[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] AIA cert fetching seen as harmful

To: Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx>
Subject: Re: [TLS] AIA cert fetching seen as harmful
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Mon, 14 Apr 2008 10:12:23 -0500
Cc: tls@xxxxxxxx
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <E1JlOqU-000695-1U@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <E1JlOqU-000695-1U@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx
User-agent: Mutt/1.5.7i

On Tue, Apr 15, 2008 at 01:35:42AM +1200, Peter Gutmann wrote:
>       [...].  So a server, when seeing one of these certs, is supposed to go
> to whatever arbitrary location and port is specified and poke around there
> (I'm not sure what would happen if you entered, for example, an SSH URI
> instead of the more obvious HTTP one, but if the implementation is general
> enough you could use it for password-guessing attacks on internal SSH
> servers).  It's just a really, really bad idea to build a capability for HTTP
> bounce scans into a (supposedly) passive protocol mechanism, and in particular
> turning a system that's supposed to provide security into a security hole just
> doesn't seem a winning long-term strategy to me.

I agree.  I think AIA can be useful -- to the client.

Servers should ignore AIA, and clients should always send enough of
their certificate chain to servers, and/or PKIX-based protocols should
allow for additional round-trips when a client didn't send enough of its
chain initially.

I think that allowing for multiple round-trips here (e.g., in TLS) is
the better answer, but I suspect that's also hard to pull off now, which
leaves us with clients sending their whole chains (to some TA selected
by the client, which hopefully will be good enough for the server to
build its view of the client's cert validation path).

Nico
-- 
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] AIA cert fetching seen as harmful
  - From: Peter Gutmann

Prev by Date: Re: [TLS] AIA cert fetching seen as harmful
Previous by thread: Re: [TLS] AIA cert fetching seen as harmful
Index(es):
- Date
- Thread