idnits 2.17.1 draft-hoehlhubmer-https-upd-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (Nov 25, 2013) is 3804 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 2818 (ref. 'HTTPTLS') (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 1319 (ref. 'MD2') (Obsoleted by RFC 6149) -- Obsolete informational reference (is this intentional?): RFC 1320 (ref. 'MD4') (Obsoleted by RFC 6150) -- Obsolete informational reference (is this intentional?): RFC 4492 (Obsoleted by RFC 8422) -- Obsolete informational reference (is this intentional?): RFC 5469 (Obsoleted by RFC 8996) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group W. Hoehlhubmer 3 Internet-Draft Nov 25, 2013 4 Category: Best Current Practice 5 Intended status: Informational 6 Expires: May 25, 2014 8 Informational Add-on for HTTP over 9 the Secure Sockets Layer (SSL) Protocol and/or 10 the Transport Layer Security (TLS) Protocol 11 draft-hoehlhubmer-https-upd-14 13 Abstract 15 This document describes an Add-on for websites providing encrypted 16 connectivity (HTTP over TLS). 18 The Add-on has two parts, one for the Domain Name System (DNS) - 19 storing the X.509 certificate hashes - and one for the webserver 20 itself - an additional webpage providing specific informations. 22 Status of this Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on May 25, 2014. 39 Copyright Notice 41 Copyright (c) 2013 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 57 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . . 4 58 2. Implementing this Add-on . . . . . . . . . . . . . . . . . . 5 59 2.1. Implementing the DNS part . . . . . . . . . . . . . . . . . 5 60 2.1.1. Calculating the Hashes . . . . . . . . . . . . . . . . . 5 61 2.1.1.1. Calculating the Packed form . . . . . . . . . . . . . . 7 62 2.1.2. Formatting the Date and Time . . . . . . . . . . . . . . 7 63 2.1.3. Arbitrary String Attribute Syntax . . . . . . . . . . . . 7 64 2.1.4. DNS-entry Namespace . . . . . . . . . . . . . . . . . . 9 65 2.2. Implementing the HTTP part . . . . . . . . . . . . . . . . 9 66 2.2.1. Webpage Content . . . . . . . . . . . . . . . . . . . . . 10 67 2.2.2. Formating and Presenting the Webpage . . . . . . . . . . 11 68 3. DNS part Details . . . . . . . . . . . . . . . . . . . . . . 11 69 3.1. Handling Certificate Rollover . . . . . . . . . . . . . . . 11 70 3.2. Verification Procedure . . . . . . . . . . . . . . . . . . 12 71 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 72 5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 73 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 74 7. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 12 75 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 76 8.1. Normative References . . . . . . . . . . . . . . . . . . . 13 77 8.2. Informative References . . . . . . . . . . . . . . . . . . 13 78 9. Discussions . . . . . . . . . . . . . . . . . . . . . . . . . 16 79 A. Example certificates . . . . . . . . . . . . . . . . . . . . 17 80 A.1. The DER-encoded CA certificate . . . . . . . . . . . . . . 17 81 A.1.1. The CA's public key . . . . . . . . . . . . . . . . . . . 17 82 A.2. The DER-encoded SSL certificate . . . . . . . . . . . . . . 18 83 B. Script Examples for the Add-on webpage . . . . . . . . . . . 19 84 B.1. PHP-script . . . . . . . . . . . . . . . . . . . . . . . . 19 85 B.2. CGI-script: A BASH shell script . . . . . . . . . . . . . . 20 86 B.3. CGI-script: A compiled C program . . . . . . . . . . . . . 20 87 C. Sample Content of the Add-on webpage . . . . . . . . . . . . 23 88 C.1. A complete sample content . . . . . . . . . . . . . . . . . 23 89 C.1.1. ..., the client certificate part . . . . . . . . . . . . 24 90 C.2. Picking another cipher suite . . . . . . . . . . . . . . . 24 91 C.2.1. ..., and one more . . . . . . . . . . . . . . . . . . . 24 92 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 25 94 1. Introduction 96 HTTP over TLS [HTTPTLS] is not limited to e.g. electronic banking 97 sites. E-commerce is also using this technology on their websites 98 for encrypted communication between clients (users) and them. 100 A list of a few encryption algorithms: 102 (1) Advanced Encryption Standard (AES) 103 (2) Data Encryption Standard (DES, 3DES) 104 (3) Ron's Code 4 (RC4) 105 (4) ... 107 As an example a list of some kinds of the Camellia encryption 108 algorithm [CAMELLIA] (names taken from OpenSSL help [OPENSSL]): 110 (1) CAMELLIA-128-CBC: 128-bit Camellia encryption in CBC mode 111 (2) CAMELLIA-128-ECB: 128-bit Camellia encryption in ECB mode 112 (3) CAMELLIA-192-CBC: 192-bit Camellia encryption in CBC mode 113 (4) CAMELLIA-192-ECB: 192-bit Camellia encryption in ECB mode 114 (5) CAMELLIA-256-CBC: 256-bit Camellia encryption in CBC mode 115 (6) CAMELLIA-256-ECB: 256-bit Camellia encryption in ECB mode 116 (7) ... 118 A list of possible secure layer used: 120 (1) The Secure Sockets Layer (SSL) Protocol: 121 (1a) Version 2.0 [SSLv2] 122 (1b) Version 3.0 [SSLv3] 124 (2) The Transport Layer Security (TLS) Protocol: 125 (2a) Version 1.0 [TLSv1.0] 126 (2b) Version 1.1 [TLSv1.1] 127 (2c) Version 1.2 [TLSv1.2] 129 A list of possible Ciphersuites for Transport Layer Security (TLS): 131 (1) Pre-Shared Key Cipher Suites [RFC4279] 132 (2) Elliptic Curve Cryptography (ECC) Cipher Suites [RFC4492] 133 (3) Pre-Shared Key Cipher Suites with NULL Encryption [RFC4785] 134 (4) AES Galois Counter Mode (GCM) Cipher Suites [RFC5288] 135 (5) DES and IDEA Cipher Suites [RFC5469] 136 (6) ECDHE_PSK Cipher Suites [RFC5489] 137 (7) Camellia Cipher Suites [RFC5932] 138 (8) ... 140 A list of possible Hashing Algorithms: 142 (1) the [MD2] Message-Digest Algorithm (historic see [RFC6149]) 143 (2) the [MD4] Message-Digest Algorithm (historic see [RFC6150]) 144 (3) the [MD5] Message-Digest Algorithm used commonly in past 145 (4) the US Secure Hash Algorithm 1 [SHA1] 146 (5) more US Secure Hash Algorithms [RFC6234] 147 (6) ... 149 Only the X.509 Certificates [RFC5280] are static, all other 150 informations depend on the capabilities of the used web browser. 152 Not every browser allows you to view all these informations, 153 especially the Cipher Suite the browser has picked for use. 155 With most browsers you can view the used X.509 certificates of the 156 actual session, but you have no direct comparison if they are the 157 correct ones. 159 It is a good practice to show these informations on the website. 161 The X.509 certificates which are shown by the browser and those, 162 that are shown in this Add-on webpage MUST match; with other words: 164 If they do not match, there is going on a man-in-the-middle attack. 166 To give the browser, a plug-in, or just a stand-alone program, 167 the ability to verify, that the X.509 certificate is correct, 168 the Fingerprint and/or Hash of the X.509 certificates and also some 169 additional informations for the community itself are stored in 170 the Domain Name System (DNS) [DNS-1,DNS-2] as arbitrary string 171 attributes as specified in [RFC1464]. 173 This SHOULD be seen as an additional specification of the DNS-Based 174 Authentication of Named Entities (DANE) [RFC6698] that increases the 175 confidence and gives extended informations that can easily be read 176 by the community. 178 1.1. Requirements Notation 180 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 181 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 182 document are to be interpreted as described in RFC 2119 [RFC2119]. 184 2. Implementing this Add-on 186 This Add-on has two parts. 188 Section 2.1. describes the implementation of the neccessary entries 189 in the Domain Name System (DNS). 191 Section 2.2. describes the implementation of the additional webpage. 193 2.1. Implementing the DNS part 195 This part is implemented as an arbitrary string attribute, that has 196 at least the following content: 198 (1) The Hashes of all X.509 certificates of the whole certificate 199 chain 200 (2) The number of all X.509 certificates of the whole certificate 201 chain 202 (3) The used Hashing algorithm as specified in [SHA1] or [RFC6234]: 203 (3a) "sha1" for SHA-1 204 (3b) "sha224" for SHA-224 205 (3c) "sha256" for SHA-256 206 (3d) "sha384" for SHA-384 207 (3e) "sha512" for SHA-512 208 (4) The way the Hashing values were calculated: 209 (4a) "0" for Non-packed Base64 encoded Hashes, 210 see Section 2.1.1. 211 (4b) "1" for Packed Base64 encoded Hashes, 212 see Section 2.1.1.1. 213 (5) The Date and Time the X.509 certificate is valid, 214 for format see Section 2.1.2. 216 For Syntax see Section 2.1.3. 218 2.1.1 Calculating the Hashes 220 For calculating the hashes use either [SHA1] or SHA-224, SHA-256, 221 SHA-384, or SHA-512 as specified in [RFC6234]. 223 Take each X.509 certificate of the whole chain and calculate the 224 hash of the DER-encoded certificate. 226 The example certificates of Appendix A give these SHA-224 hashes 227 in hex: 229 CA: 00fcc1bb4d09a392f5729a0c1e1ed4247db6b21da1fca9bf6d218db4 230 SSL: eacbdc6c27cba4ecc87b4e953b56c6987d87430b682b1f13031b04de 231 and these SHA-512 hashes in hex: 233 CA: 6744023893a9a046e713b5615bcf1a267a41da13712f4eb964e496754bd9 234 43105a5a3a8b9b071dea25f90fa7aa9c877dcc2ec81a7c97b640b30dd350 235 83252078 236 SSL: df0dee228b19aa1eac6d2227d11cb243562058db5a4041b208ed7702869 237 98747ed7ba08026791961d338cb2063f3485ec9fe07d5631a8a1b1da340 238 25cb8962f5 240 Concatenate the binary form of the calculated hashes in the correct 241 order beginning at the root. 242 Generate the Base64 encoding [RFC4648] from the concatenated hashes. 244 This example gives the following Base64 from the concatenated 245 SHA-224 hashes: 247 APzBu00Jo5L1cpoMHh7UJH22sh2h/Km/bSGNtOrL3Gwny6TsyHtOlTtWxph9h0ML 248 aCsfEwMbBN4= 250 and from the SHA-512 hashes: 252 Z0QCOJOpoEbnE7VhW88aJnpB2hNxL065ZOSWdUvZQxBaWjqLmwcd6iX5D6eqnId9 253 zC7IGnyXtkCzDdNQgyUgeN8N7iKLGaoerG0iJ9EcskNWIFjbWkBBsgjtdwKGmYdH 254 7XuggCZ5GWHTOMsgY/NIXsn+B9VjGoobHaNAJcuJYvU= 256 Due to size limitations as specified in [DNS-2] Section 2.3.4. and 257 the Syntax as specified in Section 2.1.2. below 258 this Base64 encoded hash MUST NOT be longer than 196 octets. 260 This table shows when to use the packed form of calculation explained 261 in next Section 2.1.1.1. 263 +-----------+--------------+ 264 | Hashing | X.509 | 265 | algorithm | certificates | 266 +-----------+--------------+ 267 | SHA-1 | 8 or more | 268 +-----------+--------------+ 269 | SHA-224 | 6 or more | 270 +-----------+--------------+ 271 | SHA-256 | 5 or more | 272 +-----------+--------------+ 273 | SHA-384 | 4 or more | 274 +-----------+--------------+ 275 | SHA-512 | 3 or more | 276 +-----------+--------------+ 278 Using of the non packed form SHOULD be preferred. 280 2.1.1.1. Calculating the Packed form 282 The calculation is the same except, that the binary form of the 283 concatenated hashes is hashed again using the SHA-512 algorithm. 285 Generate the Base64 encoding from this SHA-512 hash. 287 The example from the previous Section 2.1.2. has only two X.509 288 certificates. There would not be any need of packing this by 289 hashing again. 291 The Base64 encoding of this packed SHA-512 hash is the following: 293 4iBTHcxpK4GG0thWbLaq9gQx2UmFDPI2DJDWyeKYk3RmUwS+nkuCXYXR6ED4iGy4 294 Ftl5nFcsta9rwMvsaQx/wg== 296 NOTE: The algorithm attribute refers to the calculation method 297 of the X.509 certificate hashes. For calculation of the packed 298 form there is always used the SHA-512 hashing algorithm. 300 2.1.2. Formatting the Date and Time 302 The date and time is formatted in GeneralizedTime as 303 specified in [RFC5280] Section 4.1.2.5.2. 305 For the purposes here, GeneralizedTime values MUST be expressed 306 in Greenwich Mean Time (Zulu) and MUST include seconds 307 (i.e., times are YYYYMMDDHHMMSSZ), even where the number of seconds 308 is zero. GeneralizedTime values MUST NOT include fractional seconds. 310 2.1.3. Arbitrary String Attribute Syntax 312 The syntax for a complete arbitrary string attribute, using the 313 ABNF notation and core rules of [RFC5234], is: 315 attribute = DQUOTE 316 attr-algo 1*SP ; (3) 317 attr-count 1*SP ; (2) 318 attr-packed 1*SP ; (4) 319 attr-time 1*SP ; (5) 320 attr-hashes 1*SP ; (1) 321 DQUOTE 323 attr-algo = "a=" hash-algo ";" 324 attr-count = "c=" cert-count ";" 325 attr-packed = "f=" packed-form ";" 326 attr-time = "v=" valid-time-from "-" valid-time-to ";" 327 attr-hashes = "x=" cert-hashes ";" 328 cert-count = DIGIT ; number of X.509 certificates of 329 ; the whole certificates chain 331 cert-hashes = base64-string 332 ; base64 encoding of the certificates 333 ; hashes 335 hash-algo = 1*("sha1" / "sha224" / "sha256" / "sha384" / 336 "sha512") 338 packed-form = 1BIT ; "0" non-packed base64 encoded hashes, 339 ; "1" packed base64 encoded hashes 341 valid-time-from = time-str 342 valid-time-to = time-str 344 base64-string = 1*(ALPHA / DIGIT / "+" / "/") [ "=" [ "=" ] ] 346 time-str = time-year time-month time-day time-hours time-minutes 347 time-seconds "Z" 349 time-year = 4DIGIT 350 time-month = 2DIGIT 351 time-day = 2DIGIT 352 time-hours = 2DIGIT 353 time-minutes = 2DIGIT 354 time-seconds = 2DIGIT 356 The example from Section 2.1.1. gives these: 358 "a=SHA224; c=2; f=0; v=19700101000000Z-19701231235959Z; x=APzBu0 359 0Jo5L1cpoMHh7UJH22sh2h/Km/bSGNtOrL3Gwny6TsyHtOlTtWxph9h0MLaCsfEw 360 MbBN4=;" 362 "a=SHA512; c=2; f=0; v=19700101000000Z-19701231235959Z; x=Z0QCOJ 363 OpoEbnE7VhW88aJnpB2hNxL065ZOSWdUvZQxBaWjqLmwcd6iX5D6eqnId9zC7IGn 364 yXtkCzDdNQgyUgeN8N7iKLGaoerG0iJ9EcskNWIFjbWkBBsgjtdwKGmYdH7XuggC 365 Z5GWHTOMsgY/NIXsn+B9VjGoobHaNAJcuJYvU=;" 367 "a=SHA512; c=2; f=1; v=19700101000000Z-19701231235959Z; x=4iBTHc 368 xpK4GG0thWbLaq9gQx2UmFDPI2DJDWyeKYk3RmUwS+nkuCXYXR6ED4iGy4Ftl5nF 369 csta9rwMvsaQx/wg==;" 371 All three are valid. 373 2.1.4. DNS-entry Namespace 375 For this Add-on a subdomain named "_sslinfo" is used. 377 INFORMATIVE OPERATIONAL NOTE: Wildcard DNS records (e.g., 378 *._sslinfo.example.com) are only used in context with 379 Wildcard X.509 certificates. Note also that wildcards within 380 domains (e.g., s._sslinfo.*.example.com) are not supported by 381 the DNS. 383 The DNS entries in the Zone file for this example look like these: 385 ; IPv4 address 386 www.example.com. IN A 192.0.2.1 388 ; IPv6 address 389 www.example.com. IN AAAA 2001:db8::1 391 ; X.509 certificates hashes, SHA-224 392 www._sslinfo.example.com. IN TXT "a=SHA224; c=2; f=0; v=1970010 393 1000000Z-19701231235959Z; x=APzBu00Jo5L1cpoMHh7UJH22sh2h/Km/bSGN 394 tOrL3Gwny6TsyHtOlTtWxph9h0MLaCsfEwMbBN4=;" 396 ; X.509 certificates hashes, SHA-512 397 www._sslinfo.example.com. IN TXT "a=SHA512; c=2; f=0; v=1970010 398 1000000Z-19701231235959Z; x=Z0QCOJOpoEbnE7VhW88aJnpB2hNxL065ZOSW 399 dUvZQxBaWjqLmwcd6iX5D6eqnId9zC7IGnyXtkCzDdNQgyUgeN8N7iKLGaoerG0i 400 J9EcskNWIFjbWkBBsgjtdwKGmYdH7XuggCZ5GWHTOMsgY/NIXsn+B9VjGoobHaNA 401 JcuJYvU=;" 403 ; X.509 certificates hashes, SHA-512, packed 404 www._sslinfo.example.com. IN TXT "a=SHA512; c=2; f=1; v=1970010 405 1000000Z-19701231235959Z; x=4iBTHcxpK4GG0thWbLaq9gQx2UmFDPI2DJDW 406 yeKYk3RmUwS+nkuCXYXR6ED4iGy4Ftl5nFcsta9rwMvsaQx/wg==;" 408 2.2. Implementing the HTTP part 410 This Add-on is just one page of the website. Its content MUST be 411 completely generated on server side. The Common Gateway Interface 412 [CGI1.1] is RECOMMENDED to be used. There MUST exist at least one 413 relative reference to this page as defined in [RFC3986] Section 4.2. 415 See Section 2.2.1. for the neccessary content of this webpage. 417 For doing so see the sample scripts from Appendix B. 418 To see how this Add-on works, see [MYADDON]. 420 2.2.1. Webpage Content 422 The informations MUST be the following: 424 (1) The actual date and time 426 (2) The cipher specification name 428 (3) Number of cipher bits (actually used) 429 (4) Number of cipher bits (possible) 431 (5) The SSL Protocol version: SSLv2, SSLv3, 432 TLSv1.0, TLSv1.1, TLSv1.2, ... 434 (6) If cipher is an export cipher: false, true 435 (7) If secure renegotiation is supported: false, true 437 (8) Algorithm used for the public key of server's certificate 438 (9) Algorithm used for the signature of server's certificate 439 (10) Issuer DN of server's certificate 440 (11) Subject DN in server's certificate 441 (12) The serial of the server certificate 442 (13) The version of the server certificate 443 (14) Validity of server's certificate (start time) 444 (15) Validity of server's certificate (end time) 446 (16) Client certificate verification: 447 NONE, SUCCESS, GENEROUS or FAILED:reason 449 (17) SSL compression method negotiated: NULL when disabled 451 For connections where X.509 certificates are used for authentication 452 these informations are RECOMMENDED: 454 (18) Algorithm used for the public key of client's certificate 455 (19) Algorithm used for the signature of client's certificate 456 (20) Issuer DN of client's certificate 457 (21) Subject DN in client's certificate 458 (22) The serial of the client certificate 459 (23) The version of the client certificate 460 (24) Validity of client's certificate (start time) 461 (25) Validity of client's certificate (end time) 462 (26) Number of days until client's certificate expires 464 This information MAY be given: 466 (27) The hex-encoded SSL session id 467 (28) Contents of the SNI TLS extension (if supplied with ClientHello) 468 These OPTIONAL informations depend on the used software: 470 (29) The SSL-module program version: e.g. Apache mod_ssl version 471 (30) The SSL program version: e.g. OpenSSL version 473 See Appendix C for a sample content. 475 2.2.2. Formating and Presenting the Webpage 477 You SHALL present this information simple, plain Text is enough. 478 When using HTML, only relative references as defined in [RFC3986] 479 Section 4.2. MAY be used. It is RECOMMENDED to use only a subset 480 of [HTML2.0]. 482 The actual date and time SHALL be formatted as specified in [RFC5322] 483 Section 3.3. The time MUST NOT differ more than 5 seconds from the 484 real date/time. 486 Any translation or sorting the order of this content is OPTIONAL. 488 Consider using either one of the charactersets as specified 489 in [ISO8859] or the UTF-8 characterset as specified in [ISO10646]. 491 3. DNS part Details 493 3.1. Handling Certificate Rollover 495 This is analogous to [RFC6698] Section A.4. 497 Suppose www.example.com has a single TXT record: 499 www._sslinfo.example.com. IN TXT "a=SHA224; ...; x=Z0QCO..." 501 To start the rollover process, obtain or generate the new certificate 502 or SubjectPublicKeyInfo to be used after the rollover and generate 503 the new TXT record. Add that record alongside the old one: 505 www._sslinfo.example.com. IN TXT "a=SHA224; ...; x=Z0QCO..." 506 www._sslinfo.example.com. IN TXT "a=SHA384; ...; x=A078x..." 508 After the new records have propagated to the authoritative 509 nameservers and the TTL of the old record has expired, switch to the 510 new certificate on the Web server. Once this has occurred, the old 511 TXT record can be removed: 513 www._sslinfo.example.com. IN TXT "a=SHA384; ...; x=A078x..." 515 This completes the certificate rollover. 517 3.2. Verification Procedure 519 When the webbrowser or a plug-in honors the additional DNS entries, 520 it SHOULD give a warning to the user: 522 (1) when it doesn't find the entry 523 (2) when the entry doesn't match 525 In case the DNS entries were retrieved by [DNSSEC] instead of simple 526 DNS, then the user MUST give a permission to go further, when one 527 of the two scenarios occurs. 529 The user MAY be warned, but MUST NOT be prevented to use the 530 website. 532 4. IANA Considerations 534 There are no requests for IANA actions in this document. 536 5. Security Considerations 538 When implementing the HTTP part as a popup window in the browser, 539 this information MUST also be available with enabled popup-blocker. 541 The implementation MUST NOT use any scripts, that run on client side: 542 e.g. Javascript, ... 544 There SHOULD also be no references to other websites inside this 545 Add-on page. 547 6. Acknowledgements 549 7. Recommendations 551 [DNSSEC] SHOULD be used for the DNS part. 553 Using a standardized URL for the HTTP part is RECOMMENDED, 554 for more see Discussions at Section 9. 556 8. References 558 8.1. Normative References 560 [DNS-1] Mockapetris, P., "Domain names - concepts and 561 facilities", STD 13, RFC 1034, November 1987. 563 [DNS-2] Mockapetris, P., "Domain names - implementation and 564 specification", STD 13, RFC 1035, November 1987. 566 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 567 Housley, R., and W. Polk, "Internet X.509 Public Key 568 Infrastructure Certificate and Certificate Revocation 569 List (CRL) Profile", RFC 5280, May 2008. 571 8.2. Informative References 573 [CAMELLIA] Matsui, M., Nakajima, J., and S. Moriai, "A Description 574 of the Camellia Encryption Algorithm", RFC 3713, 575 April 2004. 577 [DNSSEC] Arends, R., Austein, R., Larson, M., Massey, D., and 578 S. Rose, "DNS Security Introduction and Requirements", 579 RFC 4033, March 2005. 581 [HTTPTLS] Rescorla, E., "HTTP over TLS", RFC 2818, May 2000. 583 [ISO8859] ISO/IEC 8859:1998. Information technology -- 8-bit 584 single-byte coded graphic character sets. 586 [ISO10646] ISO/IEC 10646:2003. Information technology -- Universal 587 Multiple-Octet Coded Character Set (UCS). 589 [CGI1.1] Robinson, D. and K. Coar, "The Common Gateway Interface 590 (CGI) Version 1.1", RFC 3875, October 2004. 592 [HTML2.0] Berners-Lee, T. and D. Connolly, "Hypertext Markup 593 Language - 2.0", RFC 1866, November 1995. 595 [MD2] Kaliski, B., "The MD2 Message-Digest Algorithm", 596 RFC 1319, April 1992. 598 [MD4] Rivest, R., "The MD4 Message-Digest Algorithm", RFC 1320, 599 April 1992. 601 [MD5] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 602 April 1992. 604 [SHA1] Eastlake 3rd, D. and P. Jones, "US Secure Hash 605 Algorithm 1 (SHA1)", RFC 3174, September 2001. 607 [SSLv2] Hickman, Kipp, "The SSL Protocol", Netscape 608 Communications Corp., Feb 9, 1995. 610 [SSLv3] Freier, A., Karlton, P., and P. Kocher, "The Secure 611 Sockets Layer (SSL) Protocol Version 3.0", RFC 6101, 612 August 2011. 614 [TLSv1.0] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", 615 RFC 2246, January 1999. 617 [TLSv1.1] Dierks, T. and E. Rescorla, "The Transport Layer Security 618 (TLS) Protocol Version 1.1", RFC 4346, April 2006. 620 [TLSv1.2] Dierks, T. and E. Rescorla, "The Transport Layer Security 621 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 623 [OPENSSL] OpenSSL Cryptography and SSL/TLS Toolkit at 624 http://www.openssl.org/ 626 [RFC1464] Rosenbaum, R., "Using the Domain Name System To Store 627 Arbitrary String Attributes", RFC 1464, May 1993. 629 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 630 Requirement Levels", BCP 14, RFC 2119, March 1997. 632 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 633 Resource Identifier (URI): Generic Syntax", STD 66, 634 RFC 3986, January 2005. 636 [RFC4279] Eronen, P., Ed., and H. Tschofenig, Ed., "Pre-Shared Key 637 Ciphersuites for Transport Layer Security (TLS)", 638 RFC 4279, December 2005. 640 [RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and 641 B. Moeller, "Elliptic Curve Cryptography (ECC) Cipher 642 Suites for Transport Layer Security (TLS)", RFC 4492, 643 May 2006. 645 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 646 Encodings", RFC 4648, October 2006. 648 [RFC4785] Blumenthal, U. and P. Goel, "Pre-Shared Key (PSK) 649 Ciphersuites with NULL Encryption for Transport Layer 650 Security (TLS)", RFC 4785, January 2007. 652 [RFC5234] Crocker, D., Ed., and P. Overell, "Augmented BNF for 653 Syntax Specifications: ABNF", STD 68, RFC 5234, 654 January 2008. 656 [RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois 657 Counter Mode (GCM) Cipher Suites for TLS", RFC 5288, 658 August 2008. 660 [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, 661 October 2008. 663 [RFC5469] Eronen, P., Ed., "DES and IDEA Cipher Suites for 664 Transport Layer Security (TLS)", RFC 5469, February 665 2009. 667 [RFC5489] Badra, M. and I. Hajjeh, "ECDHE_PSK Cipher Suites for 668 Transport Layer Security (TLS)", RFC 5489, March 2009. 670 [RFC5932] Kato, A., Kanda, M., and S. Kanno, "Camellia Cipher 671 Suites for TLS", RFC 5932, June 2010. 673 [RFC6149] Turner, S. and L. Chen, "MD2 to Historic Status", 674 RFC 6149, March 2011. 676 [RFC6150] Turner, S. and L. Chen, "MD4 to Historic Status", 677 RFC 6150, March 2011. 679 [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash 680 Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, 681 May 2011. 683 [RFC6698] Hoffman, P. and J. Schlyter, "The DNS-Based 684 Authentication of Named Entities (DANE) Transport Layer 685 Security (TLS) Protocol: TLSA", RFC 6698, August 2012. 687 [MYADDON] A working implementation of this Add-on on my website at 688 https://ssl.mathemainzel.info/sslinfo/ 690 9. Discussions 692 It would be good to have a standardized URL for this Add-on webpage; 693 e.g. https://www.example.com/sslinfo/ 695 Placing an Absolute URI as defined in [RFC3986] Section 4.3. 696 outside the encrypted website part is RECOMMENDED. 698 A. Example certificates 700 A.1. The DER-encoded CA certificate 702 This section contains the full, DER-encoded certificate, in hex. 704 30820267308201D0A003020102020100300D06092A864886F70D010105050030 705 47310B3009060355040613022D2D3110300E060355040A1307536F6D654F7267 706 31143012060355040B130B536F6D654F7267556E69743110300E060355040313 707 07526F6F74204341301E170D3730303130313030303030305A170D3734313233 708 313233353935395A3047310B3009060355040613022D2D3110300E060355040A 709 1307536F6D654F726731143012060355040B130B536F6D654F7267556E697431 710 10300E06035504031307526F6F7420434130819F300D06092A864886F70D0101 711 01050003818D0030818902818100CE72969A54332263FBC26310BBEDA8EA0DC2 712 E0532C899CB314A1451D3A5A7CBB2ADCAF463449B2D1C6A2BC772285DF17FB12 713 067613CF3328459D7D7C4D847CF51C0F9562F296EFFB399C03CBE888FFBE4C11 714 57E032D88C8E87BF90A507F3D5DDD06E2A5FF19B4D2B89DF732DA7CBEA034C90 715 A4F1FEF58240943FD25793794E770203010001A3633061300F0603551D130101 716 FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04 717 16041473311472F1D56473C8DE0D0E39CCC2792B71EDDE301F0603551D230418 718 3016801473311472F1D56473C8DE0D0E39CCC2792B71EDDE300D06092A864886 719 F70D0101050500038181000C446885FF2B8451B00E668D530493474524E8EDE1 720 3B1AC325E677D9BE92204BA13369AFC48445AF3E01359B6C054D1049028DBC7A 721 E2F8A68BF5DCB89010C488B41896EB34C7B1DA195B2B7C26579CC2F7A705C4AE 722 9C4F72D80E8E3DD7AEC7B3154927B7FF8410712C9330E3FA98A5949A283CD599 723 FC8D9D97E330E05086844C 725 A.1.1. The CA's public key 727 This section contains the DER-encoded public RSA key of the CA who 728 signed the example SSL certificate. It is included with the purpose 729 of simplifying verifications of the example certificate. 731 30819F300D06092A864886F70D010101050003818D0030818902818100CE7296 732 9A54332263FBC26310BBEDA8EA0DC2E0532C899CB314A1451D3A5A7CBB2ADCAF 733 463449B2D1C6A2BC772285DF17FB12067613CF3328459D7D7C4D847CF51C0F95 734 62F296EFFB399C03CBE888FFBE4C1157E032D88C8E87BF90A507F3D5DDD06E2A 735 5FF19B4D2B89DF732DA7CBEA034C90A4F1FEF58240943FD25793794E77020301 736 0001 738 A.2. The DER-encoded SSL certificate 740 This section contains the full, DER-encoded certificate, in hex. 742 30820289308201F2A003020102020101300D06092A864886F70D010105050030 743 47310B3009060355040613022D2D3110300E060355040A1307536F6D654F7267 744 31143012060355040B130B536F6D654F7267556E69743110300E060355040313 745 07526F6F74204341301E170D3730303130313030303030305A170D3730313233 746 313233353935395A3027310B3009060355040613022D2D311830160603550403 747 130F7777772E6578616D706C652E636F6D30819F300D06092A864886F70D0101 748 01050003818D00308189028181009D311D25BEDCC2765D1BF6BE9AB43C2ED41B 749 A9AF9531544186940E28AA5C80B460FED2EE1ABD5BE2BD6E351EAF9F0DCE4388 750 27B42E166FAE594C83F40B72175EE875342E3450FAF1407A12267E85041C94F9 751 A6DBBDC6F593958D0204199AE457EAB87D7E85487123C73398156F2AF1B87C49 752 0EF27B20F93A81C0165F6BCBEEE10203010001A381A43081A130090603551D13 753 04023000300E0603551D0F0101FF0404030205A0301D0603551D0E0416041454 754 64A24E922027FB19CFF91E7ECF846A0D50F2DC301F0603551D23041830168014 755 73311472F1D56473C8DE0D0E39CCC2792B71EDDE301A0603551D110413301182 756 0F7777772E6578616D706C652E636F6D30130603551D25040C300A06082B0601 757 050507030130130603551D20040C300A3008060667810C010201300D06092A86 758 4886F70D0101050500038181008A7F7627D29390ED474D591F2F4C94FCFCAEFA 759 DB04CBFD0619678A6001B1BC19CFD29AE96D48949DA81D1BCFE8F5E764BA7F91 760 C52BC50C28A472C2A6B2FEF4EB27BEE6B0C989AF1B7CF8E3A52F641B77C34E2A 761 7FB9E4B555F3843C592E0EE9C46DD9EABACBC915EE6D92E3C542C93739A6DBFE 762 637EB2B082566FBC46A3A60D46 764 B. Script Examples for the Add-on webpage 766 Use the following script examples as a template for your 767 implementation of this Add-on webpage. 769 The first two examples generate identical content in plain 770 ASCII-text, the third example makes use of HTML and is a 771 compiled C program. 773 Script Examples: 775 B.1. PHP-script 776 B.2. CGI-script: A BASH shell script, for most Linux systems 777 B.3. CGI-script: A compiled C program, for any other system 779 B.1. PHP-script 781 782 $value ) { 795 if ( substr( $key, 0, 4 ) == "SSL_" ) { 796 $list[ $nmbrOfValues++ ] = $key . "=" . $value; 797 } 798 } 800 sort( $list ); // sort content before printing ... 802 for ( $iter = 0; $iter < $nmbrOfValues; $iter++ ) { 803 print $list[ $iter ] . "\r\n"; 804 } 805 } 806 else { 807 echo "No SSL information available.\r\n"; 808 } 809 ?> 810 812 B.2. CGI-script: A BASH shell script, for most Linux systems 814 815 #!/bin/bash 817 echo -e -n "Content-type: text/plain\n\n" 819 echo -e -n "SSL informations: $(date --rfc-2822)\n" 820 echo -e -n "================\n\n" 822 if [ "$HTTPS" == "on" ]; then 823 env | grep --regexp="^SSL_" | sort 824 else 825 echo -e -n "No SSL information available.\n" 826 fi 827 829 B.3. CGI-script: A compiled C program, for any other system 831 This CGI-script is a compiled C program, and in comparison to the 832 other 2 examples, it makes use of HTML. 834 For compiling this program any C compiler SHOULD be suitable. Be 835 sure your runtime supports the function strftime with standard format 836 specifiers. 838 839 #include 840 #include 841 #include 842 #include 844 #ifdef __linux__ 845 #include 846 #endif 848 const char* pszHtmlEndPart [ ] = { "
", 849 "
https at www.example.com Port 443
", 850 "", 851 "" }; 853 const char* pszHtmlBeginPart[ ] = { 854 "", 855 "", 856 "", 857 "SSL informations", 858 "", 859 "", 860 "

SSL informations

" }; 862 /* function prototype used for sorting */ 863 int compareFunc( const void* pvd1, const void* pvd2 ); 865 int main( int argc, char* argv[ ], char** envp ) 866 { /* char* envp[ ] */ 867 char* * ppszContent; 868 char* * ppsz; 869 char* psz; 870 char szDateTime[ 80 ]; 871 int i, nCount; 873 time_t tnow = time( NULL ); 874 struct tm* tmnow = localtime( &tnow ); 876 strftime( szDateTime, sizeof( szDateTime ) - 4, 877 "%a, %d %b %Y %H:%M:%S %z", tmnow ); 879 printf( "Content-type: text/html; charset=ISO-8859-1\r\n\r\n" ); 881 nCount = sizeof( pszHtmlBeginPart ) / sizeof( char* ); 882 for ( i = 0; i < nCount; i++ ) 883 printf( "%s\r\n", pszHtmlBeginPart[ i ] ); 885 printf( "SSL informations: %s\r\n", szDateTime ); 886 printf( "

\r\n" ); 888 if ( ( psz = getenv( "HTTPS" ) ) && ( strcmp( psz, "on" ) == 0 ) ) 889 { 890 /* count relevant values ... */ 891 ppsz = envp; 892 nCount = 0; 893 while ( ppsz && *ppsz ) 894 { 895 if ( strncmp( *ppsz, "SSL_", 4 ) == 0 ) 896 nCount++; 897 ppsz++; 898 } 900 /* allocate memory */ 901 ppszContent = (char* *) calloc( nCount, sizeof( char* ) ); 902 if ( ppszContent ) 903 { 904 /* extract relevant values from environment ... */ 905 i = 0; 906 ppsz = envp; 907 while ( ppsz && *ppsz ) 908 { 909 if ( strncmp( *ppsz, "SSL_", 4 ) == 0 ) 910 *( ppszContent + i++ ) = *ppsz; 911 ppsz++; 912 } 914 /* sort content */ 915 qsort( (void*) ppszContent, nCount, sizeof( char* ), 916 compareFunc ); 918 printf( "\r\n" ); 920 /* output sorted content */ 921 for ( i = 0; i < nCount; i++ ) 922 printf( "%s
\r\n", *( ppszContent + i ) ); 924 printf( "\r\n" ); 926 /* free up memory */ 927 free( (void*) ppszContent ); 928 } 929 else 930 printf( "Internal error (unable to allocate memory).\r\n" ); 931 } 932 else 933 printf( "No SSL information available.\r\n" ); 935 nCount = sizeof( pszHtmlEndPart ) / sizeof( char* ); 936 for ( i = 0; i < nCount; i++ ) 937 printf( "%s\r\n", pszHtmlEndPart[ i ] ); 939 return 0; 940 } 942 /* comparison function for sorting */ 943 int compareFunc( const void* pvd1, const void* pvd2 ) 944 { 945 return strcmp( *( (char* *) pvd1 ), *( (char* *) pvd2 ) ); 946 } 947 949 C. Sample Content of the Add-on webpage 951 The first example shows a complete sample content in sorted order. 952 The second example shows the client certificate part, in case client 953 certificate authentication is used. The other two examples show only 954 the part that may differ when the browser picks another cipher suite. 956 For meaning of the numbers in brackets of the examples see 957 Section 2.2.1. 959 C.1. A complete sample content 960 C.1a. ..., the client certificate part 961 C.2. Picking another cipher suite 962 C.2a. ..., and one more 964 C.1. A complete sample content 966 SSL informations: Thu, 01 Jan 1970 00:00:00 +0000 (1) 967 ================ 969 SSL_CIPHER=AES256-SHA (2) 970 SSL_CIPHER_ALGKEYSIZE=256 (4) 971 SSL_CIPHER_EXPORT=false (6) 972 SSL_CIPHER_USEKEYSIZE=256 (3) 973 SSL_CLIENT_VERIFY=NONE (16) 974 SSL_COMPRESS_METHOD=NULL (17) 975 SSL_PROTOCOL=TLSv1 (5) 976 SSL_SECURE_RENEG=true (7) 977 SSL_SERVER_A_KEY=rsaEncryption (8) 978 SSL_SERVER_A_SIG=sha1WithRSAEncryption (9) 979 SSL_SERVER_I_DN=/C=--/O=SomeOrg/OU=SomeOrgUnit/CN=Root CA (10) 980 SSL_SERVER_I_DN_C=-- (10) 981 SSL_SERVER_I_DN_CN=Root CA (10) 982 SSL_SERVER_I_DN_O=SomeOrg (10) 983 SSL_SERVER_I_DN_OU=SomeOrgUnit (10) 984 SSL_SERVER_M_SERIAL=01 (12) 985 SSL_SERVER_M_VERSION=3 (13) 986 SSL_SERVER_S_DN=/C=--/CN=www.example.com (11) 987 SSL_SERVER_S_DN_C=-- (11) 988 SSL_SERVER_S_DN_CN=www.example.com (11) 989 SSL_SERVER_V_END=Dec 31 23:59:59 1970 GMT (15) 990 SSL_SERVER_V_START=Jan 01 00:00:00 1970 GMT (14) 991 SSL_SESSION_ID=0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF (27) 992 SSL_TLS_SNI=www.example.com (28) 993 SSL_VERSION_INTERFACE=mod_ssl/2.2.15 (29) 994 SSL_VERSION_LIBRARY=OpenSSL/1.0.0-fips (30) 996 C.1.1. ..., the client certificate part 998 ... 999 SSL_CLIENT_A_KEY=rsaEncryption (18) 1000 SSL_CLIENT_A_SIG=sha1WithRSAEncryption (19) 1001 SSL_CLIENT_I_DN=/C=--/O=SomeOrg/OU=SomeOrgUnit/CN=Root CA (20) 1002 SSL_CLIENT_I_DN_C=-- (20) 1003 SSL_CLIENT_I_DN_CN=Root CA (20) 1004 SSL_CLIENT_I_DN_O=SomeOrg (20) 1005 SSL_CLIENT_I_DN_OU=SomeOrgUnit (20) 1006 SSL_CLIENT_M_SERIAL=02 (22) 1007 SSL_CLIENT_M_VERSION=3 (23) 1008 SSL_CLIENT_S_DN=/CN=Name/emailAddress=name@example.com (21) 1009 SSL_CLIENT_S_DN_CN=Name (21) 1010 SSL_CLIENT_S_DN_Email=name@example.com (21) 1011 SSL_CLIENT_VERIFY=SUCCESS (16) 1012 SSL_CLIENT_V_END=Dec 31 23:59:59 1970 GMT (25) 1013 SSL_CLIENT_V_REMAIN=365 (26) 1014 SSL_CLIENT_V_START=Jan 01 00:00:00 1970 GMT (24) 1015 ... 1017 C.2. Picking another cipher suite 1019 ... 1020 SSL_CIPHER=RC4-MD5 1021 SSL_CIPHER_ALGKEYSIZE=128 1022 SSL_CIPHER_EXPORT=false 1023 SSL_CIPHER_USEKEYSIZE=128 1024 ... 1025 SSL_PROTOCOL=SSLv3 1026 SSL_SECURE_RENEG=false 1027 ... 1029 C.2.1. ..., and one more 1031 ... 1032 SSL_CIPHER=AES128-SHA256 1033 SSL_CIPHER_ALGKEYSIZE=128 1034 SSL_CIPHER_EXPORT=false 1035 SSL_CIPHER_USEKEYSIZE=128 1036 ... 1037 SSL_PROTOCOL=TLSv1.2 1038 SSL_SECURE_RENEG=true 1039 ... 1041 Author's Address 1043 Walter Hoehlhubmer 1044 Lederergasse 47a 1045 A-4020 Linz 1046 Austria, EUROPE 1048 EMail: walter.h@mathemainzel.info