Re: [TLS] TLS 1.3 wishlist from Anders Rundgren on 2013-12-07 (public-webid@w3.org from December 2013)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sat, 07 Dec 2013 12:06:02 +0100
To: Henry Story <henry.story@bblfish.net>, Michael D'Errico <mike-list@pobox.com>
CC: TLS Mailing List <tls@ietf.org>, public-webid WebID Group <public-webid@w3.org>
Message-ID: <52A3011A.8070903@gmail.com>

On 2013-12-07 11:15, Henry Story wrote:
> 
> On 18 Sep 2013, at 20:45, Michael D'Errico <mike-list@pobox.com> wrote:
> 
>> A "wish list" for an upcoming new version of TLS is available
>> online (I found it via a message on Twitter):
>>
>> https://www.ietf.org/proceedings/87/slides/slides-87-tls-5.pdf
>>
>> Is it appropriate to discuss this now, prior to rechartering?
> 
> Hi,
> 
>   One thing that would be nice would be some way of having more flexibility
> for the server to request a client certificate. In TLS 1.2 it seems
> the only way to do this is to use the certificate_authorities
> list. 
> 
>   With WebID over TLS [1] a server may in fact be satisfied if the 
> Client certificate contains a WebID in the Subject Alternative Name.
> But this then leaves the question open as to how the server can transmit
> to the client it's ability to accept such certificates.
> 
> The only solution currently available that I know of 
> would be to create a CA with DN such as
> 
>    CN=WebID, O={}
> 
> that every WebID enabled certificate would claim it is signed by (somewhere
> in the certificte chain)
> 
> Then this could be passed by the server in the certificate_authorities
> list as specified in http://tools.ietf.org/html/rfc5246#section-7.4.6
> 
> 
> Some people are worried that this would require CAs to resign their root
> CAs with a WebID certificate in case they wanted to release WebID 
> certificates.
> 
> Is there a better way to do this currently? Could there be a better 
> way to do it?

I believe we had this discussion before, so here we go again :-)
Making TLS CCA (Client Certificate Authentication) useful for consumer authentication (be it to an enterprise, bank or social network), is IMO unrealistic, no matter how desirable it may be.

Technical reasons:
http://webpki.org/papers/PKI/webauth.pdf#page=1

TLS CCA is also at odds with the market:
http://www.forbes.com/sites/amadoudiallo/2013/11/30/google-wants-to-make-your-passwords-obsolete

As an authentication solution for VPNs (and even more "secure box-2-box" communication), TLS CCA is great but that's not "le web".

Regarding the specific WebID issue, I would be cautious about assigning additional semantics to existing constructs.
X.509 offers many other ways of signalling a unique/non-standard use.

Cheers,
Anders

> 
> 
> Henry
> 
> 
> [1] https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html
> 
> 
> Social Web Architect
> http://bblfish.net/
> 
>

Received on Saturday, 7 December 2013 11:06:38 UTC