On Sun, Nov 14, 2021 at 08:27:25AM +0000, John Mattsson wrote:
> I promised to send some information to the list regarding security
> considerations for long connections. I think the (D)TLS 1.3 is lacking
> considerations on this as well so I made an issue for RFC8446bis.
>
> https://github.com/tlswg/tls13-spec/issues/1245
The expiration of client certificates that were valid at the time of
connection estabishment does not look like a transport layer problem.
It rather appears to be an authorisation problem for the application
layer to deal with, if the connecting agent is no longer authorised
to perform some actions, that entitlement can be reverified when
serving the request.
On the server side, under what circustances do we imagine a service
provider to continue to maintain live connections (processes left
running, ...) on some endpoint system which are no longer legitimate
endpoints for the application?
The only thing that comes to mind is hostile takeover where the
legitimate operator loses operational control of the system, which
continues running. I am sceptical that certificate expiration is a
sufficiently useful mechanism to militate this outcome, it is not likely
to be either timely or relevant.
The problem is the long connection lifetime, regardless of the lifetime
of the certificate, and if/when loss of operational control is a concern,
one should not keep connections running unreasonably long...
So yes, long connections can be an issue, but I rather think that
certificate lifetimes have little useful content in signalling or
addressing the problem.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
