Re: [Trans] [trans] #74 (rfc6962-bis): normative statement of TLS client behavior in Section 3
Ben Laurie <benl@google.com> Mon, 06 July 2015 15:01 UTC
Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DF5F1A8983 for <trans@ietfa.amsl.com>; Mon, 6 Jul 2015 08:01:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Op0qW83PF7rF for <trans@ietfa.amsl.com>; Mon, 6 Jul 2015 08:01:43 -0700 (PDT)
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com [IPv6:2607:f8b0:4002:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 173F71A8A04 for <trans@ietf.org>; Mon, 6 Jul 2015 08:01:12 -0700 (PDT)
Received: by ykeo3 with SMTP id o3so29985351yke.0 for <trans@ietf.org>; Mon, 06 Jul 2015 08:01:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=135ZxWHRomIBgQyhP2Gl+cQ406xsEF+OvLP7WjjTDLk=; b=O9QcQgvye43RMCjRndfYGCbz+Zcr5HP9Qzwmcp71OQCDpuhtFceZP4gr236XcLvWHi F+h0Ox7G4byowxadl12t5OIscntC6iSSL7JpW6JkwkNnuXgCHRZADkA0IDp9aCJFQ1ak e4AnZFaLZo55TP5uYquC6Ez7E0aTXAF82im1Qu9/n17KNNmKQxkVLOccF5LTnMZC42Io VL49zFL9Yv6vwZWDh+oq6e3HNQxMLARP7Ku1r8R9AsfYB3JVMiehcqqS8APyxbOFoS5R ZT7ut02Dthc8MIBwAxWNu5AmL+9lG7W3iufBxly/qHV9Tofbr0GKPN+JzIa+1QNNGqdA 1byQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=135ZxWHRomIBgQyhP2Gl+cQ406xsEF+OvLP7WjjTDLk=; b=cfZInsMSh+TYdx4FJhHLKUn6izP1m/EZ9OXIPWBwp80p3NwunzC/mPAoFmiTfu+zv2 VK8m18hCohgXj+JnaLiCJyefqb3wT/TY0dlSFU0UpemsiCXW7KAtn0O1Exe52JfTn9Ma KUaxcMeqBco/UhzB2crjGrJc7r9Foqey6SHS09cu28NUFAtgKG04pPhhhBPYDOhkNhjJ 5+Qkw4Bco7TFjtlCuUvUXNID5RzxoivrHcJuBrFnsai/EK2a1pviMxZTy+K/u+Po1VKk rEOMdJRSykqug4cRBCxPkemTuzzh/MpkB/wlc1e7y9Zo8YpPrWl8PvLGzRtmSgA3/Cgy 1U7g==
X-Gm-Message-State: ALoCoQmhcW85ZfSjHoAHuyMI39DlWaiyW/DwzIooY2hE37jwvNr5DA0b4mbAAPlyTJ/is3e8bTYU
MIME-Version: 1.0
X-Received: by 10.129.108.12 with SMTP id h12mr59780611ywc.161.1436194871418; Mon, 06 Jul 2015 08:01:11 -0700 (PDT)
Received: by 10.37.8.201 with HTTP; Mon, 6 Jul 2015 08:01:11 -0700 (PDT)
In-Reply-To: <559A95C7.3010107@bbn.com>
References: <052.329e3339e14184dcd891ce5116d624c8@tools.ietf.org> <067.3ff0deebd05d8bff20fd4c0512edb4c3@tools.ietf.org> <559A95C7.3010107@bbn.com>
Date: Mon, 06 Jul 2015 16:01:11 +0100
Message-ID: <CABrd9SS1nVbYZm0L4BhtnvuWH-usU-_vHCT8EPKsvGCLovQ5AQ@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/fwIgT6k6OPPweIEkRQ1_MvOEK-4>
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] [trans] #74 (rfc6962-bis): normative statement of TLS client behavior in Section 3
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 15:01:45 -0000
On 6 July 2015 at 15:50, Stephen Kent <kent@bbn.com> wrote: > I note the following text from the -07 draft that appear to specify TLS > client behavior: > > Section 1 > > TLS clients can thus require that all certificates they accept as valid > have been logged. This doesn't specify anything, just notes that clients can do it (if they want to, obviously). > > Section 3 > > A certificate not > accompanied by an SCT (either for the end-entity certificate or for a > name-constrained intermediate the end-entity certificate chains to) > MUST NOT be considered compliant by TLS clients. Again, no behaviour is specified. The client is required to understand that the cert is not in conformance with CT. It can do what it wants with that understanding. > > > Section 3.4 > > TLS clients MUST implement all three mechanisms. What we ruled out of scope is how clients behave in terms of user interface, et al. Clearly a protocol document has to describe how the protocol works. That is not the kind of behaviour we ruled out. > > > Section 3.4.1 > > TLS clients that support the extension SHOULD send a ClientHello > extension with the appropriate type and empty "extension_data". > > TLS clients > SHOULD include the extension type in the ClientHello, but if the > session is resumed, the TLS server is not expected to process it or > include the extension in the ServerHello. See above. > > > Section 5.3 > > > In addition to normal validation of the certificate and its chain, TLS > clients SHOULD validate the SCT by computing the signature input from > the SCT data as well as the certificate and verifying the signature, > using the corresponding log's public key. And again. > > > #74: normative statement of TLS client behavior in Section 3 > > > Comment (by benl@google.com): > > Describing how the protocol works from the client's POV is _not_ about > client behaviour, it is about the client's understanding of the situation. > How it behaves as a result of that understanding is behaviour. > > I propose this should be closed "wontfix". > > > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans >
- [Trans] [trans] #74 (client-behavior): normative … trans issue tracker
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … trans issue tracker
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … trans issue tracker
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … trans issue tracker
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Stephen Kent
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Stephen Kent
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Ben Laurie
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Stephen Kent
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … trans issue tracker
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Ben Laurie
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Stephen Farrell
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Stephen Kent
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Ben Laurie