RE: [pkix] Last Call: <draft-ietf-pkix-rfc5280-clarifications-08.txt>
Denis Pinkas <denis.pinkas@bull.net> Fri, 19 October 2012 10:41 UTC
Return-Path: <denis.pinkas@bull.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 932D921F8669; Fri, 19 Oct 2012 03:41:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.863
X-Spam-Level:
X-Spam-Status: No, score=-4.863 tagged_above=-999 required=5 tests=[AWL=1.385, BAYES_00=-2.599, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Idlytori-lvl; Fri, 19 Oct 2012 03:41:11 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [129.184.85.11]) by ietfa.amsl.com (Postfix) with ESMTP id A7BE821F8662; Fri, 19 Oct 2012 03:41:10 -0700 (PDT)
Received: from MSGC-007.bull.fr (unknown [129.184.87.136]) by odin2.bull.net (Bull S.A.) with ESMTP id 3AD8C4180F8; Fri, 19 Oct 2012 12:41:09 +0200 (CEST)
Received: from [127.0.0.1] ([129.184.39.15]) by MSGC-007.bull.fr (Lotus Domino Release 8.5.3FP1) with ESMTP id 2012101912410821-980 ; Fri, 19 Oct 2012 12:41:08 +0200
Message-ID: <50812E3F.9070200@bull.net>
Date: Fri, 19 Oct 2012 12:41:03 +0200
From: Denis Pinkas <denis.pinkas@bull.net>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: iesg@ietf.org
Subject: RE: [pkix] Last Call: <draft-ietf-pkix-rfc5280-clarifications-08.txt>
References: <20121015023425.27492.34330.idtracker@ietfa.amsl.com> <507DEDD4.5070409@ieca.com>
In-Reply-To: <507DEDD4.5070409@ieca.com>
X-MIMETrack: Itemize by SMTP Server on MSGC-007/SRV/BULL(Release 8.5.3FP1|March 07, 2012) at 19/10/2012 12:41:08, Serialize by Router on MSGC-007/SRV/BULL(Release 8.5.3FP1|March 07, 2012) at 19/10/2012 12:41:09, Serialize complete at 19/10/2012 12:41:09
X-TNEFEvaluated: 1
Content-Type: multipart/alternative; boundary="------------030900000302070306050506"
X-Mailman-Approved-At: Fri, 19 Oct 2012 09:29:32 -0700
Cc: Stephen Kent <kent@bbn.com>, iesg-secretary@ietf.org, ietf <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2012 10:41:17 -0000
To the IESG,
I am making an appeal to the IESG from the decision of Steve Kent one of
the co-chairs of the PKIX WG
to send back the document draft-ietf-pkix-rfc5280-clarifications-10.txt
to the IESG.
This decision has not even been taken in agreement with the other PKIX
co-chair Stefan Santesson, since he posted
a message on October 19 to the PKIX list saying:
The current text requires me to reject a CRL as source of revocation
information if ANY entry includes an unrecognised extension.
So thinking as an implementer, I just wander how this works in practice.
Consider I have a 100 MB CRL.
I then have to go through each entry and determine if any of them have an
unrecognised extension before I use it.
Just going to the entry of interest is not enough, since another entry may
have an unrecognised extension.
Is this how implementations work today?
This illustrates once again that keeping the current text would be the
worse of all the solutions.
*
**I am asking the IESG to send back the document (update to RFC 5280) to
the WG.*
When the original last call was placed I sent the following argument:
A discussion has just started yesterday on the PKIX mailing list
about an "Errata in section 5.3 from RFC 5280".
At this time it can clearly be seen that RFC 5280 is NOT compatible
with X.509 for the processing of
crlEntryExtensions, whereas RFC 5280 is supposed to be a *profile*
of X.509.
For that reason, I ask the IESG to suspend its decision until the
issue about crlEntryExtensions is clarified
one way or another, since this point now needs to be clarified and
will impact a document whose goal is precisely
to clarify RFC 5280.
My request has been accepted and the WG has worked in order to attempt
to solve the issue.
Several people tried to propose text to fix the current text, while some
others were providing arguments to say that the text was not "good enough"
but did not proposed an alternative text proposal.
The last exchanges, when attempting to correct the processing of CRL
entry extensions in RFC 5280, are the following:
On October 5, Denis Pinkas (i.e. myself) made a new strawman proposal,
using a text proposed by Steve Kent.
On October 9, 2012, Russ Housley replied to Denis Pinkas saying that he
had arguments against this text.
On October 11, without leaving me the time to reply to Russ, Steve Kent
asked Peter Yee to remove the Section 4 text from 5280bis and publish
version -10.
In my opinion, Russ Housley has not spent sufficient time to read my
proposal since his arguments did not take into consideration my proposed
text.
Usually a two weeks interval is given by the chairs before making a
decision. In this case, it has been *two days*, without any warning. I
believe this is unfair.
The two co-chairs should have remembered to the WG participants
(including Russ Housley as PKIX WG participant) how to address strawman
proposals:
everyone is allowed to critize a strawman proposal, as long as he
provides technical arguments for what he believes is incorrect, and also
attempts to build
a new strawman proposal using as much as possible the previous one.
This is one of the explanations (but not the single one) why the PKIX WG
is now unable to reach consensus. The co-chairs should act as facilitators.
They have been too often taking advantage of their "chair hat" while
defending their own arguments or their own text.
If this appeal is rejected, the text from RFC 5280 will stay as it is,
but it is incorrect.
Sharon Boeyen, the editor X.509, confirmed it was incorrect on the PKIX
list on August 28, 2012.
If the document is sent back the WG, as requested, I believe it would be
appropriate to ask to the PKIX co-chairs :
(1) to manage the PKIX WG "more appropriately",
(2) to remember to all the WG participants how to address strawman
proposals, and
(3) to avoid taking advantage of their "chair hat" while defending
their own arguments or their own text.
I believe that the PKIX WG can agree on a "minimum text" shortly.
Having a polished text is even possible, but only if the WG participants
are clearly instructed how to deal
with strawman proposals.
All of this is only in the interest of publishing RFCs with a correct
content.
Denis Pinkas
=========================================================================
The facts (in reverse order):
3) On October 11, 2012, without any pre warning, Steve Kent, one of the
co-chairs of the PKIX WG said :
"The PKIX list has not demonstrated consensus for the CRL entry
extension text I suggested, or any other,
since Russ sent his message on this topic on 10/3, over a week ago.
Consistent with Russ's direction, I have asked Peter Yee to remove the
Section 4 text from 5280bis and publish version -10.
I have begun preparation of the IESG report for the redacted version of
the doc".
2) On October 9, 2012, Russ Housley replied to Denis Pinkas:
" do not support this alternate text. If there is an unrecognized CRL
Entry Extension, then the replying party cannot know
whether the entry applies to a particular certificate or not.
Certificates are identified by an issuer and serial number.
An unrecognized CRL Entry Extension can change the issuer portion of the
tuple.
The relying party can always try an alternate CRL or and alternate
protocol like OCSP to check out the certificate of interest.
This would be true for any type of CRL validation trouble.
I am unclear how local policy can be helpful here. If there is an
unrecognized CRL Entry Extension, the relying party knows
that it cannot use the entry.
If the relying party does not know the issuer associated with a
particular CRL entry, then it does not know whether that entry
is associated with the certificate of interest or not. Given this
situation, I think that the appropriate action is not to treat the
certificate as revoked; instead, the CRL is providing no useful
information to make such a decision".
1) On October 5, 2012, Denis replied to Russ:
You said:
" Steve put forward some alternate text, but it does not seem to have
any more consensus than the text in the current I-D.
Can Steve's text be changed in a way that gets us to consensus? "
Here is a new proposal for changing Steve's text.
===========================================================================
The CRL entry extensions defined by ISO/IEC, ITU-T, and ANSI X9
for X.509 v2 CRLs provide methods for associating additional
attributes with CRL entries [X.509] [X9.55]. The X.509 v2 CRL
format also allows communities to define private CRL entry
extensions to carry information unique to those communities.
Each extension in a CRLentry may be designated as critical or
non-critical. A critical extension in the crlEntryExtensions
field of an entry SHALL affect only the certificate identified
in that entry, unless there is a related critical extension in
the crlExtensions field that advertises a special treatment for
it.
If a CRL contains a critical CRL entry extension that the
application cannot process, then the relying party SHOULD use,
if possible, other sources of certificate revocation status
(e.g. OCSP) to accurately the revocation status of the
certificate identified in that CRLEntry.
If the relying party is able to know (using a local policy)
that the CRLEntry is associated with the CA that issued the CRL,
then the relying party SHALL consider that the revocation status
of the certificate is revoked.
If the relying party is unable to know whether the CRLEntry
is associated with the CA that issued the CRL, then the relying
party SHOULD consider that the revocation status of the
certificate is revoked.
Note: In the last case, the relying party may treat a valid
certificate as being revoked. However, since most CAs are
currently using large random certificate serial numbers,
a collision between such numbers is rather unlikely.
So it is more likely that the certificate serial number
identified in the CRLentry relates to the right CA.
===========================================================================
The Note above could be transformed and placed in the security considerations section.
It is taking care of a situation that is likely to happen one out of a zillion of zillion cases.
It is one of the reasons why I have not kept the "dramatic" sentence from Steve's proposal:
"the relying party is faced with a difficult choice".
It seems that the PKIX WG is faced with a difficult choice. I see three ways we could go regarding the update to Section 5.3 of RFC 5280.
(1) Stick with the text in RFC 5280. At one point in time, there was consensus for it. Ignoring a CRL with an unrecognized CRL Entry Extension
is not aligned with the most recent version of X.509, but it is a safe thing to do.
(2) Build consensus for the text in the current I-D. We have been working toward that for several weeks, and we are not making progress.
(3) Build consensus around some alternate text. Steve put forward some alternate text, but it does not seem to have any more consensus
than the text in the current I-D. Can Steve's text be changed in a way that gets us to consensus? So far, I have seen two major concerns raised that need to be resolved if this is the way forward.
Denis
> So that nobody is surprised:
>
> I've placed this draft on the 10/25 IESG telechat. The -08 version
> and the -10 version are technically identical.
> -08 went through IETF LC so I'm not planning on issuing another IETF
> LC for -10.
>
> spt
>
> On 10/14/12 10:34 PM, internet-drafts@ietf.org wrote:
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>> This draft is a work item of the Public-Key Infrastructure (X.509)
>> Working Group of the IETF.
>>
>> Title : Updates to the Internet X.509 Public Key
>> Infrastructure Certificate and Certificate Revocation List (CRL) Profile
>> Author(s) : Peter E. Yee
>> Filename : draft-ietf-pkix-rfc5280-clarifications-10.txt
>> Pages : 7
>> Date : 2012-10-14
>>
>> Abstract:
>> This document updates RFC 5280, the Internet X.509 Public Key
>> Infrastructure Certificate and Certificate Revocation List (CRL)
>> Profile. This document changes the set of acceptable encoding
>> methods for the explicitText field of the user notice policy
>> qualifier and clarifies the rules for converting internationalized
>> domain name labels to ASCII. This document also provides some
>> clarifications on the use of self-signed certificates, trust
>> anchors,
>> and some updated security considerations.
>>
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-pkix-rfc5280-clarifications
>>
>> There's also a htmlized version available at:
>> http://tools.ietf.org/html/draft-ietf-pkix-rfc5280-clarifications-10
>>
>> A diff from the previous version is available at:
>> http://www.ietf.org/rfcdiff?url2=draft-ietf-pkix-rfc5280-clarifications-10
>>
>>
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> _______________________________________________
>> pkix mailing list
>> pkix@ietf.org
>> https://www.ietf.org/mailman/listinfo/pkix
>>
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix
- RE: [pkix] Last Call: <draft-ietf-pkix-rfc5280-cl… Denis Pinkas