IETF Logo Mail Archive

Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)

Daniel Migault <daniel.migault@ericsson.com> Wed, 17 April 2019 14:41 UTC

Return-Path: <daniel.migault@ericsson.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B956C12014E for <curdle@ietfa.amsl.com>; Wed, 17 Apr 2019 07:41:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BccGkc53qNu3 for <curdle@ietfa.amsl.com>; Wed, 17 Apr 2019 07:41:40 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-eopbgr740073.outbound.protection.outlook.com [40.107.74.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E083D120021 for <curdle@ietf.org>; Wed, 17 Apr 2019 07:41:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PRAaCZyALRLSeYLoZ04f666Edl0hRnb8bjAqXLozNIM=; b=e0yjhYzaRQDDfuromEglvv/kKG7RVL/LZePCAo+r6hsm57mEnNXkjTEEp/jj1od3E6Oi/FCX4Ii9yyCdvvBUe/6terZ5q3B5gpFtxRKSCZSQjLLp7CR0nBxDudxVeoCTmXujH05kVJ8LQNDMNvmm98YukzFHIhvrRzs8pnVh5ds=
Received: from MN2PR15MB3310.namprd15.prod.outlook.com (20.179.21.142) by MN2PR15MB3168.namprd15.prod.outlook.com (20.179.23.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.12; Wed, 17 Apr 2019 14:41:35 +0000
Received: from MN2PR15MB3310.namprd15.prod.outlook.com ([fe80::3568:7582:3c7d:6f18]) by MN2PR15MB3310.namprd15.prod.outlook.com ([fe80::3568:7582:3c7d:6f18%2]) with mapi id 15.20.1792.018; Wed, 17 Apr 2019 14:41:35 +0000
From: Daniel Migault <daniel.migault@ericsson.com>
To: Santosh Chokhani <santosh.chokhani@gmail.com>, 'Russ Housley' <housley@vigilsec.com>
CC: 'RFC Editor' <rfc-editor@rfc-editor.org>, "'Roman D. Danyliw'" <rdd@cert.org>, 'Simon Josefsson' <simon@josefsson.org>, 'Rich Salz' <rsalz@akamai.com>, 'Jim Schaad' <ietf@augustcellars.com>, "curdle@ietf.org" <curdle@ietf.org>, "'LIJUN.LIAO@huawei.com'" <LIJUN.LIAO@HUAWEI.COM>, 'Ben Kaduk' <kaduk@mit.edu>
Thread-Topic: [Curdle] [Technical Errata Reported] RFC8410 (5696)
Thread-Index: AQHU9R4KByQWCPqVukWiHdpPGlSoV6ZAVCKAgAAEC4CAAAMhgIAABGQAgAAKPcA=
Date: Wed, 17 Apr 2019 14:41:35 +0000
Message-ID: <MN2PR15MB331028076A605A8944DAD6D9E3250@MN2PR15MB3310.namprd15.prod.outlook.com>
References: <20190417130322.DF98CB82BAF@rfc-editor.org> <CEAF6932-72F1-4BA0-90C9-42B014AA2DAC@vigilsec.com> <022201d4f521$363efad0$a2bcf070$@gmail.com> <A0A0D4DB-9443-432D-8836-5936A77212FC@vigilsec.com> <027801d4f524$f8b11690$ea1343b0$@gmail.com>
In-Reply-To: <027801d4f524$f8b11690$ea1343b0$@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=daniel.migault@ericsson.com;
x-originating-ip: [70.80.131.240]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: acdb5203-3dfd-4079-02c9-08d6c342ca80
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600140)(711020)(4605104)(2017052603328)(7193020); SRVR:MN2PR15MB3168;
x-ms-traffictypediagnostic: MN2PR15MB3168:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR15MB31680B02CEEF473F71694A04E3250@MN2PR15MB3168.namprd15.prod.outlook.com>
x-forefront-prvs: 0010D93EFE
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(396003)(366004)(346002)(136003)(199004)(189003)(13464003)(102836004)(81156014)(8936002)(81166006)(26005)(68736007)(66574012)(11346002)(8676002)(486006)(186003)(76176011)(14454004)(476003)(53546011)(446003)(86362001)(74316002)(5660300002)(97736004)(52536014)(71190400001)(2906002)(71200400001)(7736002)(6116002)(3846002)(305945005)(6506007)(25786009)(93886005)(316002)(6436002)(110136005)(4326008)(33656002)(44832011)(256004)(229853002)(54906003)(7696005)(99286004)(6306002)(966005)(6246003)(14444005)(9686003)(7416002)(55016002)(106356001)(66066001)(53936002)(105586002)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR15MB3168; H:MN2PR15MB3310.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: y4H+C8lqRNhd+e3uggsu+xCLIrQ2zMtWjpue+REgp3yIoyLOOuwiJ9/KapFjvR1DkZ5sqF2V2TIjFXGsTw1hNZRqPUpKDeHHDbTIjVmOYzWN16dz5hD8tjQAYCpvg1zAJJ2AiszvFKiTylo00iBeCe/wZzy7r51W7sMBMG05fiafySbNysvvz8Ruo8VvRflRT5/lmGIbd7HVWMmSD1TChcMTFvbYrXXiI84DmV8cqhEc1NbXE8g/0POtbLKRHJ6j84t0eABu37sLdPY5dw03DdOLpT1/IPkToKRoOCQDRvkWIqP5MpOWIK/epmYCxn+px+9Q0LDVmVvW9TpUus7NH3gb/Ppughvtcs6R0XKyg4cFwHeZETl+4DDQpjbKuqKfZEVVmctoHl0uQV0g56WEbHWV8BuGa1OR1pXFSS8BVbQ=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: acdb5203-3dfd-4079-02c9-08d6c342ca80
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2019 14:41:35.1178 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR15MB3168
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/sseW62EQLgQYrDaFGw9tzQiIXBg>
Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2019 14:41:44 -0000

Hi, 

Thank you Lijun Liao for the comment and taking the time to improve our documents. 

I believe the confusion is that certificate authority are not restricted to emit certificate with KeyCertSign usage and cA constraint. For example, they could emit a certificate that is used *only* to validate CRLs. This certificate will have the keyUsage set to cRLSign. nonRepudiation, digitalSignature, cRLSign would not be selected as it indicates the key could be used for other purposes. Other combinations using may consider one or a combination of keyUsage KeyCertSign. nonRepudiation, digitalSignature, cRLSign.

If my understanding is correct, mandating KeyCertSign is not correct and the current text catches all possibilities. The text could have explicitly mentioned that certificate may emit certificate that are only restricted to the validation of certificate signature. However, I am not sure that would clarify the purpose of the document nor justify an errata. Thus, I am wondering if we can agree the issue has been solved and close the request for errata.

Yours, 
Daniel 


 



-----Original Message-----
From: Santosh Chokhani <santosh.chokhani@gmail.com> 
Sent: Wednesday, April 17, 2019 9:54 AM
To: 'Russ Housley' <housley@vigilsec.com>
Cc: 'RFC Editor' <rfc-editor@rfc-editor.org>; 'Roman D. Danyliw' <rdd@cert.org>; 'Simon Josefsson' <simon@josefsson.org>; Daniel Migault <daniel.migault@ericsson.com>; 'Rich Salz' <rsalz@akamai.com>; 'Jim Schaad' <ietf@augustcellars.com>; curdle@ietf.org; 'LIJUN.LIAO@huawei.com' <LIJUN.LIAO@HUAWEI.COM>; 'Ben Kaduk' <kaduk@mit.edu>
Subject: RE: [Curdle] [Technical Errata Reported] RFC8410 (5696)

Agree Russ in the sense that I have never seen a CA not issue CRL also.  It might delegate CRL issuance to other authorities as well, but I have not seen an implementation where a CA does not generate a CRL and does not provide it to at least one RP, be it OCSP Responder.

But if these folks are implementing a CA without CRL issuance, they might want this.  

On the other hand, I do not see CA having all these other bits as well.
There is no security issue if the CA has CRL issuance bit even if it does not issue a CRL.

So, I could go either way on this Errata since it does not move the security needle for me.

-----Original Message-----
From: Russ Housley [mailto:housley@vigilsec.com]
Sent: Wednesday, April 17, 2019 9:38 AM
To: Santosh Chokhani <santosh.chokhani@gmail.com>
Cc: RFC Editor <rfc-editor@rfc-editor.org>; Roman D. Danyliw <rdd@cert.org>; Simon Josefsson <simon@josefsson.org>; daniel.migault@ericsson.com; Rich Salz <rsalz@akamai.com>; Jim Schaad <ietf@augustcellars.com>; curdle@ietf.org; LIJUN.LIAO@huawei.com; Ben Kaduk <kaduk@mit.edu>
Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)

Santosh:

This is the exact way we have described the appropriate key usage bits since RFC 3279.  If this has confused any implementer over the last decade and a half, I have not heard about it.

Russ


> On Apr 17, 2019, at 9:26 AM, Santosh Chokhani 
> <santosh.chokhani@gmail.com>
wrote:
> 
> Russ,
> 
> But if the CA is using a key to sign CRL, in the context of that key 
> it is not a CA personality but a CRL issuer personality.
> 
> -----Original Message-----
> From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of Russ 
> Housley
> Sent: Wednesday, April 17, 2019 9:12 AM
> To: RFC Editor <rfc-editor@rfc-editor.org>
> Cc: Roman D. Danyliw <rdd@cert.org>; Simon Josefsson 
> <simon@josefsson.org>; daniel.migault@ericsson.com; Rich Salz 
> <rsalz@akamai.com>; Jim Schaad <ietf@augustcellars.com>; 
> curdle@ietf.org; LIJUN.LIAO@huawei.com; Ben Kaduk <kaduk@mit.edu>
> Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)
> 
> I do not think this is correct.  A CA could, for example, use one key 
> for signing certificates and a separate key for signing CRLs.
> 
> Russ
> 
> 
>> On Apr 17, 2019, at 9:03 AM, RFC Errata System 
>> <rfc-editor@rfc-editor.org>
> wrote:
>> 
>> The following errata report has been submitted for RFC8410, 
>> "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use 
>> in the Internet
> X.509 Public Key Infrastructure".
>> 
>> --------------------------------------
>> You may review the report below and at:
>> http://www.rfc-editor.org/errata/eid5696
>> 
>> --------------------------------------
>> Type: Technical
>> Reported by: Lijun Liao <LIJUN.LIAO@HUAWEI.COM>
>> 
>> Section: 5
>> 
>> Original Text
>> -------------
>>  If the keyUsage extension is present in a certification authority 
>> certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage 
>> extension MUST contain one or more of the following values:
>> 
>>         nonRepudiation;
>>         digitalSignature;
>>         keyCertSign; and
>>         cRLSign.
>> 
>> Corrected Text
>> --------------
>>  If the keyUsage extension is present in a certification authority 
>> certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage 
>> extension MUST contain keyCertSign, and zero, one or more of the 
>> following values:
>> 
>>         nonRepudiation;
>>         digitalSignature; and
>>         cRLSign.
>> 
>> Notes
>> -----
>> The usage keyCertSign must be set in a CA certificate.
>> 
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please 
>> use "Reply All" to discuss whether it should be verified or rejected.
>> When a decision is reached, the verifying party can log in to change 
>> the status and edit the report, if necessary.
>> 
>> --------------------------------------
>> RFC8410 (draft-ietf-curdle-pkix-10)
>> --------------------------------------
>> Title               : Algorithm Identifiers for Ed25519, Ed448, X25519,
> and X448 for Use in the Internet X.509 Public Key Infrastructure
>> Publication Date    : August 2018
>> Author(s)           : S. Josefsson, J. Schaad
>> Category            : PROPOSED STANDARD
>> Source              : CURves, Deprecating and a Little more Encryption
>> Area                : Security
>> Stream              : IETF
>> Verifying Party     : IESG
>> 
>> _______________________________________________
>> Curdle mailing list
>> Curdle@ietf.org
>> https://www.ietf.org/mailman/listinfo/curdle
> 
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
> 
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle

v2.23.0 | Report a Bug | By Email