Re: [TLS] Multiple domain names in SNI (was Questions about TLS Server Name Indication extension)

[Michael Gray <mickgray at au1.ibm.com>]

"Michael D'Errico" <mike-list at pobox.com> wrote:

> Here's a possible reason for a client to include multiple domain
> names in the SNI.  Suppose a user enters "foo.edu" into their
> browser.  The browser may decide to send the two names "foo.edu"
> and also "www.foo.edu" to the server in an attempt to connect on
> the first try, rather than get rejected on the first connection
> and have the overhead of retrying.

That is an interesting use case scenario.  Have you actually observed a
browser doing this?  I have not so far.  What sort of risk is there for the
Client if the browser starts doing this sort of thing?  On the other hand I
recommend to our consuming products to have the flexibility at the Server
side i.e. the Server is configured with multiple Server Names that point to
a common certificate which supports multiple DNS names.  For example say a
Server is hosting 123.com, abc.com and xyz.com, then the TLS Server can be
configured with:

abc.com > abc.com_certificate
www.abc.com > abc.com_certificate
123.com > 123.com_certificate
www.123.com > 123.com_certificate
...

You can imagine a number of variations on the above when you see some
Server Certificates with a large number of SAN DNS names.

The TLS Server then selects the correct certificate based on the TLS Client
SNI request.  The Application Server itself then asks the TLS Server what
certificate was used to establish the connection so that the Application
Server can select the correct data base etc etc.


> Even if you disagree that that is a possible scenario, if you want
> to restrict what you can do with a protocol there should be a good
> reason to do it.  Either it must present a security issue, or it
> must cause undue burden on implementers for no benefit.  I don't
> see how it is a security issue for the server to look up more than
> one name, and there is no burden in adding a simple loop to look
> up those names sequentially.  In fact, you already need the loop
> to skip any name types you don't recognize, so the issue is whether
> you put a break statement in your loop or not.
>

If there is consensus on this and no security risk then we would implement
it as an option as I do not see that the RFC prevents this.

Mick Gray
IBM

> _______________________________________________
> TLS mailing list
> TLS at ietf.org
> https://www.ietf.org/mailman/listinfo/tls