692154 - Support the encrypted client certificates TLS extension

Status: RESOLVED WONTFIX

(NSS :: Libraries, enhancement)

Description

[Wan-Teh Chang]

Attachment: draft-agl-tls-encryptedclientcerts-00.html

This TLS extension is specified in the attached draft by Adam Langley
draft-agl-tls-encryptedclientcerts-00.html.

It addresses the privacy issue of sending a client certificate by sending
the Certificate handshake message after the ChangeCipherSpec message.

Comment 1

[Wan-Teh Chang]

Attachment: Patch by Adam Langley

The attached patch is written by Adam Langley.

This patch hasn't been tested in Chrome yet.

Comment 2

[Wan-Teh Chang]

Attachment: draft-agl-tls-encryptedclientcerts-00.txt

agl just submitted the draft to IETF:
http://www.ietf.org/id/draft-agl-tls-encryptedclientcerts-00.txt

Comment 3

[Wan-Teh Chang]

Attachment: Patch by Adam Langley, v2

Updated the patch to the current NSS trunk and made minor edits.

Comment 4

[Wan-Teh Chang]

Attachment: Patch by Adam Langley, v3

I did a thorough review, made some small changes to ssl3con.c
(prSpec vs. crSpec, etc.), and added a test case to sslauth.txt.

This patch is now of checkin quality, except for the use of
unofficial TLS extension number.

Comment 5

[Wan-Teh Chang]

We have decided to abandon this extension.  See the Chromium changelist
https://chromiumcodereview.appspot.com/10387222/

Comment 6

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

In the event that this ever gets resurrected:

We need to consider whether this extension implies any guarantee that we will have authenticated the server's certificate before sending the client certificate. In the current libssl code, ssl3_SencClientSecondRound will block the handshake until the server's cert has been authenticated, when otherwise the handshake would continue through the Finished messages before blocking on peer certificate authentication.