Re: [TLS] Verifying X.509 Certificate Chains out of order

[pgut001 at cs.auckland.ac.nz (Peter Gutmann)]

Simon Josefsson <simon at josefsson.org> writes:

>If someone really wants to solve this privacy problem, add a certificate
>extension that tells browsers to never announce a particular end-entity
>certificate except to particular hosts, and make browsers support it.

This probably needs to go to a list like hcisec to get HCI peoples' input, but
what about treating it like cookies, if people are concerned about privacy and
turn off cookies (which, if you include session cookies, may well make most of
the web unusable, but that's their decision) then your UI would pop up a
dialog before handing over the cert, otherwise keep the existing behaviour of
silently sending the cert.  If the concern is user tracking then give cert-
usage the same user interaction as cookie-usage.  The browser already has the
UI and whatnot there and users are, well, at least somewhat educated about
cookies, so just extend the existing mechanism to cover new cookie-equivalents
(including things like Flash cookies and the other odds and ends I mentioned,
which currently aren't handled well at all).

>I suspect you'll have trouble convincing everyone to implement the feature,
>and the IETF to standardize it, because people will question whether the
>privacy problem is a serious problem.

PKIX (the WG responsible for this) will standardise anything with an ASN.1 
syntax (there's an RFC for adding theme music to certificates, for example), I 
doubt you'll have any problems there :-).

Peter.
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls