Re: [pkix] Managing Long-Lived CA certs

"Erik Andersen" <era@x500.eu> Mon, 17 July 2017 15:41 UTC

Return-Path: <era@x500.eu>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4FCE131C71 for <pkix@ietfa.amsl.com>; Mon, 17 Jul 2017 08:41:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.588
X-Spam-Level:
X-Spam-Status: No, score=-2.588 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CM04yzvoWxOo for <pkix@ietfa.amsl.com>; Mon, 17 Jul 2017 08:41:39 -0700 (PDT)
Received: from mail03.dandomain.dk (mail03.dandomain.dk [194.150.112.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4C79131C44 for <pkix@ietf.org>; Mon, 17 Jul 2017 08:41:38 -0700 (PDT)
Received: from Morten ([62.44.134.67]) by mail03.dandomain.dk (DanDomain Mailserver) with ASMTP id 3201707171741353126 for <pkix@ietf.org>; Mon, 17 Jul 2017 17:41:35 +0200
From: "Erik Andersen" <era@x500.eu>
To: <pkix@ietf.org>
References: <467c8936-f6aa-0853-878c-24fc8803c599@openca.org> <001501d2ff0e$00eddfa0$02c99ee0$@x500.eu> <4c3aadcc-7ed0-5f60-640c-93a11cb718bc@openca.org>
In-Reply-To: <4c3aadcc-7ed0-5f60-640c-93a11cb718bc@openca.org>
Date: Mon, 17 Jul 2017 17:41:33 +0200
Message-ID: <002c01d2ff13$2add1880$80974980$@x500.eu>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_002D_01D2FF23.EE6A0730"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQDOcHAtNaigQtZhTsCOwy8a/DXXLwJG2NRHAZgK4cekQk2wQA==
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/5ORJcBsJ-a_vJKgLy9P9caWfDpg>
Subject: Re: [pkix] Managing Long-Lived CA certs
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 15:41:42 -0000

Hi Max,

 

Would adding an optional key usage component after the extension mark solve the issue?

 

Regards,

 

Erik

 

Fra: pkix [mailto:pkix-bounces@ietf.org] På vegne af Dr. Pala
Sendt: 17 July 2017 17:17
Til: pkix@ietf.org
Emne: Re: [pkix] Managing Long-Lived CA certs

 

Hi Eric,

thanks, however this does not solve the issue I am trying to address - it would be great if we would have it scoped. For example (not aiming at correctness here.. :D):

privateKeyUsageTypes ::= CHOICE {
   anyPurpose,
   certificateSigning,
   ... 
}
scopedPrivateKeyUsagePeriod ::= SEQUENCE {
   scope           privateKeyUsageTypes,
   notBefore   [0] GeneralizedTime OPTIONAL,
   notAfter    [1] GeneralizedTime OPTIONAL
}
 
privateKeyUsageRestrictions ::= SET OF scopedPrivateKeyUsagePeriod
 

Of course, this is just an example :-D

Cheers,
Max

On 7/17/17 5:04 PM, Erik Andersen wrote:

Hi Massimiliano,

 

What about the private key usage period extension. It was clarified in the latest edition of X.509:

 


9.2.2.5     Private key usage period extension


This extension indicates the period of use of the private key corresponding to the certified public key. It is applicable only for private key used for creating digital signatures. This extension is defined as follows:

 

privateKeyUsagePeriod EXTENSION ::= {

  SYNTAX         PrivateKeyUsagePeriod

  IDENTIFIED BY  id-ce-privateKeyUsagePeriod }

 

PrivateKeyUsagePeriod ::= SEQUENCE {

  notBefore  [0]  GeneralizedTime OPTIONAL,

  notAfter   [1]  GeneralizedTime OPTIONAL,

  ... }

  (WITH COMPONENTS {..., notBefore  PRESENT } |

   WITH COMPONENTS {..., notAfter   PRESENT } )

The notBefore component indicates the earliest date and time at which the private key may be used for signing. If the notBefore component is not present, then no information is provided as to when the period of valid use of the private key commences beyond that specified in the validity component of the public-key certificate. The notAfter component indicates the latest date and time at which the private key may be used for signing. If the notAfter component is not present then no information is provided as to when the period of valid use of the private key concludes beyond that specified in the validity component of the public-key certificate.

This extension shall always be flagged as non-critical.

NOTE 1 – The period of valid use of the private key may be different from the certified validity of the public key as indicated by the public-key certificate validity period. The usage period for the private key used for signing is typically shorter than that for the public key used for verifying the signature.

NOTE  2 – The period of use of the private key corresponding to a public key can only be enforced if both the private key and the corresponding public-key certificate are placed in a tamper-resistant hardware module that contains a reliable clock synchronized with UTC. When this is not the case, a signer may avoid using a signing private key up to the very end of the validity period of the public-key certificate. This is one possible use of this extension.

NOTE 3 – In general, this Specification does not associate any semantic with this extension. Any particular use of this extension will have to specify the semantic associated with that usage.

 

 

Fra: pkix [mailto:pkix-bounces@ietf.org] På vegne af Dr. Pala
Sendt: 17 July 2017 16:20
Til: pkix@ietf.org <mailto:pkix@ietf.org> 
Emne: [pkix] Managing Long-Lived CA certs

 

Hi PKIX,

I have a small question for the list regarding long-lived CA certificates. Especially in the context of device certificates, we often see the use of extra long-lived certificates for Root and Sub CAs (e.g., 35+ years) combined with limited key sizes (e.g., p256).

Until we have a supported mechanism for reprovisioning devices (...), one possible solution for limiting the exposure of the private key would be to have a scoped certificate issuance period.

What I am thinking about would be adding an extension that says: "This CA can issue certificates from up to 5 years from the validFrom, after this, just use it to provide revocation information". This might provide some protection in case the CA key is compromised after the initial 5 years of validity (e.g., certificates issued after that date shall be rejected).

Does such extension exists today ? If not, could this be some work for LAMPS/SPASM WG ?

Cheers,
Max

-- 

Best Regards, 

Massimiliano Pala, Ph.D.
OpenCA Labs Director








_______________________________________________
pkix mailing list
pkix@ietf.org <mailto:pkix@ietf.org> 
https://www.ietf.org/mailman/listinfo/pkix