Re: [TLS] Implementation survey: Client Certificate URL extension

To: Pasi.Eronen at nokia.com
Subject: Re: [TLS] Implementation survey: Client Certificate URL extension
From: Martin Rex <Martin.Rex at sap.com>
Date: Thu, 3 Apr 2008 18:10:19 +0200 (MEST)
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <1696498986EFEC4D9153717DA325CB7223A82C at vaebe104.NOE.Nokia.com> from "Pasi.Eronen at nokia.com" at Mar 18, 8 01:39:49 pm
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com
Sender: tls-bounces at ietf.org

If you read the news, you probably noticed the following paper
today or these days:

https://www.cynops.de/techzone/http_over_x509.html

Although this Papers describes a serious design flaw in the
rfc3280 suggestion to put URLs of intermediate CAs into X.509v3
cert extensions and have peers use them in order to be able
to build a certification path, the very same problem will
apply to every concept that a communication peer can be
coerced to access one or more arbitrary URLs prior to
authentication, and the Client Certificate URL extension
appears to suffer the same vulnerabilities and security
problems.

-Martin
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Implementation survey: Client Certificate URL extension
  - From: Pasi.Eronen
- Re: [TLS] Implementation survey: Client Certificate URL extension
  - From: Peter Gutmann

References:
- [TLS] Implementation survey: Client Certificate URL extension
  - From: Pasi.Eronen

Prev by Date: Re: [TLS] ServerCertificate and intermediate CA certs
Next by Date: [TLS] Stateless Session Resumption support in Firefox 3
Previous by thread: Re: [TLS] Implementation survey: Client Certificate URL extension
Next by thread: Re: [TLS] Implementation survey: Client Certificate URL extension
Index(es):
- Date
- Thread

Re: [TLS] Implementation survey: Client Certificate URL extension

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.