Re: [Uta] I-D Action: draft-ietf-uta-rfc6125bis-04.txt
Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 21 November 2021 17:24 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DB4A3A0C46 for <uta@ietfa.amsl.com>; Sun, 21 Nov 2021 09:24:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kvl11djTdn7U for <uta@ietfa.amsl.com>; Sun, 21 Nov 2021 09:24:19 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 863223A0C45 for <uta@ietf.org>; Sun, 21 Nov 2021 09:24:19 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id B6EBAE7408; Sun, 21 Nov 2021 12:24:17 -0500 (EST)
Date: Sun, 21 Nov 2021 12:24:17 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: uta@ietf.org
Message-ID: <YZqAwYLzs6USfiLp@straasha.imrryr.org>
Reply-To: uta@ietf.org
References: <163725828062.22360.4152267519039404768@ietfa.amsl.com> <HE1PR0701MB30506966A66B960E3D3E1FB5899D9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <YZnJRnHoSvvRXoTV@straasha.imrryr.org> <DDC0A05E-07A5-40BC-B1C7-0F6FE35565ED@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <DDC0A05E-07A5-40BC-B1C7-0F6FE35565ED@akamai.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/WXPfJPrJH-vGkCMcA2pygwfohME>
Subject: Re: [Uta] I-D Action: draft-ietf-uta-rfc6125bis-04.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Nov 2021 17:24:25 -0000
On Sun, Nov 21, 2021 at 04:06:35PM +0000, Salz, Rich wrote:
> I find Viktor's description of the asymmetry between clients and servers to be spot-on.
>
> John, could you craft a sample sentence you'd like to see? Something
> like this as a new sentence at the end of the second paragraph of the
> "In Scope" section:
>
> In cases where both parties are part of the same administrative
> domain, it MAY be acceptable to have the server enforce the same
> naming requirements on the connecting client.
>
If John's point was that an agent that acts sometimes as a client and
sometimes as a server may use the same certificate and key for both
roles, and so the server rules then apply, that's fine I think.
I don't recall any "cross-role" attacks that compromise a TLS server by
a separate attack on its activity as a TLS client.
--
Viktor.
- [Uta] I-D Action: draft-ietf-uta-rfc6125bis-04.txt internet-drafts
- Re: [Uta] I-D Action: draft-ietf-uta-rfc6125bis-0… John Mattsson
- Re: [Uta] I-D Action: draft-ietf-uta-rfc6125bis-0… Ryan Sleevi
- Re: [Uta] I-D Action: draft-ietf-uta-rfc6125bis-0… Viktor Dukhovni
- Re: [Uta] I-D Action: draft-ietf-uta-rfc6125bis-0… John Mattsson
- Re: [Uta] I-D Action: draft-ietf-uta-rfc6125bis-0… Salz, Rich
- Re: [Uta] I-D Action: draft-ietf-uta-rfc6125bis-0… Viktor Dukhovni
- Re: [Uta] I-D Action: draft-ietf-uta-rfc6125bis-0… Ryan Sleevi
- Re: [Uta] I-D Action: draft-ietf-uta-rfc6125bis-0… Viktor Dukhovni