On Wed, Feb 15, 2017 at 2:49 PM David Wong <davidwong.cry...@gmail.com> wrote:
> On Feb 15 2017, at 7:27 pm, Andrei Popov <andrei.po...@microsoft.com> > wrote: > > Yes, I agree that it is useful to mention this in the spec. > > > > > It would be nice is to have two different PRs solving this issue. One > mentioning this as a potential issue that the application must be aware of. > I've seen things like that for example in rfc 5746: > https://tools.ietf.org/html/rfc5746#section-5 > > > While this extension mitigates the man-in-the-middle attack described > in the overview, it does not resolve all possible problems an application > may face if it is unaware of renegotiation. For example, during > renegotiation, either the client or the server can present a different > certificate than was used earlier. This may come as a surprise to > application developers (who might have expected, for example, that a > "getPeerCertificates()" API call returns the same value if called twice), > and might be handled in an insecure way. > > A second PR could try to tackle this by adding a new message, for example > an "AcknowledgeClientAuthentication" message that the server would send to > confirm (or not) the validation of the client certificate. I think this > would add a bit of complexity for less "surprise". I'm not too keen on > this, and I think this could be added as an extension instead, but I think > it would be nice to have to see if it integrates nicely in the current > draft. > Post-handshake auth exists basically entirely to service HTTP/1.1 reactive client certificate which was previously hacked on via renegotiation. I think we should not make this feature any more complicated than absolutely necessary to support this mode, and we should not add more bells and whistles to it to encourage further use. For the HTTP/1.1 use case, this is not necessary because it's reasonable for client/server to agree that the server will not send any more data for that request until it has processed the client's authentication messages. David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
