Re: [TLS] Questions about TLS Server Name Indication extension

To: tls at ietf.org
Subject: Re: [TLS] Questions about TLS Server Name Indication extension
From: Michael D'Errico <mike-list at pobox.com>
Date: Fri, 30 Oct 2009 19:12:55 -0700
Delivered-to: tls at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=DAxeoGLIGLqn 5kXW1/QrPUBk/6k=; b=JWZW/nLspNFJ0OIS/kXFdE72IBFq+A4tASQmz/UJr634 9GjrHiH33a92wz8iTmt7d7rZeETFaRv4QHRnigrfeVMdh30Y+WSZL9E3OOYwDQLm BHLOzqRH8CEGaq70yb7R1TJF2Adh/IuzVJTt1X8mlibDA0vxnnn9h5CgyMupjp0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=UZZELD 3hx7fanKt8eBzZEHlC/bhCUS+HCKnuAl8kDAG8iAofLTd7mY6ljxvE8EEPHFolDb 8F6RVegbisuSUoXRBRu1P5Zk/TOw0fqKU0/DfTnrumOp+ypQ9v68mqi7uQxSsYAX OcjEJnnqaLlEHAkrVaSF/zE/A5IPp8nTFF430=
In-reply-to: <200910292246.n9TMk6sZ014367 at fs4113.wdf.sap.corp>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <200910292246.n9TMk6sZ014367 at fs4113.wdf.sap.corp>
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

Btw. RFC-4366 doesn't say what to do about IP-Addresses.  Since
rfc-2818.txt indicates that Server certificates may contain
SANs of the type iPAddress, sending IP-Addresses also via SNI
sounds like the way to go when e.g. the Browser tries to open
a URL with only an IPaddress instead of a hostname..


RFC 4366 says on page 10:

   Literal IPv4 and IPv6 addresses are not permitted in "HostName".

A new name type would need to be created for IP addresses.

There are much more interesting questions: when a TLS session in the
cache was originally established with protocol version 0x03,0x01
what about a client resume proposal with a protocol version 0x03.0x00
or 0x03,0x02 in the client_version of the ClientHello?


I looked at my code and found that when a cached session is
retrieved, the ClientHello.version of the new handshake is compared
to the negotiated version of the original session.  If they are not
equal, then a full handshake is performed.

But that brings up a subtle point.  What if the client originally
connected offering a higher version than I support?  When it tries
to resume a session, should it use the version it originally sent
in the ClientHello, or the lower version that was negotiated?

I would think that the client should be allowed to specify the same
version number it originally connected with.

I searched through RFC 5246 but could not find a discussion of this.
Did I miss it?  What do others think should happen?

A TLS client should *NEVER* make assumptions about independent
servers (i.e. independent ServerNames) sharing a TLS session cache.
Sensible TLS clients should NOT assume that TLS servers on different
ports of the same host share the TLS session cache (or credentials
or any other TLS characteristics, for that matter).


A somewhat related problem I encountered is that Google's search
engine assumes that the content at http port 80 is the same as the
content at https port 443.  I was having trouble getting my site
indexed because the text/plain page from my TLS test server was
being treated as my home page by Google's bot, i.e. with no links.
I don't know if other search engines exhibit this behavior.

Mike

Follow-Ups:
- Re: [TLS] Questions about TLS Server Name Indication extension
  - From: Pasi.Eronen

References:
- Re: [TLS] Questions about TLS Server Name Indication extension
  - From: Martin Rex

Prev by Date: Re: [TLS] Multiple Session Caches and SNI
Next by Date: Re: [TLS] Server Signature Algorithms
Previous by thread: Re: [TLS] Questions about TLS Server Name Indication extension
Next by thread: Re: [TLS] Questions about TLS Server Name Indication extension
Index(es):
- Date
- Thread

Re: [TLS] Questions about TLS Server Name Indication extension

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.