Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)
Jim Schaad <ietf@augustcellars.com> Wed, 17 April 2019 22:48 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27CB312021B for <curdle@ietfa.amsl.com>; Wed, 17 Apr 2019 15:48:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WVxBgKRWEn33 for <curdle@ietfa.amsl.com>; Wed, 17 Apr 2019 15:48:28 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D48A912015F for <curdle@ietf.org>; Wed, 17 Apr 2019 15:48:27 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 17 Apr 2019 15:47:56 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Lijun Liao' <lijun.liao@huawei.com>, 'Daniel Migault' <daniel.migault@ericsson.com>, 'Santosh Chokhani' <santosh.chokhani@gmail.com>, 'Russ Housley' <housley@vigilsec.com>
CC: 'RFC Editor' <rfc-editor@rfc-editor.org>, "'Roman D. Danyliw'" <rdd@cert.org>, 'Simon Josefsson' <simon@josefsson.org>, 'Rich Salz' <rsalz@akamai.com>, curdle@ietf.org, 'Ben Kaduk' <kaduk@mit.edu>
References: <20190417130322.DF98CB82BAF@rfc-editor.org> <CEAF6932-72F1-4BA0-90C9-42B014AA2DAC@vigilsec.com> <022201d4f521$363efad0$a2bcf070$@gmail.com> <A0A0D4DB-9443-432D-8836-5936A77212FC@vigilsec.com> <027801d4f524$f8b11690$ea1343b0$@gmail.com> <MN2PR15MB331028076A605A8944DAD6D9E3250@MN2PR15MB3310.namprd15.prod.outlook.com> <B318B2234F15F54D9A56986389A4C939B9021F@lhreml505-mbx.china.huawei.com>
In-Reply-To: <B318B2234F15F54D9A56986389A4C939B9021F@lhreml505-mbx.china.huawei.com>
Date: Wed, 17 Apr 2019 15:47:54 -0700
Message-ID: <000001d4f56f$9af4b390$d0de1ab0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQLUA8nUwpstT/Ye8zWBxjlp5t/4tAH7IQXgAXYF7NMAncbPAQHfZZ4SAKrG8GYCk+d7V6P5bbNw
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/ZhzTtL-eNnYpJtpdNLq4Va9hHvM>
Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2019 22:48:33 -0000
When I look at this problem I see two cases where not setting the bit makes sense to me. 1. A CA certificate which is only intended to be a trust anchor may not have the bit set because the bit would not be checked in some implementations so it would not make any difference. 2. I need to know how you define what a CA is: If you say that a CA is identified based only on a Public Key then what is said below makes a degree of sense. However, if you say that a CA is identified based on its name rather than on its key you end up with some other cases where a CA could have a certificate issued to itself. A) It uses a separate certificate for issuing of CRLs so that this can be done online while the certificate signing needs to be done off-line. B) It uses a separate certificate for the purpose of running one of the various enrollment protocols. In both of these cases a certificate has been issued to the CA, but that certificate is not used for the purpose of creating certificates and thus setting a bit to that effect is incorrect. I come down in the school that the CA is an entity based on it's name and not on it's public key. Rolling over a public key does not change the fact that it is the same CA. For both of these reasons I do not believe that the errata is correct. Jim > -----Original Message----- > From: Lijun Liao <lijun.liao@huawei.com> > Sent: Wednesday, April 17, 2019 7:53 AM > To: Daniel Migault <daniel.migault@ericsson.com>; Santosh Chokhani > <santosh.chokhani@gmail.com>; 'Russ Housley' <housley@vigilsec.com> > Cc: 'RFC Editor' <rfc-editor@rfc-editor.org>; 'Roman D. Danyliw' > <rdd@cert.org>; 'Simon Josefsson' <simon@josefsson.org>; 'Rich Salz' > <rsalz@akamai.com>; 'Jim Schaad' <ietf@augustcellars.com>; > curdle@ietf.org; 'Ben Kaduk' <kaduk@mit.edu> > Subject: RE: [Curdle] [Technical Errata Reported] RFC8410 (5696) > > Hi Daniel, > > Thank you for your reply. > > I think the definition of "CA" is clearly to be an entity which issues > certificates. See below: > > ------ > I am with Santosh. > > As the definition of RFC 5280 Section 5: > > " CRL issuers issue CRLs. The CRL issuer is either the CA or an entity > that has been authorized by the CA to issue CRLs. CAs publish CRLs > to provide status information about the certificates they issued. > However, a CA may delegate this responsibility to another trusted > authority. > " > > If a CA only issues CRL, then > "CAs publish CRLs > to provide status information about the --certificates they issued---." > conflicts itself. > > Lijun > ________________________________________ > > -----Original Message----- > From: Daniel Migault [mailto:daniel.migault@ericsson.com] > Sent: 2019年4月17日 16:42 > To: Santosh Chokhani <santosh.chokhani@gmail.com>; 'Russ Housley' > <housley@vigilsec.com> > Cc: 'RFC Editor' <rfc-editor@rfc-editor.org>; 'Roman D. Danyliw' > <rdd@cert.org>; 'Simon Josefsson' <simon@josefsson.org>; 'Rich Salz' > <rsalz@akamai.com>; 'Jim Schaad' <ietf@augustcellars.com>; > curdle@ietf.org; Lijun Liao <lijun.liao@huawei.com>; 'Ben Kaduk' > <kaduk@mit.edu> > Subject: RE: [Curdle] [Technical Errata Reported] RFC8410 (5696) > > Hi, > > Thank you Lijun Liao for the comment and taking the time to improve our > documents. > > I believe the confusion is that certificate authority are not restricted to emit > certificate with KeyCertSign usage and cA constraint. For example, they could > emit a certificate that is used *only* to validate CRLs. This certificate will have > the keyUsage set to cRLSign. nonRepudiation, digitalSignature, cRLSign would > not be selected as it indicates the key could be used for other purposes. > Other combinations using may consider one or a combination of keyUsage > KeyCertSign. nonRepudiation, digitalSignature, cRLSign. > > If my understanding is correct, mandating KeyCertSign is not correct and the > current text catches all possibilities. The text could have explicitly mentioned > that certificate may emit certificate that are only restricted to the validation > of certificate signature. However, I am not sure that would clarify the > purpose of the document nor justify an errata. Thus, I am wondering if we > can agree the issue has been solved and close the request for errata. > > Yours, > Daniel > > > > > > > -----Original Message----- > From: Santosh Chokhani <santosh.chokhani@gmail.com> > Sent: Wednesday, April 17, 2019 9:54 AM > To: 'Russ Housley' <housley@vigilsec.com> > Cc: 'RFC Editor' <rfc-editor@rfc-editor.org>; 'Roman D. Danyliw' > <rdd@cert.org>; 'Simon Josefsson' <simon@josefsson.org>; Daniel Migault > <daniel.migault@ericsson.com>; 'Rich Salz' <rsalz@akamai.com>; 'Jim Schaad' > <ietf@augustcellars.com>; curdle@ietf.org; 'LIJUN.LIAO@huawei.com' > <LIJUN.LIAO@HUAWEI.COM>; 'Ben Kaduk' <kaduk@mit.edu> > Subject: RE: [Curdle] [Technical Errata Reported] RFC8410 (5696) > > Agree Russ in the sense that I have never seen a CA not issue CRL also. It > might delegate CRL issuance to other authorities as well, but I have not seen > an implementation where a CA does not generate a CRL and does not > provide it to at least one RP, be it OCSP Responder. > > But if these folks are implementing a CA without CRL issuance, they might > want this. > > On the other hand, I do not see CA having all these other bits as well. > There is no security issue if the CA has CRL issuance bit even if it does not > issue a CRL. > > So, I could go either way on this Errata since it does not move the security > needle for me. > > -----Original Message----- > From: Russ Housley [mailto:housley@vigilsec.com] > Sent: Wednesday, April 17, 2019 9:38 AM > To: Santosh Chokhani <santosh.chokhani@gmail.com> > Cc: RFC Editor <rfc-editor@rfc-editor.org>; Roman D. Danyliw > <rdd@cert.org>; Simon Josefsson <simon@josefsson.org>; > daniel.migault@ericsson.com; Rich Salz <rsalz@akamai.com>; Jim Schaad > <ietf@augustcellars.com>; curdle@ietf.org; LIJUN.LIAO@huawei.com; Ben > Kaduk <kaduk@mit.edu> > Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696) > > Santosh: > > This is the exact way we have described the appropriate key usage bits since > RFC 3279. If this has confused any implementer over the last decade and a > half, I have not heard about it. > > Russ > > > > On Apr 17, 2019, at 9:26 AM, Santosh Chokhani > > <santosh.chokhani@gmail.com> > wrote: > > > > Russ, > > > > But if the CA is using a key to sign CRL, in the context of that key > > it is not a CA personality but a CRL issuer personality. > > > > -----Original Message----- > > From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of Russ > > Housley > > Sent: Wednesday, April 17, 2019 9:12 AM > > To: RFC Editor <rfc-editor@rfc-editor.org> > > Cc: Roman D. Danyliw <rdd@cert.org>; Simon Josefsson > > <simon@josefsson.org>; daniel.migault@ericsson.com; Rich Salz > > <rsalz@akamai.com>; Jim Schaad <ietf@augustcellars.com>; > > curdle@ietf.org; LIJUN.LIAO@huawei.com; Ben Kaduk <kaduk@mit.edu> > > Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696) > > > > I do not think this is correct. A CA could, for example, use one key > > for signing certificates and a separate key for signing CRLs. > > > > Russ > > > > > >> On Apr 17, 2019, at 9:03 AM, RFC Errata System > >> <rfc-editor@rfc-editor.org> > > wrote: > >> > >> The following errata report has been submitted for RFC8410, > >> "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use > >> in the Internet > > X.509 Public Key Infrastructure". > >> > >> -------------------------------------- > >> You may review the report below and at: > >> http://www.rfc-editor.org/errata/eid5696 > >> > >> -------------------------------------- > >> Type: Technical > >> Reported by: Lijun Liao <LIJUN.LIAO@HUAWEI.COM> > >> > >> Section: 5 > >> > >> Original Text > >> ------------- > >> If the keyUsage extension is present in a certification authority > >> certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage > >> extension MUST contain one or more of the following values: > >> > >> nonRepudiation; > >> digitalSignature; > >> keyCertSign; and > >> cRLSign. > >> > >> Corrected Text > >> -------------- > >> If the keyUsage extension is present in a certification authority > >> certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage > >> extension MUST contain keyCertSign, and zero, one or more of the > >> following values: > >> > >> nonRepudiation; > >> digitalSignature; and > >> cRLSign. > >> > >> Notes > >> ----- > >> The usage keyCertSign must be set in a CA certificate. > >> > >> Instructions: > >> ------------- > >> This erratum is currently posted as "Reported". If necessary, please > >> use "Reply All" to discuss whether it should be verified or rejected. > >> When a decision is reached, the verifying party can log in to change > >> the status and edit the report, if necessary. > >> > >> -------------------------------------- > >> RFC8410 (draft-ietf-curdle-pkix-10) > >> -------------------------------------- > >> Title : Algorithm Identifiers for Ed25519, Ed448, X25519, > > and X448 for Use in the Internet X.509 Public Key Infrastructure > >> Publication Date : August 2018 > >> Author(s) : S. Josefsson, J. Schaad > >> Category : PROPOSED STANDARD > >> Source : CURves, Deprecating and a Little more Encryption > >> Area : Security > >> Stream : IETF > >> Verifying Party : IESG > >> > >> _______________________________________________ > >> Curdle mailing list > >> Curdle@ietf.org > >> https://www.ietf.org/mailman/listinfo/curdle > > > > _______________________________________________ > > Curdle mailing list > > Curdle@ietf.org > > https://www.ietf.org/mailman/listinfo/curdle > > > > _______________________________________________ > > Curdle mailing list > > Curdle@ietf.org > > https://www.ietf.org/mailman/listinfo/curdle >
- [Curdle] [Technical Errata Reported] RFC8410 (569… RFC Errata System
- Re: [Curdle] [Technical Errata Reported] RFC8410 … Russ Housley
- Re: [Curdle] [Technical Errata Reported] RFC8410 … Santosh Chokhani
- Re: [Curdle] [Technical Errata Reported] RFC8410 … Russ Housley
- Re: [Curdle] [Technical Errata Reported] RFC8410 … Santosh Chokhani
- Re: [Curdle] [Technical Errata Reported] RFC8410 … Daniel Migault
- Re: [Curdle] [Technical Errata Reported] RFC8410 … Lijun Liao
- Re: [Curdle] [Technical Errata Reported] RFC8410 … Lijun Liao
- Re: [Curdle] [Technical Errata Reported] RFC8410 … Jim Schaad
- Re: [Curdle] [Technical Errata Reported] RFC8410 … Tim Hollebeek