Re: [dispatch] please dispatch draft-bhjl-x509-srv-02.xml
Eric Rescorla <ekr@rtfm.com> Sun, 21 August 2016 13:26 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E58F12D0AF for <dispatch@ietfa.amsl.com>; Sun, 21 Aug 2016 06:26:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hNy25_GFKN3L for <dispatch@ietfa.amsl.com>; Sun, 21 Aug 2016 06:26:25 -0700 (PDT)
Received: from mail-yb0-x22c.google.com (mail-yb0-x22c.google.com [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2B6E128B44 for <dispatch@ietf.org>; Sun, 21 Aug 2016 06:26:24 -0700 (PDT)
Received: by mail-yb0-x22c.google.com with SMTP id z10so29513686ybh.2 for <dispatch@ietf.org>; Sun, 21 Aug 2016 06:26:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WRIKOyezLtWqIehb8KYWZ+sNnT53JqATP4IXoAg4Ofg=; b=kvqy5BuBvNn4+tFAbT5b2bGIYSwxv5eWSff9M+plcypL8jx8amXyX5kHkjQqGkd3qK caZaZegpYGBUiRMZNjEHw5Pe/jZlH89vYcHN/Xu7EU/11Jj1h4NXk/V812EUuoAReyuw nWIZEGYH51Hkws+RMipkYrWtaTg4JAGGdMX1mGcgpyjkR7Wbq0psPuGleWpDwDbkgxBg LZKEci+KL/jB+qBm4pNuZlFx8RU/BOfQEihWeEg1/11vVPiBtYr8Ll3mhGbONzCH2h13 po0P4p4BeMB2x1N3lsqWh5hDcJHOpK8u1ZWAdRCS2wLv43hsc5Oy1+pivqqHwUF71k/l yZsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WRIKOyezLtWqIehb8KYWZ+sNnT53JqATP4IXoAg4Ofg=; b=moXP5pZMklr+GL8Ht49Eg68busNUXgD5l3OACWpReRLEvRFct7gsGS7EqgPXv4cIMp 4h0ydL9CD+J2C63iodM0oNngjkq3kLeJvjc5ovu619hMkYz1wFNSi41W3x26KdJqC4jH vrsrmYht6jlOccWtGi/JMsbk/3Sa8zttERcVrvXm+KRgM4L9JDXyGkZARo+/Pjaz/bEY BOZlp5ifVEUd6lglmEflBHB+g7Q2bFh5vz4Asr9UHFE8s8dWcbQZRhAqpWM891h7PEmG 7y610jjVDNkDROxkbp7StBmFzANOoCaP6jPFhImdbLTremkq8R/WmQS43i4lom+GuV7+ Nqig==
X-Gm-Message-State: AEkoous5sUQpbqJrZ8FH3d2EdJArwpExMropuuZAvbNOMrVI6wUZPaIKvCWK+Hg+Q6SD0f9+334zA++5dYO3mw==
X-Received: by 10.37.3.198 with SMTP id 189mr13266286ybd.57.1471785983857; Sun, 21 Aug 2016 06:26:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.48.193 with HTTP; Sun, 21 Aug 2016 06:25:43 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.11.1607221253020.13624@dhcp-b1bb.meeting.ietf.org>
References: <alpine.OSX.2.11.1607221253020.13624@dhcp-b1bb.meeting.ietf.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 21 Aug 2016 06:25:43 -0700
Message-ID: <CABcZeBMV_2d6RBi4EsvtLtyOBeM2nD3u30O-SZqdmGGBzs6y_g@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="001a11c02ddac10952053a94e044"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/9fsMdUBT5Gs5hBnxYURFLQepaCM>
Cc: Dispatch WG <dispatch@ietf.org>
Subject: Re: [dispatch] please dispatch draft-bhjl-x509-srv-02.xml
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Aug 2016 13:26:27 -0000
Comments below: OVERALL The trust model of this document seems confusing. Typically we assume that certificates are self-authenticating, i.e., the certificate can be provided to you by the attacker and you can independently validate its acceptability. And graf 2 of section 5 implies this by talking about a signature from a CA. However, in this protocol, you have the following additional cryptographic protocols in play: - A DNSSEC-signed SRV record - A DNSSEC-signed TLSA record - An HTTPS connection to the server - A potentially WebPKI-valid server cert This document should define precisely what combination of these elements is sufficient for the client to accept the certificate. For instance, if we have a DNSSEC-signed SRV that leads to a WebPKI valid HTTPS server which serves a self-signed cert for the user, is that acceptable? This reflects a completely different trust model from that assumed by S/MIME traditionally. Another way to ask this question is: is this an untrusted directory or is it a substitute for a PKI for e-mail certificates. This also goes to the question of whether this document should be in the security or ART area. DETAIL S 2. Your requirements for what cryptographic technology is used here are all non-MUSTs, but how important they are depends entirely on the trust model (see above). If the certs are self-authenticating and this is just an untrusted directory, then this is largely an operational question. However, if it is acting as a substitute CA, then actually having a cryptographically valid chain of inference is imperative and there need to be some MUSTs here. It's somewhat odd to encourage TLSA records (at SHOULD level) but a WebPKI valid certificate at MAY level. This is pretty much the opposite of standard practice for HTTPS on the Internet today. It's not like it's particularly onerous for someone running a Web server to get WebPKI valid certs. S 5. This section also needs to be fleshed out. Questions include: - You say "a blob of binary data". Do you mean that they are DER? That seems implied, but it could be compressed DER or something. This needs to be specified. - What is the relationship between the multiple certificates that are provided? Are they alternatives? Are some of them intermediates that can be used to validate the EE certificate (this is commonly required)? If so, which one is the EE cert? - Are there any requirements about the format of the various subject name fields? Say I ask for "bob@example.com" and get a cert for "alice@example.invalid". What do I do? This section about how to publish domain-operated CA certificates kind of seems like an add-on and needs to be fleshed out quite a bit more. For instance, why aren't you defining the same mechanism for PGP, as they seem analagous in this case. If you want to define TLSA records for CA certs for e-mail that seems like it should probably be the subject of a separate document. -Ekr On Fri, Jul 22, 2016 at 3:54 AM, John R Levine <johnl@taugh.com> wrote: > The WG seemed OK with it. After talking to people who plan to implement > it I updated the draft with some editing fixes and a longer security > section. > > This also seems appropriate for AD sponsored, please. > > Regards, > John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY > Please consider the environment before reading this e-mail. > > _______________________________________________ > dispatch mailing list > dispatch@ietf.org > https://www.ietf.org/mailman/listinfo/dispatch >
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Cullen Jennings (fluffy)
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Martin Thomson
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Martin Thomson
- [dispatch] please dispatch draft-bhjl-x509-srv-02… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Cullen Jennings (fluffy)
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Cullen Jennings (fluffy)
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Eric Rescorla
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Eric Rescorla
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Eric Rescorla
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Cullen Jennings
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Wei Chuang
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Stephen Farrell
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… A. Schulze