IETF Logo Mail Archive

Re: [pkix] An alternative proposal Was: Fwd: New Version Notification for draft-hamilton-cmr-00.txt

"Miller, Timothy J." <tmiller@mitre.org> Thu, 03 November 2011 18:57 UTC

Return-Path: <tmiller@mitre.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 353F611E80F0 for <pkix@ietfa.amsl.com>; Thu, 3 Nov 2011 11:57:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h9P9G4r0afWQ for <pkix@ietfa.amsl.com>; Thu, 3 Nov 2011 11:57:41 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 5F07811E80DA for <pkix@ietf.org>; Thu, 3 Nov 2011 11:57:41 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id B362321B1079; Thu, 3 Nov 2011 14:57:40 -0400 (EDT)
Received: from IMCCAS02.MITRE.ORG (imccas02.mitre.org [129.83.29.79]) by smtpksrv1.mitre.org (Postfix) with ESMTP id A0F0421B0982; Thu, 3 Nov 2011 14:57:40 -0400 (EDT)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.57]) by IMCCAS02.MITRE.ORG ([129.83.29.79]) with mapi id 14.01.0339.001; Thu, 3 Nov 2011 14:57:40 -0400
From: "Miller, Timothy J." <tmiller@mitre.org>
To: Rob Stradling <rob.stradling@comodo.com>, "pkix@ietf.org" <pkix@ietf.org>
Thread-Topic: [pkix] An alternative proposal Was: Fwd: New Version Notification for draft-hamilton-cmr-00.txt
Thread-Index: AQHMmOR+3o6yhaO2SES0DD1Qj9f8npWZbmMAgADWC4CAALnHAIAAXdcA//+xnYCAAFepAIAADQmA
Date: Thu, 03 Nov 2011 18:57:40 +0000
Message-ID: <CAD84AD8.2055%tmiller@mitre.org>
In-Reply-To: <201111031311.00428.rob.stradling@comodo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.13.0.110805
x-originating-ip: [172.31.60.130]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <A42DD1C78512BC4B9B09A9CDC545955F@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [pkix] An alternative proposal Was: Fwd: New Version Notification for draft-hamilton-cmr-00.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2011 18:57:42 -0000

On 11/3/11 8:10 AM, "Rob Stradling" <rob.stradling@comodo.com> wrote:

>On Thursday 03 Nov 2011 12:57:14 Miller, Timothy J. wrote:
>> On 11/3/11 7:37 AM, "Phillip Hallam-Baker" <hallam@gmail.com> wrote:
>>>In the DigiNotar case, whitelisting could have allowed the issue to be
>> >detected much earlier.
>> 
>> Ok, how?  Give me a scenario.
>
>http://isc.sans.edu/diary.html?storyid=11512
>
>"Some of the CA servers have had parts of their logs deleted, leading to
>DigiNotar not knowing what certificates were issued."
>
>"The OCSP server's working at DigiNotar has been reversed since Sept 1st.
>Normally these servers respond with good to all certificates except those
>on 
>the CRL (a blacklist). The OCSP now operates in whitelist mode: it will
>call 
>all unknown certificates signed by DigiNotar as revoked (a whitelist).
>Hence we need to make sure to use the OCSP server to validate DigiNotar
>certificates -should we want/need to- and not rely on the published CRLs
>anymore."

This is a valid *response* strategy in the DigiNotar case because of the
specifics of the attack; switching DigiNotar's responder to whitelisting
essentially functions as a bulk revocation of everything but certs issued
prior to the compromise (which are assumed valid) without having to
positively identify those certs individually.  This is necessary because
the corrupted CA data meant that the attacker-issued certs simply can't be
identified; even given external data with which to validate an issuance,
the issuance data is missing, so revocation simply can't be done.

However, from a *pre-attack detection* standpoint, I don't see how
whitelisting helps.  The attacker corrupted the CA data for unknown
reasons; indeed, he may simply have been erasing record of the intrusion,
and cast too wide a net.  A more careful attacker may not do this, in
which case whitelisting doesn't yield a benefit as the attacker-issued
certs *are on the whitelist*.  Further, whitelisting would not be
necessary as a response in cases where the CA data is preserved because
the data to support revocation is available, as we see in Comodo's case. I
won't dispute that it may still be convenient.

What's most telling to me in the DigiNotar case is that whitelisting was
accomplished with no change to the standard or client implementation;
DigiNotar simply altered the behavior of the responder.  This tells me
that a whitelisting feature of the protocol simply isn't needed.  If you
want to run your responder as a whitelist you already have everything you
need, just plop a statement or two in your CP and/or CPS and get on with
it.

-- T

v2.23.0 | Report a Bug | By Email