On 05/04/17 21:20, Subodh Iyengar wrote: >> With that goal in mind, wouldn't it help mitigate the threat if > the holder of the longer term credential (the cert subject) were to > include within the signature e.g. an IP address range within which > the delegated credential is allowed to be used? > > We thought about this originally, but we discounted this because it > breaks when http and socks proxies are used. Looking at some data I > had a non trivial number of requests access our site using proxies. > I'm not sure whether there's a good method for a client to enforce ip > address ranges when a proxy does the dns resolution.
So if you spec'd this so clients using proxies didn't attempt to enforce IP checks, but those going direct did, then you'd I guess better mitigate the stated threat, so long as the set of clients not using a proxy is non-negligible, which I assume is the case. Was that considered? Cheers, S. > > > Subodh > > ________________________________ From: Stephen Farrell > <stephen.farr...@cs.tcd.ie> Sent: Wednesday, April 5, 2017 12:30:31 > PM To: Subodh Iyengar; Simon Friedberger; tls@ietf.org; Richard Salz; > Kaduk, Ben Subject: Re: [TLS] security considerations for > draft-rescorla-tls-subcerts > > > I've no strong opinion for or against this. One question below > though. > > On 05/04/17 17:07, Subodh Iyengar wrote: >> The threat model here is that since if a less-trusted host having >> a key is compromised for a certain period of time without >> detection, and an attacker can steal private keys during that >> period. In many situations we are fine with giving the TLS >> terminator a certificate / key, i.e. they actually have a trust >> relationship, however we want a compromise to only give the >> attacker a limited power to use the credential. Revocation is >> arguably effective, so we would not be okay with giving a less >> trusted host a long term private key. However we'd be okay with >> giving a less-trusted host a short term key. > > With that goal in mind, wouldn't it help mitigate the threat if the > holder of the longer term credential (the cert subject) were to > include within the signature e.g. an IP address range within which > the delegated credential is allowed to be used? > > Cheers, S. > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls