1 / 8

Mohamad Badra ETF 83, Paris, France

SCSV & Credential Protection Ciphersuites for (TLS) draft-badra-tls-identity-protection draft-badra-tls-ciphersuite-identity-protection. Mohamad Badra ETF 83, Paris, France. Identity Protection. Send the Certificate and CertificateVerify messages encrypted during the Handshake

kathie
Télécharger la présentation

Mohamad Badra ETF 83, Paris, France

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SCSV & Credential Protection Ciphersuites for (TLS)draft-badra-tls-identity-protectiondraft-badra-tls-ciphersuite-identity-protection Mohamad Badra ETF 83, Paris, France

  2. Identity Protection • Send the Certificate and CertificateVerify messages encrypted during the Handshake • send the ChangeCipherSpec before Certificate and CertificateVerify and after ClientKeyExchange • Initially proposed in 2000

  3. Messages order changes • Could be done using • Extensions • RFC5246: both the SSLv3 and TLS 1.0/TLS 1.1 specifications require implementations to ignore data following the ClientHello (i.e., extensions) if they do not understand it. However, some SSLv3 and TLS 1.0 implementations incorrectly fail the handshake in such a case. This means that clients that offer extensions may encounter handshake failures

  4. Messages order changes • Cipher Suites • Example: TLS_CP_RSA_WITH_RC4_128_MD5 • draft-badra-tls-ciphersuite-identity-protection • SCSV in ClientHello.cipher_suites • No extension is needed • draft-badra-tls-identity-protection

  5. Messages order Client Server ClientHello --------> ServerHello Certificate CertificateRequest <-------- ServerHelloDone ClientKeyExchange ChangeCipherSpec Certificate CertificateVerify Finished --------> ChangeCipherSpec <-------- Finished No authenticated indication is received from the server before sending the Client Certificate

  6. Messages order case: CP ciphersuites Client Server ClientHello --------> ServerHello Certificate CertificateRequest <-------- ServerHelloDone ClientKeyExchange ChangeCipherSpec--------> ChangeCipherSpec <-------- Finished Certificate CertificateVerify Finished --------> Authenticated indication is implicitly provided in the received Finished from the server

  7. Messages ordercase: SCSV ChangeCipherSpec <-------- Finished Certificate CertificateVerify Finished --------> • When the SCSV is selected, in verify_data, replace • Hash(handshake_messages) with • Hash(handshake_messages + { 0xXX,0xXX} ) • Where: + means concatenation • { 0xXX,0xXX } is the SCSV code. • The client never sends its Certificate before receiving an authenticated indication from the server

  8. Current and Next Steps • Implementations • WG item?

More Related