfLDtGcwj4miUXu3RtWJPx1wZXh5fU7vnS7TbZctYQOSzfJ3paVDaX/5M9fctC952Zc8QhUsels/Y=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 30b768f8-f96f-444b-f96f-08d649a53dbe
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2018 20:18:57.2630 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB1021
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6S7NC4wtVXP011-3K6CrSseWjiQ>
Subject: Re: [TLS] Certificate keyUsage enforcement question (new in RFC8446 Appendix E.8)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2018 20:19:01 -0000

> Nor have I, and I rather think that introducing fixed-(EC)DH ciphers into TLS was a mistake, and glad to see them gone in TLS 1.3.

I agree with the sentiment, but there is a concerted effort to bring fixed (EC)DH to TLS 1.3:
https://www.etsi.org/deliver/etsi_ts/103500_103599/10352303/01.01.01_60/ts_10352303v010101p.pdf

It seems that a client that is not willing to participate has to actively look for and reject server certs with "VisibilityInformation" in them.
Except this won't always help, because "In some essential circumstances, the visibility information field may be omitted."

Cheers,

Andrei