Re: [TLS] Verifying X.509 Certificate Chains out of order

[pgut001 at cs.auckland.ac.nz (Peter Gutmann)]

Nelson B Bolyard <nelson at bolyard.me> writes:

>One major difference between tracking with cookies (or TLS session IDs) and
>using certs is that cookies and TLS session IDs contain only information
>previously put there by the server itself.  When the server fetches them, it
>doesn't learn anything about the user that it didn't already know. It has
>merely learned that a user who has previously been to this web site has now
>returned.  But certs reveal information that could well have previously been
>unknown to the server.  Fetching certs is a way to do information discovery.

I'm sure this can be argued endlessly, but given a mechanism that has 100%
coverage/penetration (cookies/Flash cookies/cache cookies/Javascript/whatever)
and one that has a coverage level two orders of magnitude below the margin of
error, I know which one I'd be using to track users, regardless of some
theoretical advantage that one might have.

>Finally, I will add that the decision to change the default behavior for
>client auth was made by the browser UI folks, not by the crypto folks.

UI folks did this?  Wow.  I guess they had no idea of the consequences of
their actions :-).

>The subsequent discovery of lots of sites that are doing this seems to prove
>that the threat was not merely imaginary.

That doesn't say anything about the threat, merely that there are lots of
misconfigured servers.  The fact that the server admins had no idea their
servers were doing this and even less idea how to turn it off, and that the
servers threw the certs away when they were given them, would argue strongly
against any attempt at deliberate user tracking.

Peter.
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls