The last few years I have personally experienced several occasions
where people in SDOs as well as developers believe that TLS magically gives them
authentication. This has resulted in security standards that
just writes that "TLS is used for mutual authentication" without any
more details as well as implementations that do not provide any identity verification
at all and instead just doing a full path validation, when they should have
checked the server identity, that the right trust anchor was used, and that the right intermediate CA was used. I think this is a common problem.
Reading RFC8446, I think it is quite easy for people without expertise in security protocols to get the understanding that TLS gives you authentication.
Suggestions:
I think RFC8446 should be clearer with that what is provided by the TLS protocol is transport of authentication credentials and proof-of-possession of the private authentication key.
I think the requirements on the application using TLS should be clearer. Maybe:
"Application protocols using TLS MUST specify how to initiate TLS
handshaking, how to do path validation, and how to do identity verification."
I think it would be very good for readers if draft-ietf-uta-rfc6125bis was given as an informative reference.
The last few years I have personally experienced several occasions where people in SDOs as well as developers believe that TLS magically gives them authentication. This has resulted in security standards that just writes that "TLS is used for mutual authentication" without any more details as well as implementations that do not provide any identity verification at all and instead just doing a full path validation, when they should have checked the server identity, that the right trust anchor was used, and that the right intermediate CA was used. I think this is a common problem.
Reading RFC8446, I think it is quite easy for people without expertise in security protocols to get the understanding that TLS gives you authentication.
Suggestions:
I think RFC8446 should be clearer with that what is provided by the TLS protocol is transport of authentication credentials and proof-of-possession of the private authentication key.
I think the requirements on the application using TLS should be clearer. Maybe:
"Application protocols using TLS MUST specify how to initiate TLS handshaking, how to do path validation, and how to do identity verification."
I think it would be very good for readers if draft-ietf-uta-rfc6125bis was given as an informative reference.