Hello everyone
>From the tls 1.2 specification, speaking of client authentication,
https://tools.ietf.org/html/rfc5246#section-7.4.4 par 7.4.4 (but it is the
same for the last tls draft 1.3 par. 4.2.4.)
when he says:
certificate_authorities
A list of the distinguished names [X501] of acceptable
certificate_authorities, represented in DER-encoded format.
What would be the right behavior if the server has the certificates of two
different CAs (different subject key info, public key parameter) but whose
subject DN differs only for the case (for example
something like this
Subject: /C=US/ST=California/L=Mountain View/O=XXX Inc/CN=mail.xxx.com
and
Subject: /C=US/ST=California/L=mountain View/O=XXX Inc/CN=mail.xxx.com
Note the different (M|m)ountain
)
1 - In one case the server could send both DNs to the client, the client
could choose the one that signed its certificate, and the server would be
able to validate, based on the autority key identier, the client with the
right CA.
2 - In another case, instead, the server chooses to send only one of the
two DNs, probably the first configured, and if that is not the one that
signed the client certificate, the authentication would not continue.
I have seen that some TLS implementations follow both of the behaviors
described and this creates interoperability issues, i think. It should not
be an ambiguous behavior, and it should be clarified.
Opinions ?
Thanks you very much for the attention
Ciao
Elia
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
