[core] Reply to comments on raza-ace-cbor-certificates
Joel Höglund <joel.hoglund@gmail.com> Mon, 27 May 2019 07:11 UTC
Return-Path: <joel.hoglund@gmail.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFE9012004C for <core@ietfa.amsl.com>; Mon, 27 May 2019 00:11:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFxwbBipRuVc for <core@ietfa.amsl.com>; Mon, 27 May 2019 00:11:46 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2A3812006D for <core@ietf.org>; Mon, 27 May 2019 00:11:45 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id p26so25240108edr.2 for <core@ietf.org>; Mon, 27 May 2019 00:11:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=LYTo1yCIW3hzqyQdx4XI2Knxi8vD0KhoJqS+LBY1OWE=; b=hirhkuXKZqPIQ589ZBL58CUTQXm3qTb6x/7cjFWKkuZFLVU+5vKqGmALKxILQrpk3p 3BB21H4fAB8yLJBc0x6prFGMjeExY70NCHh3AuDJusE7Id9qzTyG0X8O1Qai4Vi9cSvK khOgE24+xjduDyMdbKJgTd71ydC70dDhJq/s7vDnxWSGfAqVG9GujPtX5cV5o+QLEfIY PAMzfdwlMwJ4cqygvuKqjIvnz+aFXrmn8kFCEAVKYG8Q2J7cjzjezF2PsQeVeuJ3VI47 2U8F6YZmmhG0s8QUecTP2RxV03OStsISRU5/c5ePlCxITvpSoZToQlTSlfK6TNj3MYJi DVSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=LYTo1yCIW3hzqyQdx4XI2Knxi8vD0KhoJqS+LBY1OWE=; b=ogkBiUwvUd2xsQRegPjRhGpHu+wc631LrbidPtqb1cwHolE0+941voA0yCBBB8RKUO z/0fkqWQ29lKmbDM/hqIKof1h/VN4/RgwvxPQpD1Hxxwl4K6xxpWOodsoH5z+dCIsrhY ryRpexb2NhzDaOt5BfPIQiHeOpz7k4mkMrITjsmLco3tHgT5UQKX40kzUkcIQyBDsWir uLxGMR4qaqr/XHVV5nSEpkJk5wfT6F/HuxCR9Fddvn+pWhrRaasLN4qAkyXlU0enPyUz gXrrJ9yaJjuViFnreZFiCVILwaPkzYpbM5sgQbVA4Pn4XMeAh9Hn/I0/4T73Tj8bJug7 RPbA==
X-Gm-Message-State: APjAAAUn21RLRBEt4FuEUqQGZhaNd/9V6lld6aGUyi36wMsDXscG/il4 6MP/KGumObW9LNNS6wlbXETTGF3IhoZtbbH28zIE8Z4w
X-Google-Smtp-Source: APXvYqxpOn/xyR3I+gJLxzas6ru8v8fEbA9x/jy3OyzBRp2IvlfF9G5KXIeUt7aigHNLeooBeTj5e6lUQ02ynZkyNhU=
X-Received: by 2002:a50:913d:: with SMTP id e58mr121326275eda.107.1558941103821; Mon, 27 May 2019 00:11:43 -0700 (PDT)
MIME-Version: 1.0
From: Joel Höglund <joel.hoglund@gmail.com>
Date: Mon, 27 May 2019 09:11:32 +0200
Message-ID: <CAHszGE+FZ565YaFnSpzvHuMtip=4RnTeqx_JWdQY7ZkaPmZHCQ@mail.gmail.com>
To: core@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b818320589d942f3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/3Vrm6k3DQyizVd-_w_s8E_EZLhk>
Subject: [core] Reply to comments on raza-ace-cbor-certificates
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 May 2019 07:51:18 -0000
Hi Michael, Thanks for the comments, sorry for late response. Please find responses inline below. “If we transcode ASN.1 to CBOR rather than DER in a way that preserves the signature, then I think we miss all opportunities to throw away the DER code.” This is a valid remark, in the sense that a signature, which is computed and added as a part of an original -- profiled but uncompressed -- certificate structure, can only be verified after recreating the original uncompressed structure. “If we can outsource this to a third party to verify, we can just throw the DER itself to the third party, and wrap it in a RESTful COAP interface.” One of our goals is to keep end to end security. Which means we generally don’t want to outsource anything / to be forced to trust additional parties. Our discussions have been along the lines that the cbor encoding could become a native encoding option, in which case the ASN1-DER encoding could be skipped and the signature computed and added directly on the smaller cbor encoded data structure. But I don’t see that neither the current “needs to recreate the initial structure” nor a native implementation would rule out outsourcing verification to third parties, if one would want that. “I see two issues with PKIX certificates: a) DNs never made any sense in 1980 when a company could have three people named John Smith, and they make even less sense now that we have 10,000 light bulbs whose name is "serialNumber=XXXXX" b) while subject DNs can be empty, issuer DNs can't be empty if you want to verify the certificate.Finding the public key of the issuer to verify the certificate is annoying and often non-trivial. There are PKIX extensions to deal with this, but they aren't mandatory. These are essentially issues with how the certificate semantics are encoded into the ASN.1, not really a problem with the DER itself. The lack of good DER encoders/decoders (I've never seen a pull parser, I'm sure Heimdal includes one, but I've never seen it) is the PITA.” We haven’t addressed how an IoT client should act if it does not already have a relevant certificate/the relevant public key of the issuer of a certificate that it needs to verify, or the reverse. I have assumed this to be separate issues. As long as the subject and issuer can be uniquely identified within their target scope (which might or might not be the entire internet), I don’t think our proposal is making the problems he describes worse. But I’m happy to hear more opinions if you think there are details regarding this we should expand or try to clarify. The certificates we have used as basis for the comparisons made in the draft are taken from IoT security projects we have been working with. We welcome if other working group members want to contribute additional examples of relevant certificates to compare with. "I couldn't figure out what the conclusion of your slides were, btw." I agree it was not spelled out sufficiently clear. The main conclusions are: 1. We can significantly reduce message overhead of X.509 certificates which is beneficial when transported over constrained networks. Indeed, substantially better than e.g. the TLS compression scheme zlib (see draft-ietf-tls-certificate-compression) as we show in the next version of the draft. 2. CAs can maintain their current X.509 based infrastructure and include this as a compression front end. 3. The certificate format is a candidate native format for IoT device certificates. This would require changes in the CA, but would reduce processing and memory use in particular in the IoT device which does not require ASN.1 or DER. The compression step provides a migration path where the CAs and device manufacturers can support compressed standard X.509 and native CBOR certificates in parallel (e.g. different device batches) Best Regards Joel Höglund
- [core] Reply to comments on raza-ace-cbor-certifi… Joel Höglund