Re: [TLS] Verifying X.509 Certificate Chains out of order

To: Peter Gutmann <pgut001 at cs.auckland.ac.nz>, tls at ietf.org
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
From: Alexander Klink <a.klink at cynops.de>
Date: Tue, 21 Oct 2008 17:27:50 +0200
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <E1KsIfL-000595-Hr at wintermute01.cs.auckland.ac.nz>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <48F79D30.7030104 at bolyard.me> <E1KsIfL-000595-Hr at wintermute01.cs.auckland.ac.nz>
Sender: tls-bounces at ietf.org
User-agent: Mutt/1.5.13 (2006-08-11)

On Wed, Oct 22, 2008 at 03:56:59AM +1300, Peter Gutmann wrote:
> >One major difference between tracking with cookies (or TLS session IDs) and
> >using certs is that cookies and TLS session IDs contain only information
> >previously put there by the server itself.  When the server fetches them, it
> >doesn't learn anything about the user that it didn't already know. It has
> >merely learned that a user who has previously been to this web site has now
> >returned.  But certs reveal information that could well have previously been
> >unknown to the server.  Fetching certs is a way to do information discovery.
> 
> I'm sure this can be argued endlessly, but given a mechanism that has 100%
> coverage/penetration (cookies/Flash cookies/cache cookies/Javascript/whatever)
> and one that has a coverage level two orders of magnitude below the margin of
> error, I know which one I'd be using to track users, regardless of some
> theoretical advantage that one might have.

The practical advantage here was that the coverage level did not matter
- if you wanted to track users across two unrelated domains, you could
do so using TLS client certificates no matter if the users actually had
them (they were (nearly) unnoticeable to install) ...

> >The subsequent discovery of lots of sites that are doing this seems to prove
> >that the threat was not merely imaginary.
> 
> That doesn't say anything about the threat, merely that there are lots of
> misconfigured servers.  The fact that the server admins had no idea their

I'd agree with that, I doubt that someone was actually using that as an
attack vector ...

Cheers,
  Alex
-- 
Dipl.-Math. Alexander Klink | IT-Security Engineer |    a.klink at cynops.de
 mobile: +49 (0)178 2121703 |          Cynops GmbH | http://www.cynops.de
----------------------------+----------------------+---------------------
      HRB 7833, Amtsgericht | USt-Id: DE 213094986 |     Geschäftsführer:
     Bad Homburg v. d. Höhe |                      |      Martin Bartosch

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Nelson B Bolyard
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Gutmann

Prev by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by Date: [TLS] rfc4366-bis-03 Discuss #1: hash alg. agility for CertURLs?
Previous by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by thread: [TLS] Client PKI Workshop
Index(es):
- Date
- Thread

Re: [TLS] Verifying X.509 Certificate Chains out of order

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.