Re: exposing certificate information (current + upcoming)
Ryan Sleevi <ryan-ietf@sleevi.com> Fri, 10 May 2019 17:52 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 505DC12012E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 10 May 2019 10:52:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.898
X-Spam-Level:
X-Spam-Status: No, score=-2.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dB0EQV11GtjN for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 10 May 2019 10:52:08 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F43C120123 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 10 May 2019 10:52:08 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1hP9eH-0005Ez-O5 for ietf-http-wg-dist@listhub.w3.org; Fri, 10 May 2019 17:49:33 +0000
Resent-Date: Fri, 10 May 2019 17:49:33 +0000
Resent-Message-Id: <E1hP9eH-0005Ez-O5@frink.w3.org>
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <ryan.sleevi@gmail.com>) id 1hP9eE-0005EA-CM for ietf-http-wg@listhub.w3.org; Fri, 10 May 2019 17:49:30 +0000
Received: from mail-ed1-f44.google.com ([209.85.208.44]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <ryan.sleevi@gmail.com>) id 1hP9eC-0006TW-Vo for ietf-http-wg@w3.org; Fri, 10 May 2019 17:49:30 +0000
Received: by mail-ed1-f44.google.com with SMTP id p27so6217260eda.1 for <ietf-http-wg@w3.org>; Fri, 10 May 2019 10:49:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UL2B1qaE8mXk31OF9dgsPrnXdVhDjxmGL3om8QciHtU=; b=SHmUlc2D6n1lb10AYK/odc2+k18pcNiIW5/XlXgcRZesbLpdS1iYyiJilrbI4nm/qA K5jPxkKKXi/8gv7At8LcNHWLd5X9LGEsJjNZNVKTN6V8fw3TlHxlGwa5aGS9SVwC21Uq eY4ptXzlAkdTKYXh7obBWvWFnzuAJCZx9J/+Qf69LevoXmoCbPY8ZUH56LTvVF1tFVHo f4XXHJDa/2AioclUKK3F2fYfTO6VWRlxbM1Ylb0yup8DzsNS3Cmhog7AvDn2os8HR1un 9299o2759CpZ7UY/Vk3iTooaqLPwZ72IFpfezwm9ma1A6kyMDF5wElohDjhbwtQ01yWm Ukkg==
X-Gm-Message-State: APjAAAXkysNM47WAjQvLaDsemX5tDzbFkY4vL7Rg5AXgPEOW95SDQrii P9YCyZnOheaJs5r6ECt2jGAYX8gj
X-Google-Smtp-Source: APXvYqxxoSP1m3fQc0nKFgproS9ebTFA3PKAvyB0zHy3cUTD8oAf1t05JX5vbHTuTUWGARoBckOjmA==
X-Received: by 2002:a50:f482:: with SMTP id s2mr12897695edm.44.1557510547091; Fri, 10 May 2019 10:49:07 -0700 (PDT)
Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com. [209.85.221.51]) by smtp.gmail.com with ESMTPSA id g11sm1605354eda.42.2019.05.10.10.49.06 for <ietf-http-wg@w3.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Fri, 10 May 2019 10:49:06 -0700 (PDT)
Received: by mail-wr1-f51.google.com with SMTP id r4so8796110wro.10 for <ietf-http-wg@w3.org>; Fri, 10 May 2019 10:49:06 -0700 (PDT)
X-Received: by 2002:adf:eac6:: with SMTP id o6mr40084wrn.222.1557510545884; Fri, 10 May 2019 10:49:05 -0700 (PDT)
MIME-Version: 1.0
References: <BA35C55E-E096-49DA-BBC5-D5A34756FC67@greenbytes.de>
In-Reply-To: <BA35C55E-E096-49DA-BBC5-D5A34756FC67@greenbytes.de>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Fri, 10 May 2019 13:48:54 -0400
X-Gmail-Original-Message-ID: <CAErg=HG9LecgAPusJQtgLMf44kz_yMmvCp+Ai_NAEN_Q3JxWfQ@mail.gmail.com>
Message-ID: <CAErg=HG9LecgAPusJQtgLMf44kz_yMmvCp+Ai_NAEN_Q3JxWfQ@mail.gmail.com>
To: Stefan Eissing <stefan.eissing@greenbytes.de>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="000000000000d24ea105888c2ed0"
Received-SPF: pass client-ip=209.85.208.44; envelope-from=ryan.sleevi@gmail.com; helo=mail-ed1-f44.google.com
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: AWL=-0.341, BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.094, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1hP9eC-0006TW-Vo 11eac0dacd6a53a6405a6201f4ecc4f2
X-Original-To: ietf-http-wg@w3.org
Subject: Re: exposing certificate information (current + upcoming)
Archived-At: <https://www.w3.org/mid/CAErg=HG9LecgAPusJQtgLMf44kz_yMmvCp+Ai_NAEN_Q3JxWfQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36631
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Fri, May 10, 2019 at 6:50 AM Stefan Eissing <stefan.eissing@greenbytes.de> wrote: > Christophe Brocas (@cbrocas), organizer of Pass-the-Salt security > conference, tweeted > about checking HTTP server certificates against CT logs to detect very > early if someone > successfully highjacked one of your domains. > > A renewed certificate is often not immediately used on a server but > activated on the > next restart which can be several hours away. To check if a certificate > mentioned in a > CT log, one would need to obtain information about upcoming certificates > as well. > I'm not sure I understand the CT use case. Are you attempting to verify that a certificate with embedded SCTs has been incorporated within a logs MMD? The discussion of detecting very early if someone hijacked one of your domains seems largely orthogonal to providing information about your present certificate, since the attacker/adversary would simply not provide this information. In CT, this is fine, because the reliance is upon the SCTs (whether from TLS, embedded, or OCSP) being proof of inclusion within a log, and, as Ilari mentioned, client verification and/or gossip of those SCTs (and related STHs) to ensure presence within a log. While I don't think there's any harm in exposing information about upcoming certificates, particularly if they've already been logged (by the server, in the case of TLS, or by the CA, in the case of embedded SCTs or OCSP responses), it doesn't seem to fit with a very clear threat model, and I worry I'm missing something that's supposed to be obvious here.
- exposing certificate information (current + upcom… Stefan Eissing
- Re: exposing certificate information (current + u… Ilari Liusvaara
- Re: exposing certificate information (current + u… Stefan Eissing
- Re: exposing certificate information (current + u… Ryan Sleevi
- Re: exposing certificate information (current + u… Stefan Eissing
- Re: exposing certificate information (current + u… Stefan Eissing
- Re: exposing certificate information (current + u… Martin J. Dürst