IETF Logo Mail Archive

Re: [pkix] An alternative proposal Was: Fwd: New Version Notification for draft-hamilton-cmr-00.txt

"Miller, Timothy J." <tmiller@mitre.org> Thu, 03 November 2011 12:23 UTC

Return-Path: <tmiller@mitre.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0DD41F0C5F for <pkix@ietfa.amsl.com>; Thu, 3 Nov 2011 05:23:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cS7nBcRQVS5Q for <pkix@ietfa.amsl.com>; Thu, 3 Nov 2011 05:23:12 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id B6F951F0C61 for <pkix@ietf.org>; Thu, 3 Nov 2011 05:23:12 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 602BD21B091A; Thu, 3 Nov 2011 08:23:10 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org [129.83.29.78]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 536F921B048B; Thu, 3 Nov 2011 08:23:10 -0400 (EDT)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.57]) by IMCCAS01.MITRE.ORG ([129.83.29.78]) with mapi id 14.01.0339.001; Thu, 3 Nov 2011 08:23:09 -0400
From: "Miller, Timothy J." <tmiller@mitre.org>
To: Phillip Hallam-Baker <hallam@gmail.com>
Thread-Topic: [pkix] An alternative proposal Was: Fwd: New Version Notification for draft-hamilton-cmr-00.txt
Thread-Index: AQHMmOR+3o6yhaO2SES0DD1Qj9f8npWZbmMAgAEZQACAAHyAAA==
Date: Thu, 03 Nov 2011 12:23:09 +0000
Message-ID: <CAD7ED0F.1FBF%tmiller@mitre.org>
In-Reply-To: <CAMm+Lwi4eQkk8FdTNZr8fojNCK62GN_n8opOCbgQX6V3PZztLQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.13.0.110805
x-originating-ip: [172.31.62.101]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <50388300CC4B0E4993A0437BD2FF039E@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "pkix@ietf.org" <pkix@ietf.org>
Subject: Re: [pkix] An alternative proposal Was: Fwd: New Version Notification for draft-hamilton-cmr-00.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2011 12:23:14 -0000

So let me summarize the problem(s) that I think you're trying to address:

1. A CA is defrauded and issues certificates (e.g. Verisign, 2001).

2. A CA is compromised and issues certificates (e.g. DigiNotar et.al.,
2011).

3. A Subscriber certificate fraudulently claims to be issued from a CA
where it was not, in fact, issued.

In (1), blacklisting the issued certificates works; whitelisting gains you
nothing.  When the fraud is detected, the certificates are revoked, the
CRL works its way through the infrastructure, and eventually no-one trusts
the fraudulent certificates.  Whitelisting is ineffective because the
fraudulent certificates *are on the whitelist* (at least until they are
discovered, at which point they move to the blacklist).

In (2), neither blacklisting nor whitelisting the issued certificates is
effective because the CA is authoritative for the both.  A malicious
trusted user of the CA can remove revoked certificates from the CRL, and
can insert certificate records into the database.  The only effective
response in this case is to blacklist the CA, which invalidates anything
that CA has issued.

In (3), the fraud should be detected by certificate path discovery.  The
claimed issuer won't be in the discovered path, and the whitelist is never
referenced.  What they relying party does with this information is their
own decision.

CRLs may be insufficient in some cases; e.g., the Verisign incident
involved code signing certificates which for good or ill have a special
validation logic, and a general lack of CRL checking meant that DigiNotar
CA revocation weren't being honored.  However, the 'fix' for both cases
was just another form of blacklisting (e.g., see "Untrusted Certificates"
in any Windows CAPI instance).

Finally, we know with CRLs that too many relying parties simply ignore
them.  Why would whitelists (CVLs?  NegaCRLs?) be any different?  What
compels a relying party to check a whitelist when it currently doesn't
check a blacklist?

And on a personal note, I'm not trying to 'veto' anything.  IETF doesn't
work that way.  I'm just trying to understand what the goal is and give my
opinion.

-- T

v2.23.0 | Report a Bug | By Email