Re: [pkix] I-D Action:draft-ietf-pkix-rfc3161-update-08.txt
Stefan Santesson <stefan@aaa-sec.com> Tue, 27 October 2009 12:32 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: pkix@core3.amsl.com
Delivered-To: pkix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B4D0228C199 for <pkix@core3.amsl.com>; Tue, 27 Oct 2009 05:32:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.252
X-Spam-Level:
X-Spam-Status: No, score=-0.252 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, J_CHICKENPOX_54=0.6, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w7tgTkuqT4Zw for <pkix@core3.amsl.com>; Tue, 27 Oct 2009 05:32:26 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.94.111]) by core3.amsl.com (Postfix) with ESMTP id 3CDEE28C187 for <pkix@ietf.org>; Tue, 27 Oct 2009 05:32:26 -0700 (PDT)
Received: from s19.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id AB5ED28A1DB for <pkix@ietf.org>; Tue, 27 Oct 2009 13:32:39 +0100 (CET)
Received: (qmail 92100 invoked from network); 27 Oct 2009 12:32:34 -0000
Received: from unknown (HELO [192.168.2.16]) (stefan@fiddler.nu@[85.101.133.83]) (envelope-sender <stefan@aaa-sec.com>) by s19.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <pkix@ietf.org>; 27 Oct 2009 12:32:34 -0000
User-Agent: Microsoft-Entourage/12.20.0.090605
Date: Tue, 27 Oct 2009 13:32:32 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: pkix <pkix@ietf.org>
Message-ID: <C70CA6F0.5A4A%stefan@aaa-sec.com>
Thread-Topic: [pkix] I-D Action:draft-ietf-pkix-rfc3161-update-08.txt
Thread-Index: AcpWNomV1Fds2po3pk6jN+GBWaw5tAAywRHx
In-Reply-To: <C70B5255.590F%stefan@aaa-sec.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3339495154_15967179"
Subject: Re: [pkix] I-D Action:draft-ietf-pkix-rfc3161-update-08.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2009 12:32:28 -0000
In absence of any objection I ask that the WGLC to be closed for this document with the conclusion that all raised issues has been addressed in draft 09. On the closure of the WGLC I suggest that this document is done in PKIX and ready for the IESG. /Stefan On 09-10-26 1:19 PM, "Stefan Santesson" <stefan@aaa-sec.com> wrote: > Denis, > > I have spoken with Nick and we can both live with this change. > > The new security considerations section would then read: > > This draft incorporates the security considerations of RFC 5035 > [ESSV2] with further explanations in this section. > > ESSCertID provides a means based on the SHA-1 hash algorithm for > identifying the certificate used to verify the signature on a time > stamp. The use of ESSCertIDv2 aims to enable implementers to comply > with policies that require phasing out all uses of the SHA-1 > algorithm. > > The update provided by this draft is motivated by reasons of > interoperability and migration to other hash algorithms rather than > mitigating new security issues. > > I will include this in the 09 draft and hope the rest of this list can agree > to this text. > > /Stefan > > > On 09-10-23 2:16 PM, "Denis Pinkas" <denis.pinkas@bull.net> wrote: > >> Stefan, >> >> I could agree with the "minimalist" text you propose by changing a single >> word in it. >> >> Change "known" into "new". >> >> Then, the last paragraph would become: >> >> The update provided by this draft is motivated by reasons of >> interoperability and migration to other hash algorithms rather than >> mitigating new security issues. >> >> Can you live with it ? >> >> Denis >> >> ----- Message reçu ----- >>> >>> De : pkix-bounces <mailto :pkix-bounces@ietf.org> >>> >>> À : Julien Stern,pkix <mailto :julien.stern@cryptolog.com,pkix@ietf.org> >>> >>> Date : 2009-10-23, 11:58:02 >>> >>> Sujet : Re: [pkix] I-D Action:draft-ietf-pkix-rfc3161-update-08.txt >>> >>> >>> >>> >>> >>> >>> Julien, >>> >>> The body of this draft has been done and agreed upon for quite some time >>> now. The document is hold back only because we have not manage to agree on >>> one security considerations section. >>> >>> Removing the security considerations section is not an option. All RFC >>> documents must have one. >>> >>> We are NOT trying to say that ESSCertID serves no security purpose. >>> The original security considerations section was trying to say that the >>> motivation for allow algorithm agility (through ESSCertIDv2) is to allow >>> migration to other hash algorithm rather than reasons of security. >>> >>> This approach did however receive serious pushback from Denis. We have >>> since >>> then tried to find a text that is both acceptable and accurate. So far >>> unsuccessfully. >>> >>> In the effort to describe the particular threat that a stronger hash would >>> protect against, it turns out that this threat requires a malicious trusted >>> CA. This is however something that breaks the fundamental security >>> assumptions of PKI. If you trust a bad CA, you are smoked.. No matter how >>> good your protocol is. As BCP 72 requires us to tell (in the security >>> considerations) what threats are in, or out, of scope of the specified >>> protocol. Thus, describing this threat also requires us to tell the reader >>> that threats caused by a trusted malicious CA in general are out of scope >>> for a protocol to solve. >>> >>> Failing to do so may cause a reader to believe that he needs to migrate to >>> ESSCertIDv2 to avoid serious security threats. This is not a desired >>> outcome >>> and could cause both confusion and interoperability issues trough premature >>> and unmotivated migrations to ESSCertIDv2. >>> >>> You are free to propose text here that meets the requirements of BCP 72 >>> section 5. >>> >>> I personally would be happy with a short note saying what we originally >>> wanted to say.. That is: >>> >>> >>> This draft incorporates the security considerations of RFC 5035 >>> [ESSV2] with further explanations in this section. >>> >>> ESSCertID provides a means based on the SHA-1 hash algorithm for >>> identifying the certificate used to verify the signature on a time >>> stamp. The use of ESSCertIDv2 aims to enable implementers to comply >>> with policies that require phasing out all uses of the SHA-1 >>> algorithm. >>> >>> The update provided by this draft is motivated by reasons of >>> interoperability and migration to other hash algorithms rather than >>> mitigating known security issues. >>> >>> >>> .... And delete the rest. >>> >>> /Stefan >>> >>> >>> >>> On 09-10-22 5:14 PM, "Julien Stern" <julien.stern@cryptolog.com <mailto: >>> julien.stern@cryptolog.com> > wrote: >>> >>>> > Internet-Drafts@ietf.org <mailto: Internet-Drafts@ietf.org> wrote: >>>>> >> A New Internet-Draft is available from the on-line Internet-Drafts >>>>> >> directories. >>>>> >> This draft is a work item of the Public-Key Infrastructure (X.509) >>>>> Working >>>>> >> Group of the IETF. >>>>> >> >>>>> >> >>>>> >> Title : ESSCertIDv2 update for RFC 3161 >>>>> >> Author(s) : S. Santesson, N. Pope >>>>> >> Filename : draft-ietf-pkix-rfc3161-update-08.txt >>>>> >> Pages : 8 >>>>> >> Date : 2009-10-14 >>>> > >>>> > >>>> > Dear all, >>>> > >>>> > Sorry for jumping in late in the discussion. >>>> > >>>> > I disagree with the current proposed addition to the security >>>> > considerations section. >>>> > >>>> > In the various email exchanges on this list as well as on the ESTI ESI >>>> > list, it appears that what is currently under debate is whether the >>>> > ESSCertID is useful from a security standpoint. So people are trying to >>>> > argue about the feasability or the infeasability, as well as the >>>> > practicality and the real-life impact of various certificate >>>> > substitution attacks. >>>> > >>>> > I do not think that this is the point. The point of this update is to >>>> > allow the usage of the ESSCertID v2 (defined in RFC 5035) instead of the >>>> > ESSCertID v1. >>>> > >>>> > I do not think that adding a security consideration that is essentially >>>> > saying "oh, by the way, ESSCertID v2 is essentially useless >>>> > security-wise" when it is meant to be used in S/MIME, PKIX (3161, 5126), >>>> > CAdES, XAdES, PAdES, ECOM, etc fits in such an update. I'm not sure >>>> > either that such an update reflects the largest view of the community... >>>> > >>>> > People are free to believe that ESSCertID (v1 or v2) serves no security >>>> > purpose. Others are free to believe otherwise. >>>> > >>>> > But if the authors truly believe that the ONLY possible attack scenario >>>> > is the one roughly described in the security consideration section, then >>>> > let them prove it. Otherwise, remove the security consideration section. >>>> > (In my humble opinion, it is not correct anyway). >>>> > >>>> > Regards, >>>> > >>>> > -- >>>> > Julien >>>> > _______________________________________________ >>>> > pkix mailing list >>>> > pkix@ietf.org <mailto: pkix@ietf.org> >>>> > https://www.ietf.org/mailman/listinfo/pkix >>> >>> >>> _______________________________________________ >>> pkix mailing list >>> pkix@ietf.org <mailto: pkix@ietf.org> >>> https://www.ietf.org/mailman/listinfo/pkix >>> >> >> >> _______________________________________________ >> pkix mailing list >> pkix@ietf.org >> https://www.ietf.org/mailman/listinfo/pkix > > > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix
- [pkix] I-D Action:draft-ietf-pkix-rfc3161-update-… Internet-Drafts
- Re: [pkix] I-D Action:draft-ietf-pkix-rfc3161-upd… Julien Stern
- Re: [pkix] I-D Action:draft-ietf-pkix-rfc3161-upd… Dino Esposito
- Re: [pkix] I-D Action:draft-ietf-pkix-rfc3161-upd… Stefan Santesson
- Re: [pkix] I-D Action:draft-ietf-pkix-rfc3161-upd… Denis Pinkas
- Re: [pkix] I-D Action:draft-ietf-pkix-rfc3161-upd… Julien Stern
- Re: [pkix] I-D Action:draft-ietf-pkix-rfc3161-upd… Stefan Santesson
- Re: [pkix] I-D Action:draft-ietf-pkix-rfc3161-upd… Stefan Santesson