IETF Logo Mail Archive

Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)

Lijun Liao <lijun.liao@huawei.com> Wed, 17 April 2019 14:53 UTC

Return-Path: <lijun.liao@huawei.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08A0012032B for <curdle@ietfa.amsl.com>; Wed, 17 Apr 2019 07:53:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c2caSXvNPx93 for <curdle@ietfa.amsl.com>; Wed, 17 Apr 2019 07:53:18 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCA2312016B for <curdle@ietf.org>; Wed, 17 Apr 2019 07:53:17 -0700 (PDT)
Received: from lhreml706-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 097625F4D8F01EEC6379; Wed, 17 Apr 2019 15:53:16 +0100 (IST)
Received: from LHREML505-MBX.china.huawei.com ([169.254.10.69]) by lhreml706-cah.china.huawei.com ([10.201.108.47]) with mapi id 14.03.0415.000; Wed, 17 Apr 2019 15:53:12 +0100
From: Lijun Liao <lijun.liao@huawei.com>
To: Daniel Migault <daniel.migault@ericsson.com>, Santosh Chokhani <santosh.chokhani@gmail.com>, 'Russ Housley' <housley@vigilsec.com>
CC: 'RFC Editor' <rfc-editor@rfc-editor.org>, "'Roman D. Danyliw'" <rdd@cert.org>, 'Simon Josefsson' <simon@josefsson.org>, 'Rich Salz' <rsalz@akamai.com>, 'Jim Schaad' <ietf@augustcellars.com>, "curdle@ietf.org" <curdle@ietf.org>, 'Ben Kaduk' <kaduk@mit.edu>
Thread-Topic: [Curdle] [Technical Errata Reported] RFC8410 (5696)
Thread-Index: AQHU9R4EeHgZB3LN3kmX7XL5F2yT2KZAQ1+AgAAEC4CAAAMhgIAABGQAgAANYYCAABOB0A==
Date: Wed, 17 Apr 2019 14:53:11 +0000
Message-ID: <B318B2234F15F54D9A56986389A4C939B9021F@lhreml505-mbx.china.huawei.com>
References: <20190417130322.DF98CB82BAF@rfc-editor.org> <CEAF6932-72F1-4BA0-90C9-42B014AA2DAC@vigilsec.com> <022201d4f521$363efad0$a2bcf070$@gmail.com> <A0A0D4DB-9443-432D-8836-5936A77212FC@vigilsec.com> <027801d4f524$f8b11690$ea1343b0$@gmail.com> <MN2PR15MB331028076A605A8944DAD6D9E3250@MN2PR15MB3310.namprd15.prod.outlook.com>
In-Reply-To: <MN2PR15MB331028076A605A8944DAD6D9E3250@MN2PR15MB3310.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.203.162.239]
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/_wyBIpP9eWka2zE1hTwuzig813U>
Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2019 14:53:20 -0000

Hi Daniel,

Thank you for your reply.

I think the definition of "CA" is clearly to be an entity which issues certificates. See below:

------
I am with Santosh.

As the definition of RFC 5280 Section 5:

"   CRL issuers issue CRLs.  The CRL issuer is either the CA or an entity
   that has been authorized by the CA to issue CRLs.  CAs publish CRLs
   to provide status information about the certificates they issued.
   However, a CA may delegate this responsibility to another trusted
   authority.
"

If a CA only issues CRL, then
"CAs publish CRLs
   to provide status information about the --certificates they issued---."
conflicts itself.

Lijun
________________________________________

-----Original Message-----
From: Daniel Migault [mailto:daniel.migault@ericsson.com] 
Sent: 2019年4月17日 16:42
To: Santosh Chokhani <santosh.chokhani@gmail.com>; 'Russ Housley' <housley@vigilsec.com>
Cc: 'RFC Editor' <rfc-editor@rfc-editor.org>; 'Roman D. Danyliw' <rdd@cert.org>; 'Simon Josefsson' <simon@josefsson.org>; 'Rich Salz' <rsalz@akamai.com>; 'Jim Schaad' <ietf@augustcellars.com>; curdle@ietf.org; Lijun Liao <lijun.liao@huawei.com>; 'Ben Kaduk' <kaduk@mit.edu>
Subject: RE: [Curdle] [Technical Errata Reported] RFC8410 (5696)

Hi, 

Thank you Lijun Liao for the comment and taking the time to improve our documents. 

I believe the confusion is that certificate authority are not restricted to emit certificate with KeyCertSign usage and cA constraint. For example, they could emit a certificate that is used *only* to validate CRLs. This certificate will have the keyUsage set to cRLSign. nonRepudiation, digitalSignature, cRLSign would not be selected as it indicates the key could be used for other purposes. Other combinations using may consider one or a combination of keyUsage KeyCertSign. nonRepudiation, digitalSignature, cRLSign.

If my understanding is correct, mandating KeyCertSign is not correct and the current text catches all possibilities. The text could have explicitly mentioned that certificate may emit certificate that are only restricted to the validation of certificate signature. However, I am not sure that would clarify the purpose of the document nor justify an errata. Thus, I am wondering if we can agree the issue has been solved and close the request for errata.

Yours, 
Daniel 


 



-----Original Message-----
From: Santosh Chokhani <santosh.chokhani@gmail.com> 
Sent: Wednesday, April 17, 2019 9:54 AM
To: 'Russ Housley' <housley@vigilsec.com>
Cc: 'RFC Editor' <rfc-editor@rfc-editor.org>; 'Roman D. Danyliw' <rdd@cert.org>; 'Simon Josefsson' <simon@josefsson.org>; Daniel Migault <daniel.migault@ericsson.com>; 'Rich Salz' <rsalz@akamai.com>; 'Jim Schaad' <ietf@augustcellars.com>; curdle@ietf.org; 'LIJUN.LIAO@huawei.com' <LIJUN.LIAO@HUAWEI.COM>; 'Ben Kaduk' <kaduk@mit.edu>
Subject: RE: [Curdle] [Technical Errata Reported] RFC8410 (5696)

Agree Russ in the sense that I have never seen a CA not issue CRL also.  It might delegate CRL issuance to other authorities as well, but I have not seen an implementation where a CA does not generate a CRL and does not provide it to at least one RP, be it OCSP Responder.

But if these folks are implementing a CA without CRL issuance, they might want this.  

On the other hand, I do not see CA having all these other bits as well.
There is no security issue if the CA has CRL issuance bit even if it does not issue a CRL.

So, I could go either way on this Errata since it does not move the security needle for me.

-----Original Message-----
From: Russ Housley [mailto:housley@vigilsec.com]
Sent: Wednesday, April 17, 2019 9:38 AM
To: Santosh Chokhani <santosh.chokhani@gmail.com>
Cc: RFC Editor <rfc-editor@rfc-editor.org>; Roman D. Danyliw <rdd@cert.org>; Simon Josefsson <simon@josefsson.org>; daniel.migault@ericsson.com; Rich Salz <rsalz@akamai.com>; Jim Schaad <ietf@augustcellars.com>; curdle@ietf.org; LIJUN.LIAO@huawei.com; Ben Kaduk <kaduk@mit.edu>
Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)

Santosh:

This is the exact way we have described the appropriate key usage bits since RFC 3279.  If this has confused any implementer over the last decade and a half, I have not heard about it.

Russ


> On Apr 17, 2019, at 9:26 AM, Santosh Chokhani 
> <santosh.chokhani@gmail.com>
wrote:
> 
> Russ,
> 
> But if the CA is using a key to sign CRL, in the context of that key 
> it is not a CA personality but a CRL issuer personality.
> 
> -----Original Message-----
> From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of Russ 
> Housley
> Sent: Wednesday, April 17, 2019 9:12 AM
> To: RFC Editor <rfc-editor@rfc-editor.org>
> Cc: Roman D. Danyliw <rdd@cert.org>; Simon Josefsson 
> <simon@josefsson.org>; daniel.migault@ericsson.com; Rich Salz 
> <rsalz@akamai.com>; Jim Schaad <ietf@augustcellars.com>; 
> curdle@ietf.org; LIJUN.LIAO@huawei.com; Ben Kaduk <kaduk@mit.edu>
> Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)
> 
> I do not think this is correct.  A CA could, for example, use one key 
> for signing certificates and a separate key for signing CRLs.
> 
> Russ
> 
> 
>> On Apr 17, 2019, at 9:03 AM, RFC Errata System 
>> <rfc-editor@rfc-editor.org>
> wrote:
>> 
>> The following errata report has been submitted for RFC8410, 
>> "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use 
>> in the Internet
> X.509 Public Key Infrastructure".
>> 
>> --------------------------------------
>> You may review the report below and at:
>> http://www.rfc-editor.org/errata/eid5696
>> 
>> --------------------------------------
>> Type: Technical
>> Reported by: Lijun Liao <LIJUN.LIAO@HUAWEI.COM>
>> 
>> Section: 5
>> 
>> Original Text
>> -------------
>>  If the keyUsage extension is present in a certification authority 
>> certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage 
>> extension MUST contain one or more of the following values:
>> 
>>         nonRepudiation;
>>         digitalSignature;
>>         keyCertSign; and
>>         cRLSign.
>> 
>> Corrected Text
>> --------------
>>  If the keyUsage extension is present in a certification authority 
>> certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage 
>> extension MUST contain keyCertSign, and zero, one or more of the 
>> following values:
>> 
>>         nonRepudiation;
>>         digitalSignature; and
>>         cRLSign.
>> 
>> Notes
>> -----
>> The usage keyCertSign must be set in a CA certificate.
>> 
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please 
>> use "Reply All" to discuss whether it should be verified or rejected.
>> When a decision is reached, the verifying party can log in to change 
>> the status and edit the report, if necessary.
>> 
>> --------------------------------------
>> RFC8410 (draft-ietf-curdle-pkix-10)
>> --------------------------------------
>> Title               : Algorithm Identifiers for Ed25519, Ed448, X25519,
> and X448 for Use in the Internet X.509 Public Key Infrastructure
>> Publication Date    : August 2018
>> Author(s)           : S. Josefsson, J. Schaad
>> Category            : PROPOSED STANDARD
>> Source              : CURves, Deprecating and a Little more Encryption
>> Area                : Security
>> Stream              : IETF
>> Verifying Party     : IESG
>> 
>> _______________________________________________
>> Curdle mailing list
>> Curdle@ietf.org
>> https://www.ietf.org/mailman/listinfo/curdle
> 
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
> 
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle

v2.23.0 | Report a Bug | By Email