Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02

To: tls at ietf.org
Subject: Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
From: Mike <mike-list at pobox.com>
Date: Thu, 24 Jul 2008 10:10:32 -0700
Cc: draft-ietf-tls-rfc4366-bis at tools.ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE506384C05@xmb-sjc-225.amer.cisco.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <AC1CFD94F59A264488DC2BEC3E890DE506384C05@xmb-sjc-225.amer.cisco.com>
Sender: tls-bounces at ietf.org
User-agent: Thunderbird 2.0.0.14 (Windows/20080421)

The issue is whether to make the hash mandatory in the client
certificate URL extension.  Without the hash it presents some
vulnerabilities in that the certificate can be replaced.  With the hash
it will cause difficulty for clients that are issued a new certificate
that is populated in the repository before they have a chance to
retrieve it.  It seems that on the list there was some very rough

consensus to make the hash mandatory.

In order to resolve this issue I propose that we make the hash mandatory
for this extension.  If this causes an operational problem in some
environments then a new extension can be defined that has an optional or

no hash.


It doesn't sit well with me that you have URLAndOptionalHash, and then say
that the hash is not optional.  Plus it's been optional for more than two
years, so changing it now is not backward compatible.

Another observation is that if a client determines the certificate hash by
fetching the certificate and calculating the hash of what it receives, you
have not solved the substitution problem -- in fact that makes it worse
since the server will be more confident in the certificate than if no hash
was sent -- the client needs to be configured with the hash.  (This means
that this extension does not lessen configurability requirements; it only
allows a client to save a little bit on memory.)

In addition, it seems you don't want to be stuck with SHA-1 anyway, so
perhaps it would be best to deprecate the current CertificateURL and create
a new extension with hash agility added:

    struct {
        opaque        url<1..2^16-1>;
        HashAlgorithm algorithm;
        opaque        hash<1..2^8-1>;
    } URLAndHash;

Mike
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
  - From: Nikos Mavrogiannopoulos
- Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
  - From: Joseph Salowey (jsalowey)
- Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
  - From: Nelson B Bolyard
- Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
  - From: Martin Rex

References:
- [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
  - From: Joseph Salowey (jsalowey)

Prev by Date: [TLS] Review of draft-ietf-tls-rfc4366-bis-02
Next by Date: Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
Previous by thread: Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
Next by thread: Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
Index(es):
- Date
- Thread

Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.