ietf-mxcomp
[Top] [All Lists]

Re: CSV and STARTTLS

2004-06-30 14:59:50

On Wed, 2004-06-30 at 14:25, Andrew Newton wrote:
 From section B.4.1 of draft-marid-csv-intro:

B.4.1  StartTLS

 A common certificate method as used with StartTLS [RFC3207] can
 authenticate an unknown server after an investment in signed
 periodic digital certificates, encryption capabilities, and
 services of a Certificate Authority.  This investment creates a
 barrier for large-scale use over the open Internet.  Reliance on
 the certificate signature also adds a need to vet Certificate
 Authorities in addition to the confirmed domains.

 Spontaneous communications are at the core of Internet design and
 operation.  So omission of a Certificate Authority is typically
 allowed of clients.  When this is allowed, StartTLS loses any 
 ability to authenticate the relationship of the client to its
 claimed domain name

Does this imply that the strong authentication provided by certificate 
validation of TLS is to be subjugated by CSV, which is most likely to 
be weaker authentication?

Also, I think many security-minded folks may disagree with the 
characterization in the first paragraph.  Opportunistic encryption with 
peer authentication using TLS happens every day on the Internet.

I do not speak for the other authors, but there was a discussion
involving this issue that Dave Crocker had been addressing.  It is my
understanding this needs to change to reflect StartTLS is stronger but
defines a different namespace which is why Dave indicates it does not
authenticate the HELO domain.  He was working on the wording for this. 
The accreditation may need to compose something like
cert-name._ca.cert-auth.accredit.com to recognize this differing
namespace for StartTLS.

-Doug



<Prev in Thread] Current Thread [Next in Thread>