IETF Logo Mail Archive

Re: [dispatch] please dispatch draft-bhjl-x509-srv-02.xml

Eric Rescorla <ekr@rtfm.com> Sun, 21 August 2016 13:26 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E58F12D0AF for <dispatch@ietfa.amsl.com>; Sun, 21 Aug 2016 06:26:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hNy25_GFKN3L for <dispatch@ietfa.amsl.com>; Sun, 21 Aug 2016 06:26:25 -0700 (PDT)
Received: from mail-yb0-x22c.google.com (mail-yb0-x22c.google.com [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2B6E128B44 for <dispatch@ietf.org>; Sun, 21 Aug 2016 06:26:24 -0700 (PDT)
Received: by mail-yb0-x22c.google.com with SMTP id z10so29513686ybh.2 for <dispatch@ietf.org>; Sun, 21 Aug 2016 06:26:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WRIKOyezLtWqIehb8KYWZ+sNnT53JqATP4IXoAg4Ofg=; b=kvqy5BuBvNn4+tFAbT5b2bGIYSwxv5eWSff9M+plcypL8jx8amXyX5kHkjQqGkd3qK caZaZegpYGBUiRMZNjEHw5Pe/jZlH89vYcHN/Xu7EU/11Jj1h4NXk/V812EUuoAReyuw nWIZEGYH51Hkws+RMipkYrWtaTg4JAGGdMX1mGcgpyjkR7Wbq0psPuGleWpDwDbkgxBg LZKEci+KL/jB+qBm4pNuZlFx8RU/BOfQEihWeEg1/11vVPiBtYr8Ll3mhGbONzCH2h13 po0P4p4BeMB2x1N3lsqWh5hDcJHOpK8u1ZWAdRCS2wLv43hsc5Oy1+pivqqHwUF71k/l yZsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WRIKOyezLtWqIehb8KYWZ+sNnT53JqATP4IXoAg4Ofg=; b=moXP5pZMklr+GL8Ht49Eg68busNUXgD5l3OACWpReRLEvRFct7gsGS7EqgPXv4cIMp 4h0ydL9CD+J2C63iodM0oNngjkq3kLeJvjc5ovu619hMkYz1wFNSi41W3x26KdJqC4jH vrsrmYht6jlOccWtGi/JMsbk/3Sa8zttERcVrvXm+KRgM4L9JDXyGkZARo+/Pjaz/bEY BOZlp5ifVEUd6lglmEflBHB+g7Q2bFh5vz4Asr9UHFE8s8dWcbQZRhAqpWM891h7PEmG 7y610jjVDNkDROxkbp7StBmFzANOoCaP6jPFhImdbLTremkq8R/WmQS43i4lom+GuV7+ Nqig==
X-Gm-Message-State: AEkoous5sUQpbqJrZ8FH3d2EdJArwpExMropuuZAvbNOMrVI6wUZPaIKvCWK+Hg+Q6SD0f9+334zA++5dYO3mw==
X-Received: by 10.37.3.198 with SMTP id 189mr13266286ybd.57.1471785983857; Sun, 21 Aug 2016 06:26:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.48.193 with HTTP; Sun, 21 Aug 2016 06:25:43 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.11.1607221253020.13624@dhcp-b1bb.meeting.ietf.org>
References: <alpine.OSX.2.11.1607221253020.13624@dhcp-b1bb.meeting.ietf.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 21 Aug 2016 06:25:43 -0700
Message-ID: <CABcZeBMV_2d6RBi4EsvtLtyOBeM2nD3u30O-SZqdmGGBzs6y_g@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="001a11c02ddac10952053a94e044"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/9fsMdUBT5Gs5hBnxYURFLQepaCM>
Cc: Dispatch WG <dispatch@ietf.org>
Subject: Re: [dispatch] please dispatch draft-bhjl-x509-srv-02.xml
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Aug 2016 13:26:27 -0000

Comments below:
OVERALL The trust model of this document seems confusing. Typically we
assume that certificates are self-authenticating, i.e., the
certificate can be provided to you by the attacker and you can
independently validate its acceptability. And graf 2 of section 5
implies this by talking about a signature from a CA.

However, in this protocol, you have the following additional
cryptographic protocols in play:

- A DNSSEC-signed SRV record
- A DNSSEC-signed TLSA record
- An HTTPS connection to the server
- A potentially WebPKI-valid server cert

This document should define precisely what combination of these
elements is sufficient for the client to accept the certificate. For
instance, if we have a DNSSEC-signed SRV that leads to a WebPKI valid
HTTPS server which serves a self-signed cert for the user, is that
acceptable? This reflects a completely different trust model from that
assumed by S/MIME traditionally. Another way to ask this question is:
is this an untrusted directory or is it a substitute for a PKI for
e-mail certificates.

This also goes to the question of whether this document should be in
the security or ART area.


DETAIL
S 2.
Your requirements for what cryptographic technology is used here are
all non-MUSTs, but how important they are depends entirely on the
trust model (see above). If the certs are self-authenticating and this
is just an untrusted directory, then this is largely an operational
question. However, if it is acting as a substitute CA, then actually
having a cryptographically valid chain of inference is imperative and
there need to be some MUSTs here.

It's somewhat odd to encourage TLSA records (at SHOULD level) but a
WebPKI valid certificate at MAY level. This is pretty much the
opposite of standard practice for HTTPS on the Internet today. It's
not like it's particularly onerous for someone running a Web server to
get WebPKI valid certs.


S 5.
This section also needs to be fleshed out. Questions include:

- You say "a blob of binary data". Do you mean that they are DER? That
  seems implied, but it could be compressed DER or something. This
  needs to be specified.

- What is the relationship between the multiple certificates that are
  provided? Are they alternatives? Are some of them intermediates that
  can be used to validate the EE certificate (this is commonly
  required)? If so, which one is the EE cert?

- Are there any requirements about the format of the various subject
  name fields? Say I ask for "bob@example.com" and get a cert for
  "alice@example.invalid". What do I do?

This section about how to publish domain-operated CA certificates kind
of seems like an add-on and needs to be fleshed out quite a bit
more. For instance, why aren't you defining the same mechanism for
PGP, as they seem analagous in this case. If you want to define TLSA
records for CA certs for e-mail that seems like it should probably be
the subject of a separate document.

-Ekr



On Fri, Jul 22, 2016 at 3:54 AM, John R Levine <johnl@taugh.com> wrote:

> The WG seemed OK with it.  After talking to people who plan to implement
> it I updated the draft with some editing fixes and a longer security
> section.
>
> This also seems appropriate for AD sponsored, please.
>
> Regards,
> John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
> Please consider the environment before reading this e-mail.
>
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch
>

v2.23.0 | Report a Bug | By Email