Re: Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
"Paul Hoffman" <paul.hoffman@vpnc.org> Thu, 03 January 2019 17:33 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BD811311BE; Thu, 3 Jan 2019 09:33:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lnx8N6wZXDwm; Thu, 3 Jan 2019 09:33:09 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E53D113113C; Thu, 3 Jan 2019 09:33:08 -0800 (PST)
Received: from [10.32.60.60] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id x03HVt4T038871 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 3 Jan 2019 10:31:56 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [10.32.60.60]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: IETF <ietf@ietf.org>
Cc: SPASM <spasm@ietf.org>, draft-ietf-lamps-hash-of-root-key-cert-extn@ietf.org
Subject: Re: Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
Date: Thu, 03 Jan 2019 09:33:06 -0800
X-Mailer: MailMate (1.12.3r5579)
Message-ID: <B947A4A6-2F42-42CF-AD4F-4494D0AFF9AB@vpnc.org>
In-Reply-To: <8D8915DD-E57E-44B1-9B5C-1AF9E631F335@vigilsec.com>
References: <154594881588.11855.12133790922363153381.idtracker@ietfa.amsl.com> <1AB99D11-5B25-4A97-9FFD-17E318ADD739@vpnc.org> <3D85A45C-FE94-45A7-BF37-C3F8C1B3F5AA@vigilsec.com> <869BCE27-2AB5-4550-AC89-335BFE749123@vpnc.org> <8D8915DD-E57E-44B1-9B5C-1AF9E631F335@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/CcuNU7hn7E0YEvP_RRov03eBGO4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jan 2019 17:33:10 -0000
On 3 Jan 2019, at 7:28, Russ Housley wrote: > I had a voice conversation with Paul Hoffman, and I think that I now > understand the things that he would like to see added to the document. > Essentially, the Hash Of Root Key certificate extension is a > commitment to the next generation public key and algorithm. Recall > that the hash covers the SubjectPublicKeyInfo, which is: > > SubjectPublicKeyInfo ::= SEQUENCE { > algorithm AlgorithmIdentifier, > subjectPublicKey BIT STRING } > > So, a few things can go wrong after making this commitment. (Stephen > called it pinning.) The Root CA needs to choose a next generation > public key and algorithm that will be secure for the full lifetime. > Of course, a cryptoanalytic break through is very difficult to > predict, and if one happens before the new key is used, the Root CA > remains committed to the now broken key. The remedy is to deploy a > new public key and algorithm in the same manner as the initial Root CA > self-signed certificate. The benefits of automatic detection of the > new public key are lost, but that is a minor concern is the scope of a > cryptoanalytic break through. > > In addition, from an operational perspective, the Root CA must > securely back up the yet-to-be-deployed key pair. If the Root CA > stores it in a hardware security module, and that module fails, the > Root CA remains committed to the now unavailable key. The remedy is > the same as above: deploy a new public key in the same manner as the > initial Root CA self-signed certificate. Russ has issued an -03 that adds text about the commitment that comes with using this extension. That alleviates my concern about a CA not realizing that there is a risk in adding the extension to trust anchor certificates. --Paul Hoffman
- Re: Last Call: <draft-ietf-lamps-hash-of-root-key… Paul Hoffman
- Re: Last Call: <draft-ietf-lamps-hash-of-root-key… Russ Housley
- Re: Last Call: <draft-ietf-lamps-hash-of-root-key… Paul Hoffman
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Salz, Rich
- RE: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Tim Hollebeek
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Stephen Farrell
- RE: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Tim Hollebeek
- Re: Last Call: <draft-ietf-lamps-hash-of-root-key… Russ Housley
- Re: Last Call: <draft-ietf-lamps-hash-of-root-key… Russ Housley
- Re: Last Call: <draft-ietf-lamps-hash-of-root-key… Paul Hoffman
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Daniel Kahn Gillmor
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Russ Housley
- RE: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Jim Schaad
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Daniel Kahn Gillmor
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Russ Housley
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Daniel Kahn Gillmor
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Salz, Rich
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Russ Housley
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Daniel Kahn Gillmor
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Salz, Rich
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Paul Hoffman
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Daniel Kahn Gillmor
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Daniel Kahn Gillmor
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Salz, Rich
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Russ Housley
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Russ Housley
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Russ Housley
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-… Benjamin Kaduk