IETF Logo Mail Archive

Re: [pkix] Next edition of X.509

Peter Bowen <pzbowen@gmail.com> Sat, 23 January 2016 17:40 UTC

Return-Path: <pzbowen@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F12931B2C7D for <pkix@ietfa.amsl.com>; Sat, 23 Jan 2016 09:40:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kb8s9KOHLobc for <pkix@ietfa.amsl.com>; Sat, 23 Jan 2016 09:40:14 -0800 (PST)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D71C1B2A0D for <pkix@ietf.org>; Sat, 23 Jan 2016 09:40:14 -0800 (PST)
Received: by mail-pf0-x234.google.com with SMTP id e65so59284257pfe.0 for <pkix@ietf.org>; Sat, 23 Jan 2016 09:40:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1p+57zQkaSBCyyOAnDtrAONpEZEJ6JHvnbQ/JyfyWYs=; b=1Ipa6+zsmLy/ACFnllvTt2NtoU5oqMEF1xheMHD/+O/+2cMl/tc8KWMMRL5o+uiZLU 5zi6PQy+jlAQ/+4JkxAASsTPEtcxONibzCeDCxMnzUH7ZSEbZRgQu4K5JZJrxEqnWj02 ahwvbuoROX8aqHbt1LLAyhqeWhXWLUAinzetmrDhUYjcYC3qQjKeWSojc1MlaW3Hc/M/ F1vxts5pC7ipjNuQP0mKPFsDFnkttWrkGEltil8ckLnvyeJ0aLVV07qB1ZTZt5fenIxK BB0JJ1DGPoOyoZI0HHV1cYDUvnYiYz2l2DCxdB4FfNFT5KTyztMU/TtMaiW5NQxBoGHN 08Bw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=1p+57zQkaSBCyyOAnDtrAONpEZEJ6JHvnbQ/JyfyWYs=; b=Voxh+S12vRPna5htwF9mDLWT8o8AFv9gNMrA1uish5FifRmsZlP4e3rU9lc0SuD+xF oHz4D0yLHi3qFjXIKQ2Crs+LLoVSY0r18whbMzNTy+xN+9pUAQAOnlprm417wOFKLbBr WIZOHL1eqMTm+3Rj70Lc5O49DwJogKgypKC7uCETU7N04tDwpPkFk7qkUar6t2Qh5bS0 S9UhxemneV41ADYJ9yoh3b7xw0v1D+0xpStZ69R9Epvos3gUQooaS+4ZIYVEq7PDHwIp ODxbW7xCO1oASH0olT2GoAsM+LLaZgMUNXyk8RsoX4pxsVTo+P8Xs4ah/RPj6F5HQZD/ LsHA==
X-Gm-Message-State: AG10YOTQkqT0VKFy6ZuHqh5iPwVPLagfrN4dE2quMjNv6K0OZMTe7Y19KH3mRpkOYaBKTSueHfM/k257fx2uYQ==
MIME-Version: 1.0
X-Received: by 10.98.68.152 with SMTP id m24mr13435368pfi.78.1453570813734; Sat, 23 Jan 2016 09:40:13 -0800 (PST)
Received: by 10.66.142.193 with HTTP; Sat, 23 Jan 2016 09:40:13 -0800 (PST)
In-Reply-To: <56A3B913.3030506@comcast.net>
References: <000001d130da$b05884d0$11098e70$@x500.eu> <5665633F.7070906@cs.tcd.ie> <000401d130e3$bdf08120$39d18360$@x500.eu> <CAK6vND_=4it-HdN=igWeSsb9Qx2LjastBaJCa-TpObaBuYjNXQ@mail.gmail.com> <000001d155c7$98b64530$ca22cf90$@x500.eu> <CAK6vND8AEeW0iF85guerFa-oj==MMMSLdU7fArBihQkGWmxhTw@mail.gmail.com> <56A3B913.3030506@comcast.net>
Date: Sat, 23 Jan 2016 09:40:13 -0800
Message-ID: <CAK6vND-Fs=SiFTUJmtXsKPNgenwBFCEb=4oVxQ8zxdG4kttOjA@mail.gmail.com>
From: Peter Bowen <pzbowen@gmail.com>
To: Michael StJohns <mstjohns@comcast.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/HeqXsZBCmAr-p2_xhiNnMKtJtGg>
Cc: "<pkix@ietf.org>" <pkix@ietf.org>
Subject: Re: [pkix] Next edition of X.509
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jan 2016 17:40:17 -0000

On Sat, Jan 23, 2016 at 9:32 AM, Michael StJohns <mstjohns@comcast.net> wrote:
> On 1/23/2016 7:44 AM, Peter Bowen wrote:
>>
>> In 8.2.2.4, replace the first sentence with:
>>
>> The presence of this extension in an end-entity certificate indicates
>> one or more purposes for which the certified public key may be used,
>> in addition to, or in place of the basic purposes indicated in the key
>> usage extension field. The presence of this extension in a certificate
>> issued by one CA to another CA constrains the key purposes in
>> subsequent certificates in a certification path.
>>
>> If there is support for this addition, then additions will also be
>> needed in section 10 to include key purposes in the input, output, and
>> processing.
>>
>> Thanks,
>> Peter
>
>
> As a general concept, backwards compatibility is a good idea.  As is having
> end systems all get the same results when presented with the same data.   I
> don't think the above approach accomplishes this.

I probably should have pointed out that I'm not trying to dream up
something new here.  Microsoft, OpenSSL, and Mozilla all have
implemented this and are compatible with each other's certificate path
processing libraries, at least in this respect.  As I understand it,
this use of the EKU extension has been widely deployed for more than a
decade.  However it is not clear that anyone has ever proposed it to
be included as part of the X.509 standard.

The lack of standardization or recognition in X.509 and PKIX has led
to many disagreements over whether it is valid.  My hope is that this
revision of X.509 might be able to at least clarify that it is not
invalid to use EKU in the manner that it is currently used by these
systems.

> Instead of overloading the current meaning of ExtendedKeyUsage, I would
> strongly recommend creating another extension, new OID with similar syntax,
> but the new semantics.  This also gives you the opportunity to turn on the
> "critical" bit (maybe "bits" if you have some extended usages that you care
> about always and others that you don't).
>
> Alternately (and possibly the best choice), place the OIDs in the
> CertificatePolicy extension as constraints on the key usage bits. You can
> use the same EKU oids, but their presence in the certificate policy then
> becomes a constraint on subordinate certificates and you can describe
> exactly how that works. (See my post script for a couple of ways of doing
> this).
>
> In your above comment I would avoid the language "in addition to, or in
> place of" and use one or the other.   If you leave the language in, then you
> need additional language which describes how to determine which rules in the
> situation where the ExtendedKeyUsage meanings are disjoint with the KeyUsage
> meanings.  (E.g. "If there is an ExtendedKeyUsage purpose that would
> normally imply a required KeyUsage bit (for example a
> "SignSpecialValidationCACertificate" implies that the "keyCertSign" bit
> should be on), but that bit is not set, then the relying party shall
> consider the certificate signing of all but certificates with a profile
> consistent with the extended key usage OID invalid).
>
> If it takes a human (as opposed to a computer) to understand - consistently
> - what's meant by what's included in the certificate, then we're not doing
> it right.  Figuring out whether the relying party needs to do an "OR" ("or
> in place of") or an "AND" ("in addition to") between KeyUsage bits and
> ExtendedKeyUsage OIDs meanings (or some combination thereof) is already
> painful.
>
>
> Mike
>
>
> ps -
> Possibility 1 (not exactly how Policies are supposed to work, but): Grab  a
> new oid and call it id-ce-extended-keyusage-policy.   Stick the
> ExtendedKeyUsage values as "PolicyQualifierInfo.policyQualifierId"s.  Have
> the PolicyQualifierInfo.qualifier be an ENUM of { allowed, required,
> prohibited }.  Define a specific algorithm for determining acceptance.
>
> Possibility 2: Each EKU OID becomes a new policy.  Add a policyQualifierId
> of id-qt-acceptance-enum with a qualifier as above {allowed, required,
> prohibited}.  Each EKU OID has one policy qualifier info of this type.  This
> is probably cleaner as it requires each subordinate certificate to have a
> specific EKU expression for each EKU policy in the parent.
>
>
>
>
>
>
>>
>> On Sat, Jan 23, 2016 at 2:19 AM, Erik Andersen <era@x500.eu> wrote:
>>>
>>> Hi Peter,
>>>
>>> I would like to explore whether there is support for such an addition to
>>> X.509. Could I have your comments please?
>>>
>>> Regards,
>>>
>>> Erik
>>>
>>> -----Oprindelig meddelelse-----
>>> Fra: Peter Bowen [mailto:pzbowen@gmail.com]
>>> Sendt: 23 January 2016 02:50
>>> Til: Erik Andersen <era@x500.eu>
>>> Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>; Directory list
>>> <x500standard@freelists.org>; PKIX <pkix@ietf.org>; WG15@iectc57.org
>>> Emne: Re: [pkix] Next edition of X.509
>>>
>>> Erik,
>>>
>>> While I'm sure this is a contentious proposal, I would proposal that
>>> X.509 add language allowing usage of Extended Key Usage for constraints,
>>> joining certificate policies, name constraints, basic constraints, etc.
>>> Many widely deployed certificate path validation libraries already implement
>>> this even though it is unclear at best whether such is compliant with X.509
>>> (10/2012).
>>>
>>> Thanks,
>>> Peter
>>>
>>> On Mon, Dec 7, 2015 at 3:38 AM, Erik Andersen <era@x500.eu> wrote:
>>>>
>>>> Hi Stephen,
>>>>
>>>> I will collect any comment on any list. The goal is to get the best
>>>> technical specification.
>>>>
>>>> Regards,
>>>>
>>>> Erik
>>>>
>>>> -----Oprindelig meddelelse-----
>>>> Fra: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
>>>> Sendt: 07 December 2015 11:45
>>>> Til: Erik Andersen <era@x500.eu>; Directory list
>>>> <x500standard@freelists.org>; PKIX <pkix@ietf.org>
>>>> Cc: WG15@iectc57.org
>>>> Emne: Re: [pkix] Next edition of X.509
>>>>
>>>>
>>>> Thank you Erik! Do I understand correctly that comments from this list
>>>> that you get before February are useful and that sending comments to the
>>>> pkix list works well enough for you?
>>>>
>>>> If so, great, and I'd ask folks who care about RFC5280 or other PKIX
>>>> RFCs to please review this to check for any glitches that might affect
>>>> interop should new code be written based on the ISO doc. I'm sure
>>>> other comments are also welcome,
>>>>
>>>> Cheers,
>>>> S.
>>>>
>>>> On 07/12/15 10:33, Erik Andersen wrote:
>>>>>
>>>>> In preparation for the next edition of X.509 (the 2016 edition), I
>>>>> have forwarded to the ISO/IEC JTC1/SC6 two documents for three months
>>>>> ballots:
>>>>>
>>>>>
>>>>>
>>>>> These two documents may be found as:
>>>>>
>>>>>
>>>>>
>>>>> 1.
>>>>> http://www.x500standard.com/uploads/extensions/x509-pdam-amd2.pdf,
>>>>> which is the 3rd PDAM text for an amendment to X.509.
>>>>>
>>>>> 2.       http://www.x500standard.com/uploads/dtc/X509-Ed7-Cor2.pdf,
>>>>> which a
>>>>> second draft technical corrigendum. This technical corrigendum is
>>>>> based on a set of defects reports, which include the justification
>>>>> for the changes. The Defect reports may be found on
>>>>> http://www.x500standard.com/index.php?n=Ig.DefectReports.
>>>>>
>>>>>
>>>>>
>>>>> An early corrigendum has been approved within ISO and ITU-T and may
>>>>> be found
>>>>> as: http://www.x500standard.com/uploads/dtc/X509-Ed7-Cor1.pdf.
>>>>>
>>>>>
>>>>>
>>>>> These three documents together with the seventh edition will provide
>>>>> the input to the next edition of X.509. The different
>>>>> X.recommendations, including X.509, may be found at
>>>>> http://www.itu.int/rec/T-REC-X/e. This edition of X.509 is freely
>>>>> available in the PDF version.
>>>>>
>>>>>
>>>>>
>>>>> Those involved in  ISO/IEC JTC1/SC6 can, of course, submit ballot
>>>>> comments on the two documents out for ballot. Others, which may have
>>>>> comments on the these document, may post them on the lists and after
>>>>> consolidation and consensus, they may be issued as ITU-T comments.
>>>>>
>>>>>
>>>>>
>>>>> It is important to check whether any of the suggested changes affects
>>>>> running codes. If that is a case, it is a mistake.
>>>>>
>>>>>
>>>>>
>>>>> The intension behind the changes has been:
>>>>>
>>>>> 1.       A better separation between public-key certificates and
>>>>> attribute
>>>>> certificates.
>>>>>
>>>>> 2.       Use of a consistent terminology.
>>>>>
>>>>> 3.       Use of a consistent editing style in accordance with the ITU-T
>>>>> editing guidelines..
>>>>>
>>>>> 4.       A new PKI component called trust broker assists a relying
>>>>> party
>>>>> validating a public-key certificate is included.
>>>>>
>>>>> 5.       IEC TC57 WG15 has identified a requirement for a feature first
>>>>> called whitelist but now the term is authorization and validation
>>>>> list is used. A proposal for such a feature is included in the
>>>>> amendment.
>>>>>
>>>>> The main goal has been to position X.509 for new challenges, such
>>>>> smart grid security and security for Internet of Things with battery
>>>>> driven devices, very short messages (can we put a 257 octets
>>>>> signature on a few octets message?) , short reaction time
>>>>> requirements, many millions of entities, etc. This is all very
>>>>> different from Web-based  systems.
>>>>>
>>>>> Kind regards,
>>>>>
>>>>> Erik
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> pkix mailing list
>>>>> pkix@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/pkix
>>>>>
>>>> _______________________________________________
>>>> pkix mailing list
>>>> pkix@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/pkix
>>
>> _______________________________________________
>> pkix mailing list
>> pkix@ietf.org
>> https://www.ietf.org/mailman/listinfo/pkix
>
>
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email