headers
Simon Josefsson | 1 Oct 2009 13:00
Favicon
Gravatar

Re: Last Call: draft-ietf-tls-rfc4366-bis (Transport Layer

Martin Rex <Martin.Rex <at> sap.com> writes:

> Blumenthal, Uri wrote:
>> 
>> In my understanding, TLS-established server_name should be
>> enforced by the server.
>> 
>> And Martin - I couldn't disagree more with you. The whole point of
>> using TLS is to enforce who can access what. So the client makes sure
>> he accesses the right server, the server makes sure he grants access
>> to the right pages on the right virtual host. And if your server
>> doesn't do that - please kindly tell me what commercial or
>> freeware product it is included in, so I can avoid buying or
>> using it in the future.
>
> There seems to be a significant misunderstanding.
>
> The Host header field of an HTTP request is a detail of an
> application protocol.  The hostname conveyed by the TLS extension
> server name indication (SNI) happens at a competely different
> protocol layer.
>
> The difference becomes obvious when you add reverse proxies
> into the picture (those which terminate the TLS wrapping).
>
> Conceptually, the Host: header field of a HTTP request is
> part of the URL.  If a reverse proxy perform URL rewriting,
> it may as well have to rewrite Host: header fields.  That
> depends entirely on the backend architecture of each
> particular software installation.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Blumenthal, Uri | 1 Oct 2009 13:44
Picon

Re: Last Call: draft-ietf-tls-rfc4366-bis (Transport Layer

I support option (2) and am against option(1), for reasons expressed in earlier emails.

Tnx!

----- Original Message -----
From: Simon Josefsson <simon <at> josefsson.org>
To: martin.rex <at> sap.com <martin.rex <at> sap.com>
Cc: Blumenthal, Uri; tls <at> ietf.org <tls <at> ietf.org>
Sent: Thu Oct 01 07:00:34 2009
Subject: Re: Last Call: draft-ietf-tls-rfc4366-bis (Transport Layer

Martin Rex <Martin.Rex <at> sap.com> writes:

> Blumenthal, Uri wrote:
>> 
>> In my understanding, TLS-established server_name should be
>> enforced by the server.
>> 
>> And Martin - I couldn't disagree more with you. The whole point of
>> using TLS is to enforce who can access what. So the client makes sure
>> he accesses the right server, the server makes sure he grants access
>> to the right pages on the right virtual host. And if your server
>> doesn't do that - please kindly tell me what commercial or
>> freeware product it is included in, so I can avoid buying or
>> using it in the future.
>
> There seems to be a significant misunderstanding.
>
> The Host header field of an HTTP request is a detail of an
> application protocol.  The hostname conveyed by the TLS extension
(Continue reading)

Permalink | Reply | 4 comments |
headers
Yngve Nysaeter Pettersen | 1 Oct 2009 16:01
Picon
Favicon

Re: rfc4366-bis: Certificate Status for intermediate CA

On Tue, 29 Sep 2009 02:59:23 +0200, Martin Rex <Martin.Rex <at> sap.com> wrote:

> Yngve N. Pettersen wrote:
>>
>> However, sending two CertificateStatusRequest extensions in the same
>> ClientHello is forbidden by RFC 5246 sec 7.4.1.4:
>>
>>     When multiple extensions of different types are present in the
>>     ClientHello or ServerHello messages, the extensions MAY appear in  
>> any
>>     order.  There MUST NOT be more than one extension of the same type.
>
> How about always using the existing extension for the OCSP response
> for the server certificate, and using a new extension for OCSP responses
> for other certificates (like intermediate CA certs), probably unsorted.
>
> PKIs with flat hierarchies (Server-cert signed by self-signed CA cert)
> use only the original extension.  Servers with certs from multi-level
> CA hierarchies need to use the new extension if they want to send
> additional OCSP responses.

If OCSP was the only game in town, to the end of time, that might work,  
but TLS needs to be able to handle other PKI and revocation structures  
than X.509/PKIX and OCSP.

The main problem here, as I understand it, is that the  
CertificateStatusRequest was (or at least gives every appearance to be)  
intended to support *multiple* certificate status methods, not just OCSP.  
Why else use an enum for the type? With the language in RFC 5246 (quoted  
above) and previous versions of Extensions, a client is not able to (in a
(Continue reading)

Permalink | Reply | 0 comments |
headers
Martin Rex | 1 Oct 2009 16:54
Picon
Favicon

Re: rfc4366-bis: Certificate Status for intermediate CA

Martin Rex wrote:
> 
> Yngve N. Pettersen wrote:
> > 
> > However, sending two CertificateStatusRequest extensions in the same  
> > ClientHello is forbidden by RFC 5246 sec 7.4.1.4:
> > 
> >     When multiple extensions of different types are present in the
> >     ClientHello or ServerHello messages, the extensions MAY appear in any
> >     order.  There MUST NOT be more than one extension of the same type.
> 
> How about always using the existing extension for the OCSP response
> for the server certificate, and using a new extension for OCSP responses
> for other certificates (like intermediate CA certs), probably unsorted.
> 
> PKIs with flat hierarchies (Server-cert signed by self-signed CA cert)
> use only the original extension.  Servers with certs from multi-level
> CA hierarchies need to use the new extension if they want to send
> additional OCSP responses.

I mis-explained myself:

Servers would always use the existing TLS extension to convey the
OCSP extension for their end entity cert.  If Servers want to convey
additional OCSP responses (for intermediate CA certs and maybe
from different cert paths), they would additionally have to
use a new extension.

-Martin
(Continue reading)

Permalink | Reply | 0 comments |
headers
Joseph Salowey (jsalowey | 1 Oct 2009 18:17
Picon
Favicon

Re: Last Call: draft-ietf-tls-rfc4366-bis (Transport Layer

I don't think option 1 is an appropriate change for this document,
although I could be convinced otherwise because I don't think the SHOULD
is very enlightening.  

For option 2 I would prefer text that explains the SHOULD, maybe
something like:

"Since it is possible for a client to present a different server_name in
the application protocol, application server implementations that rely
upon these names being the same MUST check to make sure the client did
not present a different name in the application protocol." 

Joe

> -----Original Message-----
> From: tls-bounces <at> ietf.org [mailto:tls-bounces <at> ietf.org] On 
> Behalf Of Blumenthal, Uri
> Sent: Thursday, October 01, 2009 4:44 AM
> To: 'simon <at> josefsson.org'; 'martin.rex <at> sap.com'
> Cc: 'tls <at> ietf.org'
> Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4366-bis 
> (Transport Layer
> 
> I support option (2) and am against option(1), for reasons 
> expressed in earlier emails.
> 
> Tnx!
> 
> 
> ----- Original Message -----
(Continue reading)

Permalink | Reply | 3 comments |
headers
Peter Saint-Andre | 1 Oct 2009 18:28
Favicon

Re: Last Call: draft-ietf-tls-rfc4366-bis (Transport Layer


On 10/1/09 10:17 AM, Joseph Salowey (jsalowey) wrote:
> I don't think option 1 is an appropriate change for this document,
> although I could be convinced otherwise because I don't think the SHOULD
> is very enlightening.

I now agree that we need to say something about this in the TLS spec.

> For option 2 I would prefer text that explains the SHOULD, maybe
> something like:
> 
> "Since it is possible for a client to present a different server_name in
> the application protocol, application server implementations that rely
> upon these names being the same MUST check to make sure the client did
> not present a different name in the application protocol." 

+1

Peter

--
Peter Saint-Andre
https://stpeter.im/
Permalink | Reply | 0 comments |
headers
Simon Josefsson | 1 Oct 2009 18:49
Favicon
Gravatar

Re: Last Call: draft-ietf-tls-rfc4366-bis (Transport Layer

"Joseph Salowey (jsalowey)" <jsalowey <at> cisco.com> writes:

> I don't think option 1 is an appropriate change for this document,
> although I could be convinced otherwise because I don't think the SHOULD
> is very enlightening.  
>
> For option 2 I would prefer text that explains the SHOULD, maybe
> something like:
>
> "Since it is possible for a client to present a different server_name in
> the application protocol, application server implementations that rely
> upon these names being the same MUST check to make sure the client did
> not present a different name in the application protocol." 

I believe that would resolve my concern.

Thanks,
/Simon

> Joe
>
>> -----Original Message-----
>> From: tls-bounces <at> ietf.org [mailto:tls-bounces <at> ietf.org] On 
>> Behalf Of Blumenthal, Uri
>> Sent: Thursday, October 01, 2009 4:44 AM
>> To: 'simon <at> josefsson.org'; 'martin.rex <at> sap.com'
>> Cc: 'tls <at> ietf.org'
>> Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4366-bis 
>> (Transport Layer
>>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Blumenthal, Uri | 1 Oct 2009 18:41
Picon

Re: Last Call: draft-ietf-tls-rfc4366-bis (Transport Layer

Yes, +1.

----- Original Message -----
From: Peter Saint-Andre <stpeter <at> stpeter.im>
To: Joseph Salowey (jsalowey) <jsalowey <at> cisco.com>
Cc: Blumenthal, Uri; simon <at> josefsson.org <simon <at> josefsson.org>; martin.rex <at> sap.com
<martin.rex <at> sap.com>; tls <at> ietf.org <tls <at> ietf.org>
Sent: Thu Oct 01 12:28:51 2009
Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4366-bis (Transport Layer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/1/09 10:17 AM, Joseph Salowey (jsalowey) wrote:
> I don't think option 1 is an appropriate change for this document,
> although I could be convinced otherwise because I don't think the SHOULD
> is very enlightening.

I now agree that we need to say something about this in the TLS spec.

> For option 2 I would prefer text that explains the SHOULD, maybe
> something like:
> 
> "Since it is possible for a client to present a different server_name in
> the application protocol, application server implementations that rely
> upon these names being the same MUST check to make sure the client did
> not present a different name in the application protocol." 

+1
(Continue reading)

Permalink | Reply | 0 comments |
headers
Martin Rex | 1 Oct 2009 21:08
Picon
Favicon

Re: Last Call: draft-ietf-tls-rfc4366-bis (Transport Layer

Joseph Salowey wrote:
> 
> For option 2 I would prefer text that explains the SHOULD, maybe
> something like:
> 
> "Since it is possible for a client to present a different server_name in
> the application protocol, application server implementations that rely
> upon these names being the same MUST check to make sure the client did
> not present a different name in the application protocol." 

OK.  +1

-Martin
Permalink | Reply | 0 comments |
headers
Paul Hoffman | 5 Oct 2009 20:17

New draft: draft-solinas-tls-additional-prf-input-00.txt

>A New Internet-Draft is available from the on-line Internet-Drafts
>directories.
>
>
>	Title		: Additional PRF Inputs for TLS
>
>	Author(s)	: J. Solinas, P. Hoffman
>	Filename	: draft-solinas-tls-additional-prf-input-00.txt
>	Pages		: 6
>	Date		: 2009-10-5
>	
>This document describes a mechanism for using additional PRF inputs
>   with Transport Layer Security (TLS) and Datagram TLS (DTLS).
>
>
>A URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-solinas-tls-additional-prf-input-00.txt

Greetings again. We would like to hear input on this draft from the TLS community. The basic idea is an
extension that would allow the two parties to give additional information that is directly mixed into the
master secret through the PRF.

--Paul Hoffman, Director
--VPN Consortium
Permalink | Reply | 10 comments |

Gmane