On Thu, Apr 6, 2017 at 1:34 AM, Stephen Farrell <[email protected]> wrote: > > > On 05/04/17 21:20, Subodh Iyengar wrote: >>> With that goal in mind, wouldn't it help mitigate the threat if >> the holder of the longer term credential (the cert subject) were to >> include within the signature e.g. an IP address range within which >> the delegated credential is allowed to be used? >> >> We thought about this originally, but we discounted this because it >> breaks when http and socks proxies are used. Looking at some data I >> had a non trivial number of requests access our site using proxies. >> I'm not sure whether there's a good method for a client to enforce ip >> address ranges when a proxy does the dns resolution. > > So if you spec'd this so clients using proxies didn't attempt > to enforce IP checks, but those going direct did, then you'd I > guess better mitigate the stated threat, so long as the set of > clients not using a proxy is non-negligible, which I assume is > the case. Was that considered?
Too much room for error. Consider all the varieties of network devices that could cause an IP-address mismatch, many of which the client wouldn't see. > > Cheers, > S. > > >> >> >> Subodh >> >> ________________________________ From: Stephen Farrell >> <[email protected]> Sent: Wednesday, April 5, 2017 12:30:31 >> PM To: Subodh Iyengar; Simon Friedberger; [email protected]; Richard Salz; >> Kaduk, Ben Subject: Re: [TLS] security considerations for >> draft-rescorla-tls-subcerts >> >> >> I've no strong opinion for or against this. One question below >> though. >> >> On 05/04/17 17:07, Subodh Iyengar wrote: >>> The threat model here is that since if a less-trusted host having >>> a key is compromised for a certain period of time without >>> detection, and an attacker can steal private keys during that >>> period. In many situations we are fine with giving the TLS >>> terminator a certificate / key, i.e. they actually have a trust >>> relationship, however we want a compromise to only give the >>> attacker a limited power to use the credential. Revocation is >>> arguably effective, so we would not be okay with giving a less >>> trusted host a long term private key. However we'd be okay with >>> giving a less-trusted host a short term key. >> >> With that goal in mind, wouldn't it help mitigate the threat if the >> holder of the longer term credential (the cert subject) were to >> include within the signature e.g. an IP address range within which >> the delegated credential is allowed to be used? >> >> Cheers, S. >> >> > > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls > -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
