Re: [TLS] TLS document status update
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] TLS document status update
The "vulnerabilities" in the client-cert-URL extension without
certificate hash are IMHO somewhat subtle. It definitely not
a regular MITM type of attack.
The thing that *I* don't like is the following:
IMHO, the client should always consciously assert an identity
when performing an authentication. The private key & certificate
are only a means to prove ownership of that identity.
Normally, this is done by including a specific certificate
in the authentication that contains a binding of a public
key to an identity.
The server is, in general, going to grant access based on the
identity (or authorizations bound to the identity),
and *NOT* based on the public key -- otherwise the use
of a certificate instead of a naked public key would be
a huge wasted effort.
If the client does not assert an identity during authentication,
but instead passes an URL, then it is no longer asserting
the identity (in a protected fashion). Personally, I consider
that a (security) problem.
If an attacker could get a certificate issued with the clients
public key and someone elses identity, then he might have a means
to cause trouble for the client by subtituting the certificate
(when the server tries to download it).
I would not feel comfortable with an authentication protocol
where only a password is sent, and the server is supposed to
figure out by himself to which account the authentication
should be mapped.
And maybe you could abuse this to have the server check
whether someone('s certificate) someones account exists,
depending on the servers error message...
-Martin
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
