Re: [Anima] No certs for noreply (was: Re: Russ: Re: rfc822Name use in Autonomic Control Plane) document

Toerless Eckert <tte@cs.fau.de> Mon, 29 June 2020 14:21 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 784FC3A0F34 for <anima@ietfa.amsl.com>; Mon, 29 Jun 2020 07:21:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.641
X-Spam-Level:
X-Spam-Status: No, score=-1.641 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tbcqZ2InUJzb for <anima@ietfa.amsl.com>; Mon, 29 Jun 2020 07:21:29 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 886763A0F3E for <anima@ietf.org>; Mon, 29 Jun 2020 07:21:29 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id BA4AD548441; Mon, 29 Jun 2020 16:21:24 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id B38D6440043; Mon, 29 Jun 2020 16:21:24 +0200 (CEST)
Date: Mon, 29 Jun 2020 16:21:24 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Russ Housley <housley@vigilsec.com>
Cc: Brian Carpenter <brian.e.carpenter@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Ben Kaduk <kaduk@mit.edu>, anima@ietf.org, barryleiba@computer.com
Message-ID: <20200629142124.GE16571@faui48f.informatik.uni-erlangen.de>
References: <9406.1592756905@localhost> <3A92516D-B980-4231-9059-EF7234BA8610@vigilsec.com> <20200627054056.GA35664@faui48f.informatik.uni-erlangen.de> <FF181E1F-2B93-47BB-AB45-7F66D880108B@vigilsec.com> <0bec7478-2661-71fe-2263-d0f5d3e75ba9@gmail.com> <020EE6AB-26B3-419B-8D5D-F573891E7293@vigilsec.com> <20200628000654.GD41058@faui48f.informatik.uni-erlangen.de> <7A22A1E0-D5E6-408F-8D15-31E09BCCF849@vigilsec.com> <20200628170128.GB16571@faui48f.informatik.uni-erlangen.de> <0E9FB38C-B615-4A4D-876C-D27F3C8DA288@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <0E9FB38C-B615-4A4D-876C-D27F3C8DA288@vigilsec.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/UMGs3TQLmpoWkbPPHYzgIR6gxNQ>
Subject: Re: [Anima] No certs for noreply (was: Re: Russ: Re: rfc822Name use in Autonomic Control Plane) document
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2020 14:21:32 -0000

On Mon, Jun 29, 2020 at 09:59:09AM -0400, Russ Housley wrote:
> > Wrt to the technical argument:
> > 
> > noreply@example.com is an interesting example, because i hate receiving these
> > emails, so i would LOVE to see a normative RFC saying that these type of
> > email addresses MUST NOT get certificates. However, technically i think that
> > is not defensible, because obviously (to me) its perfect valid for a
> > mailbox to not receive or not to send emails. Its to me just a controlled subject
> > with a name/address.
> > 
> > And customer harrasment departments are of course also
> > interested to be protected from phishing and the like, so they will
> > of course also use certificates for mails from noreply@example.com as soon
> > as enough customers would understand security (*sigh*). And i am willing
> > to take any bet with you, that there will be nothing from the IETF that
> > normatively says this should not be done. 
> 
> No.  I go not agree.  The noreply@example.com mailbox is not ever used to communicate with the party that holds the private key.  So, it should not be bound to the subject public key in a certificate.

Why can noreply@example.com not have the private key for
the certificate which has noreply@example.com in its
rfc822Name ?

Are you excluding the option for any validation procedure
that does not include an actual ?challenge? email to
the email address ? Remember that in a private PKI
environment ALL names in a certificate could be
assigned to the entity based on a validation that
by itself may not show up in the certificate at all. E.g.:

When i become employee of a company, someone might
see my drivers license, but the company PKI generated
cert for me in that enrollment process would not
have any info from that drivers license, but just
my name in the SNand company email address in the
rfc822Name SAN.  On a USB TPM stick. To sign my email,
or whatever else.

Oh, and i was hired to be responsible to send harrassment
emails to customers, so i get a second USB TPM stick
to use specifically for this job role and it has
only rfc822Name email address with noreply@example.com.

Cheers
    Toerless

> Russ