idnits 2.17.1 draft-ietf-uta-use-san-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC5280], [RFC6125]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (1 April 2021) is 1120 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 6125 (Obsoleted by RFC 9525) Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 UTA R. Salz 3 Internet-Draft Akamai Technologies 4 Updates: 6125 (if approved) 1 April 2021 5 Intended status: Standards Track 6 Expires: 3 October 2021 8 Update to Verifying TLS Server Identities with X.509 Certificates 9 draft-ietf-uta-use-san-00 11 Abstract 13 In the decade since [RFC6125] was published, the 14 subjectAlternativeName extension (SAN), as defined in [RFC5280] has 15 become ubiquitous. This document updates [RFC6125] to specify that 16 the fall-back techniques of using the commonName attribute to 17 identify the service must not be used. This document also places 18 some limitations on the use of wildcards in SAN fields. 20 The original context of [RFC6125] using X.509 certificates for server 21 identity with Transport Layer Security (TLS), is not changed. 23 Discussion Venues 25 This note is to be removed before publishing as an RFC. 27 This draft is discussed in the UTA working group, 28 https://datatracker.ietf.org/wg/uta/. 30 Source for this draft and an issue tracker can be found at 31 https://github.com/richsalz/draft-rsalz-use-san. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on 3 October 2021. 50 Copyright Notice 52 Copyright (c) 2021 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 57 license-info) in effect on the date of publication of this document. 58 Please review these documents carefully, as they describe your rights 59 and restrictions with respect to this document. Code Components 60 extracted from this document must include Simplified BSD License text 61 as described in Section 4.e of the Trust Legal Provisions and are 62 provided without warranty as described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 67 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 68 3. The New Rules . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3.1. Designing Application Protocols . . . . . . . . . . . . . 3 70 3.2. Representing Server Identity . . . . . . . . . . . . . . 3 71 3.3. Verifying Service Identity . . . . . . . . . . . . . . . 3 72 4. Constraints on Wildcards . . . . . . . . . . . . . . . . . . 4 73 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 74 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 75 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 76 7.1. Normative References . . . . . . . . . . . . . . . . . . 4 77 7.2. Informative References . . . . . . . . . . . . . . . . . 5 78 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 80 1. Introduction 82 In the decade since [RFC6125] was published, the 83 subjectAlternativeName extension (SAN), as defined in [RFC5280] has 84 become ubiquitous. This document updates [RFC6125] to specify that 85 the fall-back techniques of using the commonName attribute to 86 identify the service must not be used. This document also places 87 some limitations on the use of wildcards in SAN fields. 89 The original context of [RFC6125] using X.509 certificates for server 90 identity with Transport Layer Security (TLS), is not changed. In 91 addition to the examples in that document, the Baseline Requirements 92 of the CA/Browser Forum, [CABBR], might also be useful. 94 2. Conventions and Definitions 96 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 97 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 98 "OPTIONAL" in this document are to be interpreted as described in BCP 99 14 [RFC2119] [RFC8174] when, and only when, they appear in all 100 capitals, as shown here. 102 The terminology from [RFC6125] is used here. Specifically, the 103 following terms and brief definition (as a reminder): 105 * CN-ID: the Common Name element of a Distingiushed Name. 107 * DNS-ID: a domain name entry in a SAN extension. 109 3. The New Rules 111 The CN-ID MUST NOT be used. The appropriate value in the SAN 112 extension MUST be used to get the presented identity of the server. 114 While not discussed in [RFC6125] this section also implicitly 115 prohibits the use of the Domain Component or emailAddress RDN's. 117 The following sections repeat the above rule in other forms, for the 118 purpose of updating [RFC6125] 120 3.1. Designing Application Protocols 122 Applications should determine which form of name they want to use, 123 and specify the appropriate SAN extension. Unless there are reasons 124 to do otherwise, applications SHOULD use the DNS-ID form. 126 3.2. Representing Server Identity 128 Servers MUST NOT request certificates that contain CN-ID in the 129 subject. If the Common Name RDN must be present in the certificate, 130 it MUST be in a form that cannot be mistaken for a CN-ID. 132 3.3. Verifying Service Identity 134 When constructing a list of reference identifiers, the client MUST 135 NOT include any CN-ID present in the certificate. This means that 136 section 6.4.4 of [RFC6125] MUST be ignored. 138 4. Constraints on Wildcards 140 Wildcard certificates are discussed in section 7.2 of [RFC6125] which 141 says that the specifications "are not clear or consistent" about 142 where a wildcard can appear. 144 This documents specifies that a wildcard can appear 146 * only as the left-most label; or 148 * as the last character in a left-most label 150 Clients that receive a DNS-ID that does not meet these criteria 151 SHOULD ignore it. 153 5. Security Considerations 155 The CN-ID, domainComponent, and emailAddress RDN fields are 156 unstructured free text, and using them is dependant on ordering and 157 encoding concerns. In addition, their evaluation when PKIX 158 nameConstraints are present is ambiguous. This document removes 159 those fields from use, so a source of possible errors is removed. 161 Because of the ambiguity around wildcards, [RFC6125] mentions that it 162 is possible to have exploitable differences in behavior. By 163 simplifying those practices to one rule, this source of errors should 164 be avoided. 166 All other security considerations of [RFC6125] and its dependant 167 documents are still relevant. 169 6. IANA Considerations 171 This document has no IANA actions. 173 7. References 175 7.1. Normative References 177 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 178 Requirement Levels", BCP 14, RFC 2119, 179 DOI 10.17487/RFC2119, March 1997, 180 . 182 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 183 Housley, R., and W. Polk, "Internet X.509 Public Key 184 Infrastructure Certificate and Certificate Revocation List 185 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 186 . 188 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 189 Verification of Domain-Based Application Service Identity 190 within Internet Public Key Infrastructure Using X.509 191 (PKIX) Certificates in the Context of Transport Layer 192 Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, March 193 2011, . 195 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 196 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 197 May 2017, . 199 7.2. Informative References 201 [CABBR] CA/Browser Forum, "Baseline Requirements for the Issuance 202 and Management of Publicly-Trusted Certificates", 2020, 203 . 206 Author's Address 208 Rich Salz 209 Akamai Technologies 210 United States of America 212 Email: rsalz@akamai.com