RE: Web-PKI Keygen/Certreq Questions
Pierre Heuze <Pierre.Heuze@CardBase.com> Sat, 01 November 2003 00:28 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA26533 for <pkix-archive@lists.ietf.org>; Fri, 31 Oct 2003 19:28:10 -0500 (EST)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VNTQkT012426 for <ietf-pkix-bks@above.proper.com>; Fri, 31 Oct 2003 15:29:26 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9VNTQTg012425 for ietf-pkix-bks; Fri, 31 Oct 2003 15:29:26 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail02.svc.cra.dublin.eircom.net (mail02.svc.cra.dublin.eircom.net [159.134.118.18]) by above.proper.com (8.12.10/8.12.8) with SMTP id h9VNTOkT012411 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 15:29:25 -0800 (PST) (envelope-from Pierre.Heuze@CardBase.com)
Received: (qmail 88997 messnum 279019 invoked from network[195.7.52.230/unknown]); 31 Oct 2003 23:29:21 -0000
Received: from unknown (HELO mailer.cardbase.com) (195.7.52.230) by mail02.svc.cra.dublin.eircom.net (qp 88997) with SMTP; 31 Oct 2003 23:29:21 -0000
Received: by mailer.cardbase.com with Internet Mail Service (5.5.2655.55) id <WADHR5L3>; Fri, 31 Oct 2003 23:29:40 -0000
Message-ID: <DF2205440160D511B877000255745FF24911B5@TMAIL>
From: Pierre Heuze <Pierre.Heuze@CardBase.com>
To: Stephen Kent <kent@bbn.com>, Jean-Marc Desperrier <jmdesp@free.fr>
Cc: ietf-pkix@imc.org
Subject: RE: Web-PKI Keygen/Certreq Questions
Date: Fri, 31 Oct 2003 23:29:29 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9VNTPkT012421
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit
Anders Rundgren wrote: >I cannot find any "compilation" of browser (on-line)-adapted mechanisms >for performing key generation or performing certificate requests. Indeed there isn't a de-facto reference for this, by now you must realize every PKI/Browser vendors have developed their ownn solution as mentionned already, but don't forget the many token/smart card providers who also have come-up with additional solutions. So it's the jungle out there, as any request in a search engine for "browser certificate request" or similar will show (cf Stephen's comment do some more homework.) Stephen Kent wrote: > both browsers have had facilities for generating an RSA key pair for > a user, and sending a cert request for years. Indeed, at least 1998 from my own experience, but surely someone will claim an earlier date. In practice, it is almost always based on free/liberal use of PKCS#10; which has raised many interop issues as you all know, to mention few (signature and extension format). Jean-Marc Desperrier wrote: >So, from the point of view of what should be put on a web page to get a >browser to generate a certificate request, there is no standard. >This can be considered not to be a valable item of concern for pkix thought. Indeed this topic is somewhat out of the scope of PKIX, but few things to consider: - Requesting a certificate is one of the most basic operation to be completed in the PKI world and browser based application have gained a large acceptance. So it is a valid concern. - Requesting a certificate is a somewhat complex operation, and the browser-based solution too often overlooked basic consideration for the sake of simplicity, the main drawbacks are: - No authentication, Proof of Possession (having the key pair) is often taken as valid authentication mechanism (sic). - No standard way to mandate what certificate profile should be used to fulfil the request - No control of the certificate life-cycle, each request are handled separately which doesn't cater well when certificate need to be renewed, or re-activated after suspension. The above points are in part covered by various PKIX message format, but to be honest they haven't gained acceptance (yet?) for browser based operations and if used they are highly not interoperable (i.e. to say the least no improvement on the interop side compare to using PKCS#10). So is it the case that one should refine the standard to restrict the use of existing messages to cover the above scenario as to achieve greater interoperability and hence acceptance? To me this seems to be a genuine item for the PKIX group. Pierre Heuzé http://www.cardbase.com -----Original Message----- From: Stephen Kent [mailto:kent@bbn.com] Sent: 31 October 2003 19:35 To: Jean-Marc Desperrier Cc: ietf-pkix@imc.org Subject: Re: Web-PKI Keygen/Certreq Questions At 19:15 +0100 10/31/03, Jean-Marc Desperrier wrote: >Stephen Kent wrote: > >>At 16:21 +0100 10/31/03, Anders Rundgren wrote: >> >>>I cannot find any "compilation" of browser (on-line)-adapted mechanisms >>>for performing key generation or performing certificate requests. >> >>yes, you are wrong. >> >>both browsers have had facilities for generating an RSA key pair >>for a user, and sending a cert request for years. > >Facilities is one thing, interoperability is another. I have not worked this problem recently, but in my experience developing three different CA products a few years ago, all were able to accept enrollment requests from both browsers, and all major providers of CA software did so as well. it was a necessary prerequisite for selling CA software. we now have 2 PKIX standards for enrollment protocols: CMP and CMC. if the browser vendors choose to support these, then we have interoperable solutions as well, but vendors must choose to make use of them. Steve CardBASE Technologies® Address: BIM House, Crofton Road, Dun Laoghaire, Co Dublin, Ireland PH: +353-1-2843233 FAX: +353-1-2843220 WEB: http://www.cardbase.com *********************************************************************** This e-mail and any attachment, contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e-mail or any attachments. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. This message has been swept for viruses by anti-virus software. *********************************************************************** Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VNTQkT012426 for <ietf-pkix-bks@above.proper.com>; Fri, 31 Oct 2003 15:29:26 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9VNTQTg012425 for ietf-pkix-bks; Fri, 31 Oct 2003 15:29:26 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail02.svc.cra.dublin.eircom.net (mail02.svc.cra.dublin.eircom.net [159.134.118.18]) by above.proper.com (8.12.10/8.12.8) with SMTP id h9VNTOkT012411 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 15:29:25 -0800 (PST) (envelope-from Pierre.Heuze@CardBase.com) Received: (qmail 88997 messnum 279019 invoked from network[195.7.52.230/unknown]); 31 Oct 2003 23:29:21 -0000 Received: from unknown (HELO mailer.cardbase.com) (195.7.52.230) by mail02.svc.cra.dublin.eircom.net (qp 88997) with SMTP; 31 Oct 2003 23:29:21 -0000 Received: by mailer.cardbase.com with Internet Mail Service (5.5.2655.55) id <WADHR5L3>; Fri, 31 Oct 2003 23:29:40 -0000 Message-ID: <DF2205440160D511B877000255745FF24911B5@TMAIL> From: Pierre Heuze <Pierre.Heuze@CardBase.com> To: Stephen Kent <kent@bbn.com>, Jean-Marc Desperrier <jmdesp@free.fr> Cc: ietf-pkix@imc.org Subject: RE: Web-PKI Keygen/Certreq Questions Date: Fri, 31 Oct 2003 23:29:29 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9VNTPkT012421 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Anders Rundgren wrote: >I cannot find any "compilation" of browser (on-line)-adapted mechanisms >for performing key generation or performing certificate requests. Indeed there isn't a de-facto reference for this, by now you must realize every PKI/Browser vendors have developed their ownn solution as mentionned already, but don't forget the many token/smart card providers who also have come-up with additional solutions. So it's the jungle out there, as any request in a search engine for "browser certificate request" or similar will show (cf Stephen's comment do some more homework.) Stephen Kent wrote: > both browsers have had facilities for generating an RSA key pair for > a user, and sending a cert request for years. Indeed, at least 1998 from my own experience, but surely someone will claim an earlier date. In practice, it is almost always based on free/liberal use of PKCS#10; which has raised many interop issues as you all know, to mention few (signature and extension format). Jean-Marc Desperrier wrote: >So, from the point of view of what should be put on a web page to get a >browser to generate a certificate request, there is no standard. >This can be considered not to be a valable item of concern for pkix thought. Indeed this topic is somewhat out of the scope of PKIX, but few things to consider: - Requesting a certificate is one of the most basic operation to be completed in the PKI world and browser based application have gained a large acceptance. So it is a valid concern. - Requesting a certificate is a somewhat complex operation, and the browser-based solution too often overlooked basic consideration for the sake of simplicity, the main drawbacks are: - No authentication, Proof of Possession (having the key pair) is often taken as valid authentication mechanism (sic). - No standard way to mandate what certificate profile should be used to fulfil the request - No control of the certificate life-cycle, each request are handled separately which doesn't cater well when certificate need to be renewed, or re-activated after suspension. The above points are in part covered by various PKIX message format, but to be honest they haven't gained acceptance (yet?) for browser based operations and if used they are highly not interoperable (i.e. to say the least no improvement on the interop side compare to using PKCS#10). So is it the case that one should refine the standard to restrict the use of existing messages to cover the above scenario as to achieve greater interoperability and hence acceptance? To me this seems to be a genuine item for the PKIX group. Pierre Heuzé http://www.cardbase.com -----Original Message----- From: Stephen Kent [mailto:kent@bbn.com] Sent: 31 October 2003 19:35 To: Jean-Marc Desperrier Cc: ietf-pkix@imc.org Subject: Re: Web-PKI Keygen/Certreq Questions At 19:15 +0100 10/31/03, Jean-Marc Desperrier wrote: >Stephen Kent wrote: > >>At 16:21 +0100 10/31/03, Anders Rundgren wrote: >> >>>I cannot find any "compilation" of browser (on-line)-adapted mechanisms >>>for performing key generation or performing certificate requests. >> >>yes, you are wrong. >> >>both browsers have had facilities for generating an RSA key pair >>for a user, and sending a cert request for years. > >Facilities is one thing, interoperability is another. I have not worked this problem recently, but in my experience developing three different CA products a few years ago, all were able to accept enrollment requests from both browsers, and all major providers of CA software did so as well. it was a necessary prerequisite for selling CA software. we now have 2 PKIX standards for enrollment protocols: CMP and CMC. if the browser vendors choose to support these, then we have interoperable solutions as well, but vendors must choose to make use of them. Steve CardBASE Technologies® Address: BIM House, Crofton Road, Dun Laoghaire, Co Dublin, Ireland PH: +353-1-2843233 FAX: +353-1-2843220 WEB: http://www.cardbase.com *********************************************************************** This e-mail and any attachment, contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e-mail or any attachments. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it. This message has been swept for viruses by anti-virus software. *********************************************************************** Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VLt0kT009824 for <ietf-pkix-bks@above.proper.com>; Fri, 31 Oct 2003 13:55:00 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9VLt0E1009822 for ietf-pkix-bks; Fri, 31 Oct 2003 13:55:00 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp4.hy.skanova.net (smtp4.hy.skanova.net [195.67.199.133]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VLsxkT009814 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 13:54:59 -0800 (PST) (envelope-from anders.rundgren@telia.com) Received: from arport (t9o913p29.telia.com [213.64.27.29]) by smtp4.hy.skanova.net (8.12.10/8.12.10) with SMTP id h9VLslnw018759; Fri, 31 Oct 2003 22:54:47 +0100 (CET) Message-ID: <003001c39ff9$2b78b570$1d1b40d5@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "Jean-Marc Desperrier" <jmdesp@free.fr>, "Stephen Kent" <kent@bbn.com> Cc: <ietf-pkix@imc.org> References: <00e101c39fc2$a59fa200$3a1b40d5@arport> <p06002003bbc83730f4f9@[128.89.89.75]> <3FA2A6BF.2040107@free.fr> <p0600200bbbc8676a42ac@[128.89.89.75]> Subject: Re: Web-PKI Keygen/Certreq Questions Date: Fri, 31 Oct 2003 22:51:40 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> >>Facilities is one thing, interoperability is another. Thanx Jean Marc! >I have not worked this problem recently, but in my experience >developing three different CA products a few years ago, all were able >to accept enrollment requests from both browsers, and all major >providers of CA software did so as well. it was a necessary >prerequisite for selling CA software. Sure, we all know that. But with mobile internet we get a set of new browsers and you must recognize them as well. Also, I do no think that the key-gen facilities are indentical and maybe, maybe these functions aren't even that fit for the purpose. Otherwise I don't see why most new implementation of serious Web-PKI bypass the whole thing. One limitation I'm almost sure of: You cannot generate multiple keys in one step. Other likely limitations include CA-control of password policy, and getting key container signatures (figuring out its "quality" and tying it to a "device") >we now have 2 PKIX standards for enrollment protocols: CMP and CMC. >if the browser vendors choose to support these, then we have >interoperable solutions as well, but vendors must choose to make use >of them. But none of these define a browser interface beyond MIME type which render these protocols incomplete (in this context nota bene). As far as I can see Web-PKI (pretty much all aspects of it), is in a really lousy shape and desperately needs a blood transfusion. Particularly as it will have a couple of billion users within five years or so. Anders Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VJdqkT003971 for <ietf-pkix-bks@above.proper.com>; Fri, 31 Oct 2003 11:39:52 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9VJdqfm003970 for ietf-pkix-bks; Fri, 31 Oct 2003 11:39:52 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VJdpkT003964 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 11:39:51 -0800 (PST) (envelope-from kent@bbn.com) Received: from [128.89.89.75] (dhcp89-089-075.bbn.com [128.89.89.75]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id h9VJdklo007502; Fri, 31 Oct 2003 14:39:46 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po2.bbn.com Message-Id: <p0600200bbbc8676a42ac@[128.89.89.75]> In-Reply-To: <3FA2A6BF.2040107@free.fr> References: <00e101c39fc2$a59fa200$3a1b40d5@arport> <p06002003bbc83730f4f9@[128.89.89.75]> <3FA2A6BF.2040107@free.fr> Date: Fri, 31 Oct 2003 14:34:38 -0500 To: Jean-Marc Desperrier <jmdesp@free.fr> From: Stephen Kent <kent@bbn.com> Subject: Re: Web-PKI Keygen/Certreq Questions Cc: ietf-pkix@imc.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 19:15 +0100 10/31/03, Jean-Marc Desperrier wrote: >Stephen Kent wrote: > >>At 16:21 +0100 10/31/03, Anders Rundgren wrote: >> >>>I cannot find any "compilation" of browser (on-line)-adapted mechanisms >>>for performing key generation or performing certificate requests. >> >>yes, you are wrong. >> >>both browsers have had facilities for generating an RSA key pair >>for a user, and sending a cert request for years. > >Facilities is one thing, interoperability is another. I have not worked this problem recently, but in my experience developing three different CA products a few years ago, all were able to accept enrollment requests from both browsers, and all major providers of CA software did so as well. it was a necessary prerequisite for selling CA software. we now have 2 PKIX standards for enrollment protocols: CMP and CMC. if the browser vendors choose to support these, then we have interoperable solutions as well, but vendors must choose to make use of them. Steve Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VIEvkT000997 for <ietf-pkix-bks@above.proper.com>; Fri, 31 Oct 2003 10:14:57 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9VIEvnS000996 for ietf-pkix-bks; Fri, 31 Oct 2003 10:14:57 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-ft2.fr.colt.net (smtp-ft2.fr.colt.net [213.41.78.26]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VIEtkT000990 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 10:14:55 -0800 (PST) (envelope-from jmdesp@free.fr) Received: from free.fr (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft2.fr.colt.net with ESMTP id h9VIEpD29861 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 19:14:51 +0100 Message-ID: <3FA2A6BF.2040107@free.fr> Date: Fri, 31 Oct 2003 19:15:27 +0100 From: Jean-Marc Desperrier <jmdesp@free.fr> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a) Gecko/20031004 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: Web-PKI Keygen/Certreq Questions References: <00e101c39fc2$a59fa200$3a1b40d5@arport> <p06002003bbc83730f4f9@[128.89.89.75]> In-Reply-To: <p06002003bbc83730f4f9@[128.89.89.75]> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Stephen Kent wrote: > At 16:21 +0100 10/31/03, Anders Rundgren wrote: > >> I cannot find any "compilation" of browser (on-line)-adapted mechanisms >> for performing key generation or performing certificate requests. > > yes, you are wrong. > > both browsers have had facilities for generating an RSA key pair for a > user, and sending a cert request for years. Facilities is one thing, interoperability is another. IE does fully rely on the page interacting with the proprietary xenroll to generate request. Some people that were unhappy with some aspect of the behaviours of xenroll have even developped their own solution. Netscape was using a propretary, little documented HTML tag to generate a request in the 4.x browser, KEYGEN. Newer Mozilla and Netscape continue to support this, but can also use a significantly less ugly javascript-based solution with a call to the *generateCRMFRequest*() function . So, from the point of view of what should be put on a web page to get a browser to generate a certificate request, there is no standard. This can be considered not to be a valable item of concern for pkix thought. Even the format of the request, which is much more of concern to pkix, is not fully standardised, because if IE was generating pkcs#10, the KEYGEN would create a netscape specific SPKAC format. As can be guessed from the name, newer Netscape can generate a CRMF format request. But I don't know if the idea of sending it raw without any CMC/CMP envelop makes it a very compatible solution. Newer xenroll can generate CMC format request. But it's not as standard-based as it may seem, because xenroll will always put a pkcs#10 inside, and never ever a crmf. This even if the request include functionnalities that require a CRMF based CMC request, like private key exportation for key recovery. There's probably few people outside of Microsoft who understand how the key is exported in this case, the solution used does not conform to any standard and has some platform specific elements. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VG4rkT096083 for <ietf-pkix-bks@above.proper.com>; Fri, 31 Oct 2003 08:04:53 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9VG4rvg096082 for ietf-pkix-bks; Fri, 31 Oct 2003 08:04:53 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VG4pkT096076 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 08:04:51 -0800 (PST) (envelope-from kent@bbn.com) Received: from [128.89.89.75] (dhcp89-089-075.bbn.com [128.89.89.75]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id h9VG4llo024065; Fri, 31 Oct 2003 11:04:47 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po2.bbn.com Message-Id: <p06002003bbc83730f4f9@[128.89.89.75]> In-Reply-To: <00e101c39fc2$a59fa200$3a1b40d5@arport> References: <00e101c39fc2$a59fa200$3a1b40d5@arport> Date: Fri, 31 Oct 2003 10:59:54 -0500 To: "Anders Rundgren" <anders.rundgren@telia.com> From: Stephen Kent <kent@bbn.com> Subject: Re: Web-PKI Keygen/Certreq Questions Cc: <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 16:21 +0100 10/31/03, Anders Rundgren wrote: >Dear List, > >After verifying that Web-signing is indeed both a much wanted >thing, as well as being in a miserable state standards-wise, I took >the liberty to check out another piece in the Web-PKI puzzle: > >I cannot find any "compilation" of browser (on-line)-adapted mechanisms >for performing key generation or performing certificate requests. >This may be due to a limited effort on my part, but I suspect this >is just another "black hole" with respect to interoperability. >Please tell me I'm wrong! yes, you are wrong. both browsers have had facilities for generating an RSA key pair for a user, and sending a cert request for years. do some more homework. Steve Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VFlCkT095346 for <ietf-pkix-bks@above.proper.com>; Fri, 31 Oct 2003 07:47:12 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9VFlCnc095345 for ietf-pkix-bks; Fri, 31 Oct 2003 07:47:12 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VFl9kT095338 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 07:47:10 -0800 (PST) (envelope-from tim.polk@nist.gov) Received: from krdp8.nist.gov (krdp8.ncsl.nist.gov [129.6.54.113]) by postmark.nist.gov (8.12.5/8.12.5) with ESMTP id h9VFkd0U018151 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 10:46:39 -0500 (EST) Message-Id: <5.1.0.14.2.20031031104422.02f6ce28@email.nist.gov> X-Sender: wpolk@email.nist.gov X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 31 Oct 2003 10:46:22 -0500 To: ietf-pkix@imc.org From: Tim Polk <tim.polk@nist.gov> Subject: Draft PKIX Agenda for 58th IETF Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Folks, I have appended a draft agenda. Okay, so I didn't meet my goal of Monday....sigh. As Peter Sylvester pointed out to me, *that's* why the U.S. Men can't win the World Cup. We keep missing the goal. That means I come by it honestly, right? Thanks! Tim [P.S. If I was true to form, I will have missed at least one agenda request in my mail box. If that is you, please let me know ASAP so I can correct it.] ------------------------------------------------------------------------------------------------------------ PKIX WG (pkix-wg) MONDAY, November 10, 2003 1530-1730 ================================= CHAIR Stephen Kent <kent@bbn.com>, Tim Polk <tim.polk@nist.gov> AGENDA 1. WG Status and Direction 1.1 Document Status Review [Tim Polk (NIST)] The working group has a number of Internet-Drafts. Many documents are with the ADs or in various stages of WG Last Call. Several others are ready for Last Call. (10 min.) 1.2 Proposed WG Milestones [Tim Polk (NIST)] The working group milestones are out of date. New milestones are needed; these milestones need to satisfy IESG direction for an orderly closeout of WG activities. (10 min.) 2. PKIX WG Specifications 2.1 Subject Identification Method [TBD] http//www.ietf.org/internet-drafts/draft-ietf-pkix-sim-01.txt The current SIM draft introduces a number of new parameters. While these parameters add additional complexity, they were required to satisfy the draft's security requirements. The presentation will focus on the security requirements and proposed solution. Open issues will also be identified. (10 min.) 2.2 LDAP Schemas, String Values, and more - David Chadwick (Univ of Salford) The WG has a suite of LDAP-PKIX drafts forming a comprehensive solution for LDAP based PKI information distribution. New drafts will be published soon after this meeting; the presenter will discuss changes that will appear in the new drafts. (15 min.) 2.3 Qualified Certificates Stefan Santesson http//www.ietf.org/internet-drafts/draft-ietf-pkix-sonof3039-02.txt Work on the QC document has continued in both PKIX and ETSI. At least one more draft is envisioned; this presentation will decsribe planned updates and propose a path for completion of the QC document. (10 min.) 2.4 Certification Path Building Peter Hesse (Orion Security) http//www.ietf.org/internet-drafts/draft-ietf-pkix-certpathbuild-01.txt This document was written to provide guidance and recommendations to developers building X.509 public-key certification paths within their applications. The next draft is aimed for WG Last Call; the presenter will discuss changes since -00 and additional changes projected for the forthcoming -02 draft. (10 min.) 2.5 Certstore HTTP Peter Gutmann http//www.ietf.org/internet-drafts/draft-ietf-pkix-certstore-http-05.txt This draft proposes new procedures for certificate retrieval from an HTTP based repository. Progression of this document would result in conflicting PKI protocols for HTTP-based repositories, and has not been able to progress. (5 min.) 2.6 OCSP Mike Myers (FastQ) http//www.ietf.org/internet-drafts/draft-ietf-pkix-certstore-http-05.txt A number of issues regarding OCSP have resurfaced on the mailing list. The presenter will summarize the issues from the mailing list and present a way forward. (5 min.) 3. Liaison/Related Projects The following specifications will update the WG on related activities. 3.1 OASIS PKI survey Steve Hanna (Sun) The OASIS Public Key Infrastructure Technical Committee conducted a web-based survey to identify the key barriers to PKI deployment and usage. The TC is currently developing an Action to address these barriers. The presentation will address the survey results and preview the action plan. (15 min.) 3.2 Path Validation Protection Profiles Tim Polk (NIST) NIST is currently performing the interoperability testing for RFC 3280. One aspect of that effort is the RFC 3280 path validation test suite developed jointly by NIST, DigitalNet, and NSA. To promote independnet testing based on the test suite, NIST has submitted protection profiles for path validation modules for NIAP validation. (10 min.) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VFOakT094594 for <ietf-pkix-bks@above.proper.com>; Fri, 31 Oct 2003 07:24:36 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9VFOZti094593 for ietf-pkix-bks; Fri, 31 Oct 2003 07:24:35 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp4.hy.skanova.net (smtp4.hy.skanova.net [195.67.199.133]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9VFOYkT094585 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 07:24:35 -0800 (PST) (envelope-from anders.rundgren@telia.com) Received: from arport (t12o913p45.telia.com [213.64.28.165]) by smtp4.hy.skanova.net (8.12.10/8.12.10) with SMTP id h9VFOUnw013874 for <ietf-pkix@imc.org>; Fri, 31 Oct 2003 16:24:31 +0100 (CET) Message-ID: <00e101c39fc2$a59fa200$3a1b40d5@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: <ietf-pkix@imc.org> Subject: Web-PKI Keygen/Certreq Questions Date: Fri, 31 Oct 2003 16:21:23 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Dear List, After verifying that Web-signing is indeed both a much wanted thing, as well as being in a miserable state standards-wise, I took the liberty to check out another piece in the Web-PKI puzzle: I cannot find any "compilation" of browser (on-line)-adapted mechanisms for performing key generation or performing certificate requests. This may be due to a limited effort on my part, but I suspect this is just another "black hole" with respect to interoperability. Please tell me I'm wrong! Looking at Microsoft's CertSrv for W2K, I found that IE and Navigator are supplied with very different code. IE seems to only rely on MSFT's proprietary "Xenroll" stuff, while Navigator uses a Netscape proprietary HTML tag called "KeyGen". Any comments or information on this subject? Sincerely Anders Rundgren Consultant, PKI & e-business PS This is indeed off-topic for PKIX but not for the "PKI community" which to some extent is represented in PKIX DS Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9V2aJkT098953 for <ietf-pkix-bks@above.proper.com>; Thu, 30 Oct 2003 18:36:19 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9V2aJAt098952 for ietf-pkix-bks; Thu, 30 Oct 2003 18:36:19 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from [63.202.92.152] (adsl-63-202-92-152.dsl.snfc21.pacbell.net [63.202.92.152]) (authenticated bits=0) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9V2aHkU098947 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 18:36:18 -0800 (PST) (envelope-from phoffman@imc.org) Mime-Version: 1.0 X-Sender: phoffman@mail.imc.org Message-Id: <p0600206ebbc779d9d3fe@[63.202.92.152]> In-Reply-To: <3FA1B4A8.90101@cablespeed.com> References: <007501c39f00$60446fa0$667f509c@hq.orionsec.com> <3FA1B4A8.90101@cablespeed.com> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report>. Date: Thu, 30 Oct 2003 18:36:40 -0800 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: Request change in son-of-rfc2633 Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 8:02 PM -0500 10/30/03, jim wrote: >After the KEYJACKING paper that was presented at the last PKI >Development Conference, I am not clear on the push for using SMIME >since we know that any transactions using SSL or VPN technologies >subject the key to being compromised. The paper talks about scenarios that compromise the entire PC, not just S/MIME. So you are saying "if the user can use client-side certs, you cannot trust anything on the PC ever again". That may be true, but it is irrelevant to the discussion of S/MIME and probably to PKIX as well. PCs are vulnerable. This doesn't mean we stop all development of things that run on PCs. (FWIW, the paper can be found at <http://www.cs.dartmouth.edu/~sws/papers/keyjack.pdf>.) --Paul Hoffman, Director --Internet Mail Consortium Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9V11rkT094977 for <ietf-pkix-bks@above.proper.com>; Thu, 30 Oct 2003 17:01:53 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9V11rXr094976 for ietf-pkix-bks; Thu, 30 Oct 2003 17:01:53 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp2.mivlmd.cablespeed.com (smtp2.mivlmd.cablespeed.com [24.35.0.19]) by above.proper.com (8.12.10/8.12.8) with SMTP id h9V11qkT094970 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 17:01:52 -0800 (PST) (envelope-from jimhei@cablespeed.com) Received: (qmail 31333 invoked by uid 0); 31 Oct 2003 01:00:54 -0000 Received: from unknown (HELO cablespeed.com) (24.35.57.71) by 0 with SMTP; 31 Oct 2003 01:00:54 -0000 Message-ID: <3FA1B4A8.90101@cablespeed.com> Date: Thu, 30 Oct 2003 20:02:32 -0500 From: jim <jimhei@cablespeed.com> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Santosh Chokhani <chokhani@orionsec.com> CC: ietf-pkix@imc.org Subject: Re: Request change in son-of-rfc2633 References: <007501c39f00$60446fa0$667f509c@hq.orionsec.com> Content-Type: multipart/alternative; boundary="------------040505080708010004040903" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --------------040505080708010004040903 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit After the KEYJACKING paper that was presented at the last PKI Development Conference, I am not clear on the push for using SMIME since we know that any transactions using SSL or VPN technologies subject the key to being compromised. Is there some new technology that I am not familiar with and has that been reviewed by the team from Dartmouth that presented the paper to see if it was truly better? Jim Heimberg, ABC, Ph.D. Santosh Chokhani wrote: >Tom: > >If the new Sub CA is rogue, name chaining will not help. The CA who now >uses the compromise key can always issue certificates to those RP and assert >its own name. > >If the new sub CA is not rogue and someone else compromised the original sub >CA key, that "someone else" can use the compromised key under the new CA >name to create bogus RPs. > >If everything is benign, the original CA was revoked and not compromised, >some one could provide a certification path: root .....--> new CA --> RP >under old CA. Without name chaining, this path could be validated and thus, >if the RP was compromised, that compromise can be exploited. But, this is >only if the two CAs benignly use the same key. > >-----Original Message----- >From: Tom Biskupic [mailto:Tom.Biskupic@baltimore.com] >Sent: Thursday, October 30, 2003 1:29 AM >To: 'Santosh Chokhani'; ietf-pkix@imc.org >Subject: RE: Request change in son-of-rfc2633 > > >Hello, > >Umm What about if you managed to have a Sub-CA certified using the >compromised key of another Sub CA? > >The other sub CA was revoked (for key compromise) and therefore all the >certificates it issued are dead but if RP applications ignore the >name-chaining, wouldn't this effectively re-activate those certificates? RPs >checking one of those dead certs (and ignoring name chaining) could use the >newly certified Sub CA to build a (well bogus) path and would accept that >path. > >Even POP won't save you as the entity applying to have the compromised CA >key re-certified may have the private key (as it was compromised). > >Some CAs will check that the same key is not issued to two entities (and >thus would refuse to re-certify the Sub CA with a different name) however do >you want to rely on it? > >Ok this is a bit theoretical... A Sub-CA being revoked for instance. > >Tom > > > >>-----Original Message----- >>From: Santosh Chokhani [mailto:chokhani@orionsec.com] >>Sent: Thursday, 30 October 2003 07:51 >>To: ietf-pkix@imc.org; ietf-smime@imc.org >>Subject: RE: Request change in son-of-rfc2633 >> >> >>Steve Hanna: >> >>I agree with you that both 3280 and X.509 require name chaining. >>However, the security implications and security importance of name >>chaining is overstated. >> >>For example, if signatures chain properly for the certificate and CRL >>and the relying party has appropriate means (e.g., e-mail >>address) to identify >>the subscriber, name chaining offers little in terms of security. >> >>My statement should be read purely in security (and NOT >>interoperability) >>context. >> >>-----Original Message----- >>From: owner-ietf-pkix@mail.imc.org >>[mailto:owner-ietf-pkix@mail.imc.org] >>On Behalf Of Steve Hanna >>Sent: Wednesday, October 29, 2003 9:58 AM >>To: Peter Gutmann >>Cc: ejnorman@doit.wisc.edu; ietf-pkix@imc.org; ietf-smime@imc.org >>Subject: Re: Request change in son-of-rfc2633 >> >> >>Anyone who "reads the PKIX tea leaves" and thinks that >>it's fine to skip name chaining checks in path validation needs to >>have their eyes checked. RFC 3280 says in many places that name >>chaining MUST be checked. >> >>In section 6.1: >> >> To meet this goal, the path validation process verifies, among other >>things, that a prospective certification path (a sequence of n >> certificates) satisfies the following conditions: >> >> (a) for all x in {1, ..., n-1}, the subject of certificate x is >> the issuer of certificate x+1; >> >>In section 6.1.3: >> >> (a) Verify the basic certificate information. The certificate MUST >>satisfy each of the following: >> >> [...] >> >> (4) The certificate issuer name is the working_issuer_name. >> >>In section 4.1.2.6: >> >> If the subject is a CA (e.g., the basic constraints extension, as >> discussed in 4.2.1.10, is present and the value of cA is TRUE), >>then >> the subject field MUST be populated with a non-empty distinguished >> name matching the contents of the issuer field (section 4.1.2.4) in >> all certificates issued by the subject CA. >> >>RFC 2459 and X.509 both agree with this. >> >>Whatever PKI topology you use, there's no need to break >>name chaining. I'm sure that some customers have created >>PKIs where name chaining doesn't hold, but that's an error >>on the customer's part. You can't just turn off critical security >>checks to keep them happy. What's next? Don't bother checking the >>signature on certificates. That takes too much time! >> >>If somebody has implemented path validation without name chaining >>checks, then they haven't implemented it according to IETF or X.509 >>standards. In fact, they may have opened themselves and their >>customers up to security >>holes and perhaps even legal liability. CAs have every right to expect >>that certificates will be validated according to standards. Users also >>have a reasonable expectation of this. If someone >>deliberately violates >>the standards in a way that opens up security holes, that sounds like >>gross negligence to me. >> >>This reminds me of Microsoft's decision to not check the Basic >>Constraints extension, treating every certificate as a CA certificate. >>This decision, presumably made in to please a customer, resulted in a >>HUGE security hole. >> >>I hope that Microsoft (and anyone else who has skipped required parts >>of the path validation algorithm for the sake of convenience) will see >>that security cannot be second to user convenience. If there's a >>serious problem with the specs, then let's fix them. But don't just >>bypass things because you find it convenient. >> >>Forgive me my rant. I'm just outraged that somebody would play fast >>and loose with security this way. >> >>Thanks, >> >>Steve >> >>Peter Gutmann wrote: >> >> >>>[Cross-posted back to S/MIME, where the thread started] >>> >>>Eric Norman <ejnorman@doit.wisc.edu> writes: >>> >>> >>> >>>>Is there a claim (#1 above) that you can have the DN in the subject >>>>of a parent's (signer's) certificate be different from (as in >>>>different bunch of >>>>bytes) the DN in the issuer of one of its offspring and >>>> >>>> >>yet the chain >>is >> >> >>>>still valid because the xKIDs match? >>>> >>>> >>>Sure, in a spaghetti PKI (I'm using that as a generic term for a PKI >>>that violates the original X.509 design, i.e. with re-parenting, >>>arbitrary cross- certification, etc etc where issuers no >>> >>> >>longer match >> >> >>>subjects). For example MS apparently implemented chaining >>> >>> >>by sKID in >> >> >>>Windows because of user demand for this when the users >>> >>> >>broke chaining >> >> >>>by issuer name through spaghetti PKI design practices, and various >>>other implementations no doubt do similar things, depending on how >>>they've read the PKIX tea leaves. >>> >>>Peter. >>> >>> > > > > > > --------------040505080708010004040903 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"> <title></title> </head> <body> After the KEYJACKING paper that was presented at the last PKI Development Conference, I am not clear on the push for using SMIME since we know that any transactions using SSL or VPN technologies subject the key to being compromised. Is there some new technology that I am not familiar with and has that been reviewed by the team from Dartmouth that presented the paper to see if it was truly better?<br> <br> Jim Heimberg, ABC, Ph.D.<br> <br> <br> Santosh Chokhani wrote:<br> <blockquote type="cite" cite="mid007501c39f00$60446fa0$667f509c@hq.orionsec.com"> <pre wrap="">Tom: If the new Sub CA is rogue, name chaining will not help. The CA who now uses the compromise key can always issue certificates to those RP and assert its own name. If the new sub CA is not rogue and someone else compromised the original sub CA key, that "someone else" can use the compromised key under the new CA name to create bogus RPs. If everything is benign, the original CA was revoked and not compromised, some one could provide a certification path: root .....--> new CA --> RP under old CA. Without name chaining, this path could be validated and thus, if the RP was compromised, that compromise can be exploited. But, this is only if the two CAs benignly use the same key. -----Original Message----- From: Tom Biskupic [<a class="moz-txt-link-freetext" href="mailto:Tom.Biskupic@baltimore.com">mailto:Tom.Biskupic@baltimore.com</a>] Sent: Thursday, October 30, 2003 1:29 AM To: 'Santosh Chokhani'; <a class="moz-txt-link-abbreviated" href="mailto:ietf-pkix@imc.org">ietf-pkix@imc.org</a> Subject: RE: Request change in son-of-rfc2633 Hello, Umm What about if you managed to have a Sub-CA certified using the compromised key of another Sub CA? The other sub CA was revoked (for key compromise) and therefore all the certificates it issued are dead but if RP applications ignore the name-chaining, wouldn't this effectively re-activate those certificates? RPs checking one of those dead certs (and ignoring name chaining) could use the newly certified Sub CA to build a (well bogus) path and would accept that path. Even POP won't save you as the entity applying to have the compromised CA key re-certified may have the private key (as it was compromised). Some CAs will check that the same key is not issued to two entities (and thus would refuse to re-certify the Sub CA with a different name) however do you want to rely on it? Ok this is a bit theoretical... A Sub-CA being revoked for instance. Tom </pre> <blockquote type="cite"> <pre wrap="">-----Original Message----- From: Santosh Chokhani [<a class="moz-txt-link-freetext" href="mailto:chokhani@orionsec.com">mailto:chokhani@orionsec.com</a>] Sent: Thursday, 30 October 2003 07:51 To: <a class="moz-txt-link-abbreviated" href="mailto:ietf-pkix@imc.org">ietf-pkix@imc.org</a>; <a class="moz-txt-link-abbreviated" href="mailto:ietf-smime@imc.org">ietf-smime@imc.org</a> Subject: RE: Request change in son-of-rfc2633 Steve Hanna: I agree with you that both 3280 and X.509 require name chaining. However, the security implications and security importance of name chaining is overstated. For example, if signatures chain properly for the certificate and CRL and the relying party has appropriate means (e.g., e-mail address) to identify the subscriber, name chaining offers little in terms of security. My statement should be read purely in security (and NOT interoperability) context. -----Original Message----- From: <a class="moz-txt-link-abbreviated" href="mailto:owner-ietf-pkix@mail.imc.org">owner-ietf-pkix@mail.imc.org</a> [<a class="moz-txt-link-freetext" href="mailto:owner-ietf-pkix@mail.imc.org">mailto:owner-ietf-pkix@mail.imc.org</a>] On Behalf Of Steve Hanna Sent: Wednesday, October 29, 2003 9:58 AM To: Peter Gutmann Cc: <a class="moz-txt-link-abbreviated" href="mailto:ejnorman@doit.wisc.edu">ejnorman@doit.wisc.edu</a>; <a class="moz-txt-link-abbreviated" href="mailto:ietf-pkix@imc.org">ietf-pkix@imc.org</a>; <a class="moz-txt-link-abbreviated" href="mailto:ietf-smime@imc.org">ietf-smime@imc.org</a> Subject: Re: Request change in son-of-rfc2633 Anyone who "reads the PKIX tea leaves" and thinks that it's fine to skip name chaining checks in path validation needs to have their eyes checked. RFC 3280 says in many places that name chaining MUST be checked. In section 6.1: To meet this goal, the path validation process verifies, among other things, that a prospective certification path (a sequence of n certificates) satisfies the following conditions: (a) for all x in {1, ..., n-1}, the subject of certificate x is the issuer of certificate x+1; In section 6.1.3: (a) Verify the basic certificate information. The certificate MUST satisfy each of the following: [...] (4) The certificate issuer name is the working_issuer_name. In section 4.1.2.6: If the subject is a CA (e.g., the basic constraints extension, as discussed in 4.2.1.10, is present and the value of cA is TRUE), then the subject field MUST be populated with a non-empty distinguished name matching the contents of the issuer field (section 4.1.2.4) in all certificates issued by the subject CA. RFC 2459 and X.509 both agree with this. Whatever PKI topology you use, there's no need to break name chaining. I'm sure that some customers have created PKIs where name chaining doesn't hold, but that's an error on the customer's part. You can't just turn off critical security checks to keep them happy. What's next? Don't bother checking the signature on certificates. That takes too much time! If somebody has implemented path validation without name chaining checks, then they haven't implemented it according to IETF or X.509 standards. In fact, they may have opened themselves and their customers up to security holes and perhaps even legal liability. CAs have every right to expect that certificates will be validated according to standards. Users also have a reasonable expectation of this. If someone deliberately violates the standards in a way that opens up security holes, that sounds like gross negligence to me. This reminds me of Microsoft's decision to not check the Basic Constraints extension, treating every certificate as a CA certificate. This decision, presumably made in to please a customer, resulted in a HUGE security hole. I hope that Microsoft (and anyone else who has skipped required parts of the path validation algorithm for the sake of convenience) will see that security cannot be second to user convenience. If there's a serious problem with the specs, then let's fix them. But don't just bypass things because you find it convenient. Forgive me my rant. I'm just outraged that somebody would play fast and loose with security this way. Thanks, Steve Peter Gutmann wrote: </pre> <blockquote type="cite"> <pre wrap="">[Cross-posted back to S/MIME, where the thread started] Eric Norman <a class="moz-txt-link-rfc2396E" href="mailto:ejnorman@doit.wisc.edu"><ejnorman@doit.wisc.edu></a> writes: </pre> <blockquote type="cite"> <pre wrap="">Is there a claim (#1 above) that you can have the DN in the subject of a parent's (signer's) certificate be different from (as in different bunch of bytes) the DN in the issuer of one of its offspring and </pre> </blockquote> </blockquote> <pre wrap="">yet the chain is </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">still valid because the xKIDs match? </pre> </blockquote> <pre wrap="">Sure, in a spaghetti PKI (I'm using that as a generic term for a PKI that violates the original X.509 design, i.e. with re-parenting, arbitrary cross- certification, etc etc where issuers no </pre> </blockquote> <pre wrap="">longer match </pre> <blockquote type="cite"> <pre wrap="">subjects). For example MS apparently implemented chaining </pre> </blockquote> <pre wrap="">by sKID in </pre> <blockquote type="cite"> <pre wrap="">Windows because of user demand for this when the users </pre> </blockquote> <pre wrap="">broke chaining </pre> <blockquote type="cite"> <pre wrap="">by issuer name through spaghetti PKI design practices, and various other implementations no doubt do similar things, depending on how they've read the PKIX tea leaves. Peter. </pre> </blockquote> </blockquote> <pre wrap=""><!----> </pre> </blockquote> <br> </body> </html> --------------040505080708010004040903-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9V050kT092454 for <ietf-pkix-bks@above.proper.com>; Thu, 30 Oct 2003 16:05:00 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9V05056092453 for ietf-pkix-bks; Thu, 30 Oct 2003 16:05:00 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from e5.ny.us.ibm.com (e5.ny.us.ibm.com [32.97.182.105]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9V04wkT092447 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 16:04:58 -0800 (PST) (envelope-from tgindin@us.ibm.com) Received: from northrelay04.pok.ibm.com (northrelay04.pok.ibm.com [9.56.224.206]) by e5.ny.us.ibm.com (8.12.10/8.12.2) with ESMTP id h9V04jn9632758; Thu, 30 Oct 2003 19:04:45 -0500 Received: from d01ml062.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by northrelay04.pok.ibm.com (8.12.9/NCO/VER6.6) with ESMTP id h9V04iYG077764; Thu, 30 Oct 2003 19:04:44 -0500 To: "Michael Myers" <mmyers@fastq.com> Cc: "David Engberg" <dave@corestreet.com>, ietf-pkix@imc.org MIME-Version: 1.0 Subject: RE: DISCUSSION: Nonce-specific error code for OCSP X-Mailer: Lotus Notes Release 5.0.11 July 24, 2002 From: Tom Gindin <tgindin@us.ibm.com> Message-ID: <OF55E2C2E3.5C5A3AA6-ON85256DC7.0061EB2C-85256DD0.00006142@us.ibm.com> Date: Thu, 30 Oct 2003 19:04:12 -0500 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 6.0.2CF2 PMR38084 MIAS5SCKSP SASF5LTQFD GCHU5LFQD5 JHEG5PKRJT MIAS5RMQQF ALEE5RFGW8+|October 16, 2003) at 10/30/2003 19:04:44, Serialize complete at 10/30/2003 19:04:44 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I should have been more precise in my suggestion. The unilateral server-specified practice I can think of that would most effectively ban relays is for an extension called nonceSupported to be defined, whose syntax is a single Boolean. A responder supporting this extension should include it, with the appropriate value, in every response other than those which contain nonces. This extension is of limited value in responses which do contain nonces, although you could put it in them. With such an extension, any replay of a response from a responder with nonce support would be detectable by the client. If the client doesn't use nonces, or the responder doesn't support them, I don't see what you can do to detect replays. It would be possible to make the value of such an extension a 3-valued enumeration: unsupported, deprecated (meaning it's expensive but we'll do it if you insist), and supported. That variant would probably be called "nonceSupport", and it might be desirable to include that in responses which include nonces as well as in those which don't. However, we'd need yet another mechanism to demand a response including a nonce in order to support the deprecated value. I am not suggesting that anyone standardize both of these variants, which would be egregious bloat. I won't be at Minneapolis, so I'm getting my suggestions in early. Tom Gindin IMHO, a client should take the following action where the requestor includes a nonce: a) Nonce present, accept if response.nonce == request.nonce b) NonceSupported == false (with no nonce), accept (also NonceSupport == unsupported) c) NonceSupported == true but no nonce, reject (also NonceSupport == supported) d) NonceUnsupported present (with no nonce), accept e) Neither nonce nor extension present, DEBATABLE (see this thread for the debate) f) NonceSupport == deprecated (with no nonce), accept or rerequest (BUT there's no good rerequest technique) "Michael Myers" <mmyers@fastq.com> 10/22/2003 12:49 PM To: Tom Gindin/Watson/IBM@IBMUS cc: "David Engberg" <dave@corestreet.com>, <ietf-pkix@imc.org> Subject: RE: DISCUSSION: Nonce-specific error code for OCSP Tom, Your proposal certainly provides an opportunity for compromise. But I think we first need to see what emerges from Minneapolis. Mike > -----Original Message----- > From: Tom Gindin [mailto:tgindin@us.ibm.com] > Sent: Wednesday, October 22, 2003 9:19 AM > To: Michael Myers > Cc: David Engberg; ietf-pkix@imc.org > Subject: RE: DISCUSSION: Nonce-specific error code for OCSP > > > Michael: > > Does your skepticism about the usefulness of > unilateral > server-side extensions mean that we should permit a > variant of nonce in > which the client specifies how strongly he needs a > nonce? Since the > current syntax of nonce is not officially published, > I posted a possible > extension several weeks ago. The options were > original (with unclear > semantics in this respect), nonce required in > response, and nonce optional > in response. > For a server to actually prevent > misunderstandings of whether or > not he supports nonces by using a unilateral > server-side extension, you'd > need a server-side extension called "nonceSupported" > with boolean syntax, > which would have to be placed in EVERY response > whether nonces are present > in the request or not. The "nonceUnsupported" > extension strikes me as > less useful than that. > > Tom Gindin > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UGiYkT071752 for <ietf-pkix-bks@above.proper.com>; Thu, 30 Oct 2003 08:44:34 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9UGiYOg071751 for ietf-pkix-bks; Thu, 30 Oct 2003 08:44:34 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp2.fre.skanova.net (smtp2.fre.skanova.net [195.67.227.95]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UGiUkT071728 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 08:44:31 -0800 (PST) (envelope-from anders.rundgren@telia.com) Received: from arport (t12o913p71.telia.com [213.64.28.191]) by smtp2.fre.skanova.net (8.12.10/8.12.10) with SMTP id h9UGi9Ed024555; Thu, 30 Oct 2003 17:44:10 +0100 (CET) Message-ID: <006401c39f04$a0cde700$bf1c40d5@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "Karl Scheibelhofer" <karl.scheibelhofer@iaik.tugraz.at>, "Florian Oelmaier" <oelmaier@sytrust.com>, <ietf-pkix@imc.org> Cc: "'James Jing'" <jjing@securenet.com.au>, "'Markus Lorch'" <mlorch@vt.edu> References: <000101c39e38$ee9e6120$4228a8c0@hagen> <011001c39eec$96588540$d21a40d5@arport> <00d401c39f00$e1c275e0$51981b81@iaik.at> Subject: Re: Standards for Web-signing II Date: Thu, 30 Oct 2003 17:41:04 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Karl, Thanx for the pointer! However, although DSS indeed talks about the Web, Interfaces and Signatures, this is AFAIU an entirely "programmatic" web where things like WYSIWYS is of no importance. To really screw up things, you need users and that calls for something else. Like a new standard :-) Best Anders ----- Original Message ----- From: "Karl Scheibelhofer" <karl.scheibelhofer@iaik.tugraz.at> To: "Anders Rundgren" <anders.rundgren@telia.com>; "Florian Oelmaier" <oelmaier@sytrust.com>; <ietf-pkix@imc.org> Cc: "'James Jing'" <jjing@securenet.com.au>; "'Markus Lorch'" <mlorch@vt.edu> Sent: Thursday, October 30, 2003 17:14 Subject: Re: Standards for Web-signing II as far as i know OASIS has started related efforts. see http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss Karl -- Karl Scheibelhofer, IAIK - Graz University of Technology Inffeldgasse 16a, 8010 Graz, Austria Fax: +43 316 873 5520 http://jce.iaik.tugraz.at ----- Original Message ----- From: "Anders Rundgren" <anders.rundgren@telia.com> To: "Florian Oelmaier" <oelmaier@sytrust.com>; <ietf-pkix@imc.org> Cc: "'James Jing'" <jjing@securenet.com.au>; "'Markus Lorch'" <mlorch@vt.edu> Sent: Thursday, October 30, 2003 2:49 PM Subject: Re: Standards for Web-signing II > > Apologizes Steven. Last comment. This one is actually a bit > interesting for any die-hard cryptographer. > > Thanx Florian, > > The manual to "Personal" is thick but leaves out all "hardcore" stuff like: > > If MIME is "text/html" does it calculate hash of embedded objects? > Actually what algorithm does it use for cononicalization of HTML or > even for TXT? > > And what happens if you use "PKCS7SIGNED_Attached" and > have MIME "text/html" and use embedded objects (IMGs)? I don't > think I want to know! It will probably explode and crash my hard-disk :-) > Or does it falsely just include the HTML disregarding WYSIWYS > completely? > > My firm belief is that on-line signatures is a very different "animal" > compared to signed e-mails, and MUST be designed from the ground > and up in order to EVER work in an interoperable and useful manner. > > So where do we go now? To CEN/ISSS, W3C, OASIS, IETF or what? > > Regards > Anders Rundgren > > ----- Original Message ----- > From: "Florian Oelmaier" <oelmaier@sytrust.com> > To: "'Anders Rundgren'" <anders.rundgren@telia.com>; "'James Jing'" <jjing@securenet.com.au>; "'Markus Lorch'" <mlorch@vt.edu>; > <ietf-pkix@imc.org> > Sent: Wednesday, October 29, 2003 17:23 > Subject: RE: Standards for Web-signing II > > > > However, Identrus is a bank-controlled operation and > > therefore operate in the same way as banks regarding their > > technology. I.e. by acting "possessive" and most of all being > > scared that a competitor would ever be able to profit on the > > work done. > > We all know that acting "possessive" does not work really good on the > internet. After all a secrect shared by more than three people isnt a > secret anymore. If you need a hint at how the identrus Websigning works > you may look at > http://www.s-d.no/filer/manualer/Technical%20Description%203_1Rev1.pdf > and read the identrus section there. > > -- > Florian Oelmaier > SyTrust > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UGR6kT070792 for <ietf-pkix-bks@above.proper.com>; Thu, 30 Oct 2003 08:27:06 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9UGR6q8070791 for ietf-pkix-bks; Thu, 30 Oct 2003 08:27:06 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mclean-vscan3.bah.com (mclean-vscan3.bah.com [156.80.3.63]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UGR5kT070773 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 08:27:05 -0800 (PST) (envelope-from chokhani@orionsec.com) Received: from mclean-vscan3.bah.com (mclean-vscan3.bah.com [156.80.3.63]) by mclean-vscan3.bah.com (8.11.0/8.11.0) with SMTP id h9UGQkA29570 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 11:26:46 -0500 (EST) Received: from mclean-mail.usae.bah.com ([156.80.5.109]) by mclean-vscan3.bah.com (NAVGW 2.5.2.12) with SMTP id M2003103011110229012 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 11:11:02 -0500 Received: from wchokhani ([156.80.127.102]) by mclean-mail.usae.bah.com (Netscape Messaging Server 4.15) with ESMTP id HNKVMC00.F7A for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 11:11:00 -0500 From: "Santosh Chokhani" <chokhani@orionsec.com> To: <ietf-pkix@imc.org> Subject: RE: Request change in son-of-rfc2633 Date: Thu, 30 Oct 2003 11:10:57 -0500 Message-ID: <007901c39f00$67ee9050$667f509c@hq.orionsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 In-Reply-To: <OFE2F4CDFF.779487E7-ON85256DCF.004DF031@internalgroove.net> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9UGR5kT070786 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Walt: My comment was purely for checking the names during path validation. I did not say that you do not assert the names and do not make these available to the RP as part of certification path. -----Original Message----- From: Walt_Tuvell@groove.net [mailto:Walt_Tuvell@groove.net] Sent: Thursday, October 30, 2003 9:19 AM To: Santosh Chokhani Cc: ietf-pkix@imc.org Subject: RE: Request change in son-of-rfc2633 > I agree with you that both 3280 and X.509 require name chaining. However, > the security implications and security importance of name chaining is > overstated. > > For example, if signatures chain properly for the certificate and CRL > and the relying party has appropriate means (e.g., e-mail address) to identify > the subscriber, name chaining offers little in terms of security. > > My statement should be read purely in security (and NOT > interoperability) context. I think this isn't quite right, if you intended it the way I'm interpreting what you've written. You seem to be saying only that "the relying-party must have appropriate means to identify the *leaf* subscriber". But surely, the RP must also have appropriate means to identify the intermediate CAs as well, else the RP cannot evaluate the degree of trust it places in the cert-chain. And, for better or worse, the standard means of identifying CAs is DN (not, e.g., email addr). As with your note, this comment is security-relevant, not an observation on interoperability. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UGI7kT070296 for <ietf-pkix-bks@above.proper.com>; Thu, 30 Oct 2003 08:18:07 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9UGI7p7070295 for ietf-pkix-bks; Thu, 30 Oct 2003 08:18:07 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mclean-vscan1.bah.com (mclean-vscan1.bah.com [156.80.3.61]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UGI6kT070289 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 08:18:06 -0800 (PST) (envelope-from chokhani@orionsec.com) Received: from mclean-vscan1.bah.com (mclean-vscan1.bah.com [156.80.3.61]) by mclean-vscan1.bah.com (8.11.0/8.11.0) with SMTP id h9UGHte15544 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 11:17:55 -0500 (EST) Received: from mclean-mail.usae.bah.com ([156.80.5.109]) by mclean-vscan1.bah.com (NAVGW 2.5.2.12) with SMTP id M2003103011104702142 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 11:10:47 -0500 Received: from wchokhani ([156.80.127.102]) by mclean-mail.usae.bah.com (Netscape Messaging Server 4.15) with ESMTP id HNKVLZ00.H63 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 11:10:47 -0500 From: "Santosh Chokhani" <chokhani@orionsec.com> To: <ietf-pkix@imc.org> Subject: RE: Request change in son-of-rfc2633 Date: Thu, 30 Oct 2003 11:10:12 -0500 Message-ID: <007501c39f00$60446fa0$667f509c@hq.orionsec.com> MIME-Version: 1.0 Content-Type: text/plain; smime-type=signed-data; name="smime.p7m" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 In-Reply-To: <119C85693DF1D4119E800002A5097D01C06C7C@irlms03.ie.baltimore.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9UGI7kT070291 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom: If the new Sub CA is rogue, name chaining will not help. The CA who now uses the compromise key can always issue certificates to those RP and assert its own name. If the new sub CA is not rogue and someone else compromised the original sub CA key, that "someone else" can use the compromised key under the new CA name to create bogus RPs. If everything is benign, the original CA was revoked and not compromised, some one could provide a certification path: root .....--> new CA --> RP under old CA. Without name chaining, this path could be validated and thus, if the RP was compromised, that compromise can be exploited. But, this is only if the two CAs benignly use the same key. -----Original Message----- From: Tom Biskupic [mailto:Tom.Biskupic@baltimore.com] Sent: Thursday, October 30, 2003 1:29 AM To: 'Santosh Chokhani'; ietf-pkix@imc.org Subject: RE: Request change in son-of-rfc2633 Hello, Umm What about if you managed to have a Sub-CA certified using the compromised key of another Sub CA? The other sub CA was revoked (for key compromise) and therefore all the certificates it issued are dead but if RP applications ignore the name-chaining, wouldn't this effectively re-activate those certificates? RPs checking one of those dead certs (and ignoring name chaining) could use the newly certified Sub CA to build a (well bogus) path and would accept that path. Even POP won't save you as the entity applying to have the compromised CA key re-certified may have the private key (as it was compromised). Some CAs will check that the same key is not issued to two entities (and thus would refuse to re-certify the Sub CA with a different name) however do you want to rely on it? Ok this is a bit theoretical... A Sub-CA being revoked for instance. Tom > -----Original Message----- > From: Santosh Chokhani [mailto:chokhani@orionsec.com] > Sent: Thursday, 30 October 2003 07:51 > To: ietf-pkix@imc.org; ietf-smime@imc.org > Subject: RE: Request change in son-of-rfc2633 > > > Steve Hanna: > > I agree with you that both 3280 and X.509 require name chaining. > However, the security implications and security importance of name > chaining is overstated. > > For example, if signatures chain properly for the certificate and CRL > and the relying party has appropriate means (e.g., e-mail > address) to identify > the subscriber, name chaining offers little in terms of security. > > My statement should be read purely in security (and NOT > interoperability) > context. > > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] > On Behalf Of Steve Hanna > Sent: Wednesday, October 29, 2003 9:58 AM > To: Peter Gutmann > Cc: ejnorman@doit.wisc.edu; ietf-pkix@imc.org; ietf-smime@imc.org > Subject: Re: Request change in son-of-rfc2633 > > > Anyone who "reads the PKIX tea leaves" and thinks that > it's fine to skip name chaining checks in path validation needs to > have their eyes checked. RFC 3280 says in many places that name > chaining MUST be checked. > > In section 6.1: > > To meet this goal, the path validation process verifies, among other > things, that a prospective certification path (a sequence of n > certificates) satisfies the following conditions: > > (a) for all x in {1, ..., n-1}, the subject of certificate x is > the issuer of certificate x+1; > > In section 6.1.3: > > (a) Verify the basic certificate information. The certificate MUST > satisfy each of the following: > > [...] > > (4) The certificate issuer name is the working_issuer_name. > > In section 4.1.2.6: > > If the subject is a CA (e.g., the basic constraints extension, as > discussed in 4.2.1.10, is present and the value of cA is TRUE), > then > the subject field MUST be populated with a non-empty distinguished > name matching the contents of the issuer field (section 4.1.2.4) in > all certificates issued by the subject CA. > > RFC 2459 and X.509 both agree with this. > > Whatever PKI topology you use, there's no need to break > name chaining. I'm sure that some customers have created > PKIs where name chaining doesn't hold, but that's an error > on the customer's part. You can't just turn off critical security > checks to keep them happy. What's next? Don't bother checking the > signature on certificates. That takes too much time! > > If somebody has implemented path validation without name chaining > checks, then they haven't implemented it according to IETF or X.509 > standards. In fact, they may have opened themselves and their > customers up to security > holes and perhaps even legal liability. CAs have every right to expect > that certificates will be validated according to standards. Users also > have a reasonable expectation of this. If someone > deliberately violates > the standards in a way that opens up security holes, that sounds like > gross negligence to me. > > This reminds me of Microsoft's decision to not check the Basic > Constraints extension, treating every certificate as a CA certificate. > This decision, presumably made in to please a customer, resulted in a > HUGE security hole. > > I hope that Microsoft (and anyone else who has skipped required parts > of the path validation algorithm for the sake of convenience) will see > that security cannot be second to user convenience. If there's a > serious problem with the specs, then let's fix them. But don't just > bypass things because you find it convenient. > > Forgive me my rant. I'm just outraged that somebody would play fast > and loose with security this way. > > Thanks, > > Steve > > Peter Gutmann wrote: > > > > [Cross-posted back to S/MIME, where the thread started] > > > > Eric Norman <ejnorman@doit.wisc.edu> writes: > > > > >Is there a claim (#1 above) that you can have the DN in the subject > > >of a parent's (signer's) certificate be different from (as in > > >different bunch of > > >bytes) the DN in the issuer of one of its offspring and > yet the chain > is > > >still valid because the xKIDs match? > > > > Sure, in a spaghetti PKI (I'm using that as a generic term for a PKI > > that violates the original X.509 design, i.e. with re-parenting, > > arbitrary cross- certification, etc etc where issuers no > longer match > > subjects). For example MS apparently implemented chaining > by sKID in > > Windows because of user demand for this when the users > broke chaining > > by issuer name through spaghetti PKI design practices, and various > > other implementations no doubt do similar things, depending on how > > they've read the PKIX tea leaves. > > > > Peter. > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UEJPkT063486 for <ietf-pkix-bks@above.proper.com>; Thu, 30 Oct 2003 06:19:25 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9UEJPxj063485 for ietf-pkix-bks; Thu, 30 Oct 2003 06:19:25 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from c2.groove.net (groove.net [63.209.254.203] (may be forged)) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UEJOkT063473 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 06:19:24 -0800 (PST) (envelope-from Walt_Tuvell@groove.net) Received: from notes.internalgroove.net (notes.internalgroove.net [10.11.8.20]) by c2.groove.net (8.9.3/8.9.3) with SMTP id OAA06718; Thu, 30 Oct 2003 14:18:39 GMT From: Walt_Tuvell@groove.net Subject: RE: Request change in son-of-rfc2633 To: "Santosh Chokhani" <chokhani@orionsec.com> Cc: <ietf-pkix@imc.org> X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: <OFE2F4CDFF.779487E7-ON85256DCF.004DF031@internalgroove.net> Date: Thu, 30 Oct 2003 09:18:41 -0500 X-MIMETrack: Serialize by Router on Rich/Groove(Release 5.0.12 |February 13, 2003) at 10/30/2003 09:18:48 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > I agree with you that both 3280 and X.509 require name chaining. However, > the security implications and security importance of name chaining is > overstated. > > For example, if signatures chain properly for the certificate and CRL and > the relying party has appropriate means (e.g., e-mail address) to identify > the subscriber, name chaining offers little in terms of security. > > My statement should be read purely in security (and NOT interoperability) > context. I think this isn't quite right, if you intended it the way I'm interpreting what you've written. You seem to be saying only that "the relying-party must have appropriate means to identify the *leaf* subscriber". But surely, the RP must also have appropriate means to identify the intermediate CAs as well, else the RP cannot evaluate the degree of trust it places in the cert-chain. And, for better or worse, the standard means of identifying CAs is DN (not, e.g., email addr). As with your note, this comment is security-relevant, not an observation on interoperability. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UDqEkT061374 for <ietf-pkix-bks@above.proper.com>; Thu, 30 Oct 2003 05:52:14 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9UDqEPX061373 for ietf-pkix-bks; Thu, 30 Oct 2003 05:52:14 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp4.hy.skanova.net (smtp4.hy.skanova.net [195.67.199.133]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UDqCkT061366 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 05:52:13 -0800 (PST) (envelope-from anders.rundgren@telia.com) Received: from arport (t7o913p91.telia.com [213.64.26.91]) by smtp4.hy.skanova.net (8.12.10/8.12.10) with SMTP id h9UDq8ta008654; Thu, 30 Oct 2003 14:52:09 +0100 (CET) Message-ID: <011001c39eec$96588540$d21a40d5@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "Florian Oelmaier" <oelmaier@sytrust.com>, <ietf-pkix@imc.org> Cc: "'James Jing'" <jjing@securenet.com.au>, "'Markus Lorch'" <mlorch@vt.edu> References: <000101c39e38$ee9e6120$4228a8c0@hagen> Subject: Re: Standards for Web-signing II Date: Thu, 30 Oct 2003 14:49:03 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Apologizes Steven. Last comment. This one is actually a bit interesting for any die-hard cryptographer. Thanx Florian, The manual to "Personal" is thick but leaves out all "hardcore" stuff like: If MIME is "text/html" does it calculate hash of embedded objects? Actually what algorithm does it use for cononicalization of HTML or even for TXT? And what happens if you use "PKCS7SIGNED_Attached" and have MIME "text/html" and use embedded objects (IMGs)? I don't think I want to know! It will probably explode and crash my hard-disk :-) Or does it falsely just include the HTML disregarding WYSIWYS completely? My firm belief is that on-line signatures is a very different "animal" compared to signed e-mails, and MUST be designed from the ground and up in order to EVER work in an interoperable and useful manner. So where do we go now? To CEN/ISSS, W3C, OASIS, IETF or what? Regards Anders Rundgren ----- Original Message ----- From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Anders Rundgren'" <anders.rundgren@telia.com>; "'James Jing'" <jjing@securenet.com.au>; "'Markus Lorch'" <mlorch@vt.edu>; <ietf-pkix@imc.org> Sent: Wednesday, October 29, 2003 17:23 Subject: RE: Standards for Web-signing II > However, Identrus is a bank-controlled operation and > therefore operate in the same way as banks regarding their > technology. I.e. by acting "possessive" and most of all being > scared that a competitor would ever be able to profit on the > work done. We all know that acting "possessive" does not work really good on the internet. After all a secrect shared by more than three people isnt a secret anymore. If you need a hint at how the identrus Websigning works you may look at http://www.s-d.no/filer/manualer/Technical%20Description%203_1Rev1.pdf and read the identrus section there. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UC5ekT055894 for <ietf-pkix-bks@above.proper.com>; Thu, 30 Oct 2003 04:05:40 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9UC5epI055893 for ietf-pkix-bks; Thu, 30 Oct 2003 04:05:40 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9UC5ckT055888 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 04:05:39 -0800 (PST) (envelope-from Tom.Biskupic@baltimore.com) Received: from Baltimore-FW2 ([172.19.1.2]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id h9UBuoQ11724 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 11:56:50 GMT Received: from ([10.153.25.53]) by Baltimore-FW2; Thu, 30 Oct 2003 12:01:08 +0000 (GMT) Received: from Baltimore-FW2 (wilde-i-2.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.10) with SMTP id <T659947daa00a9919350d2@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 12:01:59 +0000 Received: from ([10.153.25.10]) by Baltimore-FW2; Thu, 30 Oct 2003 12:01:06 +0000 (GMT) Received: from emeairlbh1.ie.baltimore.com (emeairlbh1.ie.baltimore.com [10.153.25.54]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id MAA23269; Thu, 30 Oct 2003 12:04:37 GMT Received: by emeairlbh1.ie.baltimore.com with Internet Mail Service (5.5.2653.19) id <4SD7YW2J>; Thu, 30 Oct 2003 12:18:04 -0000 Message-ID: <119C85693DF1D4119E800002A5097D01C06C7F@irlms03.ie.baltimore.com> From: Tom Biskupic <Tom.Biskupic@baltimore.com> To: "'Santosh Chokhani'" <chokhani@orionsec.com>, ietf-pkix@imc.org Subject: RE: Request change in son-of-rfc2633 Date: Thu, 30 Oct 2003 11:56:28 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain X-OC-MailScanner: X-OC-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-4.9, required 5, BAYES_00 -4.90) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Oops my appologies the previous version of this message went out signed with a test certificate. Here is the text again. Tom > -----Original Message----- > From: Tom Biskupic [mailto:Tom.Biskupic@baltimore.com] > Sent: Thursday, 30 October 2003 17:29 > To: 'Santosh Chokhani'; ietf-pkix@imc.org > Subject: RE: Request change in son-of-rfc2633 > > > Hello, > > Umm What about if you managed to have a Sub-CA certified using the > compromised key of another Sub CA? > > The other sub CA was revoked (for key compromise) and > therefore all the > certificates it issued are dead but if RP applications ignore the > name-chaining, wouldn't this effectively re-activate those > certificates? > RPs checking one of those dead certs (and ignoring name > chaining) could > use the newly certified Sub CA to build a (well bogus) path and would > accept that path. > > Even POP won't save you as the entity applying to have the compromised > CA key re-certified may have the private key (as it was compromised). > > Some CAs will check that the same key is not issued to two > entities (and > thus would refuse to re-certify the Sub CA with a different name) > however do you want to rely on it? > > Ok this is a bit theoretical... A Sub-CA being revoked for instance. > > Tom > > > -----Original Message----- > > From: Santosh Chokhani [mailto:chokhani@orionsec.com] > > Sent: Thursday, 30 October 2003 07:51 > > To: ietf-pkix@imc.org; ietf-smime@imc.org > > Subject: RE: Request change in son-of-rfc2633 > > > > > > Steve Hanna: > > > > I agree with you that both 3280 and X.509 require name > > chaining. However, > > the security implications and security importance of name > chaining is > > overstated. > > > > For example, if signatures chain properly for the certificate > > and CRL and > > the relying party has appropriate means (e.g., e-mail > > address) to identify > > the subscriber, name chaining offers little in terms of security. > > > > My statement should be read purely in security (and NOT > > interoperability) > > context. > > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org] > > On Behalf Of Steve Hanna > > Sent: Wednesday, October 29, 2003 9:58 AM > > To: Peter Gutmann > > Cc: ejnorman@doit.wisc.edu; ietf-pkix@imc.org; ietf-smime@imc.org > > Subject: Re: Request change in son-of-rfc2633 > > > > > > Anyone who "reads the PKIX tea leaves" and thinks that > > it's fine to skip name chaining checks in path validation > > needs to have their eyes checked. RFC 3280 says in many > > places that name chaining MUST be checked. > > > > In section 6.1: > > > > To meet this goal, the path validation process verifies, > among other > > things, that a prospective certification path (a sequence of n > > certificates) satisfies the following conditions: > > > > (a) for all x in {1, ..., n-1}, the subject of certificate x is > > the issuer of certificate x+1; > > > > In section 6.1.3: > > > > (a) Verify the basic certificate information. The > certificate MUST > > satisfy each of the following: > > > > [...] > > > > (4) The certificate issuer name is the working_issuer_name. > > > > In section 4.1.2.6: > > > > If the subject is a CA (e.g., the basic constraints extension, as > > discussed in 4.2.1.10, is present and the value of cA is > > TRUE), then > > the subject field MUST be populated with a non-empty > distinguished > > name matching the contents of the issuer field (section > 4.1.2.4) in > > all certificates issued by the subject CA. > > > > RFC 2459 and X.509 both agree with this. > > > > Whatever PKI topology you use, there's no need to break > > name chaining. I'm sure that some customers have created > > PKIs where name chaining doesn't hold, but that's an error > > on the customer's part. You can't just turn off critical > > security checks > > to keep them happy. What's next? Don't bother checking the > > signature on > > certificates. That takes too much time! > > > > If somebody has implemented path validation without name > > chaining checks, > > then they haven't implemented it according to IETF or X.509 > > standards. In > > fact, they may have opened themselves and their customers up > > to security > > holes and perhaps even legal liability. CAs have every > right to expect > > that certificates will be validated according to standards. > Users also > > have a reasonable expectation of this. If someone > > deliberately violates > > the standards in a way that opens up security holes, that > sounds like > > gross negligence to me. > > > > This reminds me of Microsoft's decision to not check the > > Basic Constraints extension, treating every certificate > > as a CA certificate. This decision, presumably made in > > to please a customer, resulted in a HUGE security hole. > > > > I hope that Microsoft (and anyone else who has skipped > > required parts of the path validation algorithm for the > > sake of convenience) will see that security cannot be > > second to user convenience. If there's a serious problem > > with the specs, then let's fix them. But don't just bypass > > things because > > you find it convenient. > > > > Forgive me my rant. I'm just outraged that somebody would > > play fast and loose with security this way. > > > > Thanks, > > > > Steve > > > > Peter Gutmann wrote: > > > > > > [Cross-posted back to S/MIME, where the thread started] > > > > > > Eric Norman <ejnorman@doit.wisc.edu> writes: > > > > > > >Is there a claim (#1 above) that you can have the DN in > the subject > > > >of a parent's (signer's) certificate be different from (as in > > > >different bunch of > > > >bytes) the DN in the issuer of one of its offspring and > > yet the chain > > is > > > >still valid because the xKIDs match? > > > > > > Sure, in a spaghetti PKI (I'm using that as a generic > term for a PKI > > > that violates the original X.509 design, i.e. with re-parenting, > > > arbitrary cross- certification, etc etc where issuers no > > longer match > > > subjects). For example MS apparently implemented chaining > > by sKID in > > > Windows because of user demand for this when the users > > broke chaining > > > by issuer name through spaghetti PKI design practices, and various > > > other implementations no doubt do similar things, depending on how > > > they've read the PKIX tea leaves. > > > > > > Peter. > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9U6bdkT086068 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 22:37:39 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9U6bcAH086067 for ietf-pkix-bks; Wed, 29 Oct 2003 22:37:38 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9U6bbkT086017 for <ietf-pkix@imc.org>; Wed, 29 Oct 2003 22:37:37 -0800 (PST) (envelope-from Tom.Biskupic@baltimore.com) Received: from Baltimore-FW2 ([172.19.1.2]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id h9U6TfQ09676 for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 06:29:41 GMT Received: from ([10.153.25.53]) by Baltimore-FW2; Thu, 30 Oct 2003 06:33:58 +0000 (GMT) Received: from Baltimore-FW2 (wilde-i-2.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.10) with SMTP id <T65981c4fa50a9919350d2@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Thu, 30 Oct 2003 06:34:49 +0000 Received: from ([10.153.25.10]) by Baltimore-FW2; Thu, 30 Oct 2003 06:33:56 +0000 (GMT) Received: from emeairlbh1.ie.baltimore.com (emeairlbh1.ie.baltimore.com [10.153.25.54]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id GAA19635; Thu, 30 Oct 2003 06:37:26 GMT Received: by emeairlbh1.ie.baltimore.com with Internet Mail Service (5.5.2653.19) id <4SD7YVDC>; Thu, 30 Oct 2003 06:50:54 -0000 Message-ID: <119C85693DF1D4119E800002A5097D01C06C7C@irlms03.ie.baltimore.com> From: Tom Biskupic <Tom.Biskupic@baltimore.com> To: "'Santosh Chokhani'" <chokhani@orionsec.com>, ietf-pkix@imc.org Subject: RE: Request change in son-of-rfc2633 Date: Thu, 30 Oct 2003 06:29:18 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7m" X-OC-MailScanner: X-OC-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-4.799, required 5, AWL 0.10, BAYES_00 -4.90) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEU0NvbnRl bnQtVHlwZTogdGV4dC9wbGFpbjsNCgljaGFyc2V0PSJ1cy1hc2NpaSINCkNvbnRlbnQtVHJhbnNm ZXItRW5jb2Rpbmc6IDdiaXQNCg0KBIIQAEhlbGxvLA0KDQpVbW0gV2hhdCBhYm91dCBpZiB5b3Ug bWFuYWdlZCB0byBoYXZlIGEgU3ViLUNBIGNlcnRpZmllZCB1c2luZyB0aGUNCmNvbXByb21pc2Vk IGtleSBvZiBhbm90aGVyIFN1YiBDQT8NCg0KVGhlIG90aGVyIHN1YiBDQSB3YXMgcmV2b2tlZCAo Zm9yIGtleSBjb21wcm9taXNlKSBhbmQgdGhlcmVmb3JlIGFsbCB0aGUNCmNlcnRpZmljYXRlcyBp dCBpc3N1ZWQgYXJlIGRlYWQgYnV0IGlmIFJQIGFwcGxpY2F0aW9ucyBpZ25vcmUgdGhlDQpuYW1l LWNoYWluaW5nLCB3b3VsZG4ndCB0aGlzIGVmZmVjdGl2ZWx5IHJlLWFjdGl2YXRlIHRob3NlIGNl cnRpZmljYXRlcz8NClJQcyBjaGVja2luZyBvbmUgb2YgdGhvc2UgZGVhZCBjZXJ0cyAoYW5kIGln bm9yaW5nIG5hbWUgY2hhaW5pbmcpIGNvdWxkDQp1c2UgdGhlIG5ld2x5IGNlcnRpZmllZCBTdWIg Q0EgdG8gYnVpbGQgYSAod2VsbCBib2d1cykgcGF0aCBhbmQgd291bGQNCmFjY2VwdCB0aGF0IHBh dGguDQoNCkV2ZW4gUE9QIHdvbid0IHNhdmUgeW91IGFzIHRoZSBlbnRpdHkgYXBwbHlpbmcgdG8g aGF2ZSB0aGUgY29tcHJvbWlzZWQNCkNBIGtleSByZS1jZXJ0aWZpZWQgbWF5IGhhdmUgdGhlIHBy aXZhdGUga2V5IChhcyBpdCB3YXMgY29tcHJvbWlzZWQpLg0KDQpTb21lIENBcyB3aWxsIGNoZWNr IHRoYXQgdGhlIHNhbWUga2V5IGlzIG5vdCBpc3N1ZWQgdG8gdHdvIGVudGl0aWVzIChhbmQNCnRo dXMgd291bGQgcmVmdXNlIHRvIHJlLWNlcnRpZnkgdGhlIFN1YiBDQSB3aXRoIGEgZGlmZmVyZW50 IG5hbWUpDQpob3dldmVyIGRvIHlvdSB3YW50IHRvIHJlbHkgb24gaXQ/DQoNCk9rIHRoaXMgaXMg YSBiaXQgdGhlb3JldGljYWwuLi4gQSBTdWItQ0EgYmVpbmcgcmV2b2tlZCBmb3IgaW5zdGFuY2Uu DQoNClRvbQ0KDQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IFNhbnRvc2gg Q2hva2hhbmkgW21haWx0bzpjaG9raGFuaUBvcmlvbnNlYy5jb21dDQo+IFNlbnQ6IFRodXJzZGF5 LCAzMCBPY3RvYmVyIDIwMDMgMDc6NTENCj4gVG86IGlldGYtcGtpeEBpbWMub3JnOyBpZXRmLXNt aW1lQGltYy5vcmcNCj4gU3ViamVjdDogUkU6IFJlcXVlc3QgY2hhbmdlIGluIHNvbi1vZi1yZmMy NjMzDQo+IA0KPiANCj4gU3RldmUgSGFubmE6DQo+IA0KPiBJIGFncmVlIHdpdGggeW91IHRoYXQg Ym90aCAzMjgwIGFuZCBYLjUwOSByZXF1aXJlIG5hbWUgDQo+IGNoYWluaW5nLiAgSG93ZXZlciwN Cj4gdGhlIHNlY3VyaXR5IGltcGxpY2F0aW9ucyBhbmQgc2VjdXJpdHkgaW1wb3J0YW5jZSBvZiBu YW1lIGNoYWluaW5nIGlzDQo+IG92ZXJzdGF0ZWQuDQo+IA0KPiBGb3IgZXhhbXBsZSwgaWYgc2ln bmF0dXJlcyBjaGFpbiBwcm9wZXJseSBmb3IgdGhlIGNlcnRpZmljYXRlIA0KPiBhbmQgQ1JMIGFu ZA0KPiB0aGUgcmVseWluZyBwYXJ0eSBoYXMgYXBwcm9wcmlhdGUgbWVhbnMgKGUuZy4sIGUtbWFp bCANCj4gYWRkcmVzcykgdG8gaWRlbnRpZnkNCj4gdGhlIHN1YnNjcmliZXIsIG5hbWUgY2hhaW5p bmcgb2ZmZXJzIGxpdHRsZSBpbiB0ZXJtcyBvZiBzZWN1cml0eS4NCj4gDQo+IE15IHN0YXRlbWVu dCBzaG91bGQgYmUgcmVhZCBwdXJlbHkgaW4gc2VjdXJpdHkgKGFuZCBOT1QgDQo+IGludGVyb3Bl cmFiaWxpdHkpDQo+IGNvbnRleHQuDQo+IA0KPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0K PiBGcm9tOiBvd25lci1pZXRmLXBraXhAbWFpbC5pbWMub3JnIA0KPiBbbWFpbHRvOm93bmVyLWll dGYtcGtpeEBtYWlsLmltYy5vcmddDQo+IE9uIEJlaGFsZiBPZiBTdGV2ZSBIYW5uYQ0KPiBTZW50 OiBXZWRuZXNkYXksIE9jdG9iZXIgMjksIDIwMDMgOTo1OCBBTQ0KPiBUbzogUGV0ZXIgR3V0bWFu bg0KPiBDYzogZWpub3JtYW5AZG9pdC53aXNjLmVkdTsgaWV0Zi1wa2l4QGltYy5vcmc7IGlldGYt c21pbWVAaW1jLm9yZw0KPiBTdWJqZWN0OiBSZTogUmVxdWVzdCBjaGFuZ2UgaW4gc29uLW9mLXJm YzI2MzMNCj4gDQo+IA0KPiBBbnlvbmUgd2hvICJyZWFkcyB0aGUgUEtJWCB0ZWEgbGVhdmVzIiBh bmQgdGhpbmtzIHRoYXQNCj4gaXQncyBmaW5lIHRvIHNraXAgbmFtZSBjaGFpbmluZyBjaGVja3Mg aW4gcGF0aCB2YWxpZGF0aW9uDQo+IG5lZWRzIHRvIGhhdmUgdGhlaXIgZXllcyBjaGVja2VkLiBS RkMgMzI4MCBzYXlzIGluIG1hbnkNCj4gcGxhY2VzIHRoYXQgbmFtZSBjaGFpbmluZyBNVVNUIGJl IGNoZWNrZWQuDQo+IA0KPiBJbiBzZWN0aW9uIDYuMToNCj4gDQo+ICBUbyBtZWV0IHRoaXMgZ29h bCwgdGhlIHBhdGggdmFsaWRhdGlvbiBwcm9jZXNzIHZlcmlmaWVzLCBhbW9uZyBvdGhlcg0KPiB0 aGluZ3MsIHRoYXQgYSBwcm9zcGVjdGl2ZSBjZXJ0aWZpY2F0aW9uIHBhdGggKGEgc2VxdWVuY2Ug b2Ygbg0KPiAgY2VydGlmaWNhdGVzKSBzYXRpc2ZpZXMgdGhlIGZvbGxvd2luZyBjb25kaXRpb25z Og0KPiANCj4gICAgIChhKSAgZm9yIGFsbCB4IGluIHsxLCAuLi4sIG4tMX0sIHRoZSBzdWJqZWN0 IG9mIGNlcnRpZmljYXRlIHggaXMNCj4gICAgIHRoZSBpc3N1ZXIgb2YgY2VydGlmaWNhdGUgeCsx Ow0KPiANCj4gSW4gc2VjdGlvbiA2LjEuMzoNCj4gDQo+ICAoYSkgIFZlcmlmeSB0aGUgYmFzaWMg Y2VydGlmaWNhdGUgaW5mb3JtYXRpb24uICBUaGUgY2VydGlmaWNhdGUgIE1VU1QNCj4gc2F0aXNm eSBlYWNoIG9mIHRoZSBmb2xsb3dpbmc6DQo+IA0KPiAgWy4uLl0NCj4gDQo+ICAgICAoNCkgIFRo ZSBjZXJ0aWZpY2F0ZSBpc3N1ZXIgbmFtZSBpcyB0aGUgd29ya2luZ19pc3N1ZXJfbmFtZS4NCj4g DQo+IEluIHNlY3Rpb24gNC4xLjIuNjoNCj4gDQo+ICAgIElmIHRoZSBzdWJqZWN0IGlzIGEgQ0Eg KGUuZy4sIHRoZSBiYXNpYyBjb25zdHJhaW50cyBleHRlbnNpb24sIGFzDQo+ICAgIGRpc2N1c3Nl ZCBpbiA0LjIuMS4xMCwgaXMgcHJlc2VudCBhbmQgdGhlIHZhbHVlIG9mIGNBIGlzIA0KPiBUUlVF KSwgdGhlbg0KPiAgICB0aGUgc3ViamVjdCBmaWVsZCBNVVNUIGJlIHBvcHVsYXRlZCB3aXRoIGEg bm9uLWVtcHR5IGRpc3Rpbmd1aXNoZWQNCj4gICAgbmFtZSBtYXRjaGluZyB0aGUgY29udGVudHMg b2YgdGhlIGlzc3VlciBmaWVsZCAoc2VjdGlvbiA0LjEuMi40KSBpbg0KPiAgICBhbGwgY2VydGlm aWNhdGVzIGlzc3VlZCBieSB0aGUgc3ViamVjdCBDQS4NCj4gDQo+IFJGQyAyNDU5IGFuZCBYLjUw OSBib3RoIGFncmVlIHdpdGggdGhpcy4NCj4gDQo+IFdoYXRldmVyIFBLSSB0b3BvbG9neSB5b3Ug dXNlLCB0aGVyZSdzIG5vIG5lZWQgdG8gYnJlYWsNCj4gbmFtZSBjaGFpbmluZy4gSSdtIHN1cmUg dGhhdCBzb21lIGN1c3RvbWVycyBoYXZlIGNyZWF0ZWQNCj4gUEtJcyB3aGVyZSBuYW1lIGNoYWlu aW5nIGRvZXNuJ3QgaG9sZCwgYnV0IHRoYXQncyBhbiBlcnJvcg0KPiBvbiB0aGUgY3VzdG9tZXIn cyBwYXJ0LiBZb3UgY2FuJ3QganVzdCB0dXJuIG9mZiBjcml0aWNhbCANCj4gc2VjdXJpdHkgY2hl Y2tzDQo+IHRvIGtlZXAgdGhlbSBoYXBweS4gV2hhdCdzIG5leHQ/IERvbid0IGJvdGhlciBjaGVj a2luZyB0aGUgDQo+IHNpZ25hdHVyZSBvbg0KPiBjZXJ0aWZpY2F0ZXMuIFRoYXQgdGFrZXMgdG9v IG11Y2ggdGltZSENCj4gDQo+IElmIHNvbWVib2R5IGhhcyBpbXBsZW1lbnRlZCBwYXRoIHZhbGlk YXRpb24gd2l0aG91dCBuYW1lIA0KPiBjaGFpbmluZyBjaGVja3MsDQo+IHRoZW4gdGhleSBoYXZl bid0IGltcGxlbWVudGVkIGl0IGFjY29yZGluZyB0byBJRVRGIG9yIFguNTA5IA0KPiBzdGFuZGFy ZHMuIEluDQo+IGZhY3QsIHRoZXkgbWF5IGhhdmUgb3BlbmVkIHRoZW1zZWx2ZXMgYW5kIHRoZWly IGN1c3RvbWVycyB1cCANCj4gdG8gc2VjdXJpdHkNCj4gaG9sZXMgYW5kIHBlcmhhcHMgZXZlbiBs ZWdhbCBsaWFiaWxpdHkuIENBcyBoYXZlIGV2ZXJ5IHJpZ2h0IHRvIGV4cGVjdA0KPiB0aGF0IGNl cnRpZmljYXRlcyB3aWxsIGJlIHZhbGlkYXRlZCBhY2NvcmRpbmcgdG8gc3RhbmRhcmRzLiBVc2Vy cyBhbHNvDQo+IGhhdmUgYSByZWFzb25hYmxlIGV4cGVjdGF0aW9uIG9mIHRoaXMuIElmIHNvbWVv bmUgDQo+IGRlbGliZXJhdGVseSB2aW9sYXRlcw0KPiB0aGUgc3RhbmRhcmRzIGluIGEgd2F5IHRo YXQgb3BlbnMgdXAgc2VjdXIEggceaXR5IGhvbGVzLCB0aGF0IHNvdW5kcyBsaWtlDQo+IGdyb3Nz IG5lZ2xpZ2VuY2UgdG8gbWUuDQo+IA0KPiBUaGlzIHJlbWluZHMgbWUgb2YgTWljcm9zb2Z0J3Mg ZGVjaXNpb24gdG8gbm90IGNoZWNrIHRoZQ0KPiBCYXNpYyBDb25zdHJhaW50cyBleHRlbnNpb24s IHRyZWF0aW5nIGV2ZXJ5IGNlcnRpZmljYXRlDQo+IGFzIGEgQ0EgY2VydGlmaWNhdGUuIFRoaXMg ZGVjaXNpb24sIHByZXN1bWFibHkgbWFkZSBpbg0KPiB0byBwbGVhc2UgYSBjdXN0b21lciwgcmVz dWx0ZWQgaW4gYSBIVUdFIHNlY3VyaXR5IGhvbGUuDQo+IA0KPiBJIGhvcGUgdGhhdCBNaWNyb3Nv ZnQgKGFuZCBhbnlvbmUgZWxzZSB3aG8gaGFzIHNraXBwZWQNCj4gcmVxdWlyZWQgcGFydHMgb2Yg dGhlIHBhdGggdmFsaWRhdGlvbiBhbGdvcml0aG0gZm9yIHRoZQ0KPiBzYWtlIG9mIGNvbnZlbmll bmNlKSB3aWxsIHNlZSB0aGF0IHNlY3VyaXR5IGNhbm5vdCBiZQ0KPiBzZWNvbmQgdG8gdXNlciBj b252ZW5pZW5jZS4gSWYgdGhlcmUncyBhIHNlcmlvdXMgcHJvYmxlbQ0KPiB3aXRoIHRoZSBzcGVj cywgdGhlbiBsZXQncyBmaXggdGhlbS4gQnV0IGRvbid0IGp1c3QgYnlwYXNzIA0KPiB0aGluZ3Mg YmVjYXVzZQ0KPiB5b3UgZmluZCBpdCBjb252ZW5pZW50Lg0KPiANCj4gRm9yZ2l2ZSBtZSBteSBy YW50LiBJJ20ganVzdCBvdXRyYWdlZCB0aGF0IHNvbWVib2R5IHdvdWxkDQo+IHBsYXkgZmFzdCBh bmQgbG9vc2Ugd2l0aCBzZWN1cml0eSB0aGlzIHdheS4NCj4gDQo+IFRoYW5rcywNCj4gDQo+IFN0 ZXZlDQo+IA0KPiBQZXRlciBHdXRtYW5uIHdyb3RlOg0KPiA+DQo+ID4gW0Nyb3NzLXBvc3RlZCBi YWNrIHRvIFMvTUlNRSwgd2hlcmUgdGhlIHRocmVhZCBzdGFydGVkXQ0KPiA+DQo+ID4gRXJpYyBO b3JtYW4gPGVqbm9ybWFuQGRvaXQud2lzYy5lZHU+IHdyaXRlczoNCj4gPg0KPiA+ID5JcyB0aGVy ZSBhIGNsYWltICgjMSBhYm92ZSkgdGhhdCB5b3UgY2FuIGhhdmUgdGhlIEROIGluIHRoZSBzdWJq ZWN0DQo+ID4gPm9mIGEgcGFyZW50J3MgKHNpZ25lcidzKSBjZXJ0aWZpY2F0ZSBiZSBkaWZmZXJl bnQgZnJvbSAoYXMgaW4NCj4gPiA+ZGlmZmVyZW50IGJ1bmNoIG9mDQo+ID4gPmJ5dGVzKSB0aGUg RE4gaW4gdGhlIGlzc3VlciBvZiBvbmUgb2YgaXRzIG9mZnNwcmluZyBhbmQgDQo+IHlldCB0aGUg Y2hhaW4NCj4gaXMNCj4gPiA+c3RpbGwgdmFsaWQgYmVjYXVzZSB0aGUgeEtJRHMgbWF0Y2g/DQo+ ID4NCj4gPiBTdXJlLCBpbiBhIHNwYWdoZXR0aSBQS0kgKEknbSB1c2luZyB0aGF0IGFzIGEgZ2Vu ZXJpYyB0ZXJtIGZvciBhIFBLSQ0KPiA+IHRoYXQgdmlvbGF0ZXMgdGhlIG9yaWdpbmFsIFguNTA5 IGRlc2lnbiwgaS5lLiB3aXRoIHJlLXBhcmVudGluZywNCj4gPiBhcmJpdHJhcnkgY3Jvc3MtIGNl cnRpZmljYXRpb24sIGV0YyBldGMgd2hlcmUgaXNzdWVycyBubyANCj4gbG9uZ2VyIG1hdGNoDQo+ ID4gc3ViamVjdHMpLiAgRm9yIGV4YW1wbGUgTVMgYXBwYXJlbnRseSBpbXBsZW1lbnRlZCBjaGFp bmluZyANCj4gYnkgc0tJRCBpbg0KPiA+IFdpbmRvd3MgYmVjYXVzZSBvZiB1c2VyIGRlbWFuZCBm b3IgdGhpcyB3aGVuIHRoZSB1c2VycyANCj4gYnJva2UgY2hhaW5pbmcNCj4gPiBieSBpc3N1ZXIg bmFtZSB0aHJvdWdoIHNwYWdoZXR0aSBQS0kgZGVzaWduIHByYWN0aWNlcywgYW5kIHZhcmlvdXMN Cj4gPiBvdGhlciBpbXBsZW1lbnRhdGlvbnMgbm8gZG91YnQgZG8gc2ltaWxhciB0aGluZ3MsIGRl cGVuZGluZyBvbiBob3cNCj4gPiB0aGV5J3ZlIHJlYWQgdGhlIFBLSVggdGVhIGxlYXZlcy4NCj4g Pg0KPiA+IFBldGVyLg0KPiANCgAAAAAAAKCCBugwggNgMIICSKADAgECAgJQLTANBgkqhkiG9w0B AQUFADBPMQswCQYDVQQGEwJBVTESMBAGA1UEChMJQmFsdGltb3JlMQwwCgYDVQQLEwNEZXYxHjAc BgNVBAMTFVRvbSdzIFJlbmV3YWwgVGVzdCBDQTAeFw0wMzEwMDgwNTIwNTlaFw0wNDA4MTgwODM3 MDRaMHIxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEfMB0GA1UE ChMWQmFsdGltb3JlIFRlY2hub2xvZ2llczEMMAoGA1UECxMDRGV2MRUwEwYDVQQDEwxUb20gQmlz a3VwaWMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALPa7g0wfcfcG8C1Yews0f9UtN9VmMe7 W4szYbMfKTK0wVrUekeZw5ItMtg02szCVA5oZKGYJsZ0FVUB8daNVJ/O8Dp5wXAFgeJsVkCdANUn Q8juzLBknroTBtKZHj4lehE6n8+c8999a8vAIejE4ZCsWJGwEBsElHJfP7cvCxsJAgMBAAGjgaYw gaMwCQYDVR0TBAIwADAlBgNVHREEHjAcgRp0b20uYmlza3VwaWNAYmFsdGltb3JlLmNvbTALBgNV HQ8EBAMCBaAwYgYDVR0jBFswWaFTpFEwTzELMAkGA1UEBhMCQVUxEjAQBgNVBAoTCUJhbHRpbW9y ZTEMMAoGA1UECxMDRGV2MR4wHAYDVQQDExVUb20ncyBSZW5ld2FsIFRlc3QgQ0GCAgICMA0GCSqG SIb3DQEBBQUAA4IBAQAl72UKyGwSuluRLQYBA68P+T4RZTU9XnfujmZ24Q9yN+TbQ/+9vb8Of9RY Hfx6iuPRyqOaIhtLOK2ECBKcmoK+l7TKJczvmh56sIXz5nwg1+zkTm19Zsm8mJlv81l2cOcKDyIf r+Hwx3Yn1HS4B3tuFhMQtZ962lp26uVbOg4Eq7UTsKmu4wJePIx0cjLT0a+E7QaSNmPy90niZh55 JOpzKRHFWfqrlTFakjd8DY/R+erxLMLSQDu3EzYnnW6Rq3eRHXTLr+8Lx3HhTmy6lnBlxTIFFgGr 854ZTtISxw5UxjsqPj66nLRSgg9zTxz0auSTepH3Qhd2Nc+A2xl8a+5uMIIDgDCCAmigAwIBAgIC AgIwDQYJKoZIhvcNAQEFBQAwTzELMAkGA1UEBhMCQVUxEjAQBgNVBAoTCUJhbHRpbW9yZTEMMAoG A1UECxMDRGV2MR4wHAYDVQQDExVUb20ncyBSZW5ld2FsIFRlc3QgQ0EwHhcNMDMwODE4MDgzNzA0 WhcNMDQwODE4MDgzNzA0WjBPMQswCQYDVQQGEwJBVTESMBAGA1UEChMJQmFsdGltb3JlMQwwCgYD VQQLEwNEZXYxHjAcBgNVBAMTFVRvbSdzIFJlbmV3YWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBALVrtYeqs2BRAawjhpOXUx0LzlUsl2QUHMESRpLDXSnH5QUN+n/v6VM8 jz+YMhNw9y6hmJvb55n5GH/zFNeoGWnd/bXkSiJdg01fGdgyNl6NUfq+1UfM+sANG3rC5fZq9+U7 RB9DX5hbOIe/kSRQY14+UiKR4e6x1P+NwhvOwA11mB7eTlLlnr/mH0vq9rRjfUuwHvewf07QxqVm yFG/lzpa6aDH3frx/kMN0nr2qb1Ag1p9TWt2b4hh9iL4WsTQQxfNQfz9oW7q1gTsVsQk0e4GZD0K +V4mNtd8y9Z1xAi4dR1qnhFnkKOIkagh6GyT+8Hp4Kj69A062/z7Oqlr8zcCAwEAAaNmMGQwIgYD VR0RBBswGYEXdGJpc2t1cGljQGJhbHRpbW9yZS5jb20wEgYDVR0TAQH/BAgwBgEB/wIBAzALBgNV HQ8EBAMCAgQwHQYDVR0OBBYEFMfnNaRJJyOBLnSp2vUWZVE6BolIMA0GCSqGSIb3DQEBBQUAA4IB AQBV/0ledh1T2fSZx7sXBWSDYwQV2ulp3Q8n23Wjiy9Vvt0jJid6Tl30lTzBPuJdYe8z+DZazCR4 Onak+EPmSXGRYtmxRFZDz40RotA6VxCUSDlOr2MZBSRjlEJehcek1FaJ3TKLoHK+mcG6Dldj5+eN z5L0uQ+f8NmDVY9qBHcHDqFhG9n37CHQaoHc8Xtp6VJYP5i2mSqfbyogvUgroaOnxmVSQwckW6Vb wHQv+Mic8dQuybyXsB641SaqswTEdHrxnbHikoRPcYuoPLAU9h9SIIFYho7yZd3lp59g6OQqyyk/ 2Plcmt1nnUbB/I4vr9s2yjy6LZNaIV9ktcerIk8oMYICHDCCAhgCAQEwVTBPMQswCQYDVQQGEwJB VTESMBAGA1UEChMJQmFsdGltb3JlMQwwCgYDVQQLEwNEZXYxHjAcBgNVBAMTFVRvbSdzIFJlbmV3 YWwgVGVzdCBDQQICUC0wCQYFKw4DAhoFAKCCAR0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNMDMxMDMwMDYzNzI2WjAjBgkqhkiG9w0BCQQxFgQUOEFS5L/24mULv+Bx eyMIryqrcEkwWAYJKoZIhvcNAQkPMUswSTAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYF Kw4DAgcwDQYIKoZIhvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUwZAYJKwYBBAGCNxAEMVcw VTBPMQswCQYDVQQGEwJBVTESMBAGA1UEChMJQmFsdGltb3JlMQwwCgYDVQQLEwNEZXYxHjAcBgNV BAMTFVRvbSdzIFJlbmV3YWwgVGVzdCBDQQICUC0wDQYJKoZIhvcNAQEBBQAEgYBzeYIKDpiOpM5Z i7QPZJSe+J6UoQYl2LOurDlq+sm1R6Vw84tGSA0uXoDUnSbrmeNymU6FWpDWz4LEjTk/JQhFh+qa NSDoy6bMp4VlbonPi+dTWYAK8dAnjlEZ8X2OS7uYIl/JfcOCDIdiNsgOMZFv6F5uTkibjbcE6ONi QLQ4+wAAAAAAAA== Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9U42skT064263 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 20:02:54 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9U42sFw064262 for ietf-pkix-bks; Wed, 29 Oct 2003 20:02:54 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9U42qkT064257; Wed, 29 Oct 2003 20:02:53 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h9U42no9019708; Thu, 30 Oct 2003 17:02:49 +1300 Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h9U45FK16114; Thu, 30 Oct 2003 17:05:15 +1300 Date: Thu, 30 Oct 2003 17:05:15 +1300 Message-Id: <200310300405.h9U45FK16114@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: pgut001@cs.auckland.ac.nz, steve.hanna@sun.com Subject: Re: Request change in son-of-rfc2633 Cc: ejnorman@doit.wisc.edu, ietf-pkix@imc.org, ietf-smime@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve Hanna <steve.hanna@sun.com> writes: >Anyone who "reads the PKIX tea leaves" and thinks that it's fine to skip name >chaining checks in path validation needs to have their eyes checked. RFC 3280 >says in many places that name chaining MUST be checked. Uhh, I'm not sure who that was directed at, but if it was at me then I should point out that the tea leaves comment was an observation that no-one seemed to be able to agree on the role of the sKID, with all manner of possible interpretations having been presented in the recent thread. Seeing everyone trying to figure out how to interpret the sKID requirements reminded me of people trying to read tea leaves. Getting somewhat more tongue-in-cheek now: >I'm sure that some customers have created PKIs where name chaining doesn't >hold, Standard practice for cross-certification, re-parenting, and all the other stuff that I gave the generic label "spaghetti PKI" to (you can tell from the label I use for it what I think of it :-). >but that's an error on the customer's part. That's what I've been saying for years (see e.g. my statement a couple of months back "There is a special name for a PKI of this kind. It's called 'Broken' or 'Defective'"), but I guess that's something the spaghetti PKI fans and myself will have to agree to disagree on. >In fact, they may have opened themselves and their customers up to security >holes and perhaps even legal liability. When was anyone ever held liable for implementing a broken PKI? Usually any investment of large amounts of money that results in a broken PKI is followed by the investment of even more money in it (either that or the quiet cancellation of the project). No-one ever gets held liable. Why do you think we have products like the ones you mentioned out there? >This reminds me of Microsoft's decision to not check the Basic Constraints >extension, treating every certificate as a CA certificate. This decision, >presumably made in to please a customer, resulted in a HUGE security hole. It wasn't a conscious decision, just bad programming. Mozilla (and no doubt some others that didn't get any publicity) did the same thing, and I'm sure they didn't get asked to do that by customers. The flaw had been known for at least five years, but no-one cared until the scaremongering in the media forced vendors to fix things (see the above comments about liability - you can get away with calling anything you like "X.509 standards-compliant", so why bother doing the job properly?). Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9U2VxkT061240 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 18:31:59 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9U2VxX1061239 for ietf-pkix-bks; Wed, 29 Oct 2003 18:31:59 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9U2VwkT061219 for <ietf-pkix@imc.org>; Wed, 29 Oct 2003 18:31:58 -0800 (PST) (envelope-from kent@bbn.com) Received: from [12.159.173.168] (ramblo.bbn.com [128.33.0.51]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id h9U2Vslo014559; Wed, 29 Oct 2003 21:31:55 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@localhost Message-Id: <p06002001bbc626ccb55d@[12.159.173.168]> In-Reply-To: <00a801c39e39$cf4a1890$791a40d5@arport> References: <001601c39e09$25d69520$4228a8c0@hagen> <01e801c39e1d$7c6cc850$651a40d5@arport> <p06002001bbc58537e2cb@[128.33.244.157]> <00a801c39e39$cf4a1890$791a40d5@arport> Date: Wed, 29 Oct 2003 21:26:12 -0500 To: "Anders Rundgren" <anders.rundgren@telia.com> From: Stephen Kent <kent@bbn.com> Subject: Re: Standards for Web-signing II Cc: <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 17:29 +0100 10/29/03, Anders Rundgren wrote: > >since you obviously don't believe the IETF creates "real standards" >>and since this topic is not a PKIX work item, I suggest you take the >>"web-sigbing" discussion elsewhere. > >As the off-list response to "web-signing" has been pretty good, I >just need to figure out where to go next. > >You did probably not read more than the first paragraph. To go >through a "real standardization process" was ONE of the stated >alternatives. > >Anders if your off-list response was so good, then you should have no trouble moving this discussion elsewhere. I read all of the traffic re the subject topic, and as I noted, it is off topic for this WG, as have been most of your messages threads. steve Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TKrRkT043915 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 12:53:27 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9TKrRQA043914 for ietf-pkix-bks; Wed, 29 Oct 2003 12:53:27 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mclean-vscan2.bah.com (mclean-vscan2.bah.com [156.80.3.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TKrNkT043895; Wed, 29 Oct 2003 12:53:26 -0800 (PST) (envelope-from chokhani@orionsec.com) Received: from mclean-vscan2.bah.com (mclean-vscan2.bah.com [156.80.3.62]) by mclean-vscan2.bah.com (8.11.0/8.11.0) with SMTP id h9TKqgM13536; Wed, 29 Oct 2003 15:52:42 -0500 (EST) Received: from mclean-mail.usae.bah.com ([156.80.5.109]) by mclean-vscan2.bah.com (NAVGW 2.5.2.12) with SMTP id M2003102915503623002 ; Wed, 29 Oct 2003 15:50:36 -0500 Received: from wchokhani ([156.80.127.102]) by mclean-mail.usae.bah.com (Netscape Messaging Server 4.15) with ESMTP id HNJDWE00.KHV; Wed, 29 Oct 2003 15:50:38 -0500 From: "Santosh Chokhani" <chokhani@orionsec.com> To: <ietf-pkix@imc.org>, <ietf-smime@imc.org> Subject: RE: Request change in son-of-rfc2633 Date: Wed, 29 Oct 2003 15:50:35 -0500 MIME-Version: 1.0 Message-ID: <006401c39e5e$4d7280d0$667f509c@hq.orionsec.com> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0060_01C39E1C.EE435990" Importance: Normal In-Reply-To: <3F9FD56A.771A262C@sun.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_0060_01C39E1C.EE435990 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Steve Hanna: I agree with you that both 3280 and X.509 require name chaining. However, the security implications and security importance of name chaining is overstated. For example, if signatures chain properly for the certificate and CRL and the relying party has appropriate means (e.g., e-mail address) to identify the subscriber, name chaining offers little in terms of security. My statement should be read purely in security (and NOT interoperability) context. -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Steve Hanna Sent: Wednesday, October 29, 2003 9:58 AM To: Peter Gutmann Cc: ejnorman@doit.wisc.edu; ietf-pkix@imc.org; ietf-smime@imc.org Subject: Re: Request change in son-of-rfc2633 Anyone who "reads the PKIX tea leaves" and thinks that it's fine to skip name chaining checks in path validation needs to have their eyes checked. RFC 3280 says in many places that name chaining MUST be checked. In section 6.1: To meet this goal, the path validation process verifies, among other things, that a prospective certification path (a sequence of n certificates) satisfies the following conditions: (a) for all x in {1, ..., n-1}, the subject of certificate x is the issuer of certificate x+1; In section 6.1.3: (a) Verify the basic certificate information. The certificate MUST satisfy each of the following: [...] (4) The certificate issuer name is the working_issuer_name. In section 4.1.2.6: If the subject is a CA (e.g., the basic constraints extension, as discussed in 4.2.1.10, is present and the value of cA is TRUE), then the subject field MUST be populated with a non-empty distinguished name matching the contents of the issuer field (section 4.1.2.4) in all certificates issued by the subject CA. RFC 2459 and X.509 both agree with this. Whatever PKI topology you use, there's no need to break name chaining. I'm sure that some customers have created PKIs where name chaining doesn't hold, but that's an error on the customer's part. You can't just turn off critical security checks to keep them happy. What's next? Don't bother checking the signature on certificates. That takes too much time! If somebody has implemented path validation without name chaining checks, then they haven't implemented it according to IETF or X.509 standards. In fact, they may have opened themselves and their customers up to security holes and perhaps even legal liability. CAs have every right to expect that certificates will be validated according to standards. Users also have a reasonable expectation of this. If someone deliberately violates the standards in a way that opens up security holes, that sounds like gross negligence to me. This reminds me of Microsoft's decision to not check the Basic Constraints extension, treating every certificate as a CA certificate. This decision, presumably made in to please a customer, resulted in a HUGE security hole. I hope that Microsoft (and anyone else who has skipped required parts of the path validation algorithm for the sake of convenience) will see that security cannot be second to user convenience. If there's a serious problem with the specs, then let's fix them. But don't just bypass things because you find it convenient. Forgive me my rant. I'm just outraged that somebody would play fast and loose with security this way. Thanks, Steve Peter Gutmann wrote: > > [Cross-posted back to S/MIME, where the thread started] > > Eric Norman <ejnorman@doit.wisc.edu> writes: > > >Is there a claim (#1 above) that you can have the DN in the subject > >of a parent's (signer's) certificate be different from (as in > >different bunch of > >bytes) the DN in the issuer of one of its offspring and yet the chain is > >still valid because the xKIDs match? > > Sure, in a spaghetti PKI (I'm using that as a generic term for a PKI > that violates the original X.509 design, i.e. with re-parenting, > arbitrary cross- certification, etc etc where issuers no longer match > subjects). For example MS apparently implemented chaining by sKID in > Windows because of user demand for this when the users broke chaining > by issuer name through spaghetti PKI design practices, and various > other implementations no doubt do similar things, depending on how > they've read the PKIX tea leaves. > > Peter. ------=_NextPart_000_0060_01C39E1C.EE435990 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIUqTCCA9Yw ggK+oAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwVTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE9yaW9u IFNlY3VyaXR5IFNvbHV0aW9uczELMAkGA1UECxMCSFExFjAUBgNVBAMTDU9yaW9uIFJvb3QgQ0Ew HhcNMDMwODEzMTcwMTI0WhcNMTMwODEwMTcwMTI0WjBVMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY T3Jpb24gU2VjdXJpdHkgU29sdXRpb25zMQswCQYDVQQLEwJIUTEWMBQGA1UEAxMNT3Jpb24gUm9v dCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOd3fg/nIELr3rAuxpkcxiAn7ayU /30RPxYBMgcvn0BJbBXBXIkTHgm3jh0TwHGQk76nqTSo1fUqpkkEcSSwEtfz1jF0QCKPHoQvNxza 5ffqH2gBSTgjpwqLA34RDxFDwcdNibIG/s6Zj2PpVDDWVBYxMbLrhKluMAfufhOMT6uyYxw+XPcU ndqy4bRo08BONIoLdoUoOsvOwHla+zPYsBnTncMEL26lnKgCQgJpcFfrQRLrM84Rlc9EmvPbU+tO 5jRfdnvJpCm8LbIcTvAwQLiM+5qr4GPTg73S+9ZMAjlaZWG/VGe5b+KtQCgDu2TPB+wtiz2csG5q YN14mFpKMdMCAwEAAaOBsDCBrTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV HQ4EFgQUvpoqeR5tpH+G2bn1P06LoHH9Mq0wHwYDVR0jBBgwFoAUvpoqeR5tpH+G2bn1P06LoHH9 Mq0wEQYJYIZIAYb4QgEBBAQDAgAHMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cub3Jpb25z ZWMuY29tL29yaW9uX3Jvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAch1imNzh8/wx6Ym3ti6FI LyJMsktilc4I5zJ6ZRrZUMye/3v9XJDIutBPb472wOwQT+OR3DTbWX8loNybf3Ew3wWzZg+D14kQ d/+rm3ZAJ3EeX67/g9XevAkrv951Q7QSucZMbbzrLqIWSkgjxJbcujNdeQsSlUz5I2Q9qYdAhg6G 85gf+GaStpaGlR5siWwJAQ/KeWrntfwNbh1P81Vmq/MovUQWPNKeM80FHcqHVVpQWasPTkGb0eW2 NOBsxGBCSQjc5QQdxPIMIuxmyVX42kGTK3O/IxI2O2QBK+pmFHEm4o+p+ekxxHekZTowPSeFXFYQ SrnpmJyfcHa2vLTpMIID1zCCAr+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJV UzEhMB8GA1UEChMYT3Jpb24gU2VjdXJpdHkgU29sdXRpb25zMQswCQYDVQQLEwJIUTEWMBQGA1UE AxMNT3Jpb24gUm9vdCBDQTAeFw0wMzA4MTQxNjQ4MzZaFw0wNDA4MTMxNjQ4MzZaMFYxCzAJBgNV BAYTAlVTMSEwHwYDVQQKExhPcmlvbiBTZWN1cml0eSBTb2x1dGlvbnMxCzAJBgNVBAsTAkhRMRcw FQYDVQQDEw5PcmlvbiBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL65 aM5ISSZ1ERaIjEaBDvZJ+U1iEEvdLoILkmuwzqrN0DMNhBwLUPJSYjGZ6xlGE5sRmDbUcFhRX0Dt p/t0lKBl0zajquPRbO5t3whqhb0h5IgIRP19NOZ9Mo/XWML2eCVmDyy6lqK5NC+Uvdhf8SjjH+P2 WCk68KmELfqXSfHoKy9gKMEH9IFyL1EqbE8DTUuFmUzg3ZIpR9UMX0Yorx4YdQRyblH4fEUDNfUu PHvRTZkyfAm8nrpsWCqOY0Q3Vl6OsfMqBaVYOORA9fDPLZLXvYc7Im3LDTAXvy+DTki2cR3rjLrO +p3POH/SoH8/9eHhNk4fX/w4FvQMv9hIonECAwEAAaOBsDCBrTAPBgNVHRMBAf8EBTADAQH/MA4G A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU+NvSaD0SiHYB9QkgqlK4n+fFAKEwHwYDVR0jBBgwFoAU vpoqeR5tpH+G2bn1P06LoHH9Mq0wEQYJYIZIAYb4QgEBBAQDAgAHMDcGA1UdHwQwMC4wLKAqoCiG Jmh0dHA6Ly93d3cub3Jpb25zZWMuY29tL29yaW9uX3Jvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IB AQDPS+PvtkWJ6V235n4Ntn5xWFgvS+GVMI3tBVid/DW2h3AxDWzKctlybc/FhO0sj7nlLXE5CQfm ocx7m3mf1DcEz83b3BJNO9Dwa0U1kNL0kAFSXb9i+jaL3ovNoZlXxOcl73dK77eEohYbioUOtglM HwXXOdbpbOPH1tX0fUr70Zp4KBczNdsQnSrbnHIe2zdNPKY5VPYonB6gxJTNxlbqcHYg56abe0En Ad0C5IoMEG13CbHfDCm9uhRC5yHfylEZMOYA644+2d73FUsIstAdwK+pyeWXSaWGwN/xgLAGE5S1 Ryihlql/q4BXxqqU8RPm90g+2aj1e+PlnlXHxLWCMIID2jCCAsKgAwIBAgIBADANBgkqhkiG9w0B AQUFADBVMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYT3Jpb24gU2VjdXJpdHkgU29sdXRpb25zMQsw CQYDVQQLEwJIUTEWMBQGA1UEAxMNT3Jpb24gUm9vdCBDQTAeFw0wMzA2MDUxNDI4NTlaFw0wNDA2 MDQxNDI4NTlaMFYxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhPcmlvbiBTZWN1cml0eSBTb2x1dGlv bnMxCzAJBgNVBAsTAkhRMRcwFQYDVQQDEw5PcmlvbiBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAL65aM5ISSZ1ERaIjEaBDvZJ+U1iEEvdLoILkmuwzqrN0DMNhBwLUPJS YjGZ6xlGE5sRmDbUcFhRX0Dtp/t0lKBl0zajquPRbO5t3whqhb0h5IgIRP19NOZ9Mo/XWML2eCVm Dyy6lqK5NC+Uvdhf8SjjH+P2WCk68KmELfqXSfHoKy9gKMEH9IFyL1EqbE8DTUuFmUzg3ZIpR9UM X0Yorx4YdQRyblH4fEUDNfUuPHvRTZkyfAm8nrpsWCqOY0Q3Vl6OsfMqBaVYOORA9fDPLZLXvYc7 Im3LDTAXvy+DTki2cR3rjLrO+p3POH/SoH8/9eHhNk4fX/w4FvQMv9hIonECAwEAAaOBszCBsDAS BgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU+NvSaD0SiHYB9Qkg qlK4n+fFAKEwHwYDVR0jBBgwFoAUvpoqeR5tpH+G2bn1P06LoHH9Mq0wEQYJYIZIAYb4QgEBBAQD AgAHMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cub3Jpb25zZWMuY29tL29yaW9uX3Jvb3Qu Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCxgp0tv87jUcjW/N8p+FgFn6+vBZQ80DhtLSYfi1KGBgQn kjXk1dgr6zPiBtfow/eyXCn7C2kErJIwwXbNv93s7N3ntpgh7DMD9A6I69zKTeMvzn4K2SCQ718s Hhk9mTKceIj7joDG6KZ7lw2COiFx/oEUehRF6i601u9h8mHJ5HPpoAD+QyzBHfkmN6njulLYmY5W 8omXRl4fPZdWu3TNRPemxY859PrZiqrVjogqXOH7ceBttkQ1PnjLxZV0PKgyiAhzgBwWf+dkjWxq NJtwJjGLntm+vVYpTbXuyY63U41rzEckGNOWdMoR8zwupTGmT1j5cNXkccGExpqnf2pbMIIEdzCC A1+gAwIBAgIBIjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYT3Jpb24g U2VjdXJpdHkgU29sdXRpb25zMQswCQYDVQQLEwJIUTEXMBUGA1UEAxMOT3Jpb24gRW1haWwgQ0Ew HhcNMDMwODE1MTgyMDM3WhcNMDQwODE0MTgyMDM3WjB+MQswCQYDVQQGEwJVUzEhMB8GA1UEChMY T3Jpb24gU2VjdXJpdHkgU29sdXRpb25zMQswCQYDVQQLEwJIUTEZMBcGA1UEAxMQU2FudG9zaCBD aG9raGFuaTEkMCIGCSqGSIb3DQEJARYVY2hva2hhbmlAb3Jpb25zZWMuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EadobvmWyC1UbtEuos8DmEK7vsk72z3USFc4MF4I71ctasT uT7n3eY0RsXK5NSrGNufwwup7ksdZAo/a6GPxiGMDOaQtJi8VaACzPUyqzZZJEKtaolcD4fS8V6O FyBdMmdMBebd0GrcNVmabvgVIm3h5Oe3sUzZxqkduueAkjMstGnBtUWG431HzM3vOTzkbHzkMoNT FgMEayhHrklyecveHOgiqhOypAiKSv5acM2vgzreh5gbHEJfqOfS56+exTAz/MrpdzvXmv0kmrwM BOtTM1rOYhyjw2yzM07lBxstBMR0DIeqpf2dZN1IHOnnGWxSqql2Gdjn9bpplVN2EQIDAQABo4IB JjCCASIwHQYDVR0OBBYEFPQLCXgNtykUjPyCwMO9MWrT0A86MB8GA1UdIwQYMBaAFPjb0mg9Eoh2 AfUJIKpSuJ/nxQChMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cub3Jpb25zZWMuY29tL29y aW9uX21haWwuY3JsMAkGA1UdEwQCMAAwQgYIKwYBBQUHAQEENjA0MDIGCCsGAQUFBzAChiZodHRw Oi8vd3d3Lm9yaW9uc2VjLmNvbS9vcmlvbl9tYWlsLmRlcjAOBgNVHQ8BAf8EBAMCBDAwEwYDVR0l BAwwCgYIKwYBBQUHAwQwEQYJYIZIAYb4QgEBBAQDAgWgMCAGA1UdEQQZMBeBFWNob2toYW5pQG9y aW9uc2VjLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAOMNwcRoKaH2+5wC7MWhDrG98bOyphlE51btw mPHS9Ob5XpJMJMlZI2kb2/4A71riaZZPcuFypMqxGIjaH7Y/Gi0aHsk7iWRMEMXiaCT2fq0WM1Wq /sDgwMYVCvOjU8s5x+4i7y4tvS/eP01qcmqz5RABM85bmZ45qypM+JV246LxYRkVpESl62+iSkcg U8hmtruiV7C8CX3yUZj//uwPH9F+7iwvSEAmH6vm4MxGxrMbo2yThsvJ6KNZ1XVlT3jtA66AhoKB h++f7KfuqJbWUaQXVuvGESCHI79DCtXVUK7YFdHQxLU1Y63NkqRYTncrHtJlqzY2kxq5B/0vnPhg 1zCCBJcwggN/oAMCAQICASEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMxITAfBgNVBAoT GE9yaW9uIFNlY3VyaXR5IFNvbHV0aW9uczELMAkGA1UECxMCSFExFzAVBgNVBAMTDk9yaW9uIEVt YWlsIENBMB4XDTAzMDgxNTE4MjAxN1oXDTA0MDgxNDE4MjAxN1owfjELMAkGA1UEBhMCVVMxITAf BgNVBAoTGE9yaW9uIFNlY3VyaXR5IFNvbHV0aW9uczELMAkGA1UECxMCSFExGTAXBgNVBAMTEFNh bnRvc2ggQ2hva2hhbmkxJDAiBgkqhkiG9w0BCQEWFWNob2toYW5pQG9yaW9uc2VjLmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLUZwZhoWYVw7zKNe5KLxQfXo0dKMKkph9MA+fN X9YPW/LEbsjqdofCRJ1F8VZalpBrlz61ITyJ7/y+W1My0n0oOJhwvdhqRxE2QUv+bOP80i7BGqIm 4/wd35ZyABDG2mt5Jj2anwXUIK1KENCo1pYxhroil3qLhtd9xPiOOjUZ2wAmNEgFwxDcQE1xsNJt J3Ro1O3VfceF53AxomEIZM300usixqnUSKbk8D8oVwUNBnMXdj+7K/0G/YJ9EPJFF5orwI1j9LE3 tdWBVY9a7WY1+ygHDMXaeYAnM2TkAuVGtWqTHTGmdNuyxsapFY7UFLtRjItA2oFb3bs/ho1tKrUC AwEAAaOCAUYwggFCMB0GA1UdDgQWBBQSo0Fab6xpwZ5BxERoEuUigr/N2zAfBgNVHSMEGDAWgBT4 29JoPRKIdgH1CSCqUrif58UAoTA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vd3d3Lm9yaW9uc2Vj LmNvbS9vcmlvbl9tYWlsLmNybDAJBgNVHRMEAjAAMEIGCCsGAQUFBwEBBDYwNDAyBggrBgEFBQcw AoYmaHR0cDovL3d3dy5vcmlvbnNlYy5jb20vb3Jpb25fbWFpbC5kZXIwDgYDVR0PAQH/BAQDAgbA MDMGA1UdJQQsMCoGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwcGCisGAQQBgjcUAgIwEQYJ YIZIAYb4QgEBBAQDAgWgMCAGA1UdEQQZMBeBFWNob2toYW5pQG9yaW9uc2VjLmNvbTANBgkqhkiG 9w0BAQUFAAOCAQEAmnUXuCAU2nzNbCAaRmH0JE1bFUr/bNPUoOHU7ATGfmk/QhiGPxaApPSU+CC8 JNgGOs6z6o/WCfKMj4srMkWjBKcFHNASw7oxsLdEj/JvIAcPVPwfV4RUBY7SU3svNPQILSYdD0LU uhryAqMlNePrDPi5LWSyJ1q4ftRtZZlJdu50UjBSPwJcOhrn4CJAzu4DHRAWNLvVZ91m7c/E6LF4 Ajj1QC8Sd2HWpgc0iQf7XAN58+7Y9fF+F6VebVeuLws2IZNPfdTvq+1kHTOCVYasbh2IqdM7ryyr z3rL0l3LOySD73mv/YU4Dt1brScFXq4hA5IcXNGvyn1gUw3HD8/cbjGCAyYwggMiAgEBMFswVjEL MAkGA1UEBhMCVVMxITAfBgNVBAoTGE9yaW9uIFNlY3VyaXR5IFNvbHV0aW9uczELMAkGA1UECxMC SFExFzAVBgNVBAMTDk9yaW9uIEVtYWlsIENBAgEhMAkGBSsOAwIaBQCgggGgMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTAyOTE4MDIzOVowIwYJKoZIhvcNAQkE MRYEFIP7hE1+uGN3xmeHJSmlKrg/ir6JMGcGCSqGSIb3DQEJDzFaMFgwCgYIKoZIhvcNAwcwBwYF Kw4DAhowDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMAoGCCqGSIb3DQIFMGoGCSsGAQQBgjcQBDFdMFswVjELMAkGA1UEBhMCVVMxITAfBgNVBAoT GE9yaW9uIFNlY3VyaXR5IFNvbHV0aW9uczELMAkGA1UECxMCSFExFzAVBgNVBAMTDk9yaW9uIEVt YWlsIENBAgEiMGwGCyqGSIb3DQEJEAILMV2gWzBWMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYT3Jp b24gU2VjdXJpdHkgU29sdXRpb25zMQswCQYDVQQLEwJIUTEXMBUGA1UEAxMOT3Jpb24gRW1haWwg Q0ECASIwDQYJKoZIhvcNAQEBBQAEggEAjbSQ8erqw5pS6KreOloSyfvzfo8dPS5+TvFy8Goou56A E3oArVrgojQr8aLGt7cGr61XvZLS8JSgHirrd4DXdekoV3+kUU5VDC3fHA/4PSPMf7jr7vCtnl/L PSHBX+e6jh+ax/paluhHmqnOqS8FkbEoPdiWxmr0uWnCq74riAIVqWYqsoJX2Uf1GTrdG+qPl2H3 2S5DsShnvVgdRpzrGnLga6eHrr8ihVeAUV9uOafF1GsRtShjw2Q0tjFxiWTiTk/vVpYWdNqMnhHw KpCw4Oq3GQ70HmMoRUWfn5U7VE2OyRXlu/cgRCnfNAjkH2vGTQG+7/qgETalEWwntRHCNwAAAAAA AA== ------=_NextPart_000_0060_01C39E1C.EE435990-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TGWlkT028217 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 08:32:47 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9TGWlM6028216 for ietf-pkix-bks; Wed, 29 Oct 2003 08:32:47 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp5.hy.skanova.net (smtp5.hy.skanova.net [195.67.199.134]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TGWjkT028210 for <ietf-pkix@imc.org>; Wed, 29 Oct 2003 08:32:46 -0800 (PST) (envelope-from anders.rundgren@telia.com) Received: from arport (t11o913p45.telia.com [213.64.28.45]) by smtp5.hy.skanova.net (8.12.10/8.12.10) with SMTP id h9TGWMc4008383; Wed, 29 Oct 2003 17:32:23 +0100 (CET) Message-ID: <00a801c39e39$cf4a1890$791a40d5@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "Stephen Kent" <kent@bbn.com> Cc: <ietf-pkix@imc.org> References: <001601c39e09$25d69520$4228a8c0@hagen> <01e801c39e1d$7c6cc850$651a40d5@arport> <p06002001bbc58537e2cb@[128.33.244.157]> Subject: Re: Standards for Web-signing II Date: Wed, 29 Oct 2003 17:29:20 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> >since you obviously don't believe the IETF creates "real standards" >and since this topic is not a PKIX work item, I suggest you take the >"web-sigbing" discussion elsewhere. As the off-list response to "web-signing" has been pretty good, I just need to figure out where to go next. You did probably not read more than the first paragraph. To go through a "real standardization process" was ONE of the stated alternatives. Anders Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TGNDkT027596 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 08:23:13 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9TGNDev027595 for ietf-pkix-bks; Wed, 29 Oct 2003 08:23:13 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout11.sul.t-online.com (mailout11.sul.t-online.com [194.25.134.85]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TGNBkT027589 for <ietf-pkix@imc.org>; Wed, 29 Oct 2003 08:23:11 -0800 (PST) (envelope-from oelmaier@sytrust.com) Received: from fwd08.aul.t-online.de by mailout11.sul.t-online.com with smtp id 1AEt6B-0007YA-01; Wed, 29 Oct 2003 17:23:07 +0100 Received: from hagen (VUfdcyZGoeXF5nFopPSwfEaUhvUSh3O-qgFSAPLA9qsKvuxM92bzZ2@[217.80.245.190]) by fmrl08.sul.t-online.com with esmtp id 1AEt68-0xHxnE0; Wed, 29 Oct 2003 17:23:04 +0100 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Anders Rundgren'" <anders.rundgren@telia.com>, "'James Jing'" <jjing@securenet.com.au>, "'Markus Lorch'" <mlorch@vt.edu>, <ietf-pkix@imc.org> Subject: RE: Standards for Web-signing II Date: Wed, 29 Oct 2003 17:23:03 +0100 Organization: SyTrust Message-ID: <000101c39e38$ee9e6120$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: <01e801c39e1d$7c6cc850$651a40d5@arport> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Seen: false X-ID: VUfdcyZGoeXF5nFopPSwfEaUhvUSh3O-qgFSAPLA9qsKvuxM92bzZ2@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > However, Identrus is a bank-controlled operation and > therefore operate in the same way as banks regarding their > technology. I.e. by acting "possessive" and most of all being > scared that a competitor would ever be able to profit on the > work done. We all know that acting "possessive" does not work really good on the internet. After all a secrect shared by more than three people isnt a secret anymore. If you need a hint at how the identrus Websigning works you may look at http://www.s-d.no/filer/manualer/Technical%20Description%203_1Rev1.pdf and read the identrus section there. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TEwfkT022926 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 06:58:41 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9TEwfpB022925 for ietf-pkix-bks; Wed, 29 Oct 2003 06:58:41 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TEwekT022918; Wed, 29 Oct 2003 06:58:40 -0800 (PST) (envelope-from steve.hanna@sun.com) Received: from sydney.East.Sun.COM ([129.148.9.16]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id h9TEwOxA001116; Wed, 29 Oct 2003 06:58:24 -0800 (PST) Received: from sun.com (dhcp-ubur02-75-161 [129.148.75.161]) by sydney.East.Sun.COM (8.11.7p1+Sun/8.11.7/ENSMAIL,v2.2) with ESMTP id h9TEwNB19615; Wed, 29 Oct 2003 09:58:23 -0500 (EST) Message-ID: <3F9FD56A.771A262C@sun.com> Date: Wed, 29 Oct 2003 09:57:46 -0500 From: Steve Hanna <steve.hanna@sun.com> X-Mailer: Mozilla 4.79 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Gutmann <pgut001@cs.auckland.ac.nz> CC: ejnorman@doit.wisc.edu, ietf-pkix@imc.org, ietf-smime@imc.org Subject: Re: Request change in son-of-rfc2633 References: <200310290337.h9T3bu208738@cs.auckland.ac.nz> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms58E8539260192E6D326EA0C4" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms58E8539260192E6D326EA0C4 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Anyone who "reads the PKIX tea leaves" and thinks that it's fine to skip name chaining checks in path validation needs to have their eyes checked. RFC 3280 says in many places that name chaining MUST be checked. In section 6.1: To meet this goal, the path validation process verifies, among other things, that a prospective certification path (a sequence of n certificates) satisfies the following conditions: (a) for all x in {1, ..., n-1}, the subject of certificate x is the issuer of certificate x+1; In section 6.1.3: (a) Verify the basic certificate information. The certificate MUST satisfy each of the following: [...] (4) The certificate issuer name is the working_issuer_name. In section 4.1.2.6: If the subject is a CA (e.g., the basic constraints extension, as discussed in 4.2.1.10, is present and the value of cA is TRUE), then the subject field MUST be populated with a non-empty distinguished name matching the contents of the issuer field (section 4.1.2.4) in all certificates issued by the subject CA. RFC 2459 and X.509 both agree with this. Whatever PKI topology you use, there's no need to break name chaining. I'm sure that some customers have created PKIs where name chaining doesn't hold, but that's an error on the customer's part. You can't just turn off critical security checks to keep them happy. What's next? Don't bother checking the signature on certificates. That takes too much time! If somebody has implemented path validation without name chaining checks, then they haven't implemented it according to IETF or X.509 standards. In fact, they may have opened themselves and their customers up to security holes and perhaps even legal liability. CAs have every right to expect that certificates will be validated according to standards. Users also have a reasonable expectation of this. If someone deliberately violates the standards in a way that opens up security holes, that sounds like gross negligence to me. This reminds me of Microsoft's decision to not check the Basic Constraints extension, treating every certificate as a CA certificate. This decision, presumably made in to please a customer, resulted in a HUGE security hole. I hope that Microsoft (and anyone else who has skipped required parts of the path validation algorithm for the sake of convenience) will see that security cannot be second to user convenience. If there's a serious problem with the specs, then let's fix them. But don't just bypass things because you find it convenient. Forgive me my rant. I'm just outraged that somebody would play fast and loose with security this way. Thanks, Steve Peter Gutmann wrote: > > [Cross-posted back to S/MIME, where the thread started] > > Eric Norman <ejnorman@doit.wisc.edu> writes: > > >Is there a claim (#1 above) that you can have the DN in the subject of a > >parent's (signer's) certificate be different from (as in different bunch of > >bytes) the DN in the issuer of one of its offspring and yet the chain is > >still valid because the xKIDs match? > > Sure, in a spaghetti PKI (I'm using that as a generic term for a PKI that > violates the original X.509 design, i.e. with re-parenting, arbitrary cross- > certification, etc etc where issuers no longer match subjects). For example > MS apparently implemented chaining by sKID in Windows because of user demand > for this when the users broke chaining by issuer name through spaghetti PKI > design practices, and various other implementations no doubt do similar > things, depending on how they've read the PKIX tea leaves. > > Peter. --------------ms58E8539260192E6D326EA0C4 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIIEAYJKoZIhvcNAQcCoIIIATCCB/0CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BeMwggKjMIICDKADAgECAgMKVAgwDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhh d3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwg RnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMzA3MTExMTAxNTFaFw0wNDA3MTAxMTAxNTFa MGgxDjAMBgNVBAQTBUhhbm5hMRUwEwYDVQQqEwxTdGVwaGVuIFJvc3MxGzAZBgNVBAMTElN0 ZXBoZW4gUm9zcyBIYW5uYTEiMCAGCSqGSIb3DQEJARYTc3RldmUuaGFubmFAc3VuLmNvbTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoxRk/abMPe7Km2EqpD2FZXzjiBGUHhIdNlIO 9W6mdCQro1xMc+sv+93UuVnIzse+XA67Tqx4g5FdoQ+PI8TQYemYSkTD9GitgU563ypu03UV 86zTJA7u9zVkNv/qL2LRKZ9BXy2Smtet+PUh3nYjMh/ZY7LQxQzmdu1Zunue+yECAwEAAaMw MC4wHgYDVR0RBBcwFYETc3RldmUuaGFubmFAc3VuLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqG SIb3DQEBBAUAA4GBAHbpX0TKiOFu1vxKc3nAOcUHwoci5kinboYrnjWcl37mMXXbBFntaYRM 9LxpGtHdPm7F4pAviKp8bnFzTU46OyUw3kNUAVGDeWYVQC76f0dDZdA313Tn88UZYa+N6O8W bO8wjKA2vg+yx79WXJCFDu+TpsG/28NKPdH42w8LEOVHMIIDODCCAqGgAwIBAgIQZkVyt8x0 9c9jdkWE0C6RATANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl c3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3Vs dGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UE AxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25h bC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAwMDgzMDAwMDAwMFoXDTA0MDgyNzIzNTk1OVow gZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg VG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEo MCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEA3jMypmPHCSVFPtJueCdngcXaiBmClw7jRCmKYzUqbXA8+tyu9+50 bzC8M5B/+TRxoKNtmPHDT6Jl2w36S/HW3WGl+YXNVZo1Gp2Sdagnrthy+boC9tewkd4c6avg GAOofENCUFGHgzzwObSbVIoTh/+zm51JZgAtCYnslGvpoWkCAwEAAaNOMEwwKQYDVR0RBCIw IKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMjk3MBIGA1UdEwEB/wQIMAYBAf8CAQAw CwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBADGxS0dd+QFx5fVTbF151j2YwCYTYoEi pxL4IpXoG0m3J3sEObr85vIk65H6vewNKjj3UFWobPcNrUwbvAP0teuiR59sogxYjTFCCRFs sBpp0SsSskBdavl50OouJd2K5PzbDR+dAvNa28o89kTqJmmHf0iezqWf54TYyWJirQXGMYIB 9TCCAfECAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQ BgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0 ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAID ClQIMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMDMxMDI5MTQ1NzQ2WjAjBgkqhkiG9w0BCQQxFgQU4GYH3SPbd16nT9xTo5bjvv/V bmMwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4D AgcwDQYIKoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYBJKLwc TwwpH14dBh0aE4gn3MRkvi2+fKiDitHUq5TeivEOYZK5rN0eXbxESLuxNnYl+Cp5zrdhvokV 8ThIbRyqfsorBhQ0P0GB7h72pEkfCxExzHBjtQsfqP6q5JMpup/zWWm3xHLbQlz9XtpGSwKo xHrTgWBxWsHAMTWnOKeeSA== --------------ms58E8539260192E6D326EA0C4-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TEv2kT022838 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 06:57:02 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9TEv2pM022837 for ietf-pkix-bks; Wed, 29 Oct 2003 06:57:02 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TEv0kT022828 for <ietf-pkix@imc.org>; Wed, 29 Oct 2003 06:57:01 -0800 (PST) (envelope-from kent@bbn.com) Received: from [128.33.244.157] (col-dhcp33-244-157.bbn.com [128.33.244.157]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id h9TEutlq006741; Wed, 29 Oct 2003 09:56:56 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po2.bbn.com Message-Id: <p06002001bbc58537e2cb@[128.33.244.157]> In-Reply-To: <01e801c39e1d$7c6cc850$651a40d5@arport> References: <001601c39e09$25d69520$4228a8c0@hagen> <01e801c39e1d$7c6cc850$651a40d5@arport> Date: Wed, 29 Oct 2003 09:56:16 -0500 To: "Anders Rundgren" <anders.rundgren@telia.com> From: Stephen Kent <kent@bbn.com> Subject: Re: Standards for Web-signing II Cc: <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 14:06 +0100 10/29/03, Anders Rundgren wrote: >I believe this is a very good opportunity to study how >"Real Standards" actually are made: > since you obviously don't believe the IETF creates "real standards" and since this topic is not a PKIX work item, I suggest you take the "web-sigbing" discussion elsewhere. Steve Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TEsjI7022729 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 06:54:45 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9TEsjDb022728 for ietf-pkix-bks; Wed, 29 Oct 2003 06:54:45 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mystic1.trustcenter.de (mystic1.trustcenter.de [193.194.157.34]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TEsgI7022720 for <ietf-pkix@imc.org>; Wed, 29 Oct 2003 06:54:43 -0800 (PST) (envelope-from schwebler@trustcenter.de) Received: (from root@localhost) by mystic1.trustcenter.de (8.11.6+Sun/8.11.6) id h9TEsRX13475; Wed, 29 Oct 2003 15:54:27 +0100 (MET) Received: from venus.trustcenter.de(192.168.202.4) by mystic1.trustcenter.de via csmap (V6.0) id srcAAAtLaquA; Wed, 29 Oct 03 15:54:26 +0100 Received: from trustcenter.de (mv-hps.trustcenter.de [192.168.200.147]) by venus.trustcenter.de (8.12.9/TC TrustCenter Mailserver) with ESMTP id h9TEsOxh013797; Wed, 29 Oct 2003 15:54:25 +0100 Message-ID: <3F9FD469.7934202D@trustcenter.de> Date: Wed, 29 Oct 2003 15:53:29 +0100 From: Hans-Peter Schwebler <schwebler@trustcenter.de> X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: James Jing <jjing@securenet.com.au> CC: Anders Rundgren <anders.rundgren@telia.com>, ietf-pkix@imc.org Subject: Re: Standards for Web-signing II References: <85DA9C6C3DD8C74F8A8611815C635F8D4151FA@AMALTHEA.securenet.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> James, Identrus defined two methods for web signing (ISPI (Identrus Signing Plugin Interface ) and ISIL (Identrus Signing Interface Library)). However, the latest version of the documentation allows for so called standalone applications (e.g. Adobe Acrobat and Microsoft Office) to use a "native" signature mechanism which, of course, needs to satisfy a couple of requirements set be Identrus. I just want to point this out. I don't want to comment on it because I am not yet sure whether I like this move or not. And Anders, yes of course, Identrus is such an organization that provides technical documents under NDA only. Unless they have changed their policy on that in the last weeks. Regards, Hans-Peter James Jing wrote: > > Identrus, a global banking PKI body, defined two methods for web > signing. One is defined as a Netscape style browser plug-in, the > other defined as an abstract Java interface. It also requires the > content that is being signed to be separately displayed, and the > digest of the content to be calculated by the "trusted subsystem". > > I personally think the best approach would be for a unified standard > to be adopted by all browsers, invocable by all common scripts like > JavaScript, regardless of what the underlying implementation of the > signature layer might be. I believe both PKCS#7 and XML standards > must be supported. Content-to-be-signed should be defined by MIME-type > so if the browser needs to popup another screen, it can be properly > display the content. Whether a separate popup should be displayed must > be determined by signature layer based on the type of key being used > to sign the content. > > Regards > James Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TD9fI7017782 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 05:09:41 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9TD9foj017781 for ietf-pkix-bks; Wed, 29 Oct 2003 05:09:41 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp1.fre.skanova.net (smtp1.fre.skanova.net [195.67.227.94]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TD9dI7017776 for <ietf-pkix@imc.org>; Wed, 29 Oct 2003 05:09:40 -0800 (PST) (envelope-from anders.rundgren@telia.com) Received: from arport (t10o913p89.telia.com [213.64.27.209]) by smtp1.fre.skanova.net (8.12.10/8.12.10) with SMTP id h9TD9bO2017768; Wed, 29 Oct 2003 14:09:37 +0100 (CET) Message-ID: <01e801c39e1d$7c6cc850$651a40d5@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "Florian Oelmaier" <oelmaier@sytrust.com>, "'James Jing'" <jjing@securenet.com.au>, "'Markus Lorch'" <mlorch@vt.edu>, <ietf-pkix@imc.org> References: <001601c39e09$25d69520$4228a8c0@hagen> Subject: Re: Standards for Web-signing II Date: Wed, 29 Oct 2003 14:06:35 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I believe this is a very good opportunity to study how "Real Standards" actually are made: If a vendor has a nice browser add-in solution that it believes is worth the title "standard", there are a number of ways to pursue this such as: - Submitting the solution as "input" to a standards process. Costly, time-consuming, and potentially dangerous as you have to give up the control (well, maybe not if you are a BIG enough vendor...) - Make the code available for free download in order to spread the solution, and blocking competing efforts. A vey popular method indeed! - Submitting the code to let's say Microsoft, Mozilla.org etc for free inclusion, and by that establishing a "de-facto" standard However, Identrus is a bank-controlled operation and therefore operate in the same way as banks regarding their technology. I.e. by acting "possessive" and most of all being scared that a competitor would ever be able to profit on the work done. A similar thing is the EMV-card that surely could replace most other PKI cards on the market, but since it is also owned by a bank-controlled entity, they will probably never make the client software downloadable, a preinstall in Windows, or make the card purchasable in small quantities on the web by anybody, and will therefore most likely fail to establish EMV as a "de-facto" standard. If bank executives ever go to the Cinema(?), or rent a video, they should take a look on the movie "A beautiful mind" while at the same time thinking on the establishment of important e-infrastructures. Unfortunately, when you get a fresh view on things, you often fail to apply it to your own backyard because that "is a different thing". But it isn't, the problems with establishing common e-standards are pretty universal and so are the "workarounds". Unless you are Microsoft and actually can do whatever you want, and most of the time it even get it to work fairly well. Anders Rundgren ----- Original Message ----- From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Anders Rundgren'" <anders.rundgren@telia.com>; "'James Jing'" <jjing@securenet.com.au>; "'Markus Lorch'" <mlorch@vt.edu>; <ietf-pkix@imc.org> Sent: Wednesday, October 29, 2003 11:41 Subject: RE: Standards for Web-signing II > >Identrus, a global banking PKI body, defined two methods for web > >signing. One is defined as a Netscape style browser plug-in, > the other > >defined as an abstract Java interface. > > The Netscape plugin interface was dropped in IE V6 and Java > does not look like an MSFT favorite. This was just a side note. Identrus defined a MIME-type to be used within an <EMBED>- or an <OBJECT>-tag to include the signing plugin into HTML-pages. What type of plugin processes this tag is not of concern to the identrus specification. Netscape plugins or IE native plugins: both plugin architectures should be able to handle the defined tag. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TAfQI7008169 for <ietf-pkix-bks@above.proper.com>; Wed, 29 Oct 2003 02:41:26 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9TAfQJ0008167 for ietf-pkix-bks; Wed, 29 Oct 2003 02:41:26 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout03.sul.t-online.com (mailout03.sul.t-online.com [194.25.134.81]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9TAfMI7008152 for <ietf-pkix@imc.org>; Wed, 29 Oct 2003 02:41:22 -0800 (PST) (envelope-from oelmaier@sytrust.com) Received: from fwd09.aul.t-online.de by mailout03.sul.t-online.com with smtp id 1AEnlL-0002lL-0I; Wed, 29 Oct 2003 11:41:15 +0100 Received: from hagen (JON6EeZEwe70HluZ323FFPROaEi9O7ckcEE5VgwBQuJOTUmh0XuNga@[80.128.88.21]) by fmrl09.sul.t-online.com with esmtp id 1AEnl9-2KtOkq0; Wed, 29 Oct 2003 11:41:03 +0100 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Anders Rundgren'" <anders.rundgren@telia.com>, "'James Jing'" <jjing@securenet.com.au>, "'Markus Lorch'" <mlorch@vt.edu>, <ietf-pkix@imc.org> Subject: RE: Standards for Web-signing II Date: Wed, 29 Oct 2003 11:41:01 +0100 Organization: SyTrust Message-ID: <001601c39e09$25d69520$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <009701c39de7$35823dc0$651a40d5@arport> Importance: Normal X-Seen: false X-ID: JON6EeZEwe70HluZ323FFPROaEi9O7ckcEE5VgwBQuJOTUmh0XuNga@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > >Identrus, a global banking PKI body, defined two methods for web > >signing. One is defined as a Netscape style browser plug-in, > the other > >defined as an abstract Java interface. > > The Netscape plugin interface was dropped in IE V6 and Java > does not look like an MSFT favorite. This was just a side note. Identrus defined a MIME-type to be used within an <EMBED>- or an <OBJECT>-tag to include the signing plugin into HTML-pages. What type of plugin processes this tag is not of concern to the identrus specification. Netscape plugins or IE native plugins: both plugin architectures should be able to handle the defined tag. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9T6fCI7043669 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 22:41:12 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9T6fCiT043668 for ietf-pkix-bks; Tue, 28 Oct 2003 22:41:12 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp1.fre.skanova.net (smtp1.fre.skanova.net [195.67.227.94]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9T6f8I7043594 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 22:41:09 -0800 (PST) (envelope-from anders.rundgren@telia.com) Received: from arport (t7o913p101.telia.com [213.64.26.101]) by smtp1.fre.skanova.net (8.12.10/8.12.10) with SMTP id h9T6ehO2008646; Wed, 29 Oct 2003 07:40:44 +0100 (CET) Message-ID: <009701c39de7$35823dc0$651a40d5@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "James Jing" <jjing@securenet.com.au>, "Markus Lorch" <mlorch@vt.edu>, <ietf-pkix@imc.org>, "Florian Oelmaier" <oelmaier@sytrust.com> References: <85DA9C6C3DD8C74F8A8611815C635F8D4151FA@AMALTHEA.securenet.com.au> Subject: Re: Standards for Web-signing II Date: Wed, 29 Oct 2003 07:37:40 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> >Identrus, a global banking PKI body, defined two methods for >web signing. One is defined as a Netscape style >browser plug-in, the other defined as an abstract Java interface. The Netscape plugin interface was dropped in IE V6 and Java does not look like an MSFT favorite. This was just a side note. >It also requires the content that is being signed to be >separately displayed, and the digest of the content to be >calculated by the "trusted subsystem". Identrus, is I guess one of these parties requiring NDA? >I personally think the best approach would be for a unified standard to >be adopted by all browsers, invocable by all common scripts like >JavaScript, regardless of what the underlying implementation of the >signature layer might be. >I believe both PKCS#7 and XML standards >must be supported. Content-to-be-signed should be defined by >MIME-type so if the browser needs to popup another screen, it >can be properly display the content. Whether a separate popup >should be displayed must be determined by signature layer based >on the type of key being used to sign the content. I agree! Although I do believe on-line signing is still a field that needs a little more research as it is really very different to off-line. Anders Regards James -----Original Message----- From: Anders Rundgren [mailto:anders.rundgren@telia.com] Sent: Wednesday, 29 October 2003 6:59 AM To: Markus Lorch; ietf-pkix@imc.org Subject: Re: Standards for Web-signing II Markus, XML Signature standard essentially define something like CMS/PKCS #7 in XML. The standard "talks" about the signing process but does not define any interface between the browser and the signature requester which is what is needed among many things in order to achieve a web-signing standard. But this one is just for starters, the browser-interface for on-line certfication processes (which seem to be the future) is also not standardized. MSFT's Xenroll has no implementation in Mozilla or Netscape. Few serious systems for this reason build on Xenroll but rather on proprietary solutions. Xenroll is also in my opinion an unsatisfactory solution as the GUI should be the same for each CA rather than all over the map. rgds Anders ----- Original Message ----- From: "Markus Lorch" <mlorch@vt.edu> To: "'Anders Rundgren'" <anders.rundgren@telia.com>; <ietf-pkix@imc.org> Sent: Tuesday, October 28, 2003 20:01 Subject: RE: Standards for Web-signing II Anders, isn't the XML Signature a standard that can be used for this see Mark Bartel et al, "XML Signature Syntax and Processing", World Wide Web Consortium Recommendation, February 2002 Markus > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Anders Rundgren > Sent: Tuesday, October 28, 2003 8:47 AM > To: pki-tc@lists.oasis-open.org; ietf-pkix@imc.org; ietf-smime@imc.org > Subject: Standards for Web-signing II > > > > The answer to my earlier request seems to be: > > There are apparently no standards and nothing in the works either > with respect to signing on-line data on the web using > Internet browsers. > > Since web-signing is today [*] used by many, many, more people > and organizations than there are users of signed e-email, I > remain puzzled. > > Is the PKI community really just a bunch of "nerds", mostly > out of touch with the needs of the market? The question is open. > > *] Like Scandinavian banks having > 0.5M of users. > All current systems rely on entirely proprietary mechanisms. > Most of the vendors even require NDAs for getting the documentation. > > Anders Rundgren > > > ----- Original Message ----- > From: "Anders Rundgren" <anders.rundgren@telia.com> > To: <pki-tc@lists.oasis-open.org>; <ietf-pkix@imc.org>; > <ietf-smime@imc.org> > Sent: Tuesday, September 02, 2003 14:07 > Subject: [pki-tc] Standards for Web-signing > > > Folks, > I just wanted to know the status of possible standardization > efforts regarding signing on-line forms etc. on web. As web-signing > is a core function of many e-governments when communicating > with their citizens it seems that this should be standardized if > not already is. > > Pointers are welcome. Off-list or on-list. > > rgds > Anders Rundgren > > To unsubscribe from this mailing list (and be removed from > the roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/le ave_workgroup.php. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9T3ZhI7021502 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 19:35:43 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9T3ZhHg021501 for ietf-pkix-bks; Tue, 28 Oct 2003 19:35:43 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9T3ZfI7021494; Tue, 28 Oct 2003 19:35:42 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h9T3Zfo9008396; Wed, 29 Oct 2003 16:35:41 +1300 Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h9T3bu208738; Wed, 29 Oct 2003 16:37:56 +1300 Date: Wed, 29 Oct 2003 16:37:56 +1300 Message-Id: <200310290337.h9T3bu208738@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ejnorman@doit.wisc.edu, ietf-pkix@imc.org Subject: RE: Request change in son-of-rfc2633 Cc: ietf-smime@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> [Cross-posted back to S/MIME, where the thread started] Eric Norman <ejnorman@doit.wisc.edu> writes: >Is there a claim (#1 above) that you can have the DN in the subject of a >parent's (signer's) certificate be different from (as in different bunch of >bytes) the DN in the issuer of one of its offspring and yet the chain is >still valid because the xKIDs match? Sure, in a spaghetti PKI (I'm using that as a generic term for a PKI that violates the original X.509 design, i.e. with re-parenting, arbitrary cross- certification, etc etc where issuers no longer match subjects). For example MS apparently implemented chaining by sKID in Windows because of user demand for this when the users broke chaining by issuer name through spaghetti PKI design practices, and various other implementations no doubt do similar things, depending on how they've read the PKIX tea leaves. Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9T0bBI7014329 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 16:37:11 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9T0bBvH014328 for ietf-pkix-bks; Tue, 28 Oct 2003 16:37:11 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9T0b9I7014323 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 16:37:10 -0800 (PST) (envelope-from oelmaier@sytrust.com) Received: from fwd09.aul.t-online.de by mailout09.sul.t-online.com with smtp id 1AEeKl-00080C-00; Wed, 29 Oct 2003 01:37:11 +0100 Received: from hagen (STC2kyZOreXEk1n2ub+BZnZQjBbTpEj91VD9J1ISav7mTuYA7vIF8E@[80.128.82.93]) by fmrl09.sul.t-online.com with esmtp id 1AEeKe-0Mc8NU0; Wed, 29 Oct 2003 01:37:04 +0100 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Markus Lorch'" <mlorch@vt.edu>, "'Anders Rundgren'" <anders.rundgren@telia.com>, <ietf-pkix@imc.org> Subject: RE: Standards for Web-signing II Date: Wed, 29 Oct 2003 01:37:05 +0100 Organization: SyTrust Message-ID: <00ee01c39db4$c7396f50$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: <017201c39d85$dc447130$6e00a8c0@voyager> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal X-Seen: false X-ID: STC2kyZOreXEk1n2ub+BZnZQjBbTpEj91VD9J1ISav7mTuYA7vIF8E@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > Folks, > > I just wanted to know the status of possible > standardization efforts > > regarding signing on-line forms etc. on web. As > web-signing is a core > > function of many e-governments when communicating with > their citizens > > it seems that this should be standardized if not already is. > > > > Pointers are welcome. Off-list or on-list. Most products out there are more or less compliant with the identrus specifications for websigning (ISIL & ISPI). These specifications are not openly available but from a technical point of view these specs are not limited to identrus usage. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SN47I7010688 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 15:04:07 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9SN471n010687 for ietf-pkix-bks; Tue, 28 Oct 2003 15:04:07 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from figg.securenet.com.au (ns2.isecure.com.au [202.125.4.72]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SN42I7010675 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 15:04:05 -0800 (PST) (envelope-from jjing@securenet.com.au) Received: from iron.securenet.com.au (iron.isecure.com.au [202.125.4.94] (may be forged)) by figg.securenet.com.au (8.12.3/8.12.3/Debian-6.6) with ESMTP id h9SN3ood015939; Wed, 29 Oct 2003 10:03:50 +1100 Received: (from uucp@localhost) by iron.securenet.com.au (8.12.6/8.12.6) id h9SN3ovH025658; Wed, 29 Oct 2003 10:03:50 +1100 (EST) Received: from nodnsquery(10.11.3.10) by iron.securenet.com.au via csmap (V6.0) id srcAAAw0aihY; Wed, 29 Oct 03 10:03:50 +1100 Received: from atlas.securenet.com.au (localhost [127.0.0.1]) by gibbons.securenet.com.au (8.12.3/8.12.3/Debian-7woody) with ESMTP id h9SN3nHT007369; Wed, 29 Oct 2003 10:03:49 +1100 Received: from AMALTHEA.securenet.com.au ([192.168.100.30]) by atlas.securenet.com.au with Microsoft SMTPSVC(5.0.2195.4905); Wed, 29 Oct 2003 10:03:32 +1100 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Standards for Web-signing II X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Wed, 29 Oct 2003 10:02:20 +1100 Message-ID: <85DA9C6C3DD8C74F8A8611815C635F8D4151FA@AMALTHEA.securenet.com.au> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Standards for Web-signing II Thread-Index: AcOdoQUovlAiDSCVQYitPD4AmH6OXQABNLoQ From: "James Jing" <jjing@securenet.com.au> To: "Anders Rundgren" <anders.rundgren@telia.com>, "Markus Lorch" <mlorch@vt.edu>, <ietf-pkix@imc.org> X-OriginalArrivalTime: 28 Oct 2003 23:03:32.0421 (UTC) FILETIME=[B55A7750:01C39DA7] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9SN45I7010683 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Identrus, a global banking PKI body, defined two methods for web signing. One is defined as a Netscape style browser plug-in, the other defined as an abstract Java interface. It also requires the content that is being signed to be separately displayed, and the digest of the content to be calculated by the "trusted subsystem". I personally think the best approach would be for a unified standard to be adopted by all browsers, invocable by all common scripts like JavaScript, regardless of what the underlying implementation of the signature layer might be. I believe both PKCS#7 and XML standards must be supported. Content-to-be-signed should be defined by MIME-type so if the browser needs to popup another screen, it can be properly display the content. Whether a separate popup should be displayed must be determined by signature layer based on the type of key being used to sign the content. Regards James -----Original Message----- From: Anders Rundgren [mailto:anders.rundgren@telia.com] Sent: Wednesday, 29 October 2003 6:59 AM To: Markus Lorch; ietf-pkix@imc.org Subject: Re: Standards for Web-signing II Markus, XML Signature standard essentially define something like CMS/PKCS #7 in XML. The standard "talks" about the signing process but does not define any interface between the browser and the signature requester which is what is needed among many things in order to achieve a web-signing standard. But this one is just for starters, the browser-interface for on-line certfication processes (which seem to be the future) is also not standardized. MSFT's Xenroll has no implementation in Mozilla or Netscape. Few serious systems for this reason build on Xenroll but rather on proprietary solutions. Xenroll is also in my opinion an unsatisfactory solution as the GUI should be the same for each CA rather than all over the map. rgds Anders ----- Original Message ----- From: "Markus Lorch" <mlorch@vt.edu> To: "'Anders Rundgren'" <anders.rundgren@telia.com>; <ietf-pkix@imc.org> Sent: Tuesday, October 28, 2003 20:01 Subject: RE: Standards for Web-signing II Anders, isn't the XML Signature a standard that can be used for this see Mark Bartel et al, "XML Signature Syntax and Processing", World Wide Web Consortium Recommendation, February 2002 Markus > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Anders Rundgren > Sent: Tuesday, October 28, 2003 8:47 AM > To: pki-tc@lists.oasis-open.org; ietf-pkix@imc.org; ietf-smime@imc.org > Subject: Standards for Web-signing II > > > > The answer to my earlier request seems to be: > > There are apparently no standards and nothing in the works either > with respect to signing on-line data on the web using > Internet browsers. > > Since web-signing is today [*] used by many, many, more people > and organizations than there are users of signed e-email, I > remain puzzled. > > Is the PKI community really just a bunch of "nerds", mostly > out of touch with the needs of the market? The question is open. > > *] Like Scandinavian banks having > 0.5M of users. > All current systems rely on entirely proprietary mechanisms. > Most of the vendors even require NDAs for getting the documentation. > > Anders Rundgren > > > ----- Original Message ----- > From: "Anders Rundgren" <anders.rundgren@telia.com> > To: <pki-tc@lists.oasis-open.org>; <ietf-pkix@imc.org>; > <ietf-smime@imc.org> > Sent: Tuesday, September 02, 2003 14:07 > Subject: [pki-tc] Standards for Web-signing > > > Folks, > I just wanted to know the status of possible standardization > efforts regarding signing on-line forms etc. on web. As web-signing > is a core function of many e-governments when communicating > with their citizens it seems that this should be standardized if > not already is. > > Pointers are welcome. Off-list or on-list. > > rgds > Anders Rundgren > > To unsubscribe from this mailing list (and be removed from > the roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/le ave_workgroup.php. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SKiaI7004092 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 12:44:36 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9SKiaFP004091 for ietf-pkix-bks; Tue, 28 Oct 2003 12:44:36 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SKiWI7004086 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 12:44:32 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA25364; Tue, 28 Oct 2003 15:44:22 -0500 (EST) Message-Id: <200310282044.PAA25364@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-sonof3039-02.txt Date: Tue, 28 Oct 2003 15:44:22 -0500 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure:Qualified Certificates Profile Author(s) : S. Santesson, M. Nystrom Filename : draft-ietf-pkix-sonof3039-02.txt Pages : 35 Date : 2003-10-28 This document forms a certificate profile, based on RFC 3280, for dentity certificates issued to physical persons. The goal of this document is to define a general syntax independent of local legal requirements. The profile is however designed to allow further profiling in order to meet specific local needs. The profile defines specific conventions for certificates that are qualified within a defined legal framework, named Qualified Certificates. The profile does however not define any legal requirements for such Qualified Certificates. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-sonof3039-02.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-sonof3039-02.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-sonof3039-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-10-28155813.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-sonof3039-02.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-sonof3039-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-10-28155813.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SK22I7002189 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 12:02:02 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9SK22YG002188 for ietf-pkix-bks; Tue, 28 Oct 2003 12:02:02 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp5.hy.skanova.net (smtp5.hy.skanova.net [195.67.199.134]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SK21I7002182 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 12:02:02 -0800 (PST) (envelope-from anders.rundgren@telia.com) Received: from arport (t7o913p99.telia.com [213.64.26.99]) by smtp5.hy.skanova.net (8.12.10/8.12.10) with SMTP id h9SK21o5001185; Tue, 28 Oct 2003 21:02:01 +0100 (CET) Message-ID: <003b01c39d8d$edcadb30$721a40d5@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "Markus Lorch" <mlorch@vt.edu>, <ietf-pkix@imc.org> References: <017201c39d85$dc447130$6e00a8c0@voyager> Subject: Re: Standards for Web-signing II Date: Tue, 28 Oct 2003 20:58:59 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Markus, XML Signature standard essentially define something like CMS/PKCS #7 in XML. The standard "talks" about the signing process but does not define any interface between the browser and the signature requester which is what is needed among many things in order to achieve a web-signing standard. But this one is just for starters, the browser-interface for on-line certfication processes (which seem to be the future) is also not standardized. MSFT's Xenroll has no implementation in Mozilla or Netscape. Few serious systems for this reason build on Xenroll but rather on proprietary solutions. Xenroll is also in my opinion an unsatisfactory solution as the GUI should be the same for each CA rather than all over the map. rgds Anders ----- Original Message ----- From: "Markus Lorch" <mlorch@vt.edu> To: "'Anders Rundgren'" <anders.rundgren@telia.com>; <ietf-pkix@imc.org> Sent: Tuesday, October 28, 2003 20:01 Subject: RE: Standards for Web-signing II Anders, isn't the XML Signature a standard that can be used for this see Mark Bartel et al, "XML Signature Syntax and Processing", World Wide Web Consortium Recommendation, February 2002 Markus > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Anders Rundgren > Sent: Tuesday, October 28, 2003 8:47 AM > To: pki-tc@lists.oasis-open.org; ietf-pkix@imc.org; ietf-smime@imc.org > Subject: Standards for Web-signing II > > > > The answer to my earlier request seems to be: > > There are apparently no standards and nothing in the works either > with respect to signing on-line data on the web using > Internet browsers. > > Since web-signing is today [*] used by many, many, more people > and organizations than there are users of signed e-email, I > remain puzzled. > > Is the PKI community really just a bunch of "nerds", mostly > out of touch with the needs of the market? The question is open. > > *] Like Scandinavian banks having > 0.5M of users. > All current systems rely on entirely proprietary mechanisms. > Most of the vendors even require NDAs for getting the documentation. > > Anders Rundgren > > > ----- Original Message ----- > From: "Anders Rundgren" <anders.rundgren@telia.com> > To: <pki-tc@lists.oasis-open.org>; <ietf-pkix@imc.org>; > <ietf-smime@imc.org> > Sent: Tuesday, September 02, 2003 14:07 > Subject: [pki-tc] Standards for Web-signing > > > Folks, > I just wanted to know the status of possible standardization > efforts regarding signing on-line forms etc. on web. As web-signing > is a core function of many e-governments when communicating > with their citizens it seems that this should be standardized if > not already is. > > Pointers are welcome. Off-list or on-list. > > rgds > Anders Rundgren > > To unsubscribe from this mailing list (and be removed from > the roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/le ave_workgroup.php. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SJ1II7099585 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 11:01:18 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9SJ1Iw5099583 for ietf-pkix-bks; Tue, 28 Oct 2003 11:01:18 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.162.213]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SJ1GI7099578 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 11:01:17 -0800 (PST) (envelope-from mlorch@vt.edu) Received: from vivi.cc.vt.edu (IDENT:mirapoint@evil-vivi [10.1.1.12]) by lennier.cc.vt.edu (8.12.8/8.12.8) with ESMTP id h9SJ1IxY226186; Tue, 28 Oct 2003 14:01:18 -0500 (EST) Received: from voyager (zuni.cs.vt.edu [128.173.54.49]) by vivi.cc.vt.edu (Mirapoint Messaging Server MOS 3.3.7-GR) with ESMTP id BWO52500; Tue, 28 Oct 2003 14:01:16 -0500 (EST) From: "Markus Lorch" <mlorch@vt.edu> To: "'Anders Rundgren'" <anders.rundgren@telia.com>, <ietf-pkix@imc.org> Subject: RE: Standards for Web-signing II Date: Tue, 28 Oct 2003 14:01:14 -0500 Message-ID: <017201c39d85$dc447130$6e00a8c0@voyager> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 In-reply-to: <00e401c39d59$ed8396a0$381b40d5@arport> X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Anders, isn't the XML Signature a standard that can be used for this see Mark Bartel et al, "XML Signature Syntax and Processing", World Wide Web Consortium Recommendation, February 2002 Markus > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Anders Rundgren > Sent: Tuesday, October 28, 2003 8:47 AM > To: pki-tc@lists.oasis-open.org; ietf-pkix@imc.org; ietf-smime@imc.org > Subject: Standards for Web-signing II > > > > The answer to my earlier request seems to be: > > There are apparently no standards and nothing in the works either > with respect to signing on-line data on the web using > Internet browsers. > > Since web-signing is today [*] used by many, many, more people > and organizations than there are users of signed e-email, I > remain puzzled. > > Is the PKI community really just a bunch of "nerds", mostly > out of touch with the needs of the market? The question is open. > > *] Like Scandinavian banks having > 0.5M of users. > All current systems rely on entirely proprietary mechanisms. > Most of the vendors even require NDAs for getting the documentation. > > Anders Rundgren > > > ----- Original Message ----- > From: "Anders Rundgren" <anders.rundgren@telia.com> > To: <pki-tc@lists.oasis-open.org>; <ietf-pkix@imc.org>; > <ietf-smime@imc.org> > Sent: Tuesday, September 02, 2003 14:07 > Subject: [pki-tc] Standards for Web-signing > > > Folks, > I just wanted to know the status of possible standardization > efforts regarding signing on-line forms etc. on web. As web-signing > is a core function of many e-governments when communicating > with their citizens it seems that this should be standardized if > not already is. > > Pointers are welcome. Off-list or on-list. > > rgds > Anders Rundgren > > To unsubscribe from this mailing list (and be removed from > the roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/le ave_workgroup.php. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SHi6I7096608 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 09:44:06 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9SHi6S9096607 for ietf-pkix-bks; Tue, 28 Oct 2003 09:44:06 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SHi4I7096602 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 09:44:05 -0800 (PST) (envelope-from Peter.Sylvester@EdelWeb.fr) Received: from chandon.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id SAA08263; Tue, 28 Oct 2003 18:44:03 +0100 (MET) Received: from chandon.edelweb.fr (chandon.edelweb.fr [193.51.14.162]) by edelweb.fr (nospam/1.7); Tue, 28 Oct 2003 18:44:03 +0100 (MET) Received: (from peter@localhost) by chandon.edelweb.fr (8.11.7p1+Sun/8.11.7) id h9SHhw419224; Tue, 28 Oct 2003 18:43:58 +0100 (MET) Date: Tue, 28 Oct 2003 18:43:58 +0100 (MET) From: Peter Sylvester <Peter.Sylvester@EdelWeb.fr> Message-Id: <200310281743.h9SHhw419224@chandon.edelweb.fr> To: kent@bbn.com, ietf-pkix@imc.org, trevorf@windows.microsoft.com Subject: RE: SCVP additions X-Sun-Charset: US-ASCII Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> hello, It would be nice to hear whether all or which comments about SCVP have been addressed. Unless I have overlooked something, my remarks about the definitions of requestor and responder have not received any treatment. I simplify the content of my comments: requestor and responder should be GENERALNAMES which indicate and identify in global the partipating parties. IMO Using arbitrary octets with only LOCAL significance is not compatible with the procedure to detect loops. 4.6 indicates the there MUST NOt be null characters, something which is explicitly allowed for a server acting as a relay. What is the sense of 4.7? The responder field is never used anywhere in the actual protocol, what is the meaning of such an opaque value? 4.8.5 What is the reason of having an additional octet string encapsulation instead of an any defined by construct? Is it that some tools may break decodeing when they find an OID that is not known? If so, whay are there ANY DEFINED BYs at other places? can someone indicate me how a relay would return the response of the next server to a client as part of his response? regards Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SEVCI7084074 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 06:31:12 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9SEVCVk084073 for ietf-pkix-bks; Tue, 28 Oct 2003 06:31:12 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SEV7I7084064 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 06:31:07 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA23475; Tue, 28 Oct 2003 09:30:56 -0500 (EST) Message-Id: <200310281430.JAA23475@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-scvp-13.txt Date: Tue, 28 Oct 2003 09:30:56 -0500 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Simple Certificate Validation Protocol (SCVP) Author(s) : A. Malpani, R. Housley, T. Freeman Filename : draft-ietf-pkix-scvp-13.txt Pages : 49 Date : 2003-10-27 SCVP allows a client to offload certificate handling to a server. The server can provide the client with a variety of valuable information about the certificate, such as whether the certificate is valid, a certification path to a trust anchor, and revocation status. SCVP has many purposes, including simplifying client implementations and allowing companies to centralize trust and policy management. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-13.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-scvp-13.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-scvp-13.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-10-28095041.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-scvp-13.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-scvp-13.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-10-28095041.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SEV1I7084057 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 06:31:01 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9SEV1dI084056 for ietf-pkix-bks; Tue, 28 Oct 2003 06:31:01 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SEUxI7084047 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 06:31:00 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA23458; Tue, 28 Oct 2003 09:30:50 -0500 (EST) Message-Id: <200310281430.JAA23458@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-sim-01.txt Date: Tue, 28 Oct 2003 09:30:49 -0500 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Subject Identification Method (SIM) Author(s) : J. Park Filename : draft-ietf-pkix-sim-01.txt Pages : 12 Date : 2003-10-27 This document provides the new straightforward approach to generate and verify unique information for identifying of the certificate subject. A Virtual ID(VID) may be put into the 'othername' field of the X.509 subjectAltName certificate extension to make provisions for identifying the subject. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-sim-01.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-sim-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-sim-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-10-28095028.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-sim-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-sim-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-10-28095028.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SDntI7081342 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 05:49:55 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9SDntMw081341 for ietf-pkix-bks; Tue, 28 Oct 2003 05:49:55 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp5.hy.skanova.net (smtp5.hy.skanova.net [195.67.199.134]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SDnqI7081325; Tue, 28 Oct 2003 05:49:53 -0800 (PST) (envelope-from anders.rundgren@telia.com) Received: from arport (t8o913p105.telia.com [213.64.26.225]) by smtp5.hy.skanova.net (8.12.10/8.12.10) with SMTP id h9SDndo5010131; Tue, 28 Oct 2003 14:49:40 +0100 (CET) Message-ID: <00e401c39d59$ed8396a0$381b40d5@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: <pki-tc@lists.oasis-open.org>, <ietf-pkix@imc.org>, <ietf-smime@imc.org> References: <001501c37153$4ff1d960$0500a8c0@arport> Subject: Standards for Web-signing II Date: Tue, 28 Oct 2003 14:46:37 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The answer to my earlier request seems to be: There are apparently no standards and nothing in the works either with respect to signing on-line data on the web using Internet browsers. Since web-signing is today [*] used by many, many, more people and organizations than there are users of signed e-email, I remain puzzled. Is the PKI community really just a bunch of "nerds", mostly out of touch with the needs of the market? The question is open. *] Like Scandinavian banks having > 0.5M of users. All current systems rely on entirely proprietary mechanisms. Most of the vendors even require NDAs for getting the documentation. Anders Rundgren ----- Original Message ----- From: "Anders Rundgren" <anders.rundgren@telia.com> To: <pki-tc@lists.oasis-open.org>; <ietf-pkix@imc.org>; <ietf-smime@imc.org> Sent: Tuesday, September 02, 2003 14:07 Subject: [pki-tc] Standards for Web-signing Folks, I just wanted to know the status of possible standardization efforts regarding signing on-line forms etc. on web. As web-signing is a core function of many e-governments when communicating with their citizens it seems that this should be standardized if not already is. Pointers are welcome. Off-list or on-list. rgds Anders Rundgren To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/leave_workgroup.php. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SCObI7077250 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 04:24:37 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9SCOax3077249 for ietf-pkix-bks; Tue, 28 Oct 2003 04:24:36 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail-dub.microsoft.com (mail-dub.microsoft.com [213.199.128.160]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SCOYI7077228 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 04:24:34 -0800 (PST) (envelope-from stefans@microsoft.com) Received: from dub-imc-01.europe.corp.microsoft.com ([65.53.196.35]) by mail-dub.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 28 Oct 2003 12:24:28 +0000 Received: from 65.53.196.35 by dub-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 28 Oct 2003 12:24:28 -0000 Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by dub-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 28 Oct 2003 12:24:27 +0000 X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary" Subject: Finalizing sonOfRFC3039 Date: Tue, 28 Oct 2003 12:23:10 -0000 Message-ID: <0C3042E92D8A714783E2C44AB9936E1D766E56@EUR-MSG-03.europe.corp.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Finalizing sonOfRFC3039 Thread-Index: AcOdTj//uIo8VUwURhOp4GIujLpe0g== From: "Stefan Santesson" <stefans@microsoft.com> To: <ietf-pkix@imc.org> Cc: "Tim Polk" <tim.polk@nist.gov>, "Nystrom, Magnus" <magnus@rsasecurity.com> X-OriginalArrivalTime: 28 Oct 2003 12:24:27.0873 (UTC) FILETIME=[6E38C510:01C39D4E] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------InterScan_NT_MIME_Boundary Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C39D4E.6E308D7D" ------_=_NextPart_001_01C39D4E.6E308D7D Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable All, =20 It is time to close the son of RFC 3039 work item and move on. A new draft was submitted before the cut-off 09.00 yesterday and will hopefully appear on the IETF PKIX web soon. =20 In this mail I will summarize the edits that has been done to this document since RFC 3039. It is my hope that any issues that anyone may have with this update can be resolved during IETF in Minneapolis by either direct discussions or e-mail. =20 /Stefan =20 Background: =20 RFC 3039 is widely adopted and referenced throughout Europe as RFC 3039 together with the ETSI standard TS 101 862 is the common profile for issuing Qualified Certificates (QC). TS 101862 defines how to comply with the European electronic signature directive and RFC 3039 forms the base profile on which TS 101862 is based. RFC 3039, however is widely used also for non-QC where TS 101862 doesn't apply. =20 This year ETSI initiated a work item (STF 220 Task 3) to further harmonize public certificates issued to physical persons in Europe. The deliverables are to: - Contribute to the update of RFC 3039 - Update TS 101862 - Generate new Technical Specification (TS 102 280) based on the updated standards above. =20 The new standard TS 102280 is intended as a generic ID-certificate profile recognized throughout EU CA:s and service providers. A first draft of TS 102280 has been produced and can be obtained by me upon request. =20 Updates to RFC 3039 =20 As stated above, it is important to finalize son of RFC 3039 in order to finalize TS 102280 within its time frame (publication in April 04) STF 220 Task 3 has produced, as part of its work, input to the update of RFC 3039 (included below) that has been circulated among CA:s and application providers mainly in Europe. =20 Summary of updates are: - Various editorial updates of document scope and introductory sections - Reference updates (e.g. changed RFC 2459 to RFC 3280) - domainComponent attribute added to subject field attribute list - title attribute added to subject field attribute list - postalAddress removed from subject field attribute list - title removed from subjectDirectoryAttribute extension attribute list - Key usage: Recommendation that NR SHOULD be exclusive if set has been removed - Scope update of qcStatements extension =20 It is important to note that NO syntax changes has been made to the document. =20 Further actions before producing RFC: - finalize reference updates (X.509 is still old reference) - Finalize ASN.1 parts (get new assigned numbers) =20 =20 Recommendations from ETSI STF 220 Task 3 =20 Following is the section 2 from the STF 220 Task 3 requirements document. The whole document can be obtained from me upon request. =20 2 Recommendations on RFC 3039 updates=20 As part of this task, STF will seek to influence the update of RFC 3039 to adapt the following changes: =20 2.1 Scope RFC 3039 defines a number of aspects that are generic for both Qualified Certificates as well as certificates to physical persons that are not "Qualified". Examples are defined attributes, biometricInfo extension, and aspects of the qcStatements extension. The scope of RFC 3039 should be updated to more clearly reflect this reality, as well as other proposed changes to the profile. =20 2.2 References References need to be updated. E.g. from RFC 2459 to RFC 3280 =20 2.3 Key usage As a result of generalizing RFC 3039, the current requirement of having non-repudiation exclusive if set, becomes too specific and cause confusion in term of for which cases this applies and which cases it does not. This has shown to diminish the use of other functions of RFC 3039 in certificates where RFC 3039 in general applies, but this paragraph does not. =20 =20 2.4 Subject field The set of attributes should be updated. =20 postalAddress should be removed from the list of attributes in the subject field and title attribute should be included and removed from the subjectDirectoryAttributes extension. =20 PostalAddress is not supported by RFC 3280 for use in the subject field and no records of its use in the subject field in public certificates, as a distinguishing attribute, has been encountered. It is also a structured attribute and therefore not appropriate for use as an RDN.=20 =20 Title on the other hand is frequently used. The common place to put this attribute is in the subject field. Since we recommend against use of the subjectDirectoryAttribute extension, the recommended location of the title attribute should be in the subject field. =20 domainComponent attribute should be added to the list of distingushing subject attributes. This attribute is commonly used in Subject field, primary as alternative to Country and Organization. =20 2.5 qcStatements extension The defined scope of this extension should be considered for update and adaptation to its current and potential use. =20 The important thing is thus to preserve the syntax of the qcStatements extension in order to secure backwards compatibility.=20 =20 ------_=_NextPart_001_01C39D4E.6E308D7D Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)"> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"State"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"City"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"place"/> <!--[if !mso]> <style> st1\:*{behavior:url(#default#ieooui) } </style> <![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:Arial; color:windowtext;} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 70.85pt 70.85pt;} div.Section1 {page:Section1;} /* List Definitions */ @list l0 {mso-list-id:337537144; mso-list-type:hybrid; mso-list-template-ids:1206391600 -2061464258 67698691 67698693 67698689 = 67698691 67698693 67698689 67698691 67698693;} @list l0:level1 {mso-level-start-at:0; mso-level-number-format:bullet; mso-level-text:-; mso-level-tab-stop:36.0pt; mso-level-number-position:left; text-indent:-18.0pt; font-family:Arial; mso-fareast-font-family:"Times New Roman";} @list l1 {mso-list-id:887566121; mso-list-type:hybrid; mso-list-template-ids:597996132 -2061464258 67698691 67698693 67698689 = 67698691 67698693 67698689 67698691 67698693;} @list l1:level1 {mso-level-start-at:0; mso-level-number-format:bullet; mso-level-text:-; mso-level-tab-stop:36.0pt; mso-level-number-position:left; text-indent:-18.0pt; font-family:Arial; mso-fareast-font-family:"Times New Roman";} ol {margin-bottom:0cm;} ul {margin-bottom:0cm;} --> </style> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>All,<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>It is time to close the son of RFC 3039 work item and = move on.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>A new draft was submitted before the cut-off 09.00 = yesterday and will hopefully appear on the IETF PKIX web = soon.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>In this mail I will summarize the edits that has been = done to this document since RFC 3039.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>It is my hope that any issues that anyone may have = with this update can be resolved during IETF in <st1:City w:st=3D"on"><st1:place = w:st=3D"on">Minneapolis</st1:place></st1:City> by either direct discussions or e-mail.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>/Stefan<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><b><u><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial;font-weight:bold'>Background:<o:p></o:p></span></font><= /u></b></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>RFC 3039 is widely adopted and referenced throughout = Europe as RFC 3039 together with the ETSI standard TS 101 862 is the = common profile for issuing Qualified Certificates (QC).<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>TS 101862 defines how to comply with the European = electronic signature directive and RFC 3039 forms the base profile on which TS = 101862 is based.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>RFC 3039, however is widely used also for non-QC = where TS 101862 doesn’t apply.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>This year ETSI initiated a work item (STF 220 Task 3) = to further harmonize public certificates issued to physical persons in = <st1:place w:st=3D"on">Europe</st1:place>. The deliverables are = to:<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l1 level1 = lfo1'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Contribute to the update of = RFC 3039<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l1 level1 = lfo1'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Update TS = 101862<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l1 level1 = lfo1'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Generate new Technical = Specification (TS 102 280) based on the updated standards = above.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>The new standard TS 102280 is intended as a generic ID-certificate profile recognized throughout <st1:place = w:st=3D"on"><st1:City w:st=3D"on">EU</st1:City> <st1:State = w:st=3D"on">CA</st1:State></st1:place>:s and service providers.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>A first draft of TS 102280 has been produced and can = be obtained by me upon request.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> <o:p></o:p></span></font></p> <p class=3DMsoNormal><b><u><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial;font-weight:bold'>Updates to RFC = 3039<o:p></o:p></span></font></u></b></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>As stated above, it is important to finalize son of = RFC 3039 in order to finalize TS 102280 within its time frame (publication in = April 04)<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>STF 220 Task 3 has produced, as part of its work, = input to the update of RFC 3039 (included below) that has been circulated among = CA:s and application providers mainly in <st1:place = w:st=3D"on">Europe</st1:place>.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Summary of updates are:<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 = lfo2'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Various editorial updates = of document scope and introductory sections<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 = lfo2'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Reference updates (e.g. = changed RFC 2459 to RFC 3280)<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 = lfo2'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>domainComponent attribute = added to subject field attribute list<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 = lfo2'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>title attribute added to = subject field attribute list<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 = lfo2'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>postalAddress removed from = subject field attribute list<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 = lfo2'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>title removed from subjectDirectoryAttribute extension attribute = list<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 = lfo2'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Key usage: Recommendation = that NR SHOULD be exclusive if set has been removed<o:p></o:p></span></font></p> <p class=3DMsoNormal = style=3D'margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 = lfo2'><![if !supportLists]><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'><span style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span style=3D'font:7.0pt "Times New = Roman"'> </span></font></span></span></font><![endif]><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Scope update of = qcStatements extension<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>It is important to note that NO syntax changes has = been made to the document.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Further actions before producing = RFC:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>- finalize reference updates (X.509 is still old = reference)<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>- Finalize ASN.1 parts (get new assigned = numbers)<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><b><u><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial;font-weight:bold'>Recommendations from ETSI STF 220 = Task 3<o:p></o:p></span></font></u></b></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Following is the section 2 from the STF 220 Task 3 requirements document. The whole document can be obtained from me upon = request.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><b><font size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt;font-weight:bold'>2 = Recommendations on RFC 3039 updates <o:p></o:p></span></font></b></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>As part of this task, STF will seek to influence the update of = RFC 3039 to adapt the following changes:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><b><font size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt;font-weight:bold'>2.1 = Scope<o:p></o:p></span></font></b></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>RFC 3039 defines a number of aspects that are generic for both Qualified Certificates as well as certificates to physical persons that = are not “Qualified”. Examples are defined attributes, biometricInfo extension, and aspects of the qcStatements extension. The scope of RFC = 3039 should be updated to more clearly reflect this reality, as well as other = proposed changes to the profile.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><b><font size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt;font-weight:bold'>2.2 = References<o:p></o:p></span></font></b></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>References need to be updated. E.g. from RFC 2459 to RFC = 3280<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><b><font size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt;font-weight:bold'>2.3 Key = usage<o:p></o:p></span></font></b></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>As a result of generalizing RFC 3039, the current requirement of = having non-repudiation exclusive if set, becomes too specific and cause = confusion in term of for which cases this applies and which cases it does not. This = has shown to diminish the use of other functions of RFC 3039 in certificates = where RFC 3039 in general applies, but this paragraph does = not.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><b><font size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt;font-weight:bold'>2.4 Subject = field<o:p></o:p></span></font></b></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>The set of attributes should be = updated.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>postalAddress should be removed from the list of attributes in = the subject field and title attribute should be included and removed from = the subjectDirectoryAttributes extension.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>PostalAddress is not supported by RFC 3280 for use in the = subject field and no records of its use in the subject field in public certificates, = as a distinguishing attribute, has been encountered. It is also a structured attribute and therefore not appropriate for use as an RDN. = <o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>Title on the other hand is frequently used. The common place to = put this attribute is in the subject field. Since we recommend against use = of the subjectDirectoryAttribute extension, the recommended location of the = title attribute should be in the subject field.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>domainComponent attribute should be added to the list of = distingushing subject attributes. This attribute is commonly used in Subject field, = primary as alternative to Country and Organization.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><b><font size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt;font-weight:bold'>2.5 qcStatements = extension<o:p></o:p></span></font></b></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>The defined scope of this extension should be considered for = update and adaptation to its current and potential = use.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'>The important thing is thus to preserve the syntax of the = qcStatements extension in order to secure backwards compatibility. = <o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> </div> </body> </html> ------_=_NextPart_001_01C39D4E.6E308D7D-- --------------InterScan_NT_MIME_Boundary-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SApbI7073143 for <ietf-pkix-bks@above.proper.com>; Tue, 28 Oct 2003 02:51:37 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9SApbNH073142 for ietf-pkix-bks; Tue, 28 Oct 2003 02:51:37 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9SApYI7073128 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 02:51:35 -0800 (PST) (envelope-from Peter.Sylvester@EdelWeb.fr) Received: from chandon.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id LAA05258 for <ietf-pkix@imc.org>; Tue, 28 Oct 2003 11:51:27 +0100 (MET) Received: from chandon.edelweb.fr (chandon.edelweb.fr [193.51.14.162]) by edelweb.fr (nospam/1.7); Tue, 28 Oct 2003 11:51:27 +0100 (MET) Received: (from peter@localhost) by chandon.edelweb.fr (8.11.7p1+Sun/8.11.7) id h9SApQ418171 for ietf-pkix@imc.org; Tue, 28 Oct 2003 11:51:26 +0100 (MET) Date: Tue, 28 Oct 2003 11:51:26 +0100 (MET) From: Peter Sylvester <Peter.Sylvester@EdelWeb.fr> Message-Id: <200310281051.h9SApQ418171@chandon.edelweb.fr> To: ietf-pkix@imc.org Subject: RE: Request change in son-of-rfc2633 X-Sun-Charset: US-ASCII Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I always thought that the semantics of an SKID/AKID pair (if keyidentifier is used) of just an AKID(choice issue/serial) is the following: During path building among all certificates that have the chain correctly with the issuer/subject take all those as candidates that have the same public key as the one that is identified by the SKID/AKID. This is done in order to avoid unnecessary verification of the certificate signature for all candidates. Peter Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9S6IpI7001649 for <ietf-pkix-bks@above.proper.com>; Mon, 27 Oct 2003 22:18:51 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9S6Ip7M001648 for ietf-pkix-bks; Mon, 27 Oct 2003 22:18:51 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from imap1.doit.wisc.edu (imap1.doit.wisc.edu [144.92.9.75]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9S6IoI7001637 for <ietf-pkix@imc.org>; Mon, 27 Oct 2003 22:18:50 -0800 (PST) (envelope-from ejnorman@doit.wisc.edu) Received: from [128.104.19.109] (HELO holstein.doit.wisc.edu) by imap1.doit.wisc.edu (CommuniGate Pro SMTP 3.5.9) with ESMTP-TLS id 31317905 for ietf-pkix@imc.org; Tue, 28 Oct 2003 00:18:53 -0600 Date: Tue, 28 Oct 2003 00:18:52 -0600 (CST) From: Eric Norman <ejnorman@doit.wisc.edu> To: PKIX list <ietf-pkix@imc.org> Subject: RE: Request change in son-of-rfc2633 In-Reply-To: <200310280212.h9S2CPq01616@cs.auckland.ac.nz> Message-ID: <Pine.A41.4.44.0310280002440.13680-100000@holstein.doit.wisc.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> On Tue, 28 Oct 2003, Peter Gutmann wrote: > As was almost everyone else. The problem is that there are two incompatible > interpretations of the sKID: > > 1. Alternative chaining mechanism if chaining by DN fails, e.g. with cert > reparenting or some types of spaghetti PKIs. > > 2. Disambiguating factor if chaining by DN leads to multiple issuers, e.g. > with other types of spaghetti PKIs. Is there a claim (#1 above) that you can have the DN in the subject of a parent's (signer's) certificate be different from (as in different bunch of bytes) the DN in the issuer of one of its offspring and yet the chain is still valid because the xKIDs match? That doesn't seem like an incompatible interpretation; it seems more like a totally unreasonable (as in incorrect) interpretation. Even if some issuer were changing its name but not its signing key, the old certificates with the old name in the subject field would still be used, wouldn't they? Eric Norman "Congress shall make no law restricting the size of integers that may be multiplied together, or the number of times that an integer may be multiplied by itself, or the modulus by which an integer may be reduced". Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9RMBCI7077802 for <ietf-pkix-bks@above.proper.com>; Mon, 27 Oct 2003 14:11:12 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9RMBCwl077801 for ietf-pkix-bks; Mon, 27 Oct 2003 14:11:12 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9RMB7I7077786 for <ietf-pkix@imc.org>; Mon, 27 Oct 2003 14:11:08 -0800 (PST) (envelope-from scoya@cnri.reston.va.us) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA19517; Mon, 27 Oct 2003 17:10:57 -0500 (EST) Message-Id: <200310272210.RAA19517@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-logotypes-12.txt Date: Mon, 27 Oct 2003 17:10:56 -0500 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure: Logotypes in X.509 certificates Author(s) : S. Santesson, R. Housley, T. Freeman Filename : draft-ietf-pkix-logotypes-12.txt Pages : 23 Date : 2003-10-24 This document specifies a certificate extension for including logotypes in public key certificates and attribute certificates. Please send comments on this document to the ietf-pkix@imc.org mailing list. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-logotypes-12.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-logotypes-12.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-logotypes-12.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-10-27171453.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-logotypes-12.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-logotypes-12.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-10-27171453.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9REInI7052141 for <ietf-pkix-bks@above.proper.com>; Mon, 27 Oct 2003 06:18:49 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9REInpX052140 for ietf-pkix-bks; Mon, 27 Oct 2003 06:18:49 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9REImI7052135 for <ietf-pkix@imc.org>; Mon, 27 Oct 2003 06:18:49 -0800 (PST) (envelope-from scoya@cnri.reston.va.us) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA14519; Mon, 27 Oct 2003 09:18:38 -0500 (EST) Message-Id: <200310271418.JAA14519@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-logotypes-12.txt Date: Mon, 27 Oct 2003 09:18:38 -0500 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure: Logotypes in X.509 certificates Author(s) : S. Santesson, R. Housley, T. Freeman Filename : draft-ietf-pkix-logotypes-12.txt Pages : 23 Date : 2003-10-24 This document specifies a certificate extension for including logotypes in public key certificates and attribute certificates. Please send comments on this document to the ietf-pkix@imc.org mailing list. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-logotypes-12.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-logotypes-12.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-logotypes-12.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-10-24160933.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-logotypes-12.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-logotypes-12.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-10-24160933.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9REImI7052133 for <ietf-pkix-bks@above.proper.com>; Mon, 27 Oct 2003 06:18:48 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9REImWc052132 for ietf-pkix-bks; Mon, 27 Oct 2003 06:18:48 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9REIjI7052125 for <ietf-pkix@imc.org>; Mon, 27 Oct 2003 06:18:46 -0800 (PST) (envelope-from scoya@cnri.reston.va.us) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA14506; Mon, 27 Oct 2003 09:18:35 -0500 (EST) Message-Id: <200310271418.JAA14506@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-logotypes-12.txt Date: Mon, 27 Oct 2003 09:18:35 -0500 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure: Logotypes in X.509 certificates Author(s) : S. Santesson, R. Housley, T. Freeman Filename : draft-ietf-pkix-logotypes-12.txt Pages : 23 Date : 2003-10-24 This document specifies a certificate extension for including logotypes in public key certificates and attribute certificates. Please send comments on this document to the ietf-pkix@imc.org mailing list. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-logotypes-12.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-logotypes-12.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-logotypes-12.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-10-24160933.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-logotypes-12.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-logotypes-12.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-10-24160933.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9R8bNI7011441 for <ietf-pkix-bks@above.proper.com>; Mon, 27 Oct 2003 00:37:23 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9R8bN66011440 for ietf-pkix-bks; Mon, 27 Oct 2003 00:37:23 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9R8bJI7011402 for <ietf-pkix@imc.org>; Mon, 27 Oct 2003 00:37:21 -0800 (PST) (envelope-from Denis.Pinkas@bull.net) Received: from clbull.frcl.bull.fr (IDENT:root@clbull.frcl.bull.fr [129.182.8.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id JAA37878; Mon, 27 Oct 2003 09:43:20 +0100 Received: from bull.net (frcls4013.frcl.bull.fr [129.182.108.120]) by clbull.frcl.bull.fr (8.9.3/8.9.3) with ESMTP id JAA02407; Mon, 27 Oct 2003 09:38:56 +0100 Message-ID: <3F9CD930.9090907@bull.net> Date: Mon, 27 Oct 2003 09:37:04 +0100 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en, fr MIME-Version: 1.0 To: Russ Housley <housley@vigilsec.com> CC: wpolk@nist.gov, kent@bbn.com, smb@research.att.com, iesg@ietf.org, ietf-pkix@imc.org Subject: Re: Last Call: 'Warranty Certificate Extension' to Informational RFC References: <5.2.0.9.2.20031023105107.03e04e30@mail.binhost.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, It is normal that your own "mail archive does not show any message to the IESG regarding this document" since the e-mail was NOT sent to you directly since the original message said: "send any comments to the iesg@ietf.org or ietf@ietf.org" So my message was sent to these both addresses in due time, with a copy to the PKIX co-chairs. Denis > The message below was sent to the PKIX mail list, and it clearly > indicates that the document was submitted to the IESG by the chairs. > And, it clearly asks for comments to be sent to the IESG. My mail > archive does not show any message from you to the IESG regarding this > document. > > Russ > >> To: IETF-Announce: ; >> Cc: ietf-pkix@imc.org >> From: The IESG <iesg-secretary@ietf.org> >> Subject: Last Call: 'Internet X.509 Public Key Infrastructure Warranty >> Certificate Extension' to Informational RFC >> Reply-To: iesg@ietf.org >> Date: Tue, 12 Aug 2003 14:44:07 -0400 >> Sender: owner-ietf-pkix@mail.imc.org >> >> The IESG has received a request from the Public-Key Infrastructure >> (X.509) >> WG to consider 'Internet X.509 Public Key Infrastructure Warranty >> Certificate Extension' <draft-ietf-pkix-warranty-extn-03.txt> as an >> Informational RFC. >> >> The IESG plans to make a decision in the next few weeks, and solicits >> final comments on this action. Please send any comments to the >> iesg@ietf.org or ietf@ietf.org mailing lists by 2003-08-26. >> >> >> File(s) can be obtained via >> http://www.ietf.org/internet-drafts/draft-ietf-pkix-warranty-extn-03.txt > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9QGavI7022944 for <ietf-pkix-bks@above.proper.com>; Sun, 26 Oct 2003 08:36:57 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9QGavkg022943 for ietf-pkix-bks; Sun, 26 Oct 2003 08:36:57 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9QGauI7022937 for <ietf-pkix@imc.org>; Sun, 26 Oct 2003 08:36:56 -0800 (PST) (envelope-from dpkemp@missi.ncsc.mil) Message-ID: <200310261623.h9QGN4D2017133@stingray.missi.ncsc.mil> Date: Sun, 26 Oct 2003 11:36:51 -0500 From: "David P. Kemp" <dpkemp@missi.ncsc.mil> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <0C3042E92D8A714783E2C44AB9936E1D737284@EUR-MSG-03.europe.corp.microsoft.com> In-Reply-To: <0C3042E92D8A714783E2C44AB9936E1D737284@EUR-MSG-03.europe.corp.microsoft.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Oops, now I understand the scenario Steve Hanna was referring to: 1. Subject CA picks it's own AKI using a computation technique, assuming issing CAs will use the same value for SKI (as they should). 2. Issuing CA issues a cross-cert with an SKI using a different computation technique, blindly assuming that subject CA will take what he has been given to use as AKI as if subject were a child in issuer's hierarchy. Sorry, Steve for my rant. A working system has to have a common set of assumptions, such as SKIs flow from the top down (works only for hierarchies), or SKIs flow from the subject CAs to the issuers (works in any topology), or every CA uses the same SKI computation technique (works in any topology). I didn't consider the situation where the issuing CA and subject CA operate using different concepts of who does what to whom. Thanks, Stefan, for pointing out that some CAs that were designed for use only in hierarchies are being misused to issue cross certificates. Dave Stefan Santesson wrote: > The problem is that RFC 3280 in practice require a CA, issuing a CA > certs, to ask the subordinate CA for its preferred SKI rather than > generating it. > > To my knowledge there is no CA software that has implemented that > behavior. If I'm not wrong they are all counting on that subordinate CAs > will adopt the SKI generated by the parent CA, as the AKI placed in > issued certs. > > This works for strict hierarchical structures but not for generic cross > certification (such as Bridge CA) unless CAs use the same SKI generation > algorithm. > > /Stefan > > > >>-----Original Message----- >>From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org] > >>On Behalf Of David P. Kemp >>Sent: den 25 oktober 2003 00:54 >>To: ietf-pkix@imc.org >>Subject: Re: AKI and SKI problem with RFC 3280? >> >> >>Santosh, >> >>I agree that Section 4.2.1.2 of 3280 unambiguously states >>that an "issuing CA" that does not populate SKI with the value >>of AKI used by the "subject CA" is not compliant. >> >>It appeared that Steve Hanna was referring to non-3280-compliant >>CAs, where >> "the CA certificate may have been issued by a CA that uses >> a different AKI/SKI computation technique than the CA >> who's the subject of the CA certificate." >> >>A compliant "subject CA" may have an AKI computation technique, >>but a compliant "issuing CA" must not have an SKI computation >>technique for CA certs - it must import the subject CA's AKI. >> >>Outside the realm of 3280 compliance, where the situation >>of N different SKIs might occur and AKI/SKI don't necessarily >>chain, the chaining problem occurs when two issuing CAs use >>two different computation techniques to assign SKIs to the >>subject, *not* when the issuing CA uses a different technique >>than the subject CA. The subject CA's techniques for choosing >>an AKI for itself and SKIs to go in its issued certs is >>completely irrelevant. >> >>Dave >> >> >>Santosh Chokhani wrote: >> >>>David: >>> >>>Some of us are interpreting 3280 (specifically Section > > 4.2.1.2,Subject > >>Key >> >>>Identifier) to state that all N SKI should be the same and match the > > AKI > >>>used by the subject CA in the certificates it issues. If not, the > > CAs > >>that >> >>>do not populate the >>>SKI, may not be RFC 3280 compliant. >>> >>>Thus, your suggestion of the subject CA using one of the SKI is a > > more > >>>liberal interpretation of 3280 and is covered by our interpretation > > of > >>3280. >> >>>At the risk of being redundant, if all CAs are 3280 compliant all N > > SKI > >>in N >> >>>certificates issued to a CA for the same SPKI X == AKI in all >> >>certificates >> >>>signed by the CA, where the signature can be verified using X >>> >>>-----Original Message----- >>>From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org] > >>On >> >>>Behalf Of David P. Kemp >>>Sent: Friday, October 24, 2003 12:19 PM >>>To: ietf-pkix@imc.org >>>Subject: Re: AKI and SKI problem with RFC 3280? >>> >>> >>> >>>Isn't the raison d'etre of AKI/SKI to allow a verifier >>>to select the correct CA cert when multiple certs of the >>>same issuer with different public keys are available >>>(i.e. during rollover)? >>> >>>A CA may use any computation technique to populate the >>>SKI of certs that it issues, but it MUST chain its own >>>SKI into the AKI of certs that it issues. Otherwise >>>what's the point of populating AKI at all? >>> >>>The reason AKI/SKI chaining MUST NOT be enforced during >>>path validation is because one CA could have one >>>signing public key identified by N different SKIs >>>in N different certs. (That's a bad thang, and cross-certificates > > should > >>>follow precedent rather than using a different SKI for the same > > public > >>key.) >> >>>But the CA MUST choose one of it's N SKIs to use as AKI, not make up >> >>some >> >>>different N+1th value. If it picks one of the N, then AKI is helpful >> >>1/Nth >> >>>of the time. If it picks something else, then AKI can never be > > helpful. > >>>Dave >>> >>> >>>Steve Hanna wrote: >>> >>> >>> >>>>Note also that AKI/SKI chaining SHOULD NOT be checked >>>>during path validation. To be more explicit, it's >>>>NOT true that the SKI of a CA certificate must match >>>>the AKI of a certificate signed by that CA. Why? >>>>Because the CA certificate may have been issued by >>>>a CA that uses a different AKI/SKI computation technique >>>>than the CA who's the subject of the CA certificate. >>> >>> >>> >>> > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9QFhtI7020650 for <ietf-pkix-bks@above.proper.com>; Sun, 26 Oct 2003 07:43:55 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9QFhtrT020649 for ietf-pkix-bks; Sun, 26 Oct 2003 07:43:55 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9QFhsI7020642 for <ietf-pkix@imc.org>; Sun, 26 Oct 2003 07:43:54 -0800 (PST) (envelope-from dpkemp@missi.ncsc.mil) Message-ID: <200310261530.h9QFU2D2016488@stingray.missi.ncsc.mil> Date: Sun, 26 Oct 2003 10:43:44 -0500 From: "David P. Kemp" <dpkemp@missi.ncsc.mil> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 CC: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <0C3042E92D8A714783E2C44AB9936E1D737284@EUR-MSG-03.europe.corp.microsoft.com> In-Reply-To: <0C3042E92D8A714783E2C44AB9936E1D737284@EUR-MSG-03.europe.corp.microsoft.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Stefan, Someone (sorry, I looked back through this thread but couldn't find it) said "we all know what's right; the question is what do real products do about it?" In this instance, doing it the way real products do it is not useful, and a standard has no choice but to stand up for what's right. Saying "this CA behavior works for hierarchies but not for meshes" is equivalent to saying "the AKI/SKI extensions work for hierarchies but not for meshes". It is theoretically impossible for AKI/SKI to work reliably (i.e. 100% of the time instead of 1/N of the time) unless all CAs that issue CA certs implement chaining. For the first subject CA cert there are two timing options: either the subject CA first picks its own AKI and issues some certs and then the issuing CA imports subject's SKI, or the issuing CA picks SKI first and then subject CA uses it for AKI. But for all remaining subject CA certs (cross-certs) there is only one useful option - use the subject's existing AKI as SKI. The cross-certifying CAs must either use subject's AKI or they must issue the cross-cert without an SKI extension; the third option of picking an SKI using some computation technique other than the one already used for the subject CA is a worthless and misleading waste of bits - it can cause RPs to discard valid paths (potentially the only valid path for that RP) during path construction. I vote for keeping 3280 the way it is. But if it is changed, it should say conforming CAs MUST NOT populate SKI unless they do it as specified in 4.2.1.2. Fixing every CA is surely easier than "fixing" every application to do path construction by checking signatures, including even paths with the wrong SKIs. Dave Stefan Santesson wrote: > The problem is that RFC 3280 in practice require a CA, issuing a CA > certs, to ask the subordinate CA for its preferred SKI rather than > generating it. > > To my knowledge there is no CA software that has implemented that > behavior. If I'm not wrong they are all counting on that subordinate CAs > will adopt the SKI generated by the parent CA, as the AKI placed in > issued certs. > > This works for strict hierarchical structures but not for generic cross > certification (such as Bridge CA) unless CAs use the same SKI generation > algorithm. > > /Stefan > > > >>-----Original Message----- >>From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org] > >>On Behalf Of David P. Kemp >>Sent: den 25 oktober 2003 00:54 >>To: ietf-pkix@imc.org >>Subject: Re: AKI and SKI problem with RFC 3280? >> >> >>Santosh, >> >>I agree that Section 4.2.1.2 of 3280 unambiguously states >>that an "issuing CA" that does not populate SKI with the value >>of AKI used by the "subject CA" is not compliant. >> >>It appeared that Steve Hanna was referring to non-3280-compliant >>CAs, where >> "the CA certificate may have been issued by a CA that uses >> a different AKI/SKI computation technique than the CA >> who's the subject of the CA certificate." >> >>A compliant "subject CA" may have an AKI computation technique, >>but a compliant "issuing CA" must not have an SKI computation >>technique for CA certs - it must import the subject CA's AKI. >> >>Outside the realm of 3280 compliance, where the situation >>of N different SKIs might occur and AKI/SKI don't necessarily >>chain, the chaining problem occurs when two issuing CAs use >>two different computation techniques to assign SKIs to the >>subject, *not* when the issuing CA uses a different technique >>than the subject CA. The subject CA's techniques for choosing >>an AKI for itself and SKIs to go in its issued certs is >>completely irrelevant. >> >>Dave >> >> >>Santosh Chokhani wrote: >> >>>David: >>> >>>Some of us are interpreting 3280 (specifically Section > > 4.2.1.2,Subject > >>Key >> >>>Identifier) to state that all N SKI should be the same and match the > > AKI > >>>used by the subject CA in the certificates it issues. If not, the > > CAs > >>that >> >>>do not populate the >>>SKI, may not be RFC 3280 compliant. >>> >>>Thus, your suggestion of the subject CA using one of the SKI is a > > more > >>>liberal interpretation of 3280 and is covered by our interpretation > > of > >>3280. >> >>>At the risk of being redundant, if all CAs are 3280 compliant all N > > SKI > >>in N >> >>>certificates issued to a CA for the same SPKI X == AKI in all >> >>certificates >> >>>signed by the CA, where the signature can be verified using X >>> >>>-----Original Message----- >>>From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org] > >>On >> >>>Behalf Of David P. Kemp >>>Sent: Friday, October 24, 2003 12:19 PM >>>To: ietf-pkix@imc.org >>>Subject: Re: AKI and SKI problem with RFC 3280? >>> >>> >>> >>>Isn't the raison d'etre of AKI/SKI to allow a verifier >>>to select the correct CA cert when multiple certs of the >>>same issuer with different public keys are available >>>(i.e. during rollover)? >>> >>>A CA may use any computation technique to populate the >>>SKI of certs that it issues, but it MUST chain its own >>>SKI into the AKI of certs that it issues. Otherwise >>>what's the point of populating AKI at all? >>> >>>The reason AKI/SKI chaining MUST NOT be enforced during >>>path validation is because one CA could have one >>>signing public key identified by N different SKIs >>>in N different certs. (That's a bad thang, and cross-certificates > > should > >>>follow precedent rather than using a different SKI for the same > > public > >>key.) >> >>>But the CA MUST choose one of it's N SKIs to use as AKI, not make up >> >>some >> >>>different N+1th value. If it picks one of the N, then AKI is helpful >> >>1/Nth >> >>>of the time. If it picks something else, then AKI can never be > > helpful. > >>>Dave >>> >>> >>>Steve Hanna wrote: >>> >>> >>> >>>>Note also that AKI/SKI chaining SHOULD NOT be checked >>>>during path validation. To be more explicit, it's >>>>NOT true that the SKI of a CA certificate must match >>>>the AKI of a certificate signed by that CA. Why? >>>>Because the CA certificate may have been issued by >>>>a CA that uses a different AKI/SKI computation technique >>>>than the CA who's the subject of the CA certificate. >>> >>> >>> >>> > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9QF3pI7019168 for <ietf-pkix-bks@above.proper.com>; Sun, 26 Oct 2003 07:03:51 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9QF3pt4019167 for ietf-pkix-bks; Sun, 26 Oct 2003 07:03:51 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mtiwmhc11.worldnet.att.net (mtiwmhc11.worldnet.att.net [204.127.131.115]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9QF3oI7019161 for <ietf-pkix@imc.org>; Sun, 26 Oct 2003 07:03:50 -0800 (PST) (envelope-from chokhani@orionsec.com) Received: from wchokhani (58.arlington-31-32rs.va.dial-access.att.net[12.92.108.58]) by worldnet.att.net (mtiwmhc11) with SMTP id <2003102615034411100ilmq8e>; Sun, 26 Oct 2003 15:03:44 +0000 From: "Santosh Chokhani" <chokhani@orionsec.com> To: <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Sun, 26 Oct 2003 10:03:34 -0500 Message-ID: <001501c39bd2$58d69080$3a6c5c0c@hq.orionsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: <200310242240.h9OMeND2001715@stingray.missi.ncsc.mil> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David: The problem of different CAs populating different SKI is the reason path development by the relying parties should not require AKI/SKI match, but rather use AKI/SKI match as a prioritization or weighting function. -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of David P. Kemp Sent: Friday, October 24, 2003 6:54 PM To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? Santosh, I agree that Section 4.2.1.2 of 3280 unambiguously states that an "issuing CA" that does not populate SKI with the value of AKI used by the "subject CA" is not compliant. It appeared that Steve Hanna was referring to non-3280-compliant CAs, where "the CA certificate may have been issued by a CA that uses a different AKI/SKI computation technique than the CA who's the subject of the CA certificate." A compliant "subject CA" may have an AKI computation technique, but a compliant "issuing CA" must not have an SKI computation technique for CA certs - it must import the subject CA's AKI. Outside the realm of 3280 compliance, where the situation of N different SKIs might occur and AKI/SKI don't necessarily chain, the chaining problem occurs when two issuing CAs use two different computation techniques to assign SKIs to the subject, *not* when the issuing CA uses a different technique than the subject CA. The subject CA's techniques for choosing an AKI for itself and SKIs to go in its issued certs is completely irrelevant. Dave Santosh Chokhani wrote: > David: > > Some of us are interpreting 3280 (specifically Section 4.2.1.2,Subject > Key > Identifier) to state that all N SKI should be the same and match the AKI > used by the subject CA in the certificates it issues. If not, the CAs that > do not populate the > SKI, may not be RFC 3280 compliant. > > Thus, your suggestion of the subject CA using one of the SKI is a more > liberal interpretation of 3280 and is covered by our interpretation of > 3280. At the risk of being redundant, if all CAs are 3280 compliant > all N SKI in N certificates issued to a CA for the same SPKI X == AKI > in all certificates signed by the CA, where the signature can be > verified using X > > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of David P. Kemp > Sent: Friday, October 24, 2003 12:19 PM > To: ietf-pkix@imc.org > Subject: Re: AKI and SKI problem with RFC 3280? > > > > Isn't the raison d'etre of AKI/SKI to allow a verifier > to select the correct CA cert when multiple certs of the > same issuer with different public keys are available > (i.e. during rollover)? > > A CA may use any computation technique to populate the > SKI of certs that it issues, but it MUST chain its own > SKI into the AKI of certs that it issues. Otherwise > what's the point of populating AKI at all? > > The reason AKI/SKI chaining MUST NOT be enforced during > path validation is because one CA could have one > signing public key identified by N different SKIs > in N different certs. (That's a bad thang, and cross-certificates > should follow precedent rather than using a different SKI for the same > public key.) But the CA MUST choose one of it's N SKIs to use as AKI, > not make up some different N+1th value. If it picks one of the N, then > AKI is helpful 1/Nth of the time. If it picks something else, then > AKI can never be helpful. > > Dave > > > Steve Hanna wrote: > > >>Note also that AKI/SKI chaining SHOULD NOT be checked >>during path validation. To be more explicit, it's >>NOT true that the SKI of a CA certificate must match >>the AKI of a certificate signed by that CA. Why? >>Because the CA certificate may have been issued by >>a CA that uses a different AKI/SKI computation technique >>than the CA who's the subject of the CA certificate. > > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9PN6JI7017755 for <ietf-pkix-bks@above.proper.com>; Sat, 25 Oct 2003 16:06:19 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9PN6J0L017754 for ietf-pkix-bks; Sat, 25 Oct 2003 16:06:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail2.netscreen.com (mail2.netscreen.com [63.126.135.18]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9PN6II7017747 for <ietf-pkix@imc.org>; Sat, 25 Oct 2003 16:06:18 -0700 (PDT) (envelope-from Gregory@netscreen.com) Received: from ns-ca.netscreen.com (ns-ca-local [10.100.3.35]) by mail2.netscreen.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id h9PN6EOh002098; Sat, 25 Oct 2003 16:06:15 -0700 (PDT) Received: by NS-CA.netscreen.com with Internet Mail Service (5.5.2653.19) id <461S13F6>; Sat, 25 Oct 2003 16:06:14 -0700 Message-ID: <541402FFDC56DA499E7E13329ABFEA87E67378@SARATOGA.netscreen.com> From: Gregory Lebovitz <Gregory@netscreen.com> To: "'saag@mit.edu'" <saag@mit.edu>, "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: BOF: pki4ipsec Date: Sat, 25 Oct 2003 16:06:10 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Folks, As IPsec working group is finishing up its chartered work, some of the works-in-progress have been moved to other or new WGs. The effort of profiling the use of PKI for IPsec is one such effort. We will start with a BOF in MN. Details below. Profiling Use of PKI in IPSEC BOF (pki4ipsec) Thursday, November 13 at 0900-1130 ================================== Full charter and mail list info at: http://www.icsalabs.com/pki4ipsec We are looking forward to your participation! Gregory Lebovitz (Co-chair) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9PHhII7006680 for <ietf-pkix-bks@above.proper.com>; Sat, 25 Oct 2003 10:43:18 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9PHhIf3006678 for ietf-pkix-bks; Sat, 25 Oct 2003 10:43:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail-dub.microsoft.com (mail-dub.microsoft.com [213.199.128.160]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9PHhEI7006600 for <ietf-pkix@imc.org>; Sat, 25 Oct 2003 10:43:14 -0700 (PDT) (envelope-from stefans@microsoft.com) Received: from dub-imc-01.europe.corp.microsoft.com ([65.53.196.35]) by mail-dub.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Sat, 25 Oct 2003 18:43:06 +0100 Received: from 65.53.196.35 by dub-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Sat, 25 Oct 2003 18:43:05 +0100 Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by dub-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Sat, 25 Oct 2003 18:43:05 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: AKI and SKI problem with RFC 3280? Date: Sat, 25 Oct 2003 18:41:23 +0100 Message-ID: <0C3042E92D8A714783E2C44AB9936E1D737284@EUR-MSG-03.europe.corp.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: AKI and SKI problem with RFC 3280? Thread-Index: AcOajCat2kZWqCl5SCecQsXUFOs2QwAkbnhg From: "Stefan Santesson" <stefans@microsoft.com> To: "David P. Kemp" <dpkemp@missi.ncsc.mil>, <ietf-pkix@imc.org> X-OriginalArrivalTime: 25 Oct 2003 17:43:05.0753 (UTC) FILETIME=[72208090:01C39B1F] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9PHhFI7006631 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The problem is that RFC 3280 in practice require a CA, issuing a CA certs, to ask the subordinate CA for its preferred SKI rather than generating it. To my knowledge there is no CA software that has implemented that behavior. If I'm not wrong they are all counting on that subordinate CAs will adopt the SKI generated by the parent CA, as the AKI placed in issued certs. This works for strict hierarchical structures but not for generic cross certification (such as Bridge CA) unless CAs use the same SKI generation algorithm. /Stefan > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > On Behalf Of David P. Kemp > Sent: den 25 oktober 2003 00:54 > To: ietf-pkix@imc.org > Subject: Re: AKI and SKI problem with RFC 3280? > > > Santosh, > > I agree that Section 4.2.1.2 of 3280 unambiguously states > that an "issuing CA" that does not populate SKI with the value > of AKI used by the "subject CA" is not compliant. > > It appeared that Steve Hanna was referring to non-3280-compliant > CAs, where > "the CA certificate may have been issued by a CA that uses > a different AKI/SKI computation technique than the CA > who's the subject of the CA certificate." > > A compliant "subject CA" may have an AKI computation technique, > but a compliant "issuing CA" must not have an SKI computation > technique for CA certs - it must import the subject CA's AKI. > > Outside the realm of 3280 compliance, where the situation > of N different SKIs might occur and AKI/SKI don't necessarily > chain, the chaining problem occurs when two issuing CAs use > two different computation techniques to assign SKIs to the > subject, *not* when the issuing CA uses a different technique > than the subject CA. The subject CA's techniques for choosing > an AKI for itself and SKIs to go in its issued certs is > completely irrelevant. > > Dave > > > Santosh Chokhani wrote: > > David: > > > > Some of us are interpreting 3280 (specifically Section 4.2.1.2,Subject > Key > > Identifier) to state that all N SKI should be the same and match the AKI > > used by the subject CA in the certificates it issues. If not, the CAs > that > > do not populate the > > SKI, may not be RFC 3280 compliant. > > > > Thus, your suggestion of the subject CA using one of the SKI is a more > > liberal interpretation of 3280 and is covered by our interpretation of > 3280. > > At the risk of being redundant, if all CAs are 3280 compliant all N SKI > in N > > certificates issued to a CA for the same SPKI X == AKI in all > certificates > > signed by the CA, where the signature can be verified using X > > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > On > > Behalf Of David P. Kemp > > Sent: Friday, October 24, 2003 12:19 PM > > To: ietf-pkix@imc.org > > Subject: Re: AKI and SKI problem with RFC 3280? > > > > > > > > Isn't the raison d'etre of AKI/SKI to allow a verifier > > to select the correct CA cert when multiple certs of the > > same issuer with different public keys are available > > (i.e. during rollover)? > > > > A CA may use any computation technique to populate the > > SKI of certs that it issues, but it MUST chain its own > > SKI into the AKI of certs that it issues. Otherwise > > what's the point of populating AKI at all? > > > > The reason AKI/SKI chaining MUST NOT be enforced during > > path validation is because one CA could have one > > signing public key identified by N different SKIs > > in N different certs. (That's a bad thang, and cross-certificates should > > follow precedent rather than using a different SKI for the same public > key.) > > But the CA MUST choose one of it's N SKIs to use as AKI, not make up > some > > different N+1th value. If it picks one of the N, then AKI is helpful > 1/Nth > > of the time. If it picks something else, then AKI can never be helpful. > > > > Dave > > > > > > Steve Hanna wrote: > > > > > >>Note also that AKI/SKI chaining SHOULD NOT be checked > >>during path validation. To be more explicit, it's > >>NOT true that the SKI of a CA certificate must match > >>the AKI of a certificate signed by that CA. Why? > >>Because the CA certificate may have been issued by > >>a CA that uses a different AKI/SKI computation technique > >>than the CA who's the subject of the CA certificate. > > > > > > > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OMs4I7099036 for <ietf-pkix-bks@above.proper.com>; Fri, 24 Oct 2003 15:54:04 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9OMs4oG099035 for ietf-pkix-bks; Fri, 24 Oct 2003 15:54:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OMs3I7099023 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 15:54:03 -0700 (PDT) (envelope-from dpkemp@missi.ncsc.mil) Message-ID: <200310242240.h9OMeND2001715@stingray.missi.ncsc.mil> Date: Fri, 24 Oct 2003 18:53:53 -0400 From: "David P. Kemp" <dpkemp@missi.ncsc.mil> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <00c601c39a6c$769d1f60$9e00a8c0@hq.orionsec.com> In-Reply-To: <00c601c39a6c$769d1f60$9e00a8c0@hq.orionsec.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Santosh, I agree that Section 4.2.1.2 of 3280 unambiguously states that an "issuing CA" that does not populate SKI with the value of AKI used by the "subject CA" is not compliant. It appeared that Steve Hanna was referring to non-3280-compliant CAs, where "the CA certificate may have been issued by a CA that uses a different AKI/SKI computation technique than the CA who's the subject of the CA certificate." A compliant "subject CA" may have an AKI computation technique, but a compliant "issuing CA" must not have an SKI computation technique for CA certs - it must import the subject CA's AKI. Outside the realm of 3280 compliance, where the situation of N different SKIs might occur and AKI/SKI don't necessarily chain, the chaining problem occurs when two issuing CAs use two different computation techniques to assign SKIs to the subject, *not* when the issuing CA uses a different technique than the subject CA. The subject CA's techniques for choosing an AKI for itself and SKIs to go in its issued certs is completely irrelevant. Dave Santosh Chokhani wrote: > David: > > Some of us are interpreting 3280 (specifically Section 4.2.1.2,Subject Key > Identifier) to state that all N SKI should be the same and match the AKI > used by the subject CA in the certificates it issues. If not, the CAs that > do not populate the > SKI, may not be RFC 3280 compliant. > > Thus, your suggestion of the subject CA using one of the SKI is a more > liberal interpretation of 3280 and is covered by our interpretation of 3280. > At the risk of being redundant, if all CAs are 3280 compliant all N SKI in N > certificates issued to a CA for the same SPKI X == AKI in all certificates > signed by the CA, where the signature can be verified using X > > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On > Behalf Of David P. Kemp > Sent: Friday, October 24, 2003 12:19 PM > To: ietf-pkix@imc.org > Subject: Re: AKI and SKI problem with RFC 3280? > > > > Isn't the raison d'etre of AKI/SKI to allow a verifier > to select the correct CA cert when multiple certs of the > same issuer with different public keys are available > (i.e. during rollover)? > > A CA may use any computation technique to populate the > SKI of certs that it issues, but it MUST chain its own > SKI into the AKI of certs that it issues. Otherwise > what's the point of populating AKI at all? > > The reason AKI/SKI chaining MUST NOT be enforced during > path validation is because one CA could have one > signing public key identified by N different SKIs > in N different certs. (That's a bad thang, and cross-certificates should > follow precedent rather than using a different SKI for the same public key.) > But the CA MUST choose one of it's N SKIs to use as AKI, not make up some > different N+1th value. If it picks one of the N, then AKI is helpful 1/Nth > of the time. If it picks something else, then AKI can never be helpful. > > Dave > > > Steve Hanna wrote: > > >>Note also that AKI/SKI chaining SHOULD NOT be checked >>during path validation. To be more explicit, it's >>NOT true that the SKI of a CA certificate must match >>the AKI of a certificate signed by that CA. Why? >>Because the CA certificate may have been issued by >>a CA that uses a different AKI/SKI computation technique >>than the CA who's the subject of the CA certificate. > > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OKLrI7094546 for <ietf-pkix-bks@above.proper.com>; Fri, 24 Oct 2003 13:21:53 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9OKLrTo094545 for ietf-pkix-bks; Fri, 24 Oct 2003 13:21:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OKLqI7094540 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 13:21:52 -0700 (PDT) (envelope-from chokhani@orionsec.com) Received: from wchokhani (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id h9OKLrDb006798 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 16:21:53 -0400 From: "Santosh Chokhani" <chokhani@orionsec.com> To: <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Fri, 24 Oct 2003 16:21:48 -0400 Message-ID: <00c601c39a6c$769d1f60$9e00a8c0@hq.orionsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: <200310241604.h9OG4wD2020988@stingray.missi.ncsc.mil> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9OKLqI7094541 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David: Some of us are interpreting 3280 (specifically Section 4.2.1.2,Subject Key Identifier) to state that all N SKI should be the same and match the AKI used by the subject CA in the certificates it issues. If not, the CAs that do not populate the SKI, may not be RFC 3280 compliant. Thus, your suggestion of the subject CA using one of the SKI is a more liberal interpretation of 3280 and is covered by our interpretation of 3280. At the risk of being redundant, if all CAs are 3280 compliant all N SKI in N certificates issued to a CA for the same SPKI X == AKI in all certificates signed by the CA, where the signature can be verified using X -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of David P. Kemp Sent: Friday, October 24, 2003 12:19 PM To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? Isn't the raison d'etre of AKI/SKI to allow a verifier to select the correct CA cert when multiple certs of the same issuer with different public keys are available (i.e. during rollover)? A CA may use any computation technique to populate the SKI of certs that it issues, but it MUST chain its own SKI into the AKI of certs that it issues. Otherwise what's the point of populating AKI at all? The reason AKI/SKI chaining MUST NOT be enforced during path validation is because one CA could have one signing public key identified by N different SKIs in N different certs. (That's a bad thang, and cross-certificates should follow precedent rather than using a different SKI for the same public key.) But the CA MUST choose one of it's N SKIs to use as AKI, not make up some different N+1th value. If it picks one of the N, then AKI is helpful 1/Nth of the time. If it picks something else, then AKI can never be helpful. Dave Steve Hanna wrote: > Note also that AKI/SKI chaining SHOULD NOT be checked > during path validation. To be more explicit, it's > NOT true that the SKI of a CA certificate must match > the AKI of a certificate signed by that CA. Why? > Because the CA certificate may have been issued by > a CA that uses a different AKI/SKI computation technique > than the CA who's the subject of the CA certificate. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OHH5I7088127 for <ietf-pkix-bks@above.proper.com>; Fri, 24 Oct 2003 10:17:05 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9OHH5HW088126 for ietf-pkix-bks; Fri, 24 Oct 2003 10:17:05 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-ft6.fr.colt.net (smtp-ft6.fr.colt.net [213.41.78.205]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OHH3I7088119 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 10:17:04 -0700 (PDT) (envelope-from jmdesp@free.fr) Received: from free.fr (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft6.fr.colt.net with ESMTP id h9OHGw420285 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 19:17:03 +0200 Message-ID: <3F995EB0.2060409@free.fr> Date: Fri, 24 Oct 2003 19:17:36 +0200 From: Jean-Marc Desperrier <jmdesp@free.fr> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a) Gecko/20031004 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <000601c3990a$863a5b80$6601a8c0@gnosis> <3F9934FB.8B22E6A0@sun.com> In-Reply-To: <3F9934FB.8B22E6A0@sun.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve Hanna wrote: >Some CA software (or maybe just CAs as >operated) apparently doesn't allow the certificate >subject to specify what SKI it wants. > Really I'd be surprised if this was indeed a software limitation. So who here distribute a CA products that can not be configured to attribute the correct SKI to a sub-CA certificate ? Of course we're talking here about sub-CA and not end-entity certificates. I don't expect to see certificates for CA delivered from an automatic process that can not be tuned, but I could be wrong for some cases of cross-certificates. It would be really good to know if the problem met in interoperability tests were due to : - insufficient attention given to this subject by the CA operator. - actual limitation of some rarer CA software - actual limitation of a significant number of popular CA software I have met at least one product that did not offer a way to copy it automatically. But the key ceremony required to create such a certificate already included a one page long description of every single tidbit that would go inside the certificate, so adding the exact value of the SKI in case it could not be created with one the standard algorithms would have been no great deal. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OGIdI7085910 for <ietf-pkix-bks@above.proper.com>; Fri, 24 Oct 2003 09:18:39 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9OGIdEc085909 for ietf-pkix-bks; Fri, 24 Oct 2003 09:18:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OGIcI7085904 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 09:18:38 -0700 (PDT) (envelope-from dpkemp@missi.ncsc.mil) Message-ID: <200310241604.h9OG4wD2020988@stingray.missi.ncsc.mil> Date: Fri, 24 Oct 2003 12:18:33 -0400 From: "David P. Kemp" <dpkemp@missi.ncsc.mil> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <200310211309.h9LD9YR08254@cs.auckland.ac.nz> <3F9540EB.E725568D@sun.com> In-Reply-To: <3F9540EB.E725568D@sun.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Isn't the raison d'etre of AKI/SKI to allow a verifier to select the correct CA cert when multiple certs of the same issuer with different public keys are available (i.e. during rollover)? A CA may use any computation technique to populate the SKI of certs that it issues, but it MUST chain its own SKI into the AKI of certs that it issues. Otherwise what's the point of populating AKI at all? The reason AKI/SKI chaining MUST NOT be enforced during path validation is because one CA could have one signing public key identified by N different SKIs in N different certs. (That's a bad thang, and cross-certificates should follow precedent rather than using a different SKI for the same public key.) But the CA MUST choose one of it's N SKIs to use as AKI, not make up some different N+1th value. If it picks one of the N, then AKI is helpful 1/Nth of the time. If it picks something else, then AKI can never be helpful. Dave Steve Hanna wrote: > Note also that AKI/SKI chaining SHOULD NOT be checked > during path validation. To be more explicit, it's > NOT true that the SKI of a CA certificate must match > the AKI of a certificate signed by that CA. Why? > Because the CA certificate may have been issued by > a CA that uses a different AKI/SKI computation technique > than the CA who's the subject of the CA certificate. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OEKBI7080886 for <ietf-pkix-bks@above.proper.com>; Fri, 24 Oct 2003 07:20:11 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9OEKBX3080885 for ietf-pkix-bks; Fri, 24 Oct 2003 07:20:11 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from brmea-mail-2.sun.com (brmea-mail-2.Sun.COM [192.18.98.43]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OEK9I7080879 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 07:20:10 -0700 (PDT) (envelope-from steve.hanna@sun.com) Received: from sydney.East.Sun.COM ([129.148.9.16]) by brmea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id h9OEKAPh020120 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 08:20:10 -0600 (MDT) Received: from sun.com (dhcp-ubur02-75-161 [129.148.75.161]) by sydney.East.Sun.COM (8.11.7p1+Sun/8.11.7/ENSMAIL,v2.2) with ESMTP id h9OEK9B05325; Fri, 24 Oct 2003 10:20:09 -0400 (EDT) Message-ID: <3F9934FB.8B22E6A0@sun.com> Date: Fri, 24 Oct 2003 10:19:39 -0400 From: Steve Hanna <steve.hanna@sun.com> X-Mailer: Mozilla 4.79 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <000601c3990a$863a5b80$6601a8c0@gnosis> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms855FA98D4191FBC87A6A82DF" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms855FA98D4191FBC87A6A82DF Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit I'll try Peter Gutmann's technique of responding to several messages at once to reduce the number of messages. Stefan Santesson wrote: > And may I also suggest limiting recommendations to > key identifiers derived from the key hash, unless > there is a strong need for other solutions not yet > presented in this debate. Yes, I think there is universal agreement that "a monotonically increasing sequence of integers" SHOULD NOT be used for AKI/SKI. I'd be glad to see such a recommendation added to the successor to RFC 3280. L Williams wrote: > I think what this thread established was that sane CAs > should be able to respect existing key identifiers when > they do cross-certification/bridging. This means that > AKI/SKI chaining should work the majority of the time, > not fail the majority of the time. Seems to me that the > change would be to make this a "SHOULD" not a "SHOULD NOT". Which SHOULD are you talking about? I suspect you mean my comment "relying parties SHOULD NOT require AKI/SKI matching." If so, why do you think that relying parties SHOULD require AKI/SKI matching? There's no security benefit to doing so and some significant downsides, as noted below. Sharon Boeyen wrote: > Shouldn't a CA determine what its own key identifier is > (and 3280 recommends ways to calulate it). Once they have > their own key id, this value should go into the AKI extension > of all certificates issued by that CA and should go into > the SKI extension of all certificates issued to that CA. I agree that's best. However, it doesn't always work out that way. Some CA software (or maybe just CAs as operated) apparently doesn't allow the certificate subject to specify what SKI it wants. Also, consider the case where a CA decides to change its AKI (as when moving away from monotonically increasing integers). It would be nice to gradually transition from the old AKI to the new one (without requiring all certificates to and from the CA to be reissued simultaneously). I agree with Santosh's earlier comment. We should stick with the current RFC 3280 statements that CAs MUST use an SKI in each CA certificate they issue that matches the AKI used by the subject of the certificate. And we should add a statement (explicitly stating what was already implicit) saying that relying parties SHOULD NOT require this match. It's only a hint for path building. While I'm at it, I'll respond to one more comment: Michael Ströder wrote: > Is there any good reason to set AKI/SKI at all? Some path building software uses it as a hint to choose between several certs that look suitable. Personally, I don't see a big win. As Peter points out, subject and issuer names are a more reliable mechanism. They *must* match or the path isn't valid. Unfortunately, I have heard that some path building software uses AKI/SKI as a database key and only finds a path if they match. I've also heard that some path validation software requires a match. Both of those are mistakes. What a bummer for the users! And all the more reason why the successor to RFC 3280 should be explicit in saying that relying parties SHOULD NOT require an AKI/SKI match. So I think AKI/SKI have *some* utility Thanks, Steve --------------ms855FA98D4191FBC87A6A82DF Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIIEAYJKoZIhvcNAQcCoIIIATCCB/0CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BeMwggKjMIICDKADAgECAgMKVAgwDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhh d3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwg RnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMzA3MTExMTAxNTFaFw0wNDA3MTAxMTAxNTFa MGgxDjAMBgNVBAQTBUhhbm5hMRUwEwYDVQQqEwxTdGVwaGVuIFJvc3MxGzAZBgNVBAMTElN0 ZXBoZW4gUm9zcyBIYW5uYTEiMCAGCSqGSIb3DQEJARYTc3RldmUuaGFubmFAc3VuLmNvbTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoxRk/abMPe7Km2EqpD2FZXzjiBGUHhIdNlIO 9W6mdCQro1xMc+sv+93UuVnIzse+XA67Tqx4g5FdoQ+PI8TQYemYSkTD9GitgU563ypu03UV 86zTJA7u9zVkNv/qL2LRKZ9BXy2Smtet+PUh3nYjMh/ZY7LQxQzmdu1Zunue+yECAwEAAaMw MC4wHgYDVR0RBBcwFYETc3RldmUuaGFubmFAc3VuLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqG SIb3DQEBBAUAA4GBAHbpX0TKiOFu1vxKc3nAOcUHwoci5kinboYrnjWcl37mMXXbBFntaYRM 9LxpGtHdPm7F4pAviKp8bnFzTU46OyUw3kNUAVGDeWYVQC76f0dDZdA313Tn88UZYa+N6O8W bO8wjKA2vg+yx79WXJCFDu+TpsG/28NKPdH42w8LEOVHMIIDODCCAqGgAwIBAgIQZkVyt8x0 9c9jdkWE0C6RATANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl c3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3Vs dGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UE AxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25h bC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAwMDgzMDAwMDAwMFoXDTA0MDgyNzIzNTk1OVow gZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg VG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEo MCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEA3jMypmPHCSVFPtJueCdngcXaiBmClw7jRCmKYzUqbXA8+tyu9+50 bzC8M5B/+TRxoKNtmPHDT6Jl2w36S/HW3WGl+YXNVZo1Gp2Sdagnrthy+boC9tewkd4c6avg GAOofENCUFGHgzzwObSbVIoTh/+zm51JZgAtCYnslGvpoWkCAwEAAaNOMEwwKQYDVR0RBCIw IKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMjk3MBIGA1UdEwEB/wQIMAYBAf8CAQAw CwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBADGxS0dd+QFx5fVTbF151j2YwCYTYoEi pxL4IpXoG0m3J3sEObr85vIk65H6vewNKjj3UFWobPcNrUwbvAP0teuiR59sogxYjTFCCRFs sBpp0SsSskBdavl50OouJd2K5PzbDR+dAvNa28o89kTqJmmHf0iezqWf54TYyWJirQXGMYIB 9TCCAfECAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQ BgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0 ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAID ClQIMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMDMxMDI0MTQxOTQwWjAjBgkqhkiG9w0BCQQxFgQU0uJLXkIi8I+ZBgw0rVOtvHgc 2yQwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4D AgcwDQYIKoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYAu4JhY +rPp6x0d7KgsvqHfqQaVTZNMFHTGqUcUVfithFIpPO4HIBZrFbDjNd7bC+ff2QJHfps1612D q8tmAtPzK3DOYCXQ5V+2sxzH0WQ13GD6IubsO5MOogqYJwubCeVyMq6Et0Nq4yBjZBsEo7RF 9hQZYVZxbVlw1qVg0cq9fQ== --------------ms855FA98D4191FBC87A6A82DF-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OCNOI7075974 for <ietf-pkix-bks@above.proper.com>; Fri, 24 Oct 2003 05:23:24 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9OCNOUT075973 for ietf-pkix-bks; Fri, 24 Oct 2003 05:23:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OCNLI7075968 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 05:23:21 -0700 (PDT) (envelope-from wpolk@nist.gov) Received: from calendar.nist.gov (calendar-ether.nist.gov [129.6.16.10]) by postmark.nist.gov (8.12.5/8.12.5) with ESMTP id h9OCN2e7000984 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 08:23:02 -0400 (EDT) Received: from calendar.nist.gov (localhost [127.0.0.1]) by calendar.nist.gov (8.12.9-20030924/8.12.9) with ESMTP id h9OCN2Sm008243 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 08:23:02 -0400 (EDT) Received: (from nobody@localhost) by calendar.nist.gov (8.12.9-20030924/8.12.9/Submit) id h9OCN2uR008242 for ietf-pkix@imc.org; Fri, 24 Oct 2003 08:23:02 -0400 (EDT) Received: from 151.200.235.112 ( [151.200.235.112]) as user wpolk@email.nist.gov by imp.nist.gov with HTTP; Fri, 24 Oct 2003 08:23:02 -0400 Message-ID: <1066998182.3f9919a625bd2@imp.nist.gov> Date: Fri, 24 Oct 2003 08:23:02 -0400 From: wpolk@nist.gov To: ietf-pkix@imc.org Subject: Agenda Requests MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Folks, I am working out the agenda for the PKIX meeting at Minneapolis; my goal is to post the draft agenda on Monday. Please let me know if you would like space on the agenda. Preference as always goes to presentation of PKIX documents and related IETF work. Time *may* allow for a few "liasion" presentations regarding non-IETF work. Thanks, Tim Polk Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9OAwqI7073251 for <ietf-pkix-bks@above.proper.com>; Fri, 24 Oct 2003 03:58:52 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9OAwqs1073250 for ietf-pkix-bks; Fri, 24 Oct 2003 03:58:52 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id h9OAwpI7073245 for <ietf-pkix@imc.org>; Fri, 24 Oct 2003 03:58:51 -0700 (PDT) (envelope-from housley@vigilsec.com) Received: (qmail 28883 invoked by uid 0); 24 Oct 2003 10:58:31 -0000 Received: from unknown (HELO Russ-Laptop.vigilsec.com) (141.156.161.139) by woodstock.binhost.com with SMTP; 24 Oct 2003 10:58:31 -0000 Message-Id: <5.2.0.9.2.20031023105107.03e04e30@mail.binhost.com> X-Sender: housley@mail.binhost.com X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Thu, 23 Oct 2003 10:58:26 -0400 To: Denis.Pinkas@bull.net From: Russ Housley <housley@vigilsec.com> Subject: Re: Last Call: 'Warranty Certificate Extension' to Informational RFC Cc: wpolk@nist.gov, kent@bbn.com, smb@research.att.com, iesg@ietf.org, ietf-pkix@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The message below was sent to the PKIX mail list, and it clearly indicates that the document was submitted to the IESG by the chairs. And, it clearly asks for comments to be sent to the IESG. My mail archive does not show any message from you to the IESG regarding this document. Russ >To: IETF-Announce: ; >Cc: ietf-pkix@imc.org >From: The IESG <iesg-secretary@ietf.org> >Subject: Last Call: 'Internet X.509 Public Key Infrastructure Warranty > Certificate Extension' to Informational RFC >Reply-To: iesg@ietf.org >Date: Tue, 12 Aug 2003 14:44:07 -0400 >Sender: owner-ietf-pkix@mail.imc.org > >The IESG has received a request from the Public-Key Infrastructure (X.509) >WG to consider 'Internet X.509 Public Key Infrastructure Warranty >Certificate Extension' <draft-ietf-pkix-warranty-extn-03.txt> as an >Informational RFC. > >The IESG plans to make a decision in the next few weeks, and solicits >final comments on this action. Please send any comments to the >iesg@ietf.org or ietf@ietf.org mailing lists by 2003-08-26. > > >File(s) can be obtained via >http://www.ietf.org/internet-drafts/draft-ietf-pkix-warranty-extn-03.txt Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9NCHXI7060916 for <ietf-pkix-bks@above.proper.com>; Thu, 23 Oct 2003 05:17:33 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9NCHXsU060915 for ietf-pkix-bks; Thu, 23 Oct 2003 05:17:33 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9NCHUI7060908 for <ietf-pkix@imc.org>; Thu, 23 Oct 2003 05:17:31 -0700 (PDT) (envelope-from Denis.Pinkas@bull.net) Received: from clbull.frcl.bull.fr (IDENT:root@clbull.frcl.bull.fr [129.182.8.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id OAA15158; Thu, 23 Oct 2003 14:23:35 +0200 Received: from bull.net (frcls4013.frcl.bull.fr [129.182.108.120]) by clbull.frcl.bull.fr (8.9.3/8.9.3) with ESMTP id OAA18186; Thu, 23 Oct 2003 14:19:08 +0200 Message-ID: <3F97C6D2.3080907@bull.net> Date: Thu, 23 Oct 2003 14:17:22 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en, fr MIME-Version: 1.0 To: Tim Polk <wpolk@nist.gov>, Stephen Kent <kent@bbn.com>, Russ Housley <housley@vigilsec.com>, Steve Bellovin <smb@research.att.com> CC: Alice Sturgeon <asturgeon@spyrus.com>, iesg@ietf.org, pkix <ietf-pkix@imc.org> Subject: Re: Last Call: 'Warranty Certificate Extension' to Informational RFC References: <E19me7r-0005yz-8u@asgard.ietf.org> <3F4B516C.4050607@bull.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> On August 26, I sent a reply to the last call sent by the IESG on draft-ietf-pkix-warranty-extn-03.txt. It is copied below. Since then, nothing happened officially. I met with Alice Sturgeon yesterday in Paris and we had a talk together. She told me that she has also been surprised to see the IESG last call, since she was ready to post a new draft 04 to answer my comments. Since she saw the IESG last call, she abstained to post it. Since then, she received comments from the IESG and she needs to post a new draft. I would appreciate if the situation could be clarified either by the Security Area Directors or by the PKIX co-chairs. Denis ============================================================================ >> The IESG has received a request from the Public-Key Infrastructure >> (X.509) WG to consider 'Internet X.509 Public Key Infrastructure >> Warranty Certificate Extension' <draft-ietf-pkix-warranty-extn-03.txt> >> as an Informational RFC. >> The IESG plans to make a decision in the next few weeks, and solicits >> final comments on this action. Please send any comments to the >> iesg@ietf.org or ietf@ietf.org mailing lists by 2003-08-26. > I am quite surprised to see that the IESG received a request from the > PKIX chairs while a discussion still takes place on the PKIX mailing > list on the document. > > The last response from the lead editor (Alice Sturgeon) is dated August > 13. She recognizes that at least some "clarifications" are needed. > > The e-mail is duplicated below and exhibits that there is good progress > but still no consensus on the document. > > At least some changes to the June version (version 3) are expected > before the document can be published. > > Regards, > > Denis > > Note: I am back from holidays, just today (i.e. August 26 th). > > =============================================================================== > > > Hello Denis, > > Please see my comments inserted below, as [AS2], to distinguish from the > first set of replies to your original comments. > > Alice > > Alice Sturgeon > Chair, Canadian Advisory Committee - Information Technology Security > ISO/IEC JTC 1/SC 27 > and > System Policy Architect & Manager of Standards > SPYRUS > > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Tuesday, July 29, 2003 6:38 AM > To: asturgeon@spyrus.com > Cc: ietf-pkix@imc.org > Subject: Re: I-D ACTION:draft-ietf-pkix-warranty-extn-03.txt > > > > Alice, > > Please see my responses below. > > Comments on warranty-extn-03.txt (June 2003) > > 1- On page 2. The text mentions: "A relying party that has a warranty > from a > CA". > > Does this mean that a relying party must have a contract with the CA to get > advantage of the warranty ? > [Alice] No. > > Does this mean that a relying party will get a warranty without a contract > signed with the CA ? > [Alice] Yes. > > Does this extension allow to make the difference between the case of a > signed contract and the case of an unsigned contract where the guarantees > could be different? > > [Alice] No. If there are any differences in the T&C pertaining to a > contractual arrangement, these differences will be outside of, beyond the > scope, and not pertinent to, the warranty offered in the certificate. It > applies equally to all relying parties, whether or not a contract has been > signed. > > [Denis] Then say something like: "Whether or not relying parties have > signed > agreements with CAs, the CA will provide Terms and Conditions for this > warranty which relates to its liability." > > [AS2] Alternatively, to make the same point, it could remain implicit. > > 2 - The difference between the base warranty and the extended warranty is > not crystal clear. > > How can a relying party know whether it can have the benefits of the base > warranty or of the extended warranty ? > > If the extended warranty is present, then the relying party has the benefit > of the extended warranty. In short, if it is present, then the relying > party knows that the relying party has the benefit of the extended warranty > by its presence alone. The syntax shows that the extended warranty MAY be > present: > Warranty ::= CHOICE { > none NULL, -- No warranty provided > wData WarrantyData } -- Explicit warranty > > WarrantyData ::= SEQUENCE { > base WarrantyInfo, > extended WarrantyInfo OPTIONAL, > tcURL TermsAndConditionsURL OPTIONAL } > > If the tcURL is present, a human being might understand the terms and > conditions (if he can understand the local language used), but a computer > program will not be able to do so. This means that computers cannot > understand the difference. > > [Alice] The computer does not need to know what is in the T&C. If the > tcURL > is present, it is optionally for the benefit of the human reader. Perhaps > you could suggest some text to clarify this in the I-D if you still > think it > is needed. > > [Denis] Then say something like: "Warranty extensions are only aimed for > human interpretation and contain data that is inappropriate for computer > based verification schemes, the warranty extension MUST NOT be an active > component in automated certification path validation." > > [AS2] But this is not necessarily true. It may be that the RP (i.e., the > human) has to go to a T&C document if the extended warranty is present, > if the RP wants to know what exactly is in the T&C, but there should be > the option of not going to the T&C. If the extended warranty is not > present (as noted in the syntax, it is optional), then there is no > reason that the extension could not be processed by the computer. > Therefore, the warranty extension is NOT "only aimed for human > interpretation...". This may be irrelevant to the point of automated > certificate path validation, because the extension is non-critical. > > 3 - There is no security on the information placed at the tcURL parameter > since no hash of the terms and conditions is being used. These conditions > could change overtime and relying parties would not be able to demonstrate > that they have changed. > > [Alice] > It seems to me that the time stamp on the certificate would suffice to > place > the warranty in a point of time at which the specified terms and conditions > applied; there is no need for the extension to demonstrate that as this is > covered by the certificate itself. This is no different from the > paper-based world in that if an insurance policy changes its terms, it > cannot do so retroactively to the detriment of clients who have paid for a > specific coverage, unless it notified the clients and compensates them > accordingly. > > [Denis] The problem is that the CA could change the policy and the relying > party will be unable to demonstrate that the policy has changed. A > time-stamp token over the certificate would not help. A time-stamp token > over the T&C would help, but the relying party does not necessarily have > access to one TSU. The hash approach is much simpler. > > [AS2] A hash function on the T&C? > > 4 - Is the "Relying party Agreement" a document to signed by the parties or > not ? This should be said. > > [Alice] > Use of the term "Relying Party Agreement" is no different from its normal > usage, just as "Certificate Policy" is used in the same context without any > change to the meaning from normal usage, as per RFC 2527 and its successor. > In other words, defining the terms, either Relying Party Agreement or > Certificate Policy is not necessary to the understanding of this extension. > > [Denis] The term "Relying Party Agreement" is confusing. Use a wording like > "Terms and Conditions for Relying parties" which does not imply that there > is an agreement signed but that unilaterally the CA provides terms and > conditions. Relying parties may like them or not. If they disagree with > them, then this is still "Terms and Conditions for Relying parties". > > [AS2] Maybe so, but the RP has the option of not using or relying on the > certificate. As I said before, this is normal terminology, and should > not be confusing; it is not being used with a different meaning. > > 5 - The WarrantyValidityPeriod is insufficient. Usually there is a > period to > claim for a compensation which must be made X months or Y days after the > date of the event which created the damage. It is thus not possible to ask > for a warranty during e.g. the whole validity period of the certificate. > Another time period parameter is missing. > > [Alice] > This is exactly what the validity period is stating: that the warranty is > valid for a specified time, which is either the validity period of the > certificate, or another, specified time using the parameters as defined in > the I-D. It is presented and offered this way, so there is no need for > another validity parameter. If an offeror wanted to specify a time within > which claims could be made, then a shorter time period than the validity of > the certificate can be used. This is unlike the paper-based world in the > sense that insurance policies are normally of long duration, whereas this > extension is associated with a certificate that normally has a validity of > two-three years. > > [Denis] The semantics of the warranty validity period is not defined ! > There > is a need to define more precisely what "the warranty validity period" is. > Here is a proposal along my original text. If it does not fit, please > propose an alternative: > > " The warranty validity period is a time period to claim for a compensation > which must be made X months or Y days after the date of the event which > created the damage. It is unrelated to the certificate validity period." > > [AS2] What if the warranty validity period is indeed the same as the > certificate validity period? This was the scenario assumed to be most > likely, as it is stated in s.2.2, and therefore the option was created > to allow for a reduction in size of the extension by having NULL in > warranty validity period in the case where it was the same as the > certificate validity period. When it is not the same as the certificate > validity period, then the parameters available for warranty validity > period can be used. > > 6 - The wType offers only two types of warranty: aggregated and per > transaction. > > "Aggregated" means that that once the value of the fulfilled claims reaches > the maximum warranty amount, then no further claim will be fulfilled. > > "Per transaction" means that each claim is handled independently but no > individual claim can exceed the maximum warranty amount. > > Each type has its own problems: > > "Aggregated" is like a race where late claimants will get no > compensation at > all because they were not "fast enough". It is questionable whether such a > race condition will be acceptable. > It should be understood that aggregation applies to one warranty and one > claimant. This is analogous to the paper-based world. When you are > covered > by warranty for X product or service, e.g., health insurance, there is > often > an upper limit (viz. the "value") up to which claims will be met for each > claimant; i.e., one insured person. > "Per transaction" means that the CA cannot compute the maximum amount of > money that it may have to give away. Which insurance company will ever > insure a risk for which an upper limit cannot be computed ? > > [Alice] > The T&C, as noted in section 1, as covered by insurance, will specify the > maximum. The type of warranty selected depends on the nature of the > transactions, the parties to the transactions (e.g., individuals, large > institutions, etc.). > > [Denis] What I am asking for is to allow a combination of both types, which > is currently not possible. See below again. > > None of these schemes is acceptable. Some combination should be allowed: > > - a maximum amount per transaction, and > - a maximum amount per certificate with a maximum time period > to claim for a compensation after the date of the event > (no race problem implied). > > [AS2] You have a good point. We may need some clarification in s.2.2 to > explain exactly what the currency amount means. This is clearly stated > (and obvious) with respect to aggregate, but not so with > per-transaction. It should be indicated that there will be a maximum > total of per-transaction claims, which would be standard practice, and > necessary for the ongoing health of the CA. The total warranty offered > for per-transaction claims could be expressed as a new parameter > indicating number of per-transaction claims before the maximum would br > reached, which would be simple to calculate since the per-transaction > maximum is stated; e.g., a sub-line after the per-transaction type code, > number of transactions as a maximum. > > 7 - The content of the security consideration should be augmented to > indicate the difference between what a computer program can do and a human > being can do with this extension. > > [Alice] > I would have thought this to be blindingly obvious. We would, however, be > quite willing to consider some proposed words to address this, if you do > think it is necessary. > > [Denis] If my text proposal related to comment 2 is inserted, then this is > no more needed. > > [AS2] Still willing to consider a proposal, but as you can see from my > response to your comments on point 2, I don't think this is quite right. > > 8 - The document is not mature enough and its added value is still > questionable. > > [Alice] > We believe that it is mature. Its value may be questionable to those > who do > not want to use it, but given that it is (a) proposed as Informational and > (b) always non-critical, surely its availability for use is innocuous for > those that do not want to use it. For those who do want to use it, and we > have heard from quite a number who do, it will be useful and valuable. As > in section 1: "When a certificate contains a warranty certificate > extension, > the extension MUST be non-critical, ..." > > [Denis] > As you can see, we have progressed, but several issues still need to be > addressed. > > [AS2] Yes, we have made progress. > > Denis > > >> File(s) can be obtained via >> http://www.ietf.org/internet-drafts/draft-ietf-pkix-warranty-extn-03.txt >> > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9N3bcI7077322 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 20:37:38 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9N3bcNi077321 for ietf-pkix-bks; Wed, 22 Oct 2003 20:37:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9N3bYI7077316 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 20:37:37 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h9N3bTRS016084; Thu, 23 Oct 2003 16:37:29 +1300 Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h9N3cap19981; Thu, 23 Oct 2003 16:38:36 +1300 Date: Thu, 23 Oct 2003 16:38:36 +1300 Message-Id: <200310230338.h9N3cap19981@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: chokhani@orionsec.com, ietf-pkix@imc.org, pmhesse@geminisecurity.com, sharon.boeyen@entrust.com Subject: RE: AKI and SKI problem with RFC 3280? Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I'll reply briefly to several messages at once here to keep the message count down... "Stefan Santesson" <stefans@microsoft.com> writes: >If an application use AKI/SKI match to discover a path and finds an AKI/SKI >match of unrelated keys. What happens? Ignoring what applications SHOULD do >(which we all know) What is in fact the current behaviour of applications >today: I match first on DNs and only if that fails do I fall back to keyIDs (provided the keyID is > 40 bits, i.e. not a non-unique small integer). I'm not aware of the match on DNs ever having failed. It's one of these things that users just know about (sort of like "Don't user Master Documents in MS Word" or "Don't change the monitor frequency settings in XF86Config"), you can either play it safe and know it'll work or live dangerously but have to expect things to break. If you expect things to break anyway then presumably you're prepared to do the necessary manual tweaking to sort things out. An easier option for most people is just to make sure that you never put yourself in a situation where things can break. =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> writes: >Or is it just YAPEB [1]? > >[1] yet another PKIX extension bloat In my earlier message I originally had a tongue-in-cheek comment that the purpose of the keyIDs was for the CA to communicate to a RP that it didn't consider the certificate bloated enough, but I removed it before I sent the message. "Al Arsenault" <aarsenau@bbn.com> writes: >So, your assertion is that a bastardized hybrid of a widely-used but non- >standard protocol (SCEP) I was waiting for someone to bring that up :-). I'd considered just putting in a blank space in place of the term "SCEP" in my post in reference to the PKIX NIH effect blanking it out. >with an updated wrapping mechanism (CMS) will cause problems for some types >of signature validation software, and this is a reason why one option >permitted by PKIX is a fundamental flaw? You asked for an example, that's a quick example (the reason SCEP uses PKCS #7 is because that's what Cisco had lying around when they created it. I'm sure any even vaguely recent SCEP implementation will be built with a CMS toolkit). In any case it was just a top-of-my-head example (I'm not going to search through every case of CMS use to see how many would be affected by this, it's used in all sorts of weird and wonderful places), the point is that if the spec allows this behaviour then it's broken. Jean-Marc Desperrier <jmdesp@free.fr> writes: >Do cross-certifying CA discards all extensions inside the request so that >it's not possible to specify the SKID by including it as an extension inside >the request ? My code copies all extensions across (although the CA app is free to delete any that it doesn't like). Feedback from users was that if they didn't want it in the request they wouldn't be specifying it, and conversely if they did specify it then they didn't want the CA arbitrarily stripping it out. All manner of people wrote: >[ Six angels! / Four angels! / Eight angels! / No angels! / A dachshund! ] The general response to this issue has been some variation of "Users will get it right" (= push it onto the users) / "It's a policy issue" (= push it onto the users) / "It's a local configuration issue" (= push it onto the users). If the PKI experts can't even agree on how to interpret/handle this, how on earth can non-technical users be expected to get it right? I'll conclude with a wonderful quote from someone else (who probably doesn't want his name mentioned :-). It's in reference to the UK comedy "Father Ted": Ted says that whenever he gets asked a religious question he doesn't understand he always responds with "Ah, that must be an ecumenical matter" which univerally produces nods of admiration at the profound wisdom of the statement. It seems that that the PKIX list equivalent is "Ah that must be a policy matter". Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9N28LI7074669 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 19:08:21 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9N28LnS074668 for ietf-pkix-bks; Wed, 22 Oct 2003 19:08:21 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from orb.pobox.com (puzzle.pobox.com [207.8.214.3]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9N28KI7074663 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 19:08:20 -0700 (PDT) (envelope-from eldub@pobox.com) Received: from texas.pobox.com (texas.pobox.com[64.49.223.111]) by orb.pobox.com (Postfix) with ESMTP id D45E8CCFAF; Wed, 22 Oct 2003 22:08:22 -0400 (EDT) Received: from gnosis (12-230-199-189.client.attbi.com [12.230.199.189]) by texas.pobox.com (Postfix) with ESMTP id 96B84453BB; Wed, 22 Oct 2003 22:08:21 -0400 (EDT) From: "L Williams" <eldub@pobox.com> To: "'Steve Hanna'" <steve.hanna@sun.com>, <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 19:08:15 -0700 Message-ID: <000601c3990a$863a5b80$6601a8c0@gnosis> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <3F96EF91.C1E98EEF@sun.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Man, I was loving this thread up until this point. I think what this thread established was that sane CAs should be able to respect existing key identifiers when they do cross-certification/bridging. This means that AKI/SKI chaining should work the majority of the time, not fail the majority of the time. Seems to me that the change would be to make this a "SHOULD" not a "SHOULD NOT". Yes, there are backwards compatibility issues, but this can be dealt with. -Laudon (Microsoft) -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Steve Hanna Sent: Wednesday, October 22, 2003 1:59 PM To: Peter Hesse Cc: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? Maybe we are close to ending this discussion. Everyone agrees that CAs MUST use an SKI in CA certificates that matches the AKI used in certificates issued by the subject of the certificate. Relying parties can use this as a hint during path construction, but they should not require AKI/SKI matching during path construction or path validation. But RFC 3280 does not say clearly and explicitly that relying parties should not require AKI/SKI matching. Several implementors have misunderstood this. I suggest that the successor to RFC 3280 should be changed to make an explicit recommendation that relying parties SHOULD NOT require AKI/SKI matching. Thanks, Steve Peter Hesse wrote: > > Santosh, > > Point taken. 3280 therefore requires that the keyIdentifier method (as > opposed to the issuer DN/serial tuple) MUST be used. In 4.2.1.1 (AKID) > it only RECOMMENDS this; but the words you quote from 4.2.1.2 (SKID) > make it a requirement, intentionally or not. As you said, in the below > case, at least one CA is not compliant with 3280. Unfortunately, I've > seen this happen in practice. As you said earlier, it would be best if > path building implementations could be flexible about this, but > certificate producers should be compliant. > > Two other things: Sharon is dead on, and the only thing I would say is > that support for accepting SKIDs in certification requests seems to work > well with a particular implementation, but require manual input or is > not possible between different implementations. > > And Jean-Marc was also quite correct, my example was wrong. It's the > Issuer's Issuer DN and serial, I just put the Issuer's DN in my example. > Shame on me. > > --Peter > > +---------------------------------------------------------------+ > | Peter Hesse pmhesse@geminisecurity.com | > | Phone: (703)934-2031 Gemini Security Solutions, Inc. | > | ICQ: 1942828 www.geminisecurity.com | > +---------------------------------------------------------------+ > "Pay no attention to what the critics say; there has never been > a statue set up in honor of a critic." --Jean Sibelius > > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > On Behalf Of Santosh Chokhani > Sent: Wednesday, October 22, 2003 2:01 PM > To: ietf-pkix@imc.org > Subject: RE: AKI and SKI problem with RFC 3280? > > Peter: > > Section 4.2.1.2 (Subject Key Identifier) of 3280 states and I quote: > "The value of the subject key identifier MUST be the value placed in the > key identifier field of the Authority Key Identifier extension (section > 4.2.1.1) of certificates issued by the subject of this certificate." > Read in context, the above is stated for CA certificates. > > Thus, in cross certified environment, 3280 compliant issuing CAs need to > ensure that the SKI in 3280 compliant subject CA certificate is the > value that the subject CA intends to use as AKI for certificates it > issues. > > If the AKI and SKI (even for cross certified environments) do not chain, > one or more of the CAs is not compliant with 3280. > > -----Original Message----- > From: Peter Hesse [mailto:pmhesse@geminisecurity.com] > Sent: Wednesday, October 22, 2003 12:59 PM > To: 'Santosh Chokhani'; ietf-pkix@imc.org > Subject: RE: AKI and SKI problem with RFC 3280? > > Santosh Chokhani wrote: > > My e-mail needs to be read in the context of the producers. The CAs as > > > producers need to ensure that the AKI and SKI chain. If the CAs do not > > > do that, they are not compliant with 3280. > > That means in order to comply with 3280 issuing CA needs to > > honor the SKID requested by the subject CAs. > > I think we're in violent agreement. My main point was that although the > producer needs to ensure that AKID and SKID chain, cross-PKI > interoperability will cause cases in which the producer must choose > between two (or more) equally valid AKIDs to place in a subject > certificate. Either of them will chain successfully and the producer > will be compliant; but as a result there will be valid paths where the > AKID and SKID will not chain, through no fault of the producer. > > --Peter Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MNJDI7066907 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 16:19:13 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MNJCEV066906 for ietf-pkix-bks; Wed, 22 Oct 2003 16:19:12 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mtiwmhc11.worldnet.att.net (mtiwmhc11.worldnet.att.net [204.127.131.115]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MNJBI7066896 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 16:19:12 -0700 (PDT) (envelope-from chokhani@orionsec.com) Received: from wchokhani (39.arlington-13-14rs.va.dial-access.att.net[12.92.101.39]) by worldnet.att.net (mtiwmhc11) with SMTP id <2003102223190511100hcejoe>; Wed, 22 Oct 2003 23:19:05 +0000 From: "Santosh Chokhani" <chokhani@orionsec.com> To: <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 19:19:03 -0400 Message-ID: <000001c398f2$e33fc260$27655c0c@hq.orionsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 Importance: Normal In-Reply-To: <9A4F653B0A375841AC75A8D17712B9C9061AC63B@sottmxs04.entrust.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9MNJCI7066902 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Sharon: I agree. What you listed is the simplest way to meet the requirement. -----Original Message----- From: Sharon Boeyen [mailto:sharon.boeyen@entrust.com] Sent: Wednesday, October 22, 2003 3:46 PM To: 'Peter Hesse'; 'Santosh Chokhani'; ietf-pkix@imc.org Subject: RE: AKI and SKI problem with RFC 3280? Now I'm getting confused??? To simplify the discussion.... Shouldn't a CA determine what its own key identifier is (and 3280 recommends ways to calulate it). One they have their own key id, this value should go into the AKI extension of all certificates issued by that CA and should go into the SKI extension of all certificates issued to that CA. When acting as the issuer, the CA knows the value and simply populates it. When acting as the subject, the CA should pass the value in the certificate request it sends to the issuing CA and that value should be used by the issuing CA to populate the SKI. If the value is not sent in the cert request, then the issuer CA needs to use other means to determine the correct value for that SKI. -----Original Message----- From: Peter Hesse [mailto:pmhesse@geminisecurity.com] Sent: Wednesday, October 22, 2003 12:59 PM To: 'Santosh Chokhani'; ietf-pkix@imc.org Subject: RE: AKI and SKI problem with RFC 3280? Santosh Chokhani wrote: > My e-mail needs to be read in the context of the producers. > The CAs as producers need to ensure that the AKI and SKI chain. > If the CAs do not do that, they are not compliant with 3280. > That means in order to comply with 3280 issuing CA needs to > honor the SKID requested by the subject CAs. I think we're in violent agreement. My main point was that although the producer needs to ensure that AKID and SKID chain, cross-PKI interoperability will cause cases in which the producer must choose between two (or more) equally valid AKIDs to place in a subject certificate. Either of them will chain successfully and the producer will be compliant; but as a result there will be valid paths where the AKID and SKID will not chain, through no fault of the producer. --Peter +---------------------------------------------------------------+ | Peter Hesse pmhesse@geminisecurity.com | | Phone: (703)934-2031 Gemini Security Solutions, Inc. | | ICQ: 1942828 www.geminisecurity.com | +---------------------------------------------------------------+ "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MMS6I7065227 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 15:28:06 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MMS6fO065226 for ietf-pkix-bks; Wed, 22 Oct 2003 15:28:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail-lul.microsoft.com (mail-lul.microsoft.com [212.157.154.44]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MMS4I7065219 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 15:28:04 -0700 (PDT) (envelope-from stefans@microsoft.com) Received: from lul-imc-01.europe.corp.microsoft.com ([65.53.188.37]) by mail-lul.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 23 Oct 2003 00:27:59 +0200 Received: from 65.53.188.37 by lul-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Thu, 23 Oct 2003 00:27:59 +0200 Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by lul-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 23 Oct 2003 00:27:59 +0200 x-mimeole: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 23:27:57 +0100 Message-ID: <0C3042E92D8A714783E2C44AB9936E1D736916@EUR-MSG-03.europe.corp.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: AKI and SKI problem with RFC 3280? Thread-Index: AcOY6sPhOZzpnx66QEKec+4se7t/twAAEsgw From: "Stefan Santesson" <stefans@microsoft.com> To: "Steve Hanna" <steve.hanna@sun.com>, "Peter Hesse" <pmhesse@geminisecurity.com> Cc: <ietf-pkix@imc.org> X-OriginalArrivalTime: 22 Oct 2003 22:27:59.0197 (UTC) FILETIME=[BF5FD0D0:01C398EB] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9MMS5I7065222 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Agree, And may I also suggest limiting recommendations to key identifiers derived from the key hash, unless there is a strong need for other solutions not yet presented in this debate. /Stefan > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > On Behalf Of Steve Hanna > Sent: den 22 oktober 2003 22:59 > To: Peter Hesse > Cc: ietf-pkix@imc.org > Subject: Re: AKI and SKI problem with RFC 3280? > > Maybe we are close to ending this discussion. Everyone > agrees that CAs MUST use an SKI in CA certificates that > matches the AKI used in certificates issued by the > subject of the certificate. Relying parties can use > this as a hint during path construction, but they should > not require AKI/SKI matching during path construction or > path validation. > > But RFC 3280 does not say clearly and explicitly that > relying parties should not require AKI/SKI matching. > Several implementors have misunderstood this. I suggest > that the successor to RFC 3280 should be changed to > make an explicit recommendation that relying parties > SHOULD NOT require AKI/SKI matching. > > Thanks, > > Steve > > Peter Hesse wrote: > > > > Santosh, > > > > Point taken. 3280 therefore requires that the keyIdentifier method (as > > opposed to the issuer DN/serial tuple) MUST be used. In 4.2.1.1 (AKID) > > it only RECOMMENDS this; but the words you quote from 4.2.1.2 (SKID) > > make it a requirement, intentionally or not. As you said, in the below > > case, at least one CA is not compliant with 3280. Unfortunately, I've > > seen this happen in practice. As you said earlier, it would be best if > > path building implementations could be flexible about this, but > > certificate producers should be compliant. > > > > Two other things: Sharon is dead on, and the only thing I would say is > > that support for accepting SKIDs in certification requests seems to work > > well with a particular implementation, but require manual input or is > > not possible between different implementations. > > > > And Jean-Marc was also quite correct, my example was wrong. It's the > > Issuer's Issuer DN and serial, I just put the Issuer's DN in my example. > > Shame on me. > > > > --Peter > > > > +---------------------------------------------------------------+ > > | Peter Hesse pmhesse@geminisecurity.com | > > | Phone: (703)934-2031 Gemini Security Solutions, Inc. | > > | ICQ: 1942828 www.geminisecurity.com | > > +---------------------------------------------------------------+ > > "Pay no attention to what the critics say; there has never been > > a statue set up in honor of a critic." --Jean Sibelius > > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > > On Behalf Of Santosh Chokhani > > Sent: Wednesday, October 22, 2003 2:01 PM > > To: ietf-pkix@imc.org > > Subject: RE: AKI and SKI problem with RFC 3280? > > > > Peter: > > > > Section 4.2.1.2 (Subject Key Identifier) of 3280 states and I quote: > > "The value of the subject key identifier MUST be the value placed in the > > key identifier field of the Authority Key Identifier extension (section > > 4.2.1.1) of certificates issued by the subject of this certificate." > > Read in context, the above is stated for CA certificates. > > > > Thus, in cross certified environment, 3280 compliant issuing CAs need to > > ensure that the SKI in 3280 compliant subject CA certificate is the > > value that the subject CA intends to use as AKI for certificates it > > issues. > > > > If the AKI and SKI (even for cross certified environments) do not chain, > > one or more of the CAs is not compliant with 3280. > > > > -----Original Message----- > > From: Peter Hesse [mailto:pmhesse@geminisecurity.com] > > Sent: Wednesday, October 22, 2003 12:59 PM > > To: 'Santosh Chokhani'; ietf-pkix@imc.org > > Subject: RE: AKI and SKI problem with RFC 3280? > > > > Santosh Chokhani wrote: > > > My e-mail needs to be read in the context of the producers. The CAs as > > > > > producers need to ensure that the AKI and SKI chain. If the CAs do not > > > > > do that, they are not compliant with 3280. > > > That means in order to comply with 3280 issuing CA needs to > > > honor the SKID requested by the subject CAs. > > > > I think we're in violent agreement. My main point was that although the > > producer needs to ensure that AKID and SKID chain, cross-PKI > > interoperability will cause cases in which the producer must choose > > between two (or more) equally valid AKIDs to place in a subject > > certificate. Either of them will chain successfully and the producer > > will be compliant; but as a result there will be valid paths where the > > AKID and SKID will not chain, through no fault of the producer. > > > > --Peter Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MKxYI7062029 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 13:59:34 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MKxYs7062028 for ietf-pkix-bks; Wed, 22 Oct 2003 13:59:34 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from nwkea-mail-1.sun.com (nwkea-mail-1.sun.com [192.18.42.13]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MKxXI7062020 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 13:59:33 -0700 (PDT) (envelope-from steve.hanna@sun.com) Received: from sydney.East.Sun.COM ([129.148.9.16]) by nwkea-mail-1.sun.com (8.12.10/8.12.9) with ESMTP id h9MKxSUP023610; Wed, 22 Oct 2003 13:59:29 -0700 (PDT) Received: from sun.com (dhcp-ubur02-75-161 [129.148.75.161]) by sydney.East.Sun.COM (8.11.7p1+Sun/8.11.7/ENSMAIL,v2.2) with ESMTP id h9MKxSB12085; Wed, 22 Oct 2003 16:59:28 -0400 (EDT) Message-ID: <3F96EF91.C1E98EEF@sun.com> Date: Wed, 22 Oct 2003 16:58:57 -0400 From: Steve Hanna <steve.hanna@sun.com> X-Mailer: Mozilla 4.79 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Hesse <pmhesse@geminisecurity.com> CC: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <010b01c398d8$d8a5faa0$6801a8c0@gemsec.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms1A4950776C601A796E2B43DF" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms1A4950776C601A796E2B43DF Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Maybe we are close to ending this discussion. Everyone agrees that CAs MUST use an SKI in CA certificates that matches the AKI used in certificates issued by the subject of the certificate. Relying parties can use this as a hint during path construction, but they should not require AKI/SKI matching during path construction or path validation. But RFC 3280 does not say clearly and explicitly that relying parties should not require AKI/SKI matching. Several implementors have misunderstood this. I suggest that the successor to RFC 3280 should be changed to make an explicit recommendation that relying parties SHOULD NOT require AKI/SKI matching. Thanks, Steve Peter Hesse wrote: > > Santosh, > > Point taken. 3280 therefore requires that the keyIdentifier method (as > opposed to the issuer DN/serial tuple) MUST be used. In 4.2.1.1 (AKID) > it only RECOMMENDS this; but the words you quote from 4.2.1.2 (SKID) > make it a requirement, intentionally or not. As you said, in the below > case, at least one CA is not compliant with 3280. Unfortunately, I've > seen this happen in practice. As you said earlier, it would be best if > path building implementations could be flexible about this, but > certificate producers should be compliant. > > Two other things: Sharon is dead on, and the only thing I would say is > that support for accepting SKIDs in certification requests seems to work > well with a particular implementation, but require manual input or is > not possible between different implementations. > > And Jean-Marc was also quite correct, my example was wrong. It's the > Issuer's Issuer DN and serial, I just put the Issuer's DN in my example. > Shame on me. > > --Peter > > +---------------------------------------------------------------+ > | Peter Hesse pmhesse@geminisecurity.com | > | Phone: (703)934-2031 Gemini Security Solutions, Inc. | > | ICQ: 1942828 www.geminisecurity.com | > +---------------------------------------------------------------+ > "Pay no attention to what the critics say; there has never been > a statue set up in honor of a critic." --Jean Sibelius > > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > On Behalf Of Santosh Chokhani > Sent: Wednesday, October 22, 2003 2:01 PM > To: ietf-pkix@imc.org > Subject: RE: AKI and SKI problem with RFC 3280? > > Peter: > > Section 4.2.1.2 (Subject Key Identifier) of 3280 states and I quote: > "The value of the subject key identifier MUST be the value placed in the > key identifier field of the Authority Key Identifier extension (section > 4.2.1.1) of certificates issued by the subject of this certificate." > Read in context, the above is stated for CA certificates. > > Thus, in cross certified environment, 3280 compliant issuing CAs need to > ensure that the SKI in 3280 compliant subject CA certificate is the > value that the subject CA intends to use as AKI for certificates it > issues. > > If the AKI and SKI (even for cross certified environments) do not chain, > one or more of the CAs is not compliant with 3280. > > -----Original Message----- > From: Peter Hesse [mailto:pmhesse@geminisecurity.com] > Sent: Wednesday, October 22, 2003 12:59 PM > To: 'Santosh Chokhani'; ietf-pkix@imc.org > Subject: RE: AKI and SKI problem with RFC 3280? > > Santosh Chokhani wrote: > > My e-mail needs to be read in the context of the producers. The CAs as > > > producers need to ensure that the AKI and SKI chain. If the CAs do not > > > do that, they are not compliant with 3280. > > That means in order to comply with 3280 issuing CA needs to > > honor the SKID requested by the subject CAs. > > I think we're in violent agreement. My main point was that although the > producer needs to ensure that AKID and SKID chain, cross-PKI > interoperability will cause cases in which the producer must choose > between two (or more) equally valid AKIDs to place in a subject > certificate. Either of them will chain successfully and the producer > will be compliant; but as a result there will be valid paths where the > AKID and SKID will not chain, through no fault of the producer. > > --Peter --------------ms1A4950776C601A796E2B43DF Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIIEAYJKoZIhvcNAQcCoIIIATCCB/0CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BeMwggKjMIICDKADAgECAgMKVAgwDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhh d3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwg RnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMzA3MTExMTAxNTFaFw0wNDA3MTAxMTAxNTFa MGgxDjAMBgNVBAQTBUhhbm5hMRUwEwYDVQQqEwxTdGVwaGVuIFJvc3MxGzAZBgNVBAMTElN0 ZXBoZW4gUm9zcyBIYW5uYTEiMCAGCSqGSIb3DQEJARYTc3RldmUuaGFubmFAc3VuLmNvbTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoxRk/abMPe7Km2EqpD2FZXzjiBGUHhIdNlIO 9W6mdCQro1xMc+sv+93UuVnIzse+XA67Tqx4g5FdoQ+PI8TQYemYSkTD9GitgU563ypu03UV 86zTJA7u9zVkNv/qL2LRKZ9BXy2Smtet+PUh3nYjMh/ZY7LQxQzmdu1Zunue+yECAwEAAaMw MC4wHgYDVR0RBBcwFYETc3RldmUuaGFubmFAc3VuLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqG SIb3DQEBBAUAA4GBAHbpX0TKiOFu1vxKc3nAOcUHwoci5kinboYrnjWcl37mMXXbBFntaYRM 9LxpGtHdPm7F4pAviKp8bnFzTU46OyUw3kNUAVGDeWYVQC76f0dDZdA313Tn88UZYa+N6O8W bO8wjKA2vg+yx79WXJCFDu+TpsG/28NKPdH42w8LEOVHMIIDODCCAqGgAwIBAgIQZkVyt8x0 9c9jdkWE0C6RATANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl c3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3Vs dGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UE AxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25h bC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAwMDgzMDAwMDAwMFoXDTA0MDgyNzIzNTk1OVow gZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg VG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEo MCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEA3jMypmPHCSVFPtJueCdngcXaiBmClw7jRCmKYzUqbXA8+tyu9+50 bzC8M5B/+TRxoKNtmPHDT6Jl2w36S/HW3WGl+YXNVZo1Gp2Sdagnrthy+boC9tewkd4c6avg GAOofENCUFGHgzzwObSbVIoTh/+zm51JZgAtCYnslGvpoWkCAwEAAaNOMEwwKQYDVR0RBCIw IKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMjk3MBIGA1UdEwEB/wQIMAYBAf8CAQAw CwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBADGxS0dd+QFx5fVTbF151j2YwCYTYoEi pxL4IpXoG0m3J3sEObr85vIk65H6vewNKjj3UFWobPcNrUwbvAP0teuiR59sogxYjTFCCRFs sBpp0SsSskBdavl50OouJd2K5PzbDR+dAvNa28o89kTqJmmHf0iezqWf54TYyWJirQXGMYIB 9TCCAfECAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQ BgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0 ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAID ClQIMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMDMxMDIyMjA1ODU3WjAjBgkqhkiG9w0BCQQxFgQUDsK5P5VceEdaXsvUVNSLMyDE GugwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4D AgcwDQYIKoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYAcwMee kgTTPRSFTGkc5ZN0ZXqkCyebi1WVE/rirqh34a0tMiol/OY75HMH0GOs8RojefDOuQMK4scA 0jOz5fVmA/eUKzpCrlrn/WbM8MWuFX6VyQRtRuar6RBK5lzWeNmnADRz8qg7N112UAkKdzEF vdDfgmPgp26vlHvdZ0+Rbw== --------------ms1A4950776C601A796E2B43DF-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MKUmI7060794 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 13:30:48 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MKUmed060793 for ietf-pkix-bks; Wed, 22 Oct 2003 13:30:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout10.sul.t-online.com (mailout10.sul.t-online.com [194.25.134.21]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MKUkI7060787 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 13:30:47 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: from fwd07.aul.t-online.de by mailout10.sul.t-online.com with smtp id 1ACPcp-0006Xo-02; Wed, 22 Oct 2003 22:30:35 +0200 Received: from hagen (SyZwC6ZQgeZYSTHRvvacdQ5czZbvf20gG2XJIfB82IVL2J6CN5E9gM@[217.80.254.199]) by fmrl07.sul.t-online.com with esmtp id 1ACPci-0eFSpk0; Wed, 22 Oct 2003 22:30:28 +0200 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Tom Gindin'" <tgindin@us.ibm.com>, "'Michael Myers'" <mmyers@fastq.com> Cc: "'David Engberg'" <dave@corestreet.com>, <ietf-pkix@imc.org> Subject: RE: DISCUSSION: Nonce-specific error code for OCSP Date: Wed, 22 Oct 2003 22:30:26 +0200 Organization: SyTrust Message-ID: <000001c398db$54ab0620$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: <OFB2CA65F3.8B7A969A-ON85256DC7.0058732C-85256DC7.0059A5C2@us.ibm.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Seen: false X-ID: SyZwC6ZQgeZYSTHRvvacdQ5czZbvf20gG2XJIfB82IVL2J6CN5E9gM@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > [...] The options were original (with unclear > semantics in this respect), nonce required in response, and > nonce optional in response. > For a server to actually prevent misunderstandings of > whether or not he supports nonces by using a unilateral > server-side extension, you'd need a server-side > extension called "nonceSupported" with boolean syntax, > which would have to be placed in EVERY response whether > nonces are present in the request or not. Client side extension: Good idea. I certainly support such an extension. One thing we should keep in mind: currently ALL extensions in OCSP are OPTIONAL. We have to make sure that the RfC does not contradict itself. I fully support your server-side extension. Simple and good. I like it. Both good ideas - lets go with them :) -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MKDpI7059970 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 13:13:51 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MKDprs059969 for ietf-pkix-bks; Wed, 22 Oct 2003 13:13:51 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from osf1.gmu.edu (osf1.gmu.edu [129.174.1.13]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MKDnI7059959 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 13:13:49 -0700 (PDT) (envelope-from pmhesse@geminisecurity.com) Received: from phessel ([129.174.244.115]) by osf1.gmu.edu (8.8.8/8.8.8) with ESMTP id QAA480931 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 16:13:50 -0400 (EDT) From: "Peter Hesse" <pmhesse@geminisecurity.com> To: <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 16:12:40 -0400 Organization: Gemini Security Solutions, Inc. Message-ID: <010b01c398d8$d8a5faa0$6801a8c0@gemsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <004a01c398c6$854230c0$a67f509c@hq.orionsec.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Santosh, Point taken. 3280 therefore requires that the keyIdentifier method (as opposed to the issuer DN/serial tuple) MUST be used. In 4.2.1.1 (AKID) it only RECOMMENDS this; but the words you quote from 4.2.1.2 (SKID) make it a requirement, intentionally or not. As you said, in the below case, at least one CA is not compliant with 3280. Unfortunately, I've seen this happen in practice. As you said earlier, it would be best if path building implementations could be flexible about this, but certificate producers should be compliant. Two other things: Sharon is dead on, and the only thing I would say is that support for accepting SKIDs in certification requests seems to work well with a particular implementation, but require manual input or is not possible between different implementations. And Jean-Marc was also quite correct, my example was wrong. It's the Issuer's Issuer DN and serial, I just put the Issuer's DN in my example. Shame on me. --Peter +---------------------------------------------------------------+ | Peter Hesse pmhesse@geminisecurity.com | | Phone: (703)934-2031 Gemini Security Solutions, Inc. | | ICQ: 1942828 www.geminisecurity.com | +---------------------------------------------------------------+ "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Santosh Chokhani Sent: Wednesday, October 22, 2003 2:01 PM To: ietf-pkix@imc.org Subject: RE: AKI and SKI problem with RFC 3280? Peter: Section 4.2.1.2 (Subject Key Identifier) of 3280 states and I quote: "The value of the subject key identifier MUST be the value placed in the key identifier field of the Authority Key Identifier extension (section 4.2.1.1) of certificates issued by the subject of this certificate." Read in context, the above is stated for CA certificates. Thus, in cross certified environment, 3280 compliant issuing CAs need to ensure that the SKI in 3280 compliant subject CA certificate is the value that the subject CA intends to use as AKI for certificates it issues. If the AKI and SKI (even for cross certified environments) do not chain, one or more of the CAs is not compliant with 3280. -----Original Message----- From: Peter Hesse [mailto:pmhesse@geminisecurity.com] Sent: Wednesday, October 22, 2003 12:59 PM To: 'Santosh Chokhani'; ietf-pkix@imc.org Subject: RE: AKI and SKI problem with RFC 3280? Santosh Chokhani wrote: > My e-mail needs to be read in the context of the producers. The CAs as > producers need to ensure that the AKI and SKI chain. If the CAs do not > do that, they are not compliant with 3280. > That means in order to comply with 3280 issuing CA needs to > honor the SKID requested by the subject CAs. I think we're in violent agreement. My main point was that although the producer needs to ensure that AKID and SKID chain, cross-PKI interoperability will cause cases in which the producer must choose between two (or more) equally valid AKIDs to place in a subject certificate. Either of them will chain successfully and the producer will be compliant; but as a result there will be valid paths where the AKID and SKID will not chain, through no fault of the producer. --Peter Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MJk3I7058671 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 12:46:03 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MJk3fU058670 for ietf-pkix-bks; Wed, 22 Oct 2003 12:46:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from sottmxssm.entrust.com (sottmxssm.entrust.com [216.191.252.10]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MJjwI7058660 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 12:46:01 -0700 (PDT) (envelope-from sharon.boeyen@entrust.com) Received: from sottguard01.entrust.com (sottguard01.entrust.com [10.4.61.249]) by sottmxssm.entrust.com (Switch-2.2.8/Switch-2.2.4) with SMTP id V9MJ2AGY0000133C for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 15:46:16 -0400 Received: (qmail 17276 invoked by uid 111); 22 Oct 2003 23:34:58 -0000 Received: from sharon.boeyen@entrust.com by sottguard01.entrust.com with AmikaGuardian-Server-2.1.0 (Processed in 3.532859 secs); 22 Oct 2003 23:34:58 -0000 Received: from unknown (HELO SOTTMXS01.entrust.com) (10.4.61.7) by sottguard01.entrust.com with SMTP; 22 Oct 2003 23:34:54 -0000 Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2656.59) id <VM0GX69Z>; Wed, 22 Oct 2003 15:45:47 -0400 Message-ID: <9A4F653B0A375841AC75A8D17712B9C9061AC63B@sottmxs04.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Peter Hesse'" <pmhesse@geminisecurity.com>, "'Santosh Chokhani'" <chokhani@orionsec.com>, ietf-pkix@imc.org Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 15:45:46 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2656.59) Content-Type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Now I'm getting confused??? To simplify the discussion.... Shouldn't a CA determine what its own key identifier is (and 3280 recommends ways to calulate it). One they have their own key id, this value should go into the AKI extension of all certificates issued by that CA and should go into the SKI extension of all certificates issued to that CA. When acting as the issuer, the CA knows the value and simply populates it. When acting as the subject, the CA should pass the value in the certificate request it sends to the issuing CA and that value should be used by the issuing CA to populate the SKI. If the value is not sent in the cert request, then the issuer CA needs to use other means to determine the correct value for that SKI. -----Original Message----- From: Peter Hesse [mailto:pmhesse@geminisecurity.com] Sent: Wednesday, October 22, 2003 12:59 PM To: 'Santosh Chokhani'; ietf-pkix@imc.org Subject: RE: AKI and SKI problem with RFC 3280? Santosh Chokhani wrote: > My e-mail needs to be read in the context of the producers. > The CAs as producers need to ensure that the AKI and SKI chain. > If the CAs do not do that, they are not compliant with 3280. > That means in order to comply with 3280 issuing CA needs to > honor the SKID requested by the subject CAs. I think we're in violent agreement. My main point was that although the producer needs to ensure that AKID and SKID chain, cross-PKI interoperability will cause cases in which the producer must choose between two (or more) equally valid AKIDs to place in a subject certificate. Either of them will chain successfully and the producer will be compliant; but as a result there will be valid paths where the AKID and SKID will not chain, through no fault of the producer. --Peter +---------------------------------------------------------------+ | Peter Hesse pmhesse@geminisecurity.com | | Phone: (703)934-2031 Gemini Security Solutions, Inc. | | ICQ: 1942828 www.geminisecurity.com | +---------------------------------------------------------------+ "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MI1cI7053828 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 11:01:38 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MI1caK053827 for ietf-pkix-bks; Wed, 22 Oct 2003 11:01:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mclean-vscan1.bah.com (mclean-vscan1.bah.com [156.80.3.61]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MI1bI7053822 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 11:01:37 -0700 (PDT) (envelope-from chokhani@orionsec.com) Received: from mclean-vscan1.bah.com (mclean-vscan1.bah.com [156.80.3.61]) by mclean-vscan1.bah.com (8.11.0/8.11.0) with SMTP id h9MI1Ve28502 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 14:01:32 -0400 (EDT) Received: from mclean-mail.usae.bah.com ([156.80.5.109]) by mclean-vscan1.bah.com (NAVGW 2.5.2.12) with SMTP id M2003102214013128548 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 14:01:31 -0400 Received: from wchokhani ([156.80.127.166]) by mclean-mail.usae.bah.com (Netscape Messaging Server 4.15) with ESMTP id HN67EJ00.TQS for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 14:01:31 -0400 From: "Santosh Chokhani" <chokhani@orionsec.com> To: <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 14:01:29 -0400 Message-ID: <004a01c398c6$854230c0$a67f509c@hq.orionsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: <00c901c398bd$d96176b0$6801a8c0@gemsec.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9MI1bI7053823 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: Section 4.2.1.2 (Subject Key Identifier) of 3280 states and I quote: "The value of the subject key identifier MUST be the value placed in the key identifier field of the Authority Key Identifier extension (section 4.2.1.1) of certificates issued by the subject of this certificate." Read in context, the above is stated for CA certificates. Thus, in cross certified environment, 3280 compliant issuing CAs need to ensure that the SKI in 3280 compliant subject CA certificate is the value that the subject CA intends to use as AKI for certificates it issues. If the AKI and SKI (even for cross certified environments) do not chain, one or more of the CAs is not compliant with 3280. -----Original Message----- From: Peter Hesse [mailto:pmhesse@geminisecurity.com] Sent: Wednesday, October 22, 2003 12:59 PM To: 'Santosh Chokhani'; ietf-pkix@imc.org Subject: RE: AKI and SKI problem with RFC 3280? Santosh Chokhani wrote: > My e-mail needs to be read in the context of the producers. > The CAs as producers need to ensure that the AKI and SKI chain. > If the CAs do not do that, they are not compliant with 3280. > That means in order to comply with 3280 issuing CA needs to > honor the SKID requested by the subject CAs. I think we're in violent agreement. My main point was that although the producer needs to ensure that AKID and SKID chain, cross-PKI interoperability will cause cases in which the producer must choose between two (or more) equally valid AKIDs to place in a subject certificate. Either of them will chain successfully and the producer will be compliant; but as a result there will be valid paths where the AKID and SKID will not chain, through no fault of the producer. --Peter Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MHAuI7051560 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 10:10:56 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MHAuKE051559 for ietf-pkix-bks; Wed, 22 Oct 2003 10:10:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-ft4.fr.colt.net (smtp-ft4.fr.colt.net [213.41.78.203]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MHAsI7051552 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 10:10:55 -0700 (PDT) (envelope-from jmdesp@free.fr) Received: from free.fr (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft4.fr.colt.net with ESMTP id h9MHAsH17810 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 19:10:54 +0200 Message-ID: <3F96BA46.5030409@free.fr> Date: Wed, 22 Oct 2003 19:11:34 +0200 From: Jean-Marc Desperrier <jmdesp@free.fr> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a) Gecko/20031004 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <003501c398a1$d0c0d1c0$6801a8c0@gemsec.com> In-Reply-To: <003501c398a1$d0c0d1c0$6801a8c0@gemsec.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter Hesse wrote: >+------------------+ +--------------------+ >| Allied Pilots | | Boeing Root | >| Association Root | | | >| | | SKID: Q | >| SKID: A | | | >+------------------+ +--------------------+ > \ / > \ / > V V > ================================================= > | +-------------------+ +-------------------+ | > | | American Airlines | | American Airlines | | > | | | | | | > | | SN: 12345 | | SN: 87654 | | > | | SKID: Z | | SKID: Z | | > | | AKID: A | | AKID: Q | | > | +-------------------+ +-------------------+ | > ================================================= > | > | > V > +-------------------+ > | Joe Pilot | > | | > | SKID: W | > | AKID: "American | > | Airlines, | > | 12345" | > +-------------------+ > > This AKID is wrong. It should be "Allied Pilots Association Root, 12345". This type of AKID is a issuer name/serial pair, this means pointing amongst the certificate emitted by ca IssuerName to the one that has the serial SN. American Airlines certificate is the certificate SN:12345 amongst those issued by "Allied Pilots Association Root" You certainly know about this, but this particular misinterpretation of AKID tends to be a recurrent problem, so I feel better not to leave it uncorrected. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MH8uI7051468 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 10:08:56 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MH8uMh051467 for ietf-pkix-bks; Wed, 22 Oct 2003 10:08:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-ft6.fr.colt.net (smtp-ft6.fr.colt.net [213.41.78.205]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MH8sI7051460 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 10:08:55 -0700 (PDT) (envelope-from jmdesp@free.fr) Received: from free.fr (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft6.fr.colt.net with ESMTP id h9MH8r426018 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 19:08:54 +0200 Message-ID: <3F96B9CD.5060709@free.fr> Date: Wed, 22 Oct 2003 19:09:33 +0200 From: Jean-Marc Desperrier <jmdesp@free.fr> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a) Gecko/20031004 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <003501c398a1$d0c0d1c0$6801a8c0@gemsec.com> In-Reply-To: <003501c398a1$d0c0d1c0$6801a8c0@gemsec.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter Hesse wrote: >Currently, there is no commonly accepted way to for a >cross-certifying CA to accept the desired SKID in a request for >cross-certification. > Why ? Do cross-certifying CA discards all extensions inside the request so that it's not possible to specify the SKID by including it as an extension inside the request ? But even when they do, then you need to specify all extensions to include by hand, so you could insert the correct SKID transported out of band, with the other info needed for that CA, wouldn't you ? It would be interesting if I'm proven wrong, but it's seems to me cross-certifying doesn't happen everyday, and always involves some manual operations, so is there really a good reason why you can not do this customisation of the parameters ? I just found a document from the pkiforum that endorses this method : http://www.pkiforum.org/pdfs/AKID_SKID1-af3.pdf It also reports that both U.S. Federal Bridge CA and CESG interoperability initiatives reported mismatches preventing proper certification path construction. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MH0YI7051041 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 10:00:34 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MH0YbD051040 for ietf-pkix-bks; Wed, 22 Oct 2003 10:00:34 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from osf1.gmu.edu (osf1.gmu.edu [129.174.1.13]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MH0WI7051033 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 10:00:32 -0700 (PDT) (envelope-from pmhesse@geminisecurity.com) Received: from phessel ([129.174.244.115]) by osf1.gmu.edu (8.8.8/8.8.8) with ESMTP id NAA403008; Wed, 22 Oct 2003 13:00:32 -0400 (EDT) From: "Peter Hesse" <pmhesse@geminisecurity.com> To: "'Santosh Chokhani'" <chokhani@orionsec.com>, <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 12:59:24 -0400 Organization: Gemini Security Solutions, Inc. Message-ID: <00c901c398bd$d96176b0$6801a8c0@gemsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <003901c398ad$74568fe0$a67f509c@hq.orionsec.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Santosh Chokhani wrote: > My e-mail needs to be read in the context of the producers. > The CAs as producers need to ensure that the AKI and SKI chain. > If the CAs do not do that, they are not compliant with 3280. > That means in order to comply with 3280 issuing CA needs to > honor the SKID requested by the subject CAs. I think we're in violent agreement. My main point was that although the producer needs to ensure that AKID and SKID chain, cross-PKI interoperability will cause cases in which the producer must choose between two (or more) equally valid AKIDs to place in a subject certificate. Either of them will chain successfully and the producer will be compliant; but as a result there will be valid paths where the AKID and SKID will not chain, through no fault of the producer. --Peter +---------------------------------------------------------------+ | Peter Hesse pmhesse@geminisecurity.com | | Phone: (703)934-2031 Gemini Security Solutions, Inc. | | ICQ: 1942828 www.geminisecurity.com | +---------------------------------------------------------------+ "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MGxtI7051011 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 09:59:55 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MGxtQr051010 for ietf-pkix-bks; Wed, 22 Oct 2003 09:59:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from heron.verisign.com (heron.verisign.com [216.168.237.102]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MGxsI7051005 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 09:59:54 -0700 (PDT) (envelope-from maisenberg@verisign.com) Received: from VSVAPOSTALGW1.prod.netsol.com (vsvapostalgw1.prod.netsol.com [10.170.12.38]) by heron.verisign.com (8.12.10/8.12.10) with ESMTP id h9MGxsSf029119; Wed, 22 Oct 2003 12:59:55 -0400 (EDT) Received: by vsvapostalgw1.prod.netsol.com with Internet Mail Service (5.5.2653.19) id <VJP1NRQS>; Wed, 22 Oct 2003 12:59:54 -0400 Message-ID: <6953F9859AF8BF45B04729A422640325095C2F3D@vsvapostal1.prod.netsol.com> From: "Aisenberg, Michael" <maisenberg@verisign.com> To: "'Anders Rundgren'" <anders.rundgren@telia.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: The value of qualified certificates Date: Wed, 22 Oct 2003 12:59:53 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> As with any other corporate finance discussion, "valuation" is very subjective and context- and purpose-driven. Having said that, one credible indicator of valuation is the limit of any indemnification provided by the certificate issuer. -----Original Message----- From: Anders Rundgren Sent: Wed Oct 22 08:46:20 2003 To: ietf-pkix@imc.org Subject: The value of qualified certificates I'm wondering what the value of qualified certificates is, when e-governments in country after country, buy certificates from commercial CAs where each CA (or CA network) requires a business contract with each RP. As these contracts regulate liabilities etc. it seems that the legal implications of qualified certificates become limited or are eliminated. What's left seems to only be a certificate profile. I.e. a "format". Among many such. Just my 2 (EU) cents Anders R Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MGkfI7050304 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 09:46:41 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MGkfkH050303 for ietf-pkix-bks; Wed, 22 Oct 2003 09:46:41 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MGkdI7050298 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 09:46:39 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h9MGk7H96063; Wed, 22 Oct 2003 09:46:07 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: "Tom Gindin" <tgindin@us.ibm.com> Cc: "David Engberg" <dave@corestreet.com>, <ietf-pkix@imc.org> Subject: RE: DISCUSSION: Nonce-specific error code for OCSP Date: Wed, 22 Oct 2003 09:49:04 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDMEGLDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <OFB2CA65F3.8B7A969A-ON85256DC7.0058732C-85256DC7.0059A5C2@us.ibm.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom, Your proposal certainly provides an opportunity for compromise. But I think we first need to see what emerges from Minneapolis. Mike > -----Original Message----- > From: Tom Gindin [mailto:tgindin@us.ibm.com] > Sent: Wednesday, October 22, 2003 9:19 AM > To: Michael Myers > Cc: David Engberg; ietf-pkix@imc.org > Subject: RE: DISCUSSION: Nonce-specific error code for OCSP > > > Michael: > > Does your skepticism about the usefulness of > unilateral > server-side extensions mean that we should permit a > variant of nonce in > which the client specifies how strongly he needs a > nonce? Since the > current syntax of nonce is not officially published, > I posted a possible > extension several weeks ago. The options were > original (with unclear > semantics in this respect), nonce required in > response, and nonce optional > in response. > For a server to actually prevent > misunderstandings of whether or > not he supports nonces by using a unilateral > server-side extension, you'd > need a server-side extension called "nonceSupported" > with boolean syntax, > which would have to be placed in EVERY response > whether nonces are present > in the request or not. The "nonceUnsupported" > extension strikes me as > less useful than that. > > Tom Gindin > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MGJhI7049424 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 09:19:43 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MGJhUM049423 for ietf-pkix-bks; Wed, 22 Oct 2003 09:19:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from e3.ny.us.ibm.com (e3.ny.us.ibm.com [32.97.182.103]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MGJfI7049417 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 09:19:41 -0700 (PDT) (envelope-from tgindin@us.ibm.com) Received: from northrelay04.pok.ibm.com (northrelay04.pok.ibm.com [9.56.224.206]) by e3.ny.us.ibm.com (8.12.10/8.12.2) with ESMTP id h9MGJQXn451594; Wed, 22 Oct 2003 12:19:26 -0400 Received: from d01ml062.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by northrelay04.pok.ibm.com (8.12.9/NCO/VER6.6) with ESMTP id h9MGJMZK061474; Wed, 22 Oct 2003 12:19:23 -0400 To: "Michael Myers" <mmyers@fastq.com> Cc: "David Engberg" <dave@corestreet.com>, ietf-pkix@imc.org MIME-Version: 1.0 Subject: RE: DISCUSSION: Nonce-specific error code for OCSP X-Mailer: Lotus Notes Release 5.0.11 July 24, 2002 From: Tom Gindin <tgindin@us.ibm.com> Message-ID: <OFB2CA65F3.8B7A969A-ON85256DC7.0058732C-85256DC7.0059A5C2@us.ibm.com> Date: Wed, 22 Oct 2003 12:19:20 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 6.0.2CF2 V602CF2_HF2+ JCHN5R2GH7 JCHN5N2GS6 SSPW5RFPX6 JBUD5N6S4G |September 18, 2003) at 10/22/2003 12:19:25, Serialize complete at 10/22/2003 12:19:25 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael: Does your skepticism about the usefulness of unilateral server-side extensions mean that we should permit a variant of nonce in which the client specifies how strongly he needs a nonce? Since the current syntax of nonce is not officially published, I posted a possible extension several weeks ago. The options were original (with unclear semantics in this respect), nonce required in response, and nonce optional in response. For a server to actually prevent misunderstandings of whether or not he supports nonces by using a unilateral server-side extension, you'd need a server-side extension called "nonceSupported" with boolean syntax, which would have to be placed in EVERY response whether nonces are present in the request or not. The "nonceUnsupported" extension strikes me as less useful than that. Tom Gindin "Michael Myers" <mmyers@fastq.com> Sent by: owner-ietf-pkix@mail.imc.org 10/18/2003 09:14 PM To: "David Engberg" <dave@corestreet.com> cc: <ietf-pkix@imc.org> Subject: RE: DISCUSSION: Nonce-specific error code for OCSP Dave, A few thoughts embedded below. Mike > -----Original Message----- > From: David Engberg > > . . . > > An existing client can't tell the difference between a > server that doesn't support nonces and a replay > attack by an attacker who made a nonceless request. > An explicit "nonceUnsupported" extension in the signed > body of the response allows a client to securely tell the > difference between these cases. The requirement is to bind a request to its associated response and thus enable relying parties to mitigate replay risks. I remain curious to an understanding of how unilateral server-side response extensions achieve this effect. > OCSP and other PKIX standards currently allow some > policy decisions to be made by the infrastructure > authorities (CAs, responders) and others by the > relying parties. For example, the pkix-nocheck > extension allows the infrastructure to tell clients > that they should accept a delegated responder cert > without performing validation. This extension was > approved, even though someone could have made an > argument that "only clients should be allowed to > set responder validation policies." In the instance of explicit delegation from a certification authority, there then exists a business entity which places itself in a position of risk against damage claims. Are you suggesting that an OCSP responder's unilateral inclusion of a technical artifact is an assertion of willingness to absorb such risks? Bear in mind that the relying party problem is notoriously difficult. It only appears in the heterogeneous context we are now debating; else contracts suffice. If you are unfamiliar with the issue, you may wish to consult with our legal peers in the American Bar Association's Information Security Committee. > Something like "nonceUnsupported" would fall in the > same category ... the infrastructure is telling > interested clients about the security characteristics > of that PK infrastructure and suggesting a security > policy based on that information. Infrastructure should serve the needs of its participants rather than the other way around. Mike (602) 739-7744 Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MF2mI7045445 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 08:02:48 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MF2lN7045444 for ietf-pkix-bks; Wed, 22 Oct 2003 08:02:47 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mclean-vscan2.bah.com (mclean-vscan2.bah.com [156.80.3.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MF2kI7045439 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 08:02:47 -0700 (PDT) (envelope-from chokhani@orionsec.com) Received: from mclean-vscan2.bah.com (mclean-vscan2.bah.com [156.80.3.62]) by mclean-vscan2.bah.com (8.11.0/8.11.0) with SMTP id h9MF2I316447 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 11:02:18 -0400 (EDT) Received: from mclean-mail.usae.bah.com ([156.80.5.109]) by mclean-vscan2.bah.com (NAVGW 2.5.2.12) with SMTP id M2003102211020506288 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 11:02:05 -0400 Received: from wchokhani ([156.80.127.166]) by mclean-mail.usae.bah.com (Netscape Messaging Server 4.15) with ESMTP id HN5Z3H00.PER for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 11:02:05 -0400 From: "Santosh Chokhani" <chokhani@orionsec.com> To: <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 11:02:04 -0400 Message-ID: <003901c398ad$74568fe0$a67f509c@hq.orionsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <003501c398a1$d0c0d1c0$6801a8c0@gemsec.com> Importance: Normal Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9MF2lI7045440 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: My e-mail needs to be read in the context of the producers. The CAs as producers need to ensure that the AKI and SKI chain. If the CAs do not do that, they are not compliant with 3280. That means in order to comply with 3280 issuing CA needs to honor the SKID requested by the subject CAs. The consumers, i.e., the relying parties should not enforce the AKI and SKI chaining. They can use the match as the prioritization during path construction. Forcing CAs to enforce the AKI and SKI match and not requiring the relying parties to enforce it (but simply use as a prioritization) offers us the best of both worlds in terms of enhancing interoperability. As for algorithm for constructing the values, 3280 should and does provides these as recommendations as opposed to SHALL or MUST. -----Original Message----- From: Peter Hesse [mailto:pmhesse@geminisecurity.com] Sent: Wednesday, October 22, 2003 9:39 AM To: 'Santosh Chokhani'; ietf-pkix@imc.org Subject: RE: AKI and SKI problem with RFC 3280? Santosh, > Based on a review of Sections 4.2.1.2 and 4.2.1.1 of > 3280, I draw the following conclusion: A 3280 compliant > CA MUST ensure that AKI and SKI chain properly. This > is sufficient for path construction. Thus, I do not > see a particular need to change 3280 in this area. I read this differently. I agree that for a given CA, that CA must make sure that for certificates it issues, the AKID and SKID must match. However, when you add the "IssuerDN/Serial" tuple version of AKID, that can no longer be true. When you start interoperating across domains, there are times at which AKID and SKID will not match, but yet it should lead to a valid path. Consider the following example: +------------------+ +--------------------+ | Allied Pilots | | Boeing Root | | Association Root | | | | | | SKID: Q | | SKID: A | | | +------------------+ +--------------------+ \ / \ / V V ================================================= | +-------------------+ +-------------------+ | | | American Airlines | | American Airlines | | | | | | | | | | SN: 12345 | | SN: 87654 | | | | SKID: Z | | SKID: Z | | | | AKID: A | | AKID: Q | | | +-------------------+ +-------------------+ | ================================================= | | V +-------------------+ | Joe Pilot | | | | SKID: W | | AKID: "American | | Airlines, | | 12345" | +-------------------+ In our example, we have the "American Airlines" entity which has two certificates, one issued by the Allied Pilots Association (AA's union) and the other by Boeing (one of their manufacturers). These two certificates have the same public key and subject public key identifier, but different serial numbers. "American Airlines" issues a certificate to "Joe Pilot". Although Joe Pilot's AKID points to the AA Root certificate issued by the Allied Pilots Association, there is no reason why a path to the Boeing Root should not be found equally acceptable. The other thing at play was what Steve Hanna mentioned in an earlier message. Currently, there is no commonly accepted way to for a cross-certifying CA to accept the desired SKID in a request for cross-certification. Therefore, many CAs calculate their own SKID. In fact, look at this part of section 4.2.1.2 of RFC3280: For CA certificates, subject key identifiers SHOULD be derived from the public key or a method that generates unique values. Here, 3280 is saying you should derive the SKID from the public key, it says nothing about making use of any existing key identifier that the CA is putting as the AKID in certificates it issues. But wait! If you read down a little further, you get: Where a key identifier has not been previously established, this specification RECOMMENDS use of one of these methods for generating keyIdentifiers. Where a key identifier has been previously established, the CA SHOULD use the previously established identifier. I see shoulds and recommends here, and not MUSTs. Prior experience has shown me that two CAs configured in different ways (or running different software) may both derive the SKID from the public key in two different fashions, and you can end up with the following: +------------------+ +--------------------+ | Allied Pilots | | Boeing Root | | Association Root | | | | | | SKID: Q | | SKID: A | | | +------------------+ +--------------------+ \ / \ / V V ================================================= | +-------------------+ +-------------------+ | | | American Airlines | | American Airlines | | | | | | | | | | SN: 12345 | | SN: 87654 | | | | SKID: Z | | SKID: F | | | | AKID: A | | AKID: Q | | | +-------------------+ +-------------------+ | ================================================= | | V +-------------------+ | Joe Pilot | | | | SKID: W | | AKID: Z | +-------------------+ Although the public key has remained the same, American Airlines now has two certificates with two different SKIDs but the same public key. Again, there is no reason why a path from Joe Pilot to the Boeing Root should not be valid. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MDkVI7041412 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 06:46:31 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MDkVPs041411 for ietf-pkix-bks; Wed, 22 Oct 2003 06:46:31 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from osf1.gmu.edu (osf1.gmu.edu [129.174.1.13]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MDkTI7041406 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 06:46:29 -0700 (PDT) (envelope-from pmhesse@geminisecurity.com) Received: from phessel ([129.174.244.115]) by osf1.gmu.edu (8.8.8/8.8.8) with ESMTP id JAA331775; Wed, 22 Oct 2003 09:46:29 -0400 (EDT) From: "Peter Hesse" <pmhesse@geminisecurity.com> To: "=?iso-8859-1?Q?'Michael_Str=F6der'?=" <michael@stroeder.com>, <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 09:45:22 -0400 Organization: Gemini Security Solutions, Inc. Message-ID: <003601c398a2$bd625d50$6801a8c0@gemsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <3F963CB8.7030508@stroeder.com> Importance: Normal Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9MDkUI7041407 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael Ströder wrote: > Steve Hanna wrote: > > A decent MUA would understand that there may be more > > than one cert with the same SKI. AKI/SKI is just a > > hint. > > [..] > > Note also that AKI/SKI chaining SHOULD NOT be checked > > during path validation. To be more explicit, it's > > NOT true that the SKI of a CA certificate must match > > the AKI of a certificate signed by that CA. > > Reading this discussion I ask myself: > Is there any good reason to set AKI/SKI at all? > Is it worth for anything? > Or is it just YAPEB [1]? Michael, When a path-building implementation is building a path, and it comes upon one subject with multiple certificates and is trying to determine which one to use, AKID and SKID are useful, because if they match properly, there is a high degree of confidence that the certificate(s) with matching AKID/SKIDs is/are the correct certificate(s) to choose. However, just because they do not match does not mean that there is no "there" there. The degree of confidence that it will lead to a valid path is lessened somewhat, but there is still a chance that the path in that direction will be valid. --Peter +---------------------------------------------------------------+ | Peter Hesse pmhesse@geminisecurity.com | | Phone: (703)934-2031 Gemini Security Solutions, Inc. | | ICQ: 1942828 www.geminisecurity.com | +---------------------------------------------------------------+ "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MDe7I7041091 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 06:40:07 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MDe7dE041090 for ietf-pkix-bks; Wed, 22 Oct 2003 06:40:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from osf1.gmu.edu (osf1.gmu.edu [129.174.1.13]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MDe5I7041084 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 06:40:06 -0700 (PDT) (envelope-from pmhesse@geminisecurity.com) Received: from phessel ([129.174.244.115]) by osf1.gmu.edu (8.8.8/8.8.8) with ESMTP id JAA280568; Wed, 22 Oct 2003 09:39:52 -0400 (EDT) From: "Peter Hesse" <pmhesse@geminisecurity.com> To: "'Santosh Chokhani'" <chokhani@orionsec.com>, <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 09:38:44 -0400 Organization: Gemini Security Solutions, Inc. Message-ID: <003501c398a1$d0c0d1c0$6801a8c0@gemsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <005401c39818$b9d6e050$9e00a8c0@hq.orionsec.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Santosh, > Based on a review of Sections 4.2.1.2 and 4.2.1.1 of > 3280, I draw the following conclusion: A 3280 compliant > CA MUST ensure that AKI and SKI chain properly. This > is sufficient for path construction. Thus, I do not > see a particular need to change 3280 in this area. I read this differently. I agree that for a given CA, that CA must make sure that for certificates it issues, the AKID and SKID must match. However, when you add the "IssuerDN/Serial" tuple version of AKID, that can no longer be true. When you start interoperating across domains, there are times at which AKID and SKID will not match, but yet it should lead to a valid path. Consider the following example: +------------------+ +--------------------+ | Allied Pilots | | Boeing Root | | Association Root | | | | | | SKID: Q | | SKID: A | | | +------------------+ +--------------------+ \ / \ / V V ================================================= | +-------------------+ +-------------------+ | | | American Airlines | | American Airlines | | | | | | | | | | SN: 12345 | | SN: 87654 | | | | SKID: Z | | SKID: Z | | | | AKID: A | | AKID: Q | | | +-------------------+ +-------------------+ | ================================================= | | V +-------------------+ | Joe Pilot | | | | SKID: W | | AKID: "American | | Airlines, | | 12345" | +-------------------+ In our example, we have the "American Airlines" entity which has two certificates, one issued by the Allied Pilots Association (AA's union) and the other by Boeing (one of their manufacturers). These two certificates have the same public key and subject public key identifier, but different serial numbers. "American Airlines" issues a certificate to "Joe Pilot". Although Joe Pilot's AKID points to the AA Root certificate issued by the Allied Pilots Association, there is no reason why a path to the Boeing Root should not be found equally acceptable. The other thing at play was what Steve Hanna mentioned in an earlier message. Currently, there is no commonly accepted way to for a cross-certifying CA to accept the desired SKID in a request for cross-certification. Therefore, many CAs calculate their own SKID. In fact, look at this part of section 4.2.1.2 of RFC3280: For CA certificates, subject key identifiers SHOULD be derived from the public key or a method that generates unique values. Here, 3280 is saying you should derive the SKID from the public key, it says nothing about making use of any existing key identifier that the CA is putting as the AKID in certificates it issues. But wait! If you read down a little further, you get: Where a key identifier has not been previously established, this specification RECOMMENDS use of one of these methods for generating keyIdentifiers. Where a key identifier has been previously established, the CA SHOULD use the previously established identifier. I see shoulds and recommends here, and not MUSTs. Prior experience has shown me that two CAs configured in different ways (or running different software) may both derive the SKID from the public key in two different fashions, and you can end up with the following: +------------------+ +--------------------+ | Allied Pilots | | Boeing Root | | Association Root | | | | | | SKID: Q | | SKID: A | | | +------------------+ +--------------------+ \ / \ / V V ================================================= | +-------------------+ +-------------------+ | | | American Airlines | | American Airlines | | | | | | | | | | SN: 12345 | | SN: 87654 | | | | SKID: Z | | SKID: F | | | | AKID: A | | AKID: Q | | | +-------------------+ +-------------------+ | ================================================= | | V +-------------------+ | Joe Pilot | | | | SKID: W | | AKID: Z | +-------------------+ Although the public key has remained the same, American Airlines now has two certificates with two different SKIDs but the same public key. Again, there is no reason why a path from Joe Pilot to the Boeing Root should not be valid. --Peter +---------------------------------------------------------------+ | Peter Hesse pmhesse@geminisecurity.com | | Phone: (703)934-2031 Gemini Security Solutions, Inc. | | ICQ: 1942828 www.geminisecurity.com | +---------------------------------------------------------------+ "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MDQdI7040567 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 06:26:39 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MDQdnq040566 for ietf-pkix-bks; Wed, 22 Oct 2003 06:26:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MDQcI7040561 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 06:26:38 -0700 (PDT) (envelope-from kent@bbn.com) Received: from [128.89.89.75] (dhcp89-089-075.bbn.com [128.89.89.75]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id h9MDQVTX028554; Wed, 22 Oct 2003 09:26:31 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po2.bbn.com Message-Id: <p06002007bbbc3474b916@[128.89.89.75]> In-Reply-To: <200310220726.h9M7QH013754@cs.auckland.ac.nz> References: <200310220726.h9M7QH013754@cs.auckland.ac.nz> Date: Wed, 22 Oct 2003 09:21:25 -0400 To: pgut001@cs.auckland.ac.nz (Peter Gutmann) From: Stephen Kent <kent@bbn.com> Subject: RE: AKI and SKI problem with RFC 3280? Cc: aarsenau@bbn.com, ietf-pkix@imc.org, pgut001@cs.auckland.ac.nz, stefans@microsoft.com, housley@vigilsec.com Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 20:26 +1300 10/22/03, Peter Gutmann wrote: >"Al Arsenault" <aarsenau@bbn.com> writes: > >>Okay, it's only a SHOULD, not a MUST, but the scenario you reference below >>only comes in to play if I signed the CMS message using my CA cert, not my >>end-entity cert. >> >>Got an example where this is relevant if the sKID's of two different CA certs >>are the same? > >My CMS example from earlier used with SCEP. > >In any case something like this should never be allowed to happen as a matter >of basic protocol design. Creating a "unique" key ID and then specifically >telling people they can use non-unique IDs is just asking for trouble. > >Peter. Peter, SCEP is not an IETF standard, and it sounds as if it's use of these extensions is not consistent with the guidance provided in 2459, and now in 3280. Whose fault is that? Steve Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MDO9I7040291 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 06:24:11 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MDO1rB040278 for ietf-pkix-bks; Wed, 22 Oct 2003 06:24:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail-dub.microsoft.com (mail-dub.microsoft.com [213.199.128.160]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MDNhI7040079 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 06:23:44 -0700 (PDT) (envelope-from stefans@microsoft.com) Received: from dub-imc-01.europe.corp.microsoft.com ([65.53.196.35]) by mail-dub.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 22 Oct 2003 14:20:22 +0100 Received: from 65.53.196.35 by dub-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 22 Oct 2003 14:19:35 +0100 Received: from mail-lul.microsoft.com ([65.53.188.37]) by dub-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 22 Oct 2003 14:15:11 +0100 Received: from lul-imc-01.europe.corp.microsoft.com ([65.53.188.37]) by mail-lul.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 22 Oct 2003 15:13:12 +0200 Received: from 65.53.188.37 by lul-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 22 Oct 2003 14:25:48 +0200 Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by lul-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 22 Oct 2003 12:10:07 +0200 x-mimeole: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 11:09:02 +0100 Message-ID: <0C3042E92D8A714783E2C44AB9936E1D6FE970@EUR-MSG-03.europe.corp.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: AKI and SKI problem with RFC 3280? Thread-Index: AcOYeaWbTIQQjbRFSaWQfl9Q+kOxmQACiVeg From: "Stefan Santesson" <stefans@microsoft.com> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <aarsenau@bbn.com>, <ietf-pkix@imc.org> Cc: <housley@vigilsec.com> X-OriginalArrivalTime: 22 Oct 2003 10:10:07.0735 (UTC) FILETIME=[AB86D070:01C39884] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9MDNiI7040146 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I agree with Peter, I think this is asking for trouble. That is my whole point. /Stefan > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > On Behalf Of Peter Gutmann > Sent: den 22 oktober 2003 09:26 > To: aarsenau@bbn.com; ietf-pkix@imc.org; pgut001@cs.auckland.ac.nz; Stefan > Santesson > Cc: housley@vigilsec.com > Subject: RE: AKI and SKI problem with RFC 3280? > > > "Al Arsenault" <aarsenau@bbn.com> writes: > > >Okay, it's only a SHOULD, not a MUST, but the scenario you reference > below > >only comes in to play if I signed the CMS message using my CA cert, not > my > >end-entity cert. > > > >Got an example where this is relevant if the sKID's of two different CA > certs > >are the same? > > My CMS example from earlier used with SCEP. > > In any case something like this should never be allowed to happen as a > matter > of basic protocol design. Creating a "unique" key ID and then > specifically > telling people they can use non-unique IDs is just asking for trouble. > > Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MCv0I7039193 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 05:57:00 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MCv0HQ039192 for ietf-pkix-bks; Wed, 22 Oct 2003 05:57:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MCuwI7039184 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 05:56:58 -0700 (PDT) (envelope-from kent@bbn.com) Received: from [128.89.89.75] (dhcp89-089-075.bbn.com [128.89.89.75]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id h9MCurTX027097; Wed, 22 Oct 2003 08:56:54 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po2.bbn.com Message-Id: <p06002003bbbc2da11fc1@[128.89.89.75]> In-Reply-To: <3F963CB8.7030508@stroeder.com> References: <200310211309.h9LD9YR08254@cs.auckland.ac.nz> <3F9540EB.E725568D@sun.com> <3F963CB8.7030508@stroeder.com> Date: Wed, 22 Oct 2003 08:53:38 -0400 To: Michael =?iso-8859-1?Q?Str=F6der?= <michael@stroeder.com> From: Stephen Kent <kent@bbn.com> Subject: Re: AKI and SKI problem with RFC 3280? Cc: ietf-pkix@imc.org Content-Type: text/plain; charset="iso-8859-1" ; format="flowed" X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9MCuxI7039188 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 10:15 +0200 10/22/03, Michael Ströder wrote: >Steve Hanna wrote: >>A decent MUA would understand that there may be more >>than one cert with the same SKI. AKI/SKI is just a >>hint. > > [..] >>Note also that AKI/SKI chaining SHOULD NOT be checked >>during path validation. To be more explicit, it's >>NOT true that the SKI of a CA certificate must match >>the AKI of a certificate signed by that CA. > >Reading this discussion I ask myself: >Is there any good reason to set AKI/SKI at all? >Is it worth for anything? >Or is it just YAPEB [1]? > >Ciao, Michael. > >[1] yet another PKIX extension bloat Michael, If you read 3280 and 2459, you'll note that the primary use of these extensions is to allow one to perform more efficient path discovery, by helping select the right cert when more than one (CA) cert matches based on Subject/Issuer relationship. Most of the complaints I hear are a result form trying to misuse the AKI/SKI as a search key. It's inappropriate to complain about how poorly your screwdriver works as a cold chisel. Steve Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MCVAI7038442 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 05:31:10 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MCVAUE038441 for ietf-pkix-bks; Wed, 22 Oct 2003 05:31:10 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from rom.antech.de (dns.antech.de [194.45.12.2]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MCV8I7038435 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 05:31:08 -0700 (PDT) (envelope-from kelm@secorvo.de) Received: from serbius (kasiski.secorvo.de [194.45.12.203]) by rom.antech.de (8.9.3/8.9.3) with ESMTP id OAA22898; Wed, 22 Oct 2003 14:29:22 +0200 From: "Stefan Kelm" <kelm@secorvo.de> Organization: Secorvo Security Consulting GmbH To: "Anders Rundgren" <anders.rundgren@telia.com>, <ietf-pkix@imc.org> Date: Wed, 22 Oct 2003 14:30:16 +0200 MIME-Version: 1.0 Subject: Re: The value of qualified certificates Reply-to: kelm@secorvo.de Message-ID: <3F969478.27945.FF189B@localhost> In-reply-to: <016d01c39887$03486970$0500a8c0@arport> X-mailer: Pegasus Mail for Windows (v4.11) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Anders, > I'm wondering what the value of qualified certificates is, > when e-governments in country after country, buy certificates > from commercial CAs where each CA (or CA network) requires > a business contract with each RP. As these contracts regulate > liabilities etc. it seems that the legal implications of qualified > certificates become limited or are eliminated. What's left seems > to only be a certificate profile. I.e. a "format". Among many such. Good point. In this regard you might want to have a look at a report titled "The Legal and Market Aspects of Electronic Signatures" which has been published by the European Commission only yesterday: http://europa.eu.int/information_society/eeurope/2005/index_en.htm Cheers, Stefan. -------------------------------------------------------- http://www.Anti-Spam-Symposium.de 18.-19. November 2003 -------------------------------------------------------- Dipl.-Inform. Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Albert-Nestler-Strasse 9, D-76131 Karlsruhe Tel. +49 721 6105-461, Fax +49 721 6105-455 E-Mail kelm@secorvo.de, http://www.secorvo.de/ ------------------------------------------------------- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MCBmI7037901 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 05:11:48 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MCBm0j037899 for ietf-pkix-bks; Wed, 22 Oct 2003 05:11:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MCBlI7037889 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 05:11:47 -0700 (PDT) (envelope-from aarsenau@bbn.com) Received: from arsenaultd2 (col-dhcp33-244-172.bbn.com [128.33.244.172]) by aragorn.bbn.com (8.12.7/8.12.7) with SMTP id h9MCBSTW025234; Wed, 22 Oct 2003 08:11:29 -0400 (EDT) From: "Al Arsenault" <aarsenau@bbn.com> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <ietf-pkix@imc.org>, <stefans@microsoft.com> Cc: <housley@vigilsec.com> Subject: RE: AKI and SKI problem with RFC 3280? Date: Wed, 22 Oct 2003 08:08:29 -0400 Message-ID: <GBEOIAAPLLBIMLPDGHDHMEBACFAA.aarsenau@bbn.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <200310220726.h9M7QH013754@cs.auckland.ac.nz> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Okay, now I'm *truly* confused. -----Original Message----- From: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz] Sent: Wednesday, October 22, 2003 3:26 AM To: aarsenau@bbn.com; ietf-pkix@imc.org; pgut001@cs.auckland.ac.nz; stefans@microsoft.com Cc: housley@vigilsec.com Subject: RE: AKI and SKI problem with RFC 3280? "Al Arsenault" <aarsenau@bbn.com> writes: >Okay, it's only a SHOULD, not a MUST, but the scenario you reference below >only comes in to play if I signed the CMS message using my CA cert, not my >end-entity cert. > >Got an example where this is relevant if the sKID's of two different CA certs >are the same? My CMS example from earlier used with SCEP. awa:> Um, the current spec for SCEP appears to be http://www.ietf.org/internet-drafts/draft-nourse-scep-08.txt awa:> From that, it appears that: awa:> (a) SCEP doesn't use CMS, it uses PKCS #7 awa:> (b) SCEP doesn't support the use of sKID or aKID as an identifier in the signerInfo, it's restricted to issuerAndSerialNumber (which, oh-by-the-way, is not guaranteed to be unique in the real world, since I can set up a CA of my own reusing an issuer name that's already out there :-) awa:> (c) this is only relevant when the certificate requester is creating a self-signed "CA" cert for the purpose of establishing the connection with the CA, anyway. awa:> So, your assertion is that a bastardized hybrid of a widely-used but non-standard protocol (SCEP) with an updated wrapping mechanism (CMS) will cause problems for some types of signature validation software, and this is a reason why one option permitted by PKIX is a fundamental flaw? In any case something like this should never be allowed to happen as a matter of basic protocol design. Creating a "unique" key ID and then specifically telling people they can use non-unique IDs is just asking for trouble. awa:> I don't have any great love for the "monotonically increasing integer sequence" mechanism myself, particularly since we've had a number of discussions about what "monotonically increasing" means (different sources have different definitions; some definitions allow the repitition of numbers as pointed out by Peter Sylvester). All PKIs in which I've ever been involved have either used the "low-order 60 bits of a SHA-1 hash" or the "full SHA-1 hash". The bottom line, though, is that I think anybody who builds cert validation software for a large, complex system with multiple CA's, multiple extensions, etc., and who believes that "if the sKID matches, I am guaranteed to have found the right certificate" is being somewhat simple in his software design. Al Arsenault Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MATaI7034421 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 03:29:36 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9MATaDJ034420 for ietf-pkix-bks; Wed, 22 Oct 2003 03:29:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp2.fre.skanova.net (smtp2.fre.skanova.net [195.67.227.95]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9MATYI7034414 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 03:29:35 -0700 (PDT) (envelope-from anders.rundgren@telia.com) Received: from arport (t10o913p16.telia.com [213.64.27.136]) by smtp2.fre.skanova.net (8.12.10/8.12.10) with SMTP id h9MATW3M022366 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 12:29:33 +0200 (CEST) Message-ID: <016d01c39887$03486970$0500a8c0@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: <ietf-pkix@imc.org> Subject: The value of qualified certificates Date: Wed, 22 Oct 2003 12:26:50 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I'm wondering what the value of qualified certificates is, when e-governments in country after country, buy certificates from commercial CAs where each CA (or CA network) requires a business contract with each RP. As these contracts regulate liabilities etc. it seems that the legal implications of qualified certificates become limited or are eliminated. What's left seems to only be a certificate profile. I.e. a "format". Among many such. Just my 2 (EU) cents Anders R Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9M8GsI7002176 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 01:16:54 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9M8GsLP002175 for ietf-pkix-bks; Wed, 22 Oct 2003 01:16:54 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from nb2.stroeder.com (du-006-105.access.de.clara.net [212.82.229.105]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9M8GqI7002157 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 01:16:53 -0700 (PDT) (envelope-from michael@stroeder.com) Received: from localhost (localhost [127.0.0.1]) by nb2.stroeder.com (Postfix) with ESMTP id B25CD22C5F for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 10:15:53 +0200 (CEST) Received: from stroeder.com (localhost [127.0.0.1]) by nb2.stroeder.com (Postfix) with ESMTP id 6240B18FA1 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 10:15:52 +0200 (CEST) Message-ID: <3F963CB8.7030508@stroeder.com> Date: Wed, 22 Oct 2003 10:15:52 +0200 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: de-de, de, en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <200310211309.h9LD9YR08254@cs.auckland.ac.nz> <3F9540EB.E725568D@sun.com> In-Reply-To: <3F9540EB.E725568D@sun.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS 0.3.12pre8 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve Hanna wrote: > A decent MUA would understand that there may be more > than one cert with the same SKI. AKI/SKI is just a > hint. > [..] > Note also that AKI/SKI chaining SHOULD NOT be checked > during path validation. To be more explicit, it's > NOT true that the SKI of a CA certificate must match > the AKI of a certificate signed by that CA. Reading this discussion I ask myself: Is there any good reason to set AKI/SKI at all? Is it worth for anything? Or is it just YAPEB [1]? Ciao, Michael. [1] yet another PKIX extension bloat Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9M7PSI7089398 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 00:25:28 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9M7PSOJ089397 for ietf-pkix-bks; Wed, 22 Oct 2003 00:25:28 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9M7PQI7089384 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 00:25:27 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h9M7PIRS017287; Wed, 22 Oct 2003 20:25:18 +1300 Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h9M7QH013754; Wed, 22 Oct 2003 20:26:17 +1300 Date: Wed, 22 Oct 2003 20:26:17 +1300 Message-Id: <200310220726.h9M7QH013754@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: aarsenau@bbn.com, ietf-pkix@imc.org, pgut001@cs.auckland.ac.nz, stefans@microsoft.com Subject: RE: AKI and SKI problem with RFC 3280? Cc: housley@vigilsec.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Al Arsenault" <aarsenau@bbn.com> writes: >Okay, it's only a SHOULD, not a MUST, but the scenario you reference below >only comes in to play if I signed the CMS message using my CA cert, not my >end-entity cert. > >Got an example where this is relevant if the sKID's of two different CA certs >are the same? My CMS example from earlier used with SCEP. In any case something like this should never be allowed to happen as a matter of basic protocol design. Creating a "unique" key ID and then specifically telling people they can use non-unique IDs is just asking for trouble. Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9M7MgI7088766 for <ietf-pkix-bks@above.proper.com>; Wed, 22 Oct 2003 00:22:42 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9M7Mg60088765 for ietf-pkix-bks; Wed, 22 Oct 2003 00:22:42 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9M7MdI7088735 for <ietf-pkix@imc.org>; Wed, 22 Oct 2003 00:22:40 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h9M7MXRS017174; Wed, 22 Oct 2003 20:22:33 +1300 Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h9M7NV513736; Wed, 22 Oct 2003 20:23:31 +1300 Date: Wed, 22 Oct 2003 20:23:31 +1300 Message-Id: <200310220723.h9M7NV513736@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-pkix@imc.org, pgut001@cs.auckland.ac.nz, pmhesse@geminisecurity.com, stefans@microsoft.com Subject: RE: AKI and SKI problem with RFC 3280? Cc: housley@vigilsec.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Peter Hesse" <pmhesse@geminisecurity.com> writes: >Path building implementations should never rely on them being correct. What's the point of having them at all then? If you can't rely on them then you need to have something you can rely on, and if you've got that anyway then the unreliable alternative is superfluous. Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LLd3I7041898 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 14:39:03 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LLd3Pg041897 for ietf-pkix-bks; Tue, 21 Oct 2003 14:39:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LLd2I7041892 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 14:39:02 -0700 (PDT) (envelope-from Yassir.Elley@Sun.COM) Received: from sydney.East.Sun.COM ([129.148.9.16]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id h9LLcwxA022951; Tue, 21 Oct 2003 14:38:59 -0700 (PDT) Received: from Sun.COM (sr1-ubur-03 [129.148.9.82]) by sydney.East.Sun.COM (8.11.7p1+Sun/8.11.7/ENSMAIL,v2.2) with ESMTP id h9LLcwB18110; Tue, 21 Oct 2003 17:38:58 -0400 (EDT) Message-ID: <3F95A772.7BFEE142@Sun.COM> Date: Tue, 21 Oct 2003 17:38:58 -0400 From: Yassir Elley <Yassir.Elley@Sun.COM> Reply-To: Yassir.Elley@Sun.COM Organization: Sun Microsystems Inc. - BDC X-Mailer: Mozilla 4.79C-CCK-MCD [en] (X11; U; SunOS 5.9 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org, wss@lists.oasis-open.org Subject: [Fwd: 3rd Annual PKI R&D Workshop - Call for Papers] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> FYI -------- Original Message -------- Subject: 3rd Annual PKI R&D Workshop - Call for Papers From: Neal McBurnett <neal@bcn.boulder.co.us> 3rd Annual PKI R&D Workshop - Call for Papers http://middleware.internet2.edu/pki04/ Jointly sponsored by NIH, NIST, and Internet2, in cooperation with USENIX and OASIS. This workshop considers the full range of public key technology used for security decisions. PKI supports a variety of functionalities including authentication, authorization, identity (syndication, federation and aggregation) and trust. We solicit papers, scenarios, war stories, panel proposals, and participation from researchers, systems architects, vendor engineers and above all users. Location: NIST, Gaithersburg MD, USA. Papers and Proposals due: January 30, 2004 Authors Notified: March 1, 2004 Final Materials Due: March 22, 2004 Workshop Dates: April 12-14, 2004 This workshop has three goals: * Explore the current state of public key technology in different domains including web services, grid technologies, authentication systems et. al. in academia & research, government and industry. * Share & discuss lessons learned and scenarios from vendors and practitioners on current deployments * Provide a forum for leading security researchers to explore the issues relevant to the PKI space in areas of security management, identity, trust, policy, authentication and authorization. The results will be promulgated in several ways, including: * a published proceedings with refereed papers and summaries of workshop discussions * the workshop web site: http://middleware.internet2.edu/pki04/ * experimental initiatives within higher education Outstanding papers will be invited for possible publication in ACM TISSEC. Presentation formats will include: * Refereed papers * Panel discussions * Invited talks * Work-in-progress updates Submitted works for panels, papers and reports should address one or more critical areas of inquiry. Topics include (but not are not limited to): * PKI systems in various domains like grid, web services, government, industry and academia. * PKI and Federated trust * Related standards: x509, SDSI/SPKI, PGP, XKMS, SAML, Shibboleth, Liberty Alliance, etc. * Cryptographic methods in support of security decisions * The characterization and encoding of security decision data * Security protocols and choreographies - new ideas, analysis of existing systems et al * Alternative methods for supporting security decisions * Intersection of Policy based systems and PKI * Privacy protection and implications of different approaches * Scalability of security systems - are there limits to growth? * Security of the various components of a system: private keys, root authorities, certificate storage, communications channels, code, directories, etc. * Mobility solutions * Approaches to attributes and delegation * Improved designs for security-related user interfaces * Human factors issues with naming, multiple private keys, selective disclosure * Discussion of how the "public key infrastructure" may differ from the "PKI" traditionally defined * Reports of real-world experience with the use and deployment of PKI, especially where future research directions for PKI are indicated * What is missing? The gaps in PKI research and standards from a systems engineering point-of-view Submissions and Additional Information Papers should be submitted electronically, in PDF, formatted for standard US letter-size paper (8.5 x 11 inches). The final version of refereed papers should ideally be between 8 and 15 pages, and in no case more than 20 pages. They should have no header or footer text (e.g., no page numbers). Proposals for panels should be no longer than five pages in length and should include possible panelists and an indication of which of those panelists have confirmed participation. Please submit the following information by email to pkichairs@internet2.edu: * The full contact details (name, affiliation, email, phone, postal address) of one author who will act as the primary contact for this paper. * The full list of authors: you must supply the first name, the last name and the affiliation of each author. * The finished paper in PDF format as an attachment. All submissions will be acknowledged. The deadline for submission is January 30, 2004. Requests for short extensions will be granted on a case-by-case basis, and must be requested by January 30th via email to the same address. When appropriate, authors should arrange for a release for publication from their employer prior to submission. Papers accompanied by non-disclosure agreement forms are not acceptable and will be returned to the author(s) unread. Submissions of papers must not substantially duplicate work that any of the authors have published elsewhere or have submitted in parallel to any other conferences or journals. The registration fee will be waived for presenters. A limited number of stipends are available to those unable to obtain funding to attend the workshop. Further information will be available on the registration page in January. Program Committee Peter Alterman NIH Matt Blaze AT&T Labs Research Bill Burr NIST Yassir Elley Sun Microsystems Carl Ellison Microsoft Stephen Farrell Trinity College Dublin, Richard Guida Johnson & Johnson Peter Honeyman University of Michigan Russ Housley Vigil Security LLC Ken Klingenstein University of Colorado Olga Kornievskaia University of Michigan Neal McBurnett Internet2 Clifford Neuman USC Eric Norman University of Wisconsin Tim Polk NIST Ravi Sandhu George Mason University; NSD Security Krishna Sankar Cisco Systems Jeff Schiller MIT Frank Siebenlist Argonne National Laboratory Sean Smith Dartmouth College Michael Wiener Cryptographic Clarity General Chair: Ken Klingenstein, University of Colorado. Program Chair: Krishna Sankar, Cisco Systems. Steering Committee Chair: Neal McBurnett, Internet2. Local Arrangements Chair: Nelson Hastings, NIST. ---------------------------------------------------mw-pkiprgmcommittee-+ For list utilities, archives, subscribe, unsubscribe, etc. please visit the ListProc web interface at http://archives.internet2.edu/ ---------------------------------------------------mw-pkiprgmcommittee-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LLHPI7041292 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 14:17:25 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LLHPIm041291 for ietf-pkix-bks; Tue, 21 Oct 2003 14:17:25 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LLHOI7041285 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 14:17:24 -0700 (PDT) (envelope-from chokhani@orionsec.com) Received: from wchokhani (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id h9LLHPDb002021 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 17:17:25 -0400 From: "Santosh Chokhani" <chokhani@orionsec.com> To: <ietf-pkix@imc.org> Subject: RE: AKI and SKI problem with RFC 3280? Date: Tue, 21 Oct 2003 17:17:17 -0400 Message-ID: <005401c39818$b9d6e050$9e00a8c0@hq.orionsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <200310211627.h9LGRmI03445@chandon.edelweb.fr> Importance: Normal Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9LLHOI7041287 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Based on a review of Sections 4.2.1.2 and 4.2.1.1 of 3280, I draw the following conclusion: A 3280 compliant CA MUST ensure that AKI and SKI chain properly. This is sufficient for path construction. Thus, I do not see a particular need to change 3280 in this area. The various methods for calculating these values and their probability of collision need not be described in 3280. As others have pointed out, AKI and SKI need not be unique or different globally. For efficient path development, it is sufficient that AKI and SKI be different, with high degree of probability, for different keys of the same entity. The algorithm chosen can be left up to the CA. The proper chaining of AKI and SKI (not for path validation, but for path construction) is important. By proper chaining, I mean that the SKI in certificate(s) issued to a CA for a specific public key should (I read 3280 to say MUST, and I like that over SHOULD) match the AKI in those certificates that the CA issues which are verified using the said specific public key. Santosh Chokhani Orion Security Solutions, Inc. 1489 Chain Bridge Road, Suite 300 McLean, Virginia 22101 (703) 917-0060 Ext. 35(voice) (703) 917-0260 (Fax) chokhani@orionsec.com Visit our Web site http://www.orionsec.com Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LJ3JI7036013 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 12:03:19 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LJ3J9q036012 for ietf-pkix-bks; Tue, 21 Oct 2003 12:03:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LJ3II7036007 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 12:03:18 -0700 (PDT) (envelope-from mcooper@orionsec.com) Received: from wmcooper (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id h9LJ3JDb014937; Tue, 21 Oct 2003 15:03:19 -0400 From: "Matt Cooper" <mcooper@orionsec.com> To: <asturgeon@spyrus.com>, <ietf-pkix@imc.org> Subject: RE: I-D ACTION:draft-ietf-pkix-certpathbuild-01.txt Date: Tue, 21 Oct 2003 15:03:13 -0400 Message-ID: <002001c39805$fdb6cd20$9700a8c0@hq.orionsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: <DCEJJJFPPENPENMBCAIFKELDDGAA.asturgeon@spyrus.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9LJ3II7036008 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Alice, Thanks for the thorough reading! You made a lot of good suggestions that will help clarify the I-D. Please see my comments below. Best Regards, Matt > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Alice Sturgeon > Terminology, on "certification path building" and its aka's: > How can "building" be the same as "discovery", which would be > more like the validation process? Also, using the verb > "obtain" does not make it clear whether it is the building > (construction, development) or the discovery (finding, > validating) that is being described, although, given the > subject of the I-D, we only assume it is the former > (building). We had a few rounds of discussion on the term to use here and settled on building. You are correct, the focus is on constructing a likely to validate path, not validating it. I think the connotations of each aka also vary according to whom you ask. =) I also agree that "obtain" should be replaced with a better verb. How about "assemble"? I think that is more in line with what we meant. > Terminology, on "subscriber" - You might consider stating > something like: "also referred to as 'user' or, in a > certification hierarchy, 'End Entity'". Many use "subscriber" > and "user" synonymously and so it might be helpful to clarify > that (or your thinking on the two terms), and you use End > Entity, and so your view on its relationship to "subscriber" > as certificate subject would be helpful. Stating these > equivalents here would also avoid having to do so in the > later text (e.g., in 1.4, "end entities' (subscribers')" in > 1st para.). This is tricky to dance around and I obviously didn't do too great a job! The "End Entity" of the path is not necessarily a subscriber/user. For example, you may be building a path for a CRL signer. Hence, I tried to steer clear of the subscriber/user terms unless an example was specifically citing that type of cert. I think it ended up a little messy. I will review for this usage and see what I can do to make it more consistent. > Terminology: In view of your last two terms, you might > consider trying to define "trust" - rather critical to the > whole I-D concept. While you use the term extensively in the > Introduction, it does seem to be assumed that the concept is > understood - and it is in a general sense, but it might be > prudent to define explicitly for this context. For example, > are there well defined security attributes that make up > "trust" - confidentiality, integrity, accountability, > authenticity, or (gulp) non-repudiation? I agree, but I'm a little concerned about trying to boil down what is a fairly broad concept as it is applied to PKI in a definition. Perhaps a to the point definition with 3280 as suggested reading? It may make sense for us to explicitly point out in the introduction that that the I-D assumes the reader understands the contents of 3280 and related documents. I'll give this some more thought. > With respect to 1.4.3 and the text on figure 4, and the two > principal concerns about vulnerability: If the cert path > building software is written correctly, then transitive trust > should be impossible. It's not so much a vulnerability as a result of many cooks in the kitchen. If I cross certify with you today, and tomorrow you cross certify with ACME PKI, I may now trust ACME PKI without intending to. Of course, there are ways to design the certificates to prevent this. Problem is in my mind, as the number of variables (cross certified infrastructures) grows, it becomes increasingly difficult to keep track of the possibilities. IMO, limiting the number of combinations is one of the very nice properties of having a single bridge rather than "meshing" the infrastructures. > Secondly, I would think that cert > policy mapping should prohibit the cross-certification of > PKIs with different assurance levels. Agree, it _should_. =) Again, the worry is similar what I described just above. If I give you a cert with high assurance, and you certify a lower assurance PKI and map the policy to it, then I have a problem without realizing it. Or perhaps, you correctly give ACME PKI the high assurance cert, and they in turn cross certify with a lower assurance PKI and keep the policy intact. Again, you can control all these things to varying degrees with name constraints, path length cons, etc., but I think we have to take the human factor of PKI design into consideration and be somewhat realistic with our expectations. > 1.4.4 says: > However, when connecting PKIs in this way, the number and > variety of PKIs involved results in a non-hierarchical > environment, such as the one as depicted in Figure 5. I don't > think this is quite true, or perhaps just a simplification: > The overall environment or framework (or super-structure) is > non-hierarchical, but within that framework there is indeed a > hierarchical environment. This is an important point, > because it shows how the bridge, as non-hierarchical > framework, can simplify the one or many hierarchical > structure(s) within it for the purpose of cross-certification. I'm not sure I'm understanding what you are saying. Are you saying we should at this point stress that although the overall graph is non-hierarchical, that the trust framework is still hierarchical? > 1.5 - First reason given for supporting the bridge structure > is gratuitous - Use it because it is used... I think this > point (1) detracts from point (2), which is a much more > important reason. I agree and see no problem removing that and focusing on (2). > RFC 3280 6.2 states: While each certification path begins > with a specific trust anchor, ... So why is path building > beginning with the trusted root called "reverse"? I assume > this is because for cert path validation, one logically > starts with the EE cert. So - different purposes, different > terminology? I think this is throw back to prior terminology for cross certificates. The reverse cross certificates are those issued from a CA, the forward are those issued to the CA. If building from the EE, you use the forward, when building from the TR, you use the reverse, hence the naming of the respective building directions. I think, though I may start a religious debate here, "forward" was chosen as a natural result of that being the intended/designed direction for path building. (It certainly isn't forward with respect to issuance!) > 2.4.1, last sentence of 1st indented paragraph says: > "In other words, consumption of such paths by relying parties > could potentially yield trust in unintended ways." Assuming > (perhaps incorrectly) that "trust in unintended ways" means > "unintended trust", then the path actually creates a > vulnerability, does it not? Yes, and I agree with you, but I did intentionally soft pedal that. Basically, if everyone did everything just right, there should, in theory, not be any unintended trust. The problem is to my mind that allowing these unnecessarily convoluted paths increases the number of variables exponentially; making it next to impossible for a PKI designer to consider every possible outcome, and therefore, every possible trust path. More to the point, I don't think the convoluted path in and of itself is a vulnerability, but I think it creates the potential for masking a vulnerability/unintended trust. > Second point also could be > identified as a vulnerability, in that the path > unintentionally lowers the assurance level. Agree to an extent as well; but this has been a topic of much debate in the past with no clear winner. Hence the "may be considered lost" verbiage as opposed to "is lost." I'm in the latter school of thought and I personally would like to see this become part of path validation rather than a recommended approach to path building. Perhaps it is time for the list to re-visit this topic... > 2.4 states: > "The BCA also has issued four certificates, one to each of > the trust roots." But then 2.4.2 states: "It is not possible > to build forward direction paths into the infrastructures > behind CAs W, Y, and Z, because W, Y, and Z have not been > issued certificates by any other CAs." I'm missing something > on this point. I agree this isn't clear enough and I think we should try to clarify this point because it is an important one to my mind. The idea is, for example, suppose I'm building a (forward) path from E to TR-X. It isn't possible for my forward path builder to go astray and wander into the infrastructure behind TR-W because TR-W was not issued certificates by either F or G. (The builder would be forced to "go back" at W) However, the same example flipped around building (in reverse) from TR-X to E, the path builder could wander into the infrastructure behind TR-W using the certificates issued from TR-W to F and/or G. The reverse builder than may not recurse back until all paths behind TR-W are exhausted. > >From the References: [RFC 1738] Berners-Lee, T., L. Masinter and M. > McCahill, "Uniform Resource Locators (URL)", RFC 1738, > December 1994. You may wish to reference, instead or in > addition, RFC 2396 URI Berners-Lee, T., Fielding, R., Irving, > U.C., and L. Masinter. "Uniform Resource Identifiers (URI): > Generic Syntax", August 1998. RFC 2396 updates and merges > RFC 1738 (as well as "Relative Uniform Resource Locators" > [RFC1808]), although 2396 excludes the portions of RFC 1738 > that define the specific syntax of individual URL schemes. > (And you use "URI" much more frequently than "URL".) Are the > references intended to be Normative or Informative? I > believe it is necessary now to distinguish references now on > this basis. You are correct; we need to update this section. > 8. Security Considerations - In the 2nd and 3rd sentences, > you state the need to protect the trusted root cert, as well > as the trusted root keys. It is necessary that the root cert > be available for the path. It is root keys that need to be > "kept safe" and of course only the public key should be > obtainable. Suggest deleting trusted root cert from this discussion. I agree the key is all that matters, but wrote it this way so as to not diminish the importance of protecting the cert if that is the source of the key. Perhaps a re-wording would be better: The only exception to this is the appropriate protection of the trusted root key(s) (or trusted root certificates if they are the source of the trusted keys) used for validating paths. ? > Editorial notes: Thank you for these as well; we will address these items in the next revision. Thanks again for your efforts! Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LH0WI7031850 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 10:00:32 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LH0WKv031849 for ietf-pkix-bks; Tue, 21 Oct 2003 10:00:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LH0UI7031843 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 10:00:31 -0700 (PDT) (envelope-from Peter.Sylvester@EdelWeb.fr) Received: from chandon.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id TAA09786 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 19:00:26 +0200 (MET DST) Received: from chandon.edelweb.fr (chandon.edelweb.fr [193.51.14.162]) by edelweb.fr (nospam/1.7); Tue, 21 Oct 2003 19:00:27 +0200 (MET DST) Received: (from peter@localhost) by chandon.edelweb.fr (8.11.7p1+Sun/8.11.7) id h9LH0Q403490 for ietf-pkix@imc.org; Tue, 21 Oct 2003 19:00:26 +0200 (MEST) Date: Tue, 21 Oct 2003 19:00:26 +0200 (MEST) From: Peter Sylvester <Peter.Sylvester@EdelWeb.fr> Message-Id: <200310211700.h9LH0Q403490@chandon.edelweb.fr> To: ietf-pkix@imc.org Subject: PKIX agenda X-Sun-Charset: US-ASCII Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I would like to know when an agenda for the Minneapolis meeting will be available. I am not part of those who are able to go without justification. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LGRqI7030805 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 09:27:52 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LGRq4C030804 for ietf-pkix-bks; Tue, 21 Oct 2003 09:27:52 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LGRmI7030797 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 09:27:51 -0700 (PDT) (envelope-from Peter.Sylvester@EdelWeb.fr) Received: from chandon.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id SAA09643 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 18:27:49 +0200 (MET DST) Received: from chandon.edelweb.fr (chandon.edelweb.fr [193.51.14.162]) by edelweb.fr (nospam/1.7); Tue, 21 Oct 2003 18:27:49 +0200 (MET DST) Received: (from peter@localhost) by chandon.edelweb.fr (8.11.7p1+Sun/8.11.7) id h9LGRmI03445 for ietf-pkix@imc.org; Tue, 21 Oct 2003 18:27:48 +0200 (MEST) Date: Tue, 21 Oct 2003 18:27:48 +0200 (MEST) From: Peter Sylvester <Peter.Sylvester@EdelWeb.fr> Message-Id: <200310211627.h9LGRmI03445@chandon.edelweb.fr> To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? X-Sun-Charset: US-ASCII Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> A little bit of nit-picking the text in 3820: >4.2.1.2 > One common method for generating unique values is a monotonically > increasing sequence of integers. 1, 1, 2, 2, 3, 3 is a monotonically increasing sequence of integers according to some common definitions for sequences or functions. As far as I remember my math classes from 30 years ago, non-ambiguous terms are 'strictly increasing" or "monotone and strictly increasing" or "monotonically strictly increasing" ... Peter Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LFqqI7029517 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 08:52:52 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LFqpbR029516 for ietf-pkix-bks; Tue, 21 Oct 2003 08:52:51 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-ft4.fr.colt.net (smtp-ft4.fr.colt.net [213.41.78.203]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LFqoI7029508 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 08:52:50 -0700 (PDT) (envelope-from jmdesp@free.fr) Received: from free.fr (host.106.92.68.195.rev.coltfrance.com [195.68.92.106]) by smtp-ft4.fr.colt.net with ESMTP id h9LFqfH18904 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 17:52:46 +0200 Message-ID: <3F95564C.4020905@free.fr> Date: Tue, 21 Oct 2003 17:52:44 +0200 From: Jean-Marc Desperrier <jmdesp@free.fr> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a) Gecko/20031004 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: AKI and SKI problem with RFC 3280? References: <200310211309.h9LD9YR08254@cs.auckland.ac.nz> <3F9540EB.E725568D@sun.com> In-Reply-To: <3F9540EB.E725568D@sun.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve Hanna wrote: >Note also that AKI/SKI chaining SHOULD NOT be checked >during path validation. To be more explicit, it's >NOT true that the SKI of a CA certificate must match >the AKI of a certificate signed by that CA. Why? >Because the CA certificate may have been issued by >a CA that uses a different AKI/SKI computation technique >than the CA who's the subject of the CA certificate. > > I really think it would be a better practice to always have a method of reusing existing SKI when emitting a cross-certificate. It might be difficult with some currently used mecanisms for that, but cross-certificates for CA are not likemy to be an automatic process like the emission of a end-user certificate. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LFlWI7029358 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 08:47:32 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LFlWTq029357 for ietf-pkix-bks; Tue, 21 Oct 2003 08:47:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LFlWI7029352 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 08:47:32 -0700 (PDT) (envelope-from alex@verisign.com) Received: from MOU1WNEXC03.vcorp.ad.vrsn.com (verisign.com [65.205.251.57]) by peacock.verisign.com (8.12.10/) with ESMTP id h9LFlDxi003520; Tue, 21 Oct 2003 08:47:28 -0700 (PDT) Received: by mou1wnexc03.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <VGG31HA4>; Tue, 21 Oct 2003 08:43:12 -0700 Message-ID: <F5678115F458B4458C227F0EC02691BB013B024B@mou1wnexm04.vcorp.ad.vrsn.com> From: "Deacon, Alex" <alex@verisign.com> To: "'Michael Myers'" <mmyers@fastq.com>, ietf-pkix@imc.org Subject: RE: POLL: Nonce-specific error code for OCSP Date: Tue, 21 Oct 2003 08:43:06 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> NO > -----Original Message----- > From: Michael Myers [mailto:mmyers@fastq.com] > Sent: Wednesday, October 15, 2003 2:03 PM > To: ietf-pkix@imc.org > Subject: POLL: Nonce-specific error code for OCSP > > > > All, > > I recently received permission from the chairs to poll the WG > against the following question. > > Should we standardize an OCSP *V1* error code that enables a > responder to indicate its inability to respond to nonced > requests? > > Please respond with either YES or NO. > > Mike > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LFeNI7029162 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 08:40:23 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LFeNeU029161 for ietf-pkix-bks; Tue, 21 Oct 2003 08:40:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mx2.magma.ca (mx2.magma.ca [206.191.0.250]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LFeMI7029155 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 08:40:22 -0700 (PDT) (envelope-from asturgeon@spyrus.com) Received: from mail2.magma.ca (mail2.magma.ca [206.191.0.214]) by mx2.magma.ca Magma's Mail Server with ESMTP id h9LFeMCv028556; Tue, 21 Oct 2003 11:40:22 -0400 Received: from hippolyta ([213.219.159.226]) by mail2.magma.ca (Magma's Mail Server) with SMTP id h9LFe395007989; Tue, 21 Oct 2003 11:40:20 -0400 Reply-To: <asturgeon@spyrus.com> From: "Alice Sturgeon" <asturgeon@spyrus.com> To: "Peter Hesse" <pmhesse@geminisecurity.com>, <ietf-pkix@imc.org> Subject: RE: I-D ACTION:draft-ietf-pkix-certpathbuild-01.txt Date: Tue, 21 Oct 2003 11:41:47 -0400 Message-ID: <DCEJJJFPPENPENMBCAIFKELDDGAA.asturgeon@spyrus.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <00b501c389b0$c7babfa0$6701a8c0@gemsec.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi all, This is an important effort and it is going to be very helpful once finalized. A few comments (with the humble caveat that those of you who wrote this I-D, and with whom you consulted, are considerably more knowledgeable on this subject than I am!): Terminology, on "certification path building" and its aka's: How can "building" be the same as "discovery", which would be more like the validation process? Also, using the verb "obtain" does not make it clear whether it is the building (construction, development) or the discovery (finding, validating) that is being described, although, given the subject of the I-D, we only assume it is the former (building). As the authors state in Purpose, other documents, notably RFC 3280, go into cert path validation, and so this I-D does not go there. Terminology, on "subscriber" - You might consider stating something like: "also referred to as 'user' or, in a certification hierarchy, 'End Entity'". Many use "subscriber" and "user" synonymously and so it might be helpful to clarify that (or your thinking on the two terms), and you use End Entity, and so your view on its relationship to "subscriber" as certificate subject would be helpful. Stating these equivalents here would also avoid having to do so in the later text (e.g., in 1.4, "end entities' (subscribers')" in 1st para.). Terminology: In view of your last two terms, you might consider trying to define "trust" - rather critical to the whole I-D concept. While you use the term extensively in the Introduction, it does seem to be assumed that the concept is understood - and it is in a general sense, but it might be prudent to define explicitly for this context. For example, are there well defined security attributes that make up "trust" - confidentiality, integrity, accountability, authenticity, or (gulp) non-repudiation? With respect to 1.4.3 and the text on figure 4, and the two principal concerns about vulnerability: If the cert path building software is written correctly, then transitive trust should be impossible. Secondly, I would think that cert policy mapping should prohibit the cross-certification of PKIs with different assurance levels. 1.4.4 says: However, when connecting PKIs in this way, the number and variety of PKIs involved results in a non-hierarchical environment, such as the one as depicted in Figure 5. I don't think this is quite true, or perhaps just a simplification: The overall environment or framework (or super-structure) is non-hierarchical, but within that framework there is indeed a hierarchical environment. This is an important point, because it shows how the bridge, as non-hierarchical framework, can simplify the one or many hierarchical structure(s) within it for the purpose of cross-certification. 1.5 - First reason given for supporting the bridge structure is gratuitous - Use it because it is used... I think this point (1) detracts from point (2), which is a much more important reason. RFC 3280 6.2 states: While each certification path begins with a specific trust anchor, ... So why is path building beginning with the trusted root called "reverse"? I assume this is because for cert path validation, one logically starts with the EE cert. So - different purposes, different terminology? 2.4.1, last sentence of 1st indented paragraph says: "In other words, consumption of such paths by relying parties could potentially yield trust in unintended ways." Assuming (perhaps incorrectly) that "trust in unintended ways" means "unintended trust", then the path actually creates a vulnerability, does it not? Second point also could be identified as a vulnerability, in that the path unintentionally lowers the assurance level. 2.4 states: "The BCA also has issued four certificates, one to each of the trust roots." But then 2.4.2 states: "It is not possible to build forward direction paths into the infrastructures behind CAs W, Y, and Z, because W, Y, and Z have not been issued certificates by any other CAs." I'm missing something on this point. >From the References: [RFC 1738] Berners-Lee, T., L. Masinter and M. McCahill, "Uniform Resource Locators (URL)", RFC 1738, December 1994. You may wish to reference, instead or in addition, RFC 2396 URI Berners-Lee, T., Fielding, R., Irving, U.C., and L. Masinter. "Uniform Resource Identifiers (URI): Generic Syntax", August 1998. RFC 2396 updates and merges RFC 1738 (as well as "Relative Uniform Resource Locators" [RFC1808]), although 2396 excludes the portions of RFC 1738 that define the specific syntax of individual URL schemes. (And you use "URI" much more frequently than "URL".) Are the references intended to be Normative or Informative? I believe it is necessary now to distinguish references now on this basis. 8. Security Considerations - In the 2nd and 3rd sentences, you state the need to protect the trusted root cert, as well as the trusted root keys. It is necessary that the root cert be available for the path. It is root keys that need to be "kept safe" and of course only the public key should be obtainable. Suggest deleting trusted root cert from this discussion. Editorial notes: Section 1, 1st para., last sentence: There should be an "s" on "certificate". 1.4, 1st sentence, the phrase "often times" does not translate well nor may not be as clear as, simply, "often". 1.4.4, 4th sentence (beginning with "Since each PKI...") is not a sentence: There is one subordinate clause (beginning with "Since"), with two parts to it (joined by "and") but no principal clause. The sense of it is that the next sentence should be the principal clause, but since that would make a horribly long sentence, I would suggest simply removing the "Since" and making that a stand-alone (and proper) sentence. 2, last sentence reads (not well): Rather, guidance is provided on the technical issues that surround the path building process, and the capabilities path building implementations require in order to build certification paths successfully, irrespective of PKI structures. To make this easier to read (I had trouble), insert "on" before "...the capabilities path...", and add the letter "d" to "require" ("...implementations required in order to build...") The A's, B's, and C's in figure 6 are a little confusing. It can be understood but it might be easier to do so if you used a combination of numbers and letters. All for now. Alice Sturgeon Chair, Canadian Advisory Committee - Information Technology Security ISO/IEC JTC 1/SC 27 and System Policy Architect & Manager Standards SPYRUS Office: 613-232-2350 Mobile: 613-291-0331 -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Peter Hesse Sent: Friday, October 03, 2003 9:18 AM To: ietf-pkix@imc.org Subject: RE: I-D ACTION:draft-ietf-pkix-certpathbuild-01.txt All, To save everyone the trouble of trying to read through our entire internet draft a second time, the following lists outline the main changes made in the document since version 00. Overall changes: - made certain terminology more consistent ("certification path" throughout the document instead of "certificate path", "cert path", etc.) - softened the tone; made it clear that the document provides informational recommendations and does not prescribe a particular method for certification path building - removed statements on the document providing guidance based on "best practices" but instead explicitly defined the motivation and purpose behind the document, as well as the criteria that led to the guidance provided. - removed some non-ascii characters that had snuck in Specific changes: - Thoroughly updated section 1.1 (Motivation) and 1.2 (Purpose) - updated terminology section to include a few additional terms - updated mesh PKI figure to better differentiate it from other structures - included a section (2.2) that clearly identifies the authors' criteria for a path building implementation - broke up section 2.4 (How to Build a Certification Path) with some subsections - added section 3.3 (Representing the Decision Tree Programmatically) - updated section 3.5 to include additional information about the sorting methods that follow. Sorting methods are no longer called "rules". - added section 5.4 (Distinguished Name Encoding) - added section 6.3 (Subject Information Access) Cheers, --Peter Hesse +---------------------------------------------------------------+ | Peter Hesse pmhesse@geminisecurity.com | | Phone: (703)934-2031 Gemini Security Solutions, Inc. | | ICQ: 1942828 www.geminisecurity.com | +---------------------------------------------------------------+ "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LElQI7027298 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 07:47:26 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LElQMW027297 for ietf-pkix-bks; Tue, 21 Oct 2003 07:47:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from brmea-mail-3.sun.com (brmea-mail-3.Sun.COM [192.18.98.34]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LElPI7027291 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 07:47:25 -0700 (PDT) (envelope-from steve.hanna@sun.com) Received: from sydney.East.Sun.COM ([129.148.9.16]) by brmea-mail-3.sun.com (8.12.10/8.12.9) with ESMTP id h9LElM5u022143; Tue, 21 Oct 2003 08:47:22 -0600 (MDT) Received: from sun.com (dhcp-ubur02-75-161 [129.148.75.161]) by sydney.East.Sun.COM (8.11.7p1+Sun/8.11.7/ENSMAIL,v2.2) with ESMTP id h9LElMB18199; Tue, 21 Oct 2003 10:47:22 -0400 (EDT) Message-ID: <3F9546DB.AB380D31@sun.com> Date: Tue, 21 Oct 2003 10:46:51 -0400 From: Steve Hanna <steve.hanna@sun.com> X-Mailer: Mozilla 4.79 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Stefan Santesson <stefans@microsoft.com> CC: Peter Hesse <pmhesse@geminisecurity.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, ietf-pkix@imc.org, housley@vigilsec.com Subject: Re: AKI and SKI problem with RFC 3280? References: <0C3042E92D8A714783E2C44AB9936E1D6FE708@EUR-MSG-03.europe.corp.microsoft.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Stefan Santesson wrote: > What is in fact the current behaviour of applications today: > > Do they: > 1) Not even try to validate the path since issuer/subject don't match > 2) Fail validation and display error > 3) Fail validation, then goes back and search for another path In Sun's JDK 1.4.x, we ignore AKI/SKI so an AKI/SKI match on unrelated certs is not a problem for us. I guess that falls into category 3). > In case there would be a followup to RFC 3280 my feeling is that > increasing integers should be deprecated. It's fine to deprecate this option (probably a good idea), but we should also warn that AKI/SKI may not match and that's fine. Nothing in RFC 3280 says this currently and that seems to be confusing for implementors. Thanks, Steve Hanna Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LENLI7026436 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 07:23:21 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LENLPV026435 for ietf-pkix-bks; Tue, 21 Oct 2003 07:23:21 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LENKI7026430 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 07:23:20 -0700 (PDT) (envelope-from steve.hanna@sun.com) Received: from sydney.East.Sun.COM ([129.148.9.16]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id h9LEM2xA001337; Tue, 21 Oct 2003 07:22:03 -0700 (PDT) Received: from sun.com (dhcp-ubur02-75-161 [129.148.75.161]) by sydney.East.Sun.COM (8.11.7p1+Sun/8.11.7/ENSMAIL,v2.2) with ESMTP id h9LEM2B14799; Tue, 21 Oct 2003 10:22:02 -0400 (EDT) Message-ID: <3F9540EB.E725568D@sun.com> Date: Tue, 21 Oct 2003 10:21:31 -0400 From: Steve Hanna <steve.hanna@sun.com> X-Mailer: Mozilla 4.79 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Gutmann <pgut001@cs.auckland.ac.nz> CC: aarsenau@bbn.com, ietf-pkix@imc.org, stefans@microsoft.com, housley@vigilsec.com Subject: Re: AKI and SKI problem with RFC 3280? References: <200310211309.h9LD9YR08254@cs.auckland.ac.nz> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms276F0AA07F1B7F9D4A5D81DB" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms276F0AA07F1B7F9D4A5D81DB Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit A decent MUA would understand that there may be more than one cert with the same SKI. AKI/SKI is just a hint. As such, it's nice (maybe leading to better performance) if there's one and only one cert with a particular SKI. But it's not required. In fact, if you use one of the key hash methods for calculating the AKI/SKI and there are several certificates with the same subject public key (as with multiple cross-certificates for a single CA), these certificates will probably all have the same SKI. Note also that AKI/SKI chaining SHOULD NOT be checked during path validation. To be more explicit, it's NOT true that the SKI of a CA certificate must match the AKI of a certificate signed by that CA. Why? Because the CA certificate may have been issued by a CA that uses a different AKI/SKI computation technique than the CA who's the subject of the CA certificate. Thanks, Steve Peter Gutmann wrote: > > "Al Arsenault" <aarsenau@bbn.com> writes: > > >Why does an AKI/SKI have to be globally unique? > > > >It strikes me that the AKI/SKI extensions are simply "search aids". That is, > >they merely help the application (RP) determine which of a set of possible > >certificates to use is the correct one. While it would be kind of cool if an > >SKI/AKI would be globally unique (it would make searching a repository a > >little easier/quicker IN SOME CASES), it doesn't strike me as a huge deal. > > You send me a CMS signed message (say) with the key identified by sKID = 0. > My MUA finds a cert with sKID = 0 and tries to verify the signature. The > verification fails, and I get a warning saying that the forces of darkness > are tampering with my communications, I could be under attack, and the world > is about to end. > > You send me a CMS signed message (say) with the key identified by sKID = > aildhfsdfsjklhgdfjghkf. My MUA can't find a cert with that sKID and > displays an informational message saying that it couldn't find a signing > key, and perhaps I should contact the sender for more information. > > There's a big difference in terms of usability. > > Peter. --------------ms276F0AA07F1B7F9D4A5D81DB Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIIEAYJKoZIhvcNAQcCoIIIATCCB/0CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BeMwggKjMIICDKADAgECAgMKVAgwDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhh d3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwg RnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMzA3MTExMTAxNTFaFw0wNDA3MTAxMTAxNTFa MGgxDjAMBgNVBAQTBUhhbm5hMRUwEwYDVQQqEwxTdGVwaGVuIFJvc3MxGzAZBgNVBAMTElN0 ZXBoZW4gUm9zcyBIYW5uYTEiMCAGCSqGSIb3DQEJARYTc3RldmUuaGFubmFAc3VuLmNvbTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoxRk/abMPe7Km2EqpD2FZXzjiBGUHhIdNlIO 9W6mdCQro1xMc+sv+93UuVnIzse+XA67Tqx4g5FdoQ+PI8TQYemYSkTD9GitgU563ypu03UV 86zTJA7u9zVkNv/qL2LRKZ9BXy2Smtet+PUh3nYjMh/ZY7LQxQzmdu1Zunue+yECAwEAAaMw MC4wHgYDVR0RBBcwFYETc3RldmUuaGFubmFAc3VuLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqG SIb3DQEBBAUAA4GBAHbpX0TKiOFu1vxKc3nAOcUHwoci5kinboYrnjWcl37mMXXbBFntaYRM 9LxpGtHdPm7F4pAviKp8bnFzTU46OyUw3kNUAVGDeWYVQC76f0dDZdA313Tn88UZYa+N6O8W bO8wjKA2vg+yx79WXJCFDu+TpsG/28NKPdH42w8LEOVHMIIDODCCAqGgAwIBAgIQZkVyt8x0 9c9jdkWE0C6RATANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl c3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3Vs dGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UE AxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25h bC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAwMDgzMDAwMDAwMFoXDTA0MDgyNzIzNTk1OVow gZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg VG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEo MCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEA3jMypmPHCSVFPtJueCdngcXaiBmClw7jRCmKYzUqbXA8+tyu9+50 bzC8M5B/+TRxoKNtmPHDT6Jl2w36S/HW3WGl+YXNVZo1Gp2Sdagnrthy+boC9tewkd4c6avg GAOofENCUFGHgzzwObSbVIoTh/+zm51JZgAtCYnslGvpoWkCAwEAAaNOMEwwKQYDVR0RBCIw IKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMjk3MBIGA1UdEwEB/wQIMAYBAf8CAQAw CwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBADGxS0dd+QFx5fVTbF151j2YwCYTYoEi pxL4IpXoG0m3J3sEObr85vIk65H6vewNKjj3UFWobPcNrUwbvAP0teuiR59sogxYjTFCCRFs sBpp0SsSskBdavl50OouJd2K5PzbDR+dAvNa28o89kTqJmmHf0iezqWf54TYyWJirQXGMYIB 9TCCAfECAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQ BgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0 ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAID ClQIMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMDMxMDIxMTQyMTMxWjAjBgkqhkiG9w0BCQQxFgQUv/TAMFGlDjV0//NsbjYbt3mS m/wwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4D AgcwDQYIKoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYCPScUS 79/iTTqCMhrz2al5L+i+UfQ63SO+8HBEHVPcL6rNEv4kVx/4cVr6m9L451HI+j+htUq5cA28 q4Otl+OLEa03zMx5gnd9JDXGK5EUTpiQmhkvBS61ItR+zjFuWb7+Lif4Cvuayi5rWwyeS9on WGW7oDGVv6Tk+Dzi8A1/sQ== --------------ms276F0AA07F1B7F9D4A5D81DB-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LEMBI7026393 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 07:22:11 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LEMBn5026392 for ietf-pkix-bks; Tue, 21 Oct 2003 07:22:11 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LEMAI7026386 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 07:22:10 -0700 (PDT) (envelope-from aarsenau@bbn.com) Received: from arsenaultd2 (col-dhcp33-244-172.bbn.com [128.33.244.172]) by aragorn.bbn.com (8.12.7/8.12.7) with SMTP id h9LEL3TW028327; Tue, 21 Oct 2003 10:21:23 -0400 (EDT) From: "Al Arsenault" <aarsenau@bbn.com> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <ietf-pkix@imc.org>, <stefans@microsoft.com> Cc: <housley@vigilsec.com> Subject: RE: AKI and SKI problem with RFC 3280? Date: Tue, 21 Oct 2003 10:18:04 -0400 Message-ID: <GBEOIAAPLLBIMLPDGHDHMEAECFAA.aarsenau@bbn.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: <200310211309.h9LD9YR08254@cs.auckland.ac.nz> X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Well, bear in mind that RFC3280 allows the "monotonically increasing..." bit only for CA certificates. Section 4.2.1.2 explicitly says: " For end entity certificates, subject key identifiers SHOULD be derived from the public key. Two common methods for generating key identifiers from the public key are identified above." Okay, it's only a SHOULD, not a MUST, but the scenario you reference below only comes in to play if I signed the CMS message using my CA cert, not my end-entity cert. Got an example where this is relevant if the sKID's of two different CA certs are the same? Granted, if I use the CA cert directly in an application, problems like your example can occur, but such uses shouldn't be happening (IMNSHO). Al Arsenault -----Original Message----- From: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz] Sent: Tuesday, October 21, 2003 9:10 AM To: aarsenau@bbn.com; ietf-pkix@imc.org; pgut001@cs.auckland.ac.nz; stefans@microsoft.com Cc: housley@vigilsec.com Subject: RE: AKI and SKI problem with RFC 3280? "Al Arsenault" <aarsenau@bbn.com> writes: >Why does an AKI/SKI have to be globally unique? > >It strikes me that the AKI/SKI extensions are simply "search aids". That is, >they merely help the application (RP) determine which of a set of possible >certificates to use is the correct one. While it would be kind of cool if an >SKI/AKI would be globally unique (it would make searching a repository a >little easier/quicker IN SOME CASES), it doesn't strike me as a huge deal. You send me a CMS signed message (say) with the key identified by sKID = 0. My MUA finds a cert with sKID = 0 and tries to verify the signature. The verification fails, and I get a warning saying that the forces of darkness are tampering with my communications, I could be under attack, and the world is about to end. You send me a CMS signed message (say) with the key identified by sKID = aildhfsdfsjklhgdfjghkf. My MUA can't find a cert with that sKID and displays an informational message saying that it couldn't find a signing key, and perhaps I should contact the sender for more information. There's a big difference in terms of usability. Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LEAKI7025883 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 07:10:20 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LEAKbG025882 for ietf-pkix-bks; Tue, 21 Oct 2003 07:10:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail-dub.microsoft.com (mail-dub.microsoft.com [213.199.128.160]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LEAHI7025874 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 07:10:18 -0700 (PDT) (envelope-from stefans@microsoft.com) Received: from dub-imc-01.europe.corp.microsoft.com ([65.53.196.35]) by mail-dub.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 21 Oct 2003 15:10:09 +0100 Received: from 65.53.196.35 by dub-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 21 Oct 2003 15:10:09 +0100 Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.45]) by dub-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 21 Oct 2003 15:10:09 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: AKI and SKI problem with RFC 3280? Date: Tue, 21 Oct 2003 15:09:25 +0100 Message-ID: <0C3042E92D8A714783E2C44AB9936E1D6FE708@EUR-MSG-03.europe.corp.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: AKI and SKI problem with RFC 3280? Thread-Index: AcOX2cW85cVxQtaeS36/V6amFNEhyQAAIfFQ From: "Stefan Santesson" <stefans@microsoft.com> To: "Peter Hesse" <pmhesse@geminisecurity.com>, "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <ietf-pkix@imc.org>, "Stefan Santesson" <stefans@microsoft.com> Cc: <housley@vigilsec.com> X-OriginalArrivalTime: 21 Oct 2003 14:10:09.0143 (UTC) FILETIME=[09058870:01C397DD] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9LEAII7025877 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I'm particularly interested in the reality check. If an application use AKI/SKI match to discover a path and finds an AKI/SKI match of unrelated keys. What happens? Ignoring what applications SHOULD do (which we all know) What is in fact the current behaviour of applications today: Do they: 1) Not even try to validate the path since issuer/subject don't match 2) Fail validation and display error 3) Fail validation, then goes back and search for another path The danger with the outline of RFC 3280 is that two different methods with different characteristics is proposed, while almost everybodey use the first (key hash based). Implementers may thus be tempted to make development shortcuts, based on a fair assumption that AKI/SKI match indicates use of the same key, not causing any security risks, but leading to unneccesary errors in casae that assumption is false. In case there would be a followup to RFC 3280 my feeling is that increasing integers should be deprecated. In the ETSI cert profile under development we are currently proposing to deprecate this option. /Stefan > -----Original Message----- > From: Peter Hesse [mailto:pmhesse@geminisecurity.com] > Sent: den 21 oktober 2003 15:45 > To: 'Peter Gutmann'; ietf-pkix@imc.org; Stefan Santesson > Cc: housley@vigilsec.com > Subject: RE: AKI and SKI problem with RFC 3280? > > "Peter Gutmann" <pgut001@cs.auckland.ac.nz> writes: > > > My code has included a check to ignore the sKID if it's less than > > 40 bits for some time now, because anything less than that is a > > danger sign implying the use of an integer sequence. > > The RFC 3280 certification path validation process does not include a > check of the sKID and/or aKID; if they don't match, there is nothing > wrong with the path. Path building implementations should never rely on > them being correct. They may be useful if they are present and correct, > but as was said, may lead building algorithms astray if they are present > and incorrect. Therefore implementations should use them if they are > helpful, but not rely on their existence or fail if they are incorrect. > > --Peter > > +---------------------------------------------------------------+ > | Peter Hesse pmhesse@geminisecurity.com | > | Phone: (703)934-2031 Gemini Security Solutions, Inc. | > | ICQ: 1942828 www.geminisecurity.com | > +---------------------------------------------------------------+ > "Pay no attention to what the critics say; there has never been > a statue set up in honor of a critic." --Jean Sibelius > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LE3aI7025700 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 07:03:36 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LE3aKw025699 for ietf-pkix-bks; Tue, 21 Oct 2003 07:03:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LE3ZI7025693 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 07:03:35 -0700 (PDT) (envelope-from kent@bbn.com) Received: from [128.89.89.40] (dhcp89-089-040.bbn.com [128.89.89.40]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id h9LE2iTX027344; Tue, 21 Oct 2003 10:03:05 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po2.bbn.com Message-Id: <p06002002bbbaeb54a68f@[128.89.89.40]> In-Reply-To: <0C3042E92D8A714783E2C44AB9936E1D6FDFDE@EUR-MSG-03.europe.corp.microsoft.c om> References: <0C3042E92D8A714783E2C44AB9936E1D6FDFDE@EUR-MSG-03.europe.corp.microsoft.c om> Date: Tue, 21 Oct 2003 10:00:43 -0400 To: "Stefan Santesson" <stefans@microsoft.com> From: Stephen Kent <kent@bbn.com> Subject: Re: AKI and SKI problem with RFC 3280? Cc: <ietf-pkix@imc.org>, "Russ Housley" <housley@vigilsec.com> Content-Type: multipart/alternative; boundary="============_-1145377522==_ma============" X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --============_-1145377522==_ma============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" At 11:12 +0100 10/20/03, Stefan Santesson wrote: > >I have come a cross a potential problem with RFC 3280 when working >on the new ETSI Certificate profile standard for identity certs. > >RFC 3280 states: > >4.2.1.1 > > The value of the keyIdentifier field SHOULD be derived from the > public key used to verify the certificate's signature or a method > that generates unique values. Two common methods for generating key > identifiers from the public key, and one common method for generating > unique values, are described in section 4.2.1.2 > >4.2.1.2 > One common method for generating unique values is a monotonically > increasing sequence of integers. > > >This means that a CA, following the recommendation can assign key >identifier values of e.g. 1, 2, 3, 4, 5, 6,..., n > >If many different CA:s would follow the "monotonically increasing >sequence of integers" procedure, multiple unrelated certificates >would end up having the same SKI and/or AKI values relating to >completely different public keys. > >I'm not sure how most path building clients would handle a situation >like that, but I fear that at least some would fail. > >Isn't the point that AKI:s and SKI:s should use a generation >algorithm that assigns them a globally unique value with high >probability and therefore SHOULD be derived from the public key and >NOT use a "monotonically increasing sequence of integers". At least >not starting from a small integer? > >/Stefan For path building purposes, there is no need for uniqueness in these values. We have stated several times that path building is NOT supposed to use these values to locate certs, but rather to disambiguate among certs that have the right Subject name (assuming a bottom's up path building). However, when the SKI appears in an EE cert, and that EE cert is used in S/MIME, then we are assuming uniqueness, because the receiver uses the SKI to locate the right token for that receiver. This support for S/MIME is why we put in the SKI requirement for EE certs, where it otherwise would not be needed (re path building). Steve P.S. Peter, your example talked about signature verification, but I don't think that's right, because the signature info is not per recipient, it is per originator, and thus would not encounter this problem. --============_-1145377522==_ma============ Content-Type: text/html; charset="us-ascii" <!doctype html public "-//W3C//DTD W3 HTML//EN"> <html><head><style type="text/css"><!-- blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 } --></style><title>Re: AKI and SKI problem with RFC 3280?</title></head><body> <div>At 11:12 +0100 10/20/03, Stefan Santesson wrote:</div> <blockquote type="cite" cite><font face="Courier New" size="-1"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1">I have come a cross a potential problem with RFC 3280 when working on the new ETSI Certificate profile standard for identity certs.</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1">RFC 3280 states:</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1">4.2.1.1</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> The value of the keyIdentifier field SHOULD be derived from the</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> public key used to verify the certificate's signature or</font><font color="#FF0000"> a method</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#FF0000"> that generates unique values</font><font color="#000000">. Two common methods for generating key</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> identifiers from the public key,</font><font color="#FF0000"> and one common method for generating</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#FF0000"> unique values, are described in section 4.2.1.2</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000">4.2.1.2</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> </font><font color="#FF0000"> One common method for generating unique values is a monotonically</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#FF0000"> increasing sequence of integers</font><font color="#000000">.</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000">This means that a CA, following the recommendation can assign key identifier values of e.g. 1, 2, 3, 4, 5, 6,..., n</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000">If many different CA:s would follow the "</font><font color="#FF0000">monotonically increasing sequence of integers</font><font color="#000000">" procedure, multiple unrelated certificates would end up having the same SKI and/or AKI values relating to completely different public keys.</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000">I'm not sure how most path building clients would handle a situation like that, but I fear that at least some would fail.</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000">Isn't the point that AKI:s and SKI:s should use a generation algorithm that assigns them a globally unique value with high probability and therefore SHOULD be derived from the public key and NOT use a "</font><font color="#FF0000">monotonically increasing sequence of integers</font><font color="#000000">". At least not starting from a small integer?</font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000"> </font></blockquote> <blockquote type="cite" cite><font face="Courier New" size="-1" color="#000000">/Stefan</font></blockquote> <div><br></div> <div>For path building purposes, there is no need for uniqueness in these values. We have stated several times that path building is NOT supposed to use these values to locate certs, but rather to disambiguate among certs that have the right Subject name (assuming a bottom's up path building).</div> <div><br></div> <div>However, when the SKI appears in an EE cert, and that EE cert is used in S/MIME, then we are assuming uniqueness, because the receiver uses the SKI to locate the right token for that receiver. This support for S/MIME is why we put in the SKI requirement for EE certs, where it otherwise would not be needed (re path building).</div> <div><br></div> <div><br></div> <div>Steve</div> <div><br></div> <div>P.S. Peter, your example talked about signature verification, but I don't think that's right, because the signature info is not per recipient, it is per originator, and thus would not encounter this problem.</div> </body> </html> --============_-1145377522==_ma============-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LDkfI7025157 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 06:46:41 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LDkfsE025156 for ietf-pkix-bks; Tue, 21 Oct 2003 06:46:41 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from osf1.gmu.edu (osf1.gmu.edu [129.174.1.13]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LDkdI7025151 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 06:46:39 -0700 (PDT) (envelope-from pmhesse@geminisecurity.com) Received: from phessel ([129.174.244.115]) by osf1.gmu.edu (8.8.8/8.8.8) with ESMTP id JAA337414; Tue, 21 Oct 2003 09:46:24 -0400 (EDT) From: "Peter Hesse" <pmhesse@geminisecurity.com> To: "'Peter Gutmann'" <pgut001@cs.auckland.ac.nz>, <ietf-pkix@imc.org>, <stefans@microsoft.com> Cc: <housley@vigilsec.com> Subject: RE: AKI and SKI problem with RFC 3280? Date: Tue, 21 Oct 2003 09:45:17 -0400 Organization: Gemini Security Solutions, Inc. Message-ID: <007401c397d9$99078490$6801a8c0@gemsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: <200310210602.h9L62ml03348@cs.auckland.ac.nz> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Peter Gutmann" <pgut001@cs.auckland.ac.nz> writes: > My code has included a check to ignore the sKID if it's less than > 40 bits for some time now, because anything less than that is a > danger sign implying the use of an integer sequence. The RFC 3280 certification path validation process does not include a check of the sKID and/or aKID; if they don't match, there is nothing wrong with the path. Path building implementations should never rely on them being correct. They may be useful if they are present and correct, but as was said, may lead building algorithms astray if they are present and incorrect. Therefore implementations should use them if they are helpful, but not rely on their existence or fail if they are incorrect. --Peter +---------------------------------------------------------------+ | Peter Hesse pmhesse@geminisecurity.com | | Phone: (703)934-2031 Gemini Security Solutions, Inc. | | ICQ: 1942828 www.geminisecurity.com | +---------------------------------------------------------------+ "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LDPRI7024523 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 06:25:27 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LDPROc024522 for ietf-pkix-bks; Tue, 21 Oct 2003 06:25:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LDPPI7024517 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 06:25:25 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h9LDPPRS021484; Wed, 22 Oct 2003 02:25:25 +1300 Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h9LDQG308358; Wed, 22 Oct 2003 02:26:16 +1300 Date: Wed, 22 Oct 2003 02:26:16 +1300 Message-Id: <200310211326.h9LDQG308358@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: housley@vigilsec.com, ietf-pkix@imc.org, pgut001@cs.auckland.ac.nz, stefans@microsoft.com Subject: Re: AKI and SKI problem with RFC 3280? Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ Housley <housley@vigilsec.com> writes: >The only CA that I know about that did this has changed to a hash-based >alternative. There are European CAs that still do it AFAIK. I have proof somewhere in the cert menagerie :-). Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LDLqI7024452 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 06:21:52 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LDLqgx024451 for ietf-pkix-bks; Tue, 21 Oct 2003 06:21:52 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id h9LDLpI7024446 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 06:21:51 -0700 (PDT) (envelope-from housley@vigilsec.com) Received: (qmail 4141 invoked by uid 0); 21 Oct 2003 13:21:33 -0000 Received: from unknown (HELO Russ-Laptop.vigilsec.com) (68.75.53.223) by woodstock.binhost.com with SMTP; 21 Oct 2003 13:21:33 -0000 Message-Id: <5.2.0.9.2.20031021091524.044d0308@mail.binhost.com> X-Sender: housley@mail.binhost.com X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Tue, 21 Oct 2003 09:16:24 -0400 To: pgut001@cs.auckland.ac.nz, ietf-pkix@imc.org, stefans@microsoft.com From: Russ Housley <housley@vigilsec.com> Subject: Re: AKI and SKI problem with RFC 3280? In-Reply-To: <200310210602.h9L62ml03348@cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: > >Isn't the point that AKI:s and SKI:s should use a generation algorithm that > >assigns them a globally unique value with high probability and therefore > >SHOULD be derived from the public key and NOT use a "monotonically > increasing > >sequence of integers". At least not starting from a small integer? > >There is some reason why CAs do this, I can't remember why but I think it was >the usual ostrich algorithm ("There is no CA but us; to think otherwise is >treason punishable by limb reconstruction"). I'm not quite sure why the RFC >tells you to do this though, since the only safe response to it is to ignore >any sKIDs of that form. The only CA that I know about that did this has changed to a hash-based alternative. Russ Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LD9AI7023998 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 06:09:10 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LD9A6P023997 for ietf-pkix-bks; Tue, 21 Oct 2003 06:09:10 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LD98I7023991 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 06:09:09 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h9LD8hRS021194; Wed, 22 Oct 2003 02:08:43 +1300 Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h9LD9YR08254; Wed, 22 Oct 2003 02:09:34 +1300 Date: Wed, 22 Oct 2003 02:09:34 +1300 Message-Id: <200310211309.h9LD9YR08254@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: aarsenau@bbn.com, ietf-pkix@imc.org, pgut001@cs.auckland.ac.nz, stefans@microsoft.com Subject: RE: AKI and SKI problem with RFC 3280? Cc: housley@vigilsec.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Al Arsenault" <aarsenau@bbn.com> writes: >Why does an AKI/SKI have to be globally unique? > >It strikes me that the AKI/SKI extensions are simply "search aids". That is, >they merely help the application (RP) determine which of a set of possible >certificates to use is the correct one. While it would be kind of cool if an >SKI/AKI would be globally unique (it would make searching a repository a >little easier/quicker IN SOME CASES), it doesn't strike me as a huge deal. You send me a CMS signed message (say) with the key identified by sKID = 0. My MUA finds a cert with sKID = 0 and tries to verify the signature. The verification fails, and I get a warning saying that the forces of darkness are tampering with my communications, I could be under attack, and the world is about to end. You send me a CMS signed message (say) with the key identified by sKID = aildhfsdfsjklhgdfjghkf. My MUA can't find a cert with that sKID and displays an informational message saying that it couldn't find a signing key, and perhaps I should contact the sender for more information. There's a big difference in terms of usability. Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LCfvI7023194 for <ietf-pkix-bks@above.proper.com>; Tue, 21 Oct 2003 05:41:57 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9LCfuUN023193 for ietf-pkix-bks; Tue, 21 Oct 2003 05:41:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9LCfrI7023185 for <ietf-pkix@imc.org>; Tue, 21 Oct 2003 05:41:54 -0700 (PDT) (envelope-from aarsenau@bbn.com) Received: from arsenaultd2 (col-dhcp33-244-172.bbn.com [128.33.244.172]) by aragorn.bbn.com (8.12.7/8.12.7) with SMTP id h9LCffTW023652; Tue, 21 Oct 2003 08:41:42 -0400 (EDT) From: "Al Arsenault" <aarsenau@bbn.com> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <ietf-pkix@imc.org>, <stefans@microsoft.com> Cc: <housley@vigilsec.com> Subject: RE: AKI and SKI problem with RFC 3280? Date: Tue, 21 Oct 2003 08:38:43 -0400 Message-ID: <GBEOIAAPLLBIMLPDGHDHEEADCFAA.aarsenau@bbn.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: <200310210602.h9L62ml03348@cs.auckland.ac.nz> X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Okay, I'll bite... Why does an AKI/SKI have to be globally unique? It strikes me that the AKI/SKI extensions are simply "search aids". That is, they merely help the application (RP) determine which of a set of possible certificates to use is the correct one. While it would be kind of cool if an SKI/AKI would be globally unique (it would make searching a repository a little easier/quicker IN SOME CASES), it doesn't strike me as a huge deal. Even using the "monotonically increasing integer sequence" scheme, what we'd have is: Cert A and Cert B have the same AKI value Cert A is issued by CA Z, and has serial number N Cert B is issued by CA Y, and has serial number M (Note that the CA values would be different, because a single CA can't issue the same AKI/SKI value to multiple certs. The serial numbers could coincidentally be the same; that's a random chance.) So the path validation software SHOULD say: "gee, I fetched a cert from the repository by matching on SKI - I didn't bother searching on issuer name/serial, or subject name, or... So now I've got two matches. Which one should I use? Maybe I should actually try looking at one of the other fields to get a clue, or maybe I'll just take a shot and die a horrible screaming death if I guess wrong?" I'm foggy on the details, but it strikes me that the "monotonically increasing integer" scheme was actually in use by somebody, and nobody believed it was a real problem, given the use of the extensions, so we said, in essence, "heck, why not?" How has that changed? Al Arsenault -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Peter Gutmann Sent: Tuesday, October 21, 2003 2:03 AM To: ietf-pkix@imc.org; stefans@microsoft.com Cc: housley@vigilsec.com Subject: Re: AKI and SKI problem with RFC 3280? "Stefan Santesson" <stefans@microsoft.com> writes: @microsoft.com? >If many different CA:s would follow the "monotonically increasing sequence of >integers" procedure, multiple unrelated certificates would end up having the >same SKI and/or AKI values relating to completely different public keys. Yup. I've seen CAs use bits of key hashes, monotonically increasing integers, numeric text strings, MPEGs of cats... >I'm not sure how most path building clients would handle a situation like >that, but I fear that at least some would fail. My code has included a check to ignore the sKID if it's less than 40 bits for some time now, because anything less than that is a danger sign implying the use of an integer sequence. >Isn't the point that AKI:s and SKI:s should use a generation algorithm that >assigns them a globally unique value with high probability and therefore >SHOULD be derived from the public key and NOT use a "monotonically increasing >sequence of integers". At least not starting from a small integer? There is some reason why CAs do this, I can't remember why but I think it was the usual ostrich algorithm ("There is no CA but us; to think otherwise is treason punishable by limb reconstruction"). I'm not quite sure why the RFC tells you to do this though, since the only safe response to it is to ignore any sKIDs of that form. Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9L623I7041777 for <ietf-pkix-bks@above.proper.com>; Mon, 20 Oct 2003 23:02:03 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9L6236I041776 for ietf-pkix-bks; Mon, 20 Oct 2003 23:02:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9L621I7041742 for <ietf-pkix@imc.org>; Mon, 20 Oct 2003 23:02:02 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h9L622RS012257; Tue, 21 Oct 2003 19:02:02 +1300 Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h9L62ml03348; Tue, 21 Oct 2003 19:02:48 +1300 Date: Tue, 21 Oct 2003 19:02:48 +1300 Message-Id: <200310210602.h9L62ml03348@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-pkix@imc.org, stefans@microsoft.com Subject: Re: AKI and SKI problem with RFC 3280? Cc: housley@vigilsec.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Stefan Santesson" <stefans@microsoft.com> writes: @microsoft.com? >If many different CA:s would follow the "monotonically increasing sequence of >integers" procedure, multiple unrelated certificates would end up having the >same SKI and/or AKI values relating to completely different public keys. Yup. I've seen CAs use bits of key hashes, monotonically increasing integers, numeric text strings, MPEGs of cats... >I'm not sure how most path building clients would handle a situation like >that, but I fear that at least some would fail. My code has included a check to ignore the sKID if it's less than 40 bits for some time now, because anything less than that is a danger sign implying the use of an integer sequence. >Isn't the point that AKI:s and SKI:s should use a generation algorithm that >assigns them a globally unique value with high probability and therefore >SHOULD be derived from the public key and NOT use a "monotonically increasing >sequence of integers". At least not starting from a small integer? There is some reason why CAs do this, I can't remember why but I think it was the usual ostrich algorithm ("There is no CA but us; to think otherwise is treason punishable by limb reconstruction"). I'm not quite sure why the RFC tells you to do this though, since the only safe response to it is to ignore any sKIDs of that form. Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9KAI0I7086013 for <ietf-pkix-bks@above.proper.com>; Mon, 20 Oct 2003 03:18:00 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9KAI07G086012 for ietf-pkix-bks; Mon, 20 Oct 2003 03:18:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail-lul.microsoft.com (mail-lul.microsoft.com [212.157.154.44]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9KAHtI7086003 for <ietf-pkix@imc.org>; Mon, 20 Oct 2003 03:17:56 -0700 (PDT) (envelope-from stefans@microsoft.com) Received: from lul-imc-01.europe.corp.microsoft.com ([65.53.188.37]) by mail-lul.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 20 Oct 2003 12:17:46 +0200 Received: from 65.53.188.37 by lul-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 20 Oct 2003 12:17:22 +0200 Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by lul-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 20 Oct 2003 12:14:00 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary" Subject: AKI and SKI problem with RFC 3280? Date: Mon, 20 Oct 2003 11:12:24 +0100 Message-ID: <0C3042E92D8A714783E2C44AB9936E1D6FDFDE@EUR-MSG-03.europe.corp.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: AKI and SKI problem with RFC 3280? thread-index: AcOVwjxQcsDRGefpR+yZ6uNiHYuRwgBLcWZQ From: "Stefan Santesson" <stefans@microsoft.com> To: <ietf-pkix@imc.org> Cc: "Russ Housley" <housley@vigilsec.com> X-OriginalArrivalTime: 20 Oct 2003 10:14:00.0552 (UTC) FILETIME=[E1785E80:01C396F2] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------InterScan_NT_MIME_Boundary Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C396F2.E09683D7" ------_=_NextPart_001_01C396F2.E09683D7 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable =20 I have come a cross a potential problem with RFC 3280 when working on the new ETSI Certificate profile standard for identity certs. =20 RFC 3280 states: =20 4.2.1.1 =20 The value of the keyIdentifier field SHOULD be derived from the public key used to verify the certificate's signature or a method that generates unique values. Two common methods for generating key identifiers from the public key, and one common method for generating unique values, are described in section 4.2.1.2 =20 4.2.1.2 One common method for generating unique values is a monotonically increasing sequence of integers. =20 =20 This means that a CA, following the recommendation can assign key identifier values of e.g. 1, 2, 3, 4, 5, 6,..., n =20 If many different CA:s would follow the "monotonically increasing sequence of integers" procedure, multiple unrelated certificates would end up having the same SKI and/or AKI values relating to completely different public keys. =20 I'm not sure how most path building clients would handle a situation like that, but I fear that at least some would fail. =20 Isn't the point that AKI:s and SKI:s should use a generation algorithm that assigns them a globally unique value with high probability and therefore SHOULD be derived from the public key and NOT use a "monotonically increasing sequence of integers". At least not starting from a small integer? =20 /Stefan ------_=_NextPart_001_01C396F2.E09683D7 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)"> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} p.MsoPlainText, li.MsoPlainText, div.MsoPlainText {margin:0cm; margin-bottom:.0001pt; font-size:10.0pt; font-family:"Courier New";} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 77.95pt 70.85pt 77.95pt;} div.Section1 {page:Section1;} --> </style> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span = lang=3DSV style=3D'font-size:10.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span = style=3D'font-size: 10.0pt'>I have come a cross a potential problem with RFC 3280 when = working on the new ETSI Certificate profile standard for identity = certs.<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span = style=3D'font-size: 10.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span = style=3D'font-size: 10.0pt'>RFC 3280 states:<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span = style=3D'font-size: 10.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span = style=3D'font-size: 10.0pt'>4.2.1.1<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span = style=3D'font-size: 10.0pt'><o:p> </o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'> The value of the keyIdentifier field SHOULD be derived from = the<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'> public key used to = verify the certificate's signature or </span></font><font color=3Dred><span style=3D'color:red'>a method<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dred face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:red'> that generates unique = values</span></font><font color=3Dblack><span style=3D'color:black'>. Two common methods for = generating key<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'> identifiers from the = public key, </span></font><font color=3Dred><span style=3D'color:red'>and one = common method for generating<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dred face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:red'> unique values, are = described in section 4.2.1.2</span></font><font color=3Dblack><span = style=3D'color:black'><o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'><o:p> </o:p></span></font></p= > <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'>4.2.1.2<o:p></o:p></span></font></= p> <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'> </span></font><font color=3Dred><span style=3D'color:red'>One common method for generating = unique values is a monotonically<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dred face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:red'> increasing sequence of = integers</span></font><font color=3Dblack><span style=3D'color:black'>.<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'><o:p> </o:p></span></font></p= > <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'><o:p> </o:p></span></font></p= > <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'>This means that a CA, following = the recommendation can assign key identifier values of e.g. 1, 2, 3, 4, 5, = 6,..., n<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'><o:p> </o:p></span></font></p= > <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'>If many different CA:s would = follow the “</span></font><font color=3Dred><span style=3D'color:red'>monotonically increasing sequence = of integers</span></font><font color=3Dblack><span style=3D'color:black'>“ procedure, multiple = unrelated certificates would end up having the same SKI and/or AKI values relating to = completely different public keys.<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'><o:p> </o:p></span></font></p= > <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'>I’m not sure how most path = building clients would handle a situation like that, but I fear that at least some would = fail.<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'><o:p> </o:p></span></font></p= > <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'>Isn’t the point that AKI:s = and SKI:s should use a generation algorithm that assigns them a globally unique = value with high probability and therefore SHOULD be derived from the public = key and NOT use a “</span></font><font color=3Dred><span = style=3D'color:red'>monotonically increasing sequence of integers</span></font><font color=3Dblack><span style=3D'color:black'>“. At least not starting from a small = integer?<o:p></o:p></span></font></p> <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'><o:p> </o:p></span></font></p= > <p class=3DMsoPlainText><font size=3D2 color=3Dblack face=3D"Courier = New"><span style=3D'font-size:10.0pt;color:black'>/Stefan<o:p></o:p></span></font></= p> </div> </body> </html> ------_=_NextPart_001_01C396F2.E09683D7-- --------------InterScan_NT_MIME_Boundary-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9J2nTI7040459 for <ietf-pkix-bks@above.proper.com>; Sat, 18 Oct 2003 19:49:29 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9J2nTOx040458 for ietf-pkix-bks; Sat, 18 Oct 2003 19:49:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9J2nTI7040453 for <ietf-pkix@imc.org>; Sat, 18 Oct 2003 19:49:29 -0700 (PDT) (envelope-from dave@corestreet.com) Received: from localhost (h005008001124.ne.client2.attbi.com[66.31.43.88]) by comcast.net (rwcrmhc12) with ESMTP id <20031019024926014007493se>; Sun, 19 Oct 2003 02:49:26 +0000 Received: from localhost ([127.0.0.1] helo=corestreet.com ident=dave) by localhost with esmtp (Exim 3.35 #1 (Debian)) id 1AB3dU-0000iq-00; Sat, 18 Oct 2003 22:49:40 -0400 Message-ID: <3F91FBC3.3030703@corestreet.com> Date: Sat, 18 Oct 2003 22:49:39 -0400 From: David Engberg <dave@corestreet.com> Organization: CoreStreet User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Michael Myers <mmyers@fastq.com> CC: ietf-pkix@imc.org Subject: Re: DISCUSSION: Nonce-specific error code for OCSP References: <EOEGJNFMMIBDKGFONJJDKEGCDFAA.mmyers@fastq.com> In-Reply-To: <EOEGJNFMMIBDKGFONJJDKEGCDFAA.mmyers@fastq.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Sorry, didn't mean to start a rehash of the original nonce argument. My original point was in response to precise protocol assertion from Mike's last email: Further, the requestor which sent a nonce and received a non-nonced response can today infer "responder does not support nonces." I was basically trying to say that, at a protocol level, this statement is false. If a client sends a request to a responder that includes a nonce, and that client receives either: (a) an unsigned OCSPResponseStatus - or - (b) a signed response with no nonce and no special extensions then that client has no way to tell whether that OCSP responder is intentionally configured to ignore nonces, or whether an attacker on the network is providing (a) bogus or (b) replayed information. If the signed body of the response contains an extension that says "this OCSP infrastructure never provides nonces for any requests", then the client can securely determine that this declaration came from a trusted entity (the OCSP signer) and not an intermediate attacker. > The requirement is to bind a request to its associated response > and thus enable relying parties to mitigate replay risks. I > remain curious to an understanding of how unilateral server-side > response extensions achieve this effect. I disagree. The real requirement is that the certificate status response be as provably up-to-date as possible for a given request. All this "binding" stuff is just a particular mechanism which MAY achieve that requirement. A nonce can be used to strongly bind a response to a specific request. This proves that the response is "fresh" from a responder. This MAY give indication that the underlying status information is up-to-date. If, however, the response was provided by a responder which is using a CRL that is 11 hours old, the nonce is only providing me with the illusion of immediacy. If a cert was revoked 6 hours ago, that responder will provide "fresh" responses validating that cert until the next CRL is released and processed. A response based on a start time (thisUpdate) and end time (nextUpdate) more accurately reflects the real underlying status information in any system with responders using periodic CRLs. > In the instance of explicit delegation from a certification > authority, there then exists a business entity which places > itself in a position of risk against damage claims. Are you > suggesting that an OCSP responder's unilateral inclusion of a > technical artifact is an assertion of willingness to absorb such > risks? Oh, I don't think that lawyers would be quite as clear on the liability distinction between ACME Novelty's CA and its Responders. In both cases, ACME has IT personnel running servers with HSMs that provide digitally signed information attesting to the identity and status of ACME employees. I don't think you'd avoid any lawsuits by asserting that a revoked certificate was "validated" using a compromised ACME OCSP Responder rather than a bad CRL from a compromised ACME CA. But I certainly wouldn't advocate any sort of unilateral inclusion of technical artifacts ... that's why we're discussing this as part of the standards process. Thanks, Dave Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9J1BQI7036933 for <ietf-pkix-bks@above.proper.com>; Sat, 18 Oct 2003 18:11:26 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9J1BPSp036932 for ietf-pkix-bks; Sat, 18 Oct 2003 18:11:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9J1BOI7036925 for <ietf-pkix@imc.org>; Sat, 18 Oct 2003 18:11:24 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h9J1BPt76436; Sat, 18 Oct 2003 18:11:25 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: "David Engberg" <dave@corestreet.com> Cc: <ietf-pkix@imc.org> Subject: RE: DISCUSSION: Nonce-specific error code for OCSP Date: Sat, 18 Oct 2003 18:14:26 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKEGCDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3F919F1F.4090504@corestreet.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Dave, A few thoughts embedded below. Mike > -----Original Message----- > From: David Engberg > > . . . > > An existing client can't tell the difference between a > server that doesn't support nonces and a replay > attack by an attacker who made a nonceless request. > An explicit "nonceUnsupported" extension in the signed > body of the response allows a client to securely tell the > difference between these cases. The requirement is to bind a request to its associated response and thus enable relying parties to mitigate replay risks. I remain curious to an understanding of how unilateral server-side response extensions achieve this effect. > OCSP and other PKIX standards currently allow some > policy decisions to be made by the infrastructure > authorities (CAs, responders) and others by the > relying parties. For example, the pkix-nocheck > extension allows the infrastructure to tell clients > that they should accept a delegated responder cert > without performing validation. This extension was > approved, even though someone could have made an > argument that "only clients should be allowed to > set responder validation policies." In the instance of explicit delegation from a certification authority, there then exists a business entity which places itself in a position of risk against damage claims. Are you suggesting that an OCSP responder's unilateral inclusion of a technical artifact is an assertion of willingness to absorb such risks? Bear in mind that the relying party problem is notoriously difficult. It only appears in the heterogeneous context we are now debating; else contracts suffice. If you are unfamiliar with the issue, you may wish to consult with our legal peers in the American Bar Association's Information Security Committee. > Something like "nonceUnsupported" would fall in the > same category ... the infrastructure is telling > interested clients about the security characteristics > of that PK infrastructure and suggesting a security > policy based on that information. Infrastructure should serve the needs of its participants rather than the other way around. Mike (602) 739-7744 Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9INdJI7034927 for <ietf-pkix-bks@above.proper.com>; Sat, 18 Oct 2003 16:39:19 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9INdJMd034926 for ietf-pkix-bks; Sat, 18 Oct 2003 16:39:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9INdII7034918 for <ietf-pkix@imc.org>; Sat, 18 Oct 2003 16:39:18 -0700 (PDT) (envelope-from piyushj@comcast.net) Received: from netserver (12-234-48-248.client.attbi.com[12.234.48.248]) by comcast.net (rwcrmhc13) with SMTP id <2003101823391501500dmah4e>; Sat, 18 Oct 2003 23:39:15 +0000 Message-ID: <006501c395d1$499e4b00$0300a8c0@484Oliver.com> From: "Piyush" <piyushj@comcast.net> To: "Michael Myers" <mmyers@fastq.com>, <ietf-pkix@imc.org> References: <EOEGJNFMMIBDKGFONJJDEEFDDFAA.mmyers@fastq.com> Subject: Re: Nonce-specific error code for OCSP Date: Sat, 18 Oct 2003 16:41:00 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> NO. Piyush ----- Original Message ----- From: "Michael Myers" <mmyers@fastq.com> To: <ietf-pkix@imc.org> Sent: Wednesday, October 15, 2003 2:02 PM Subject: POLL: Nonce-specific error code for OCSP > > All, > > I recently received permission from the chairs to poll the WG > against the following question. > > Should we standardize an OCSP *V1* error code that enables a > responder to indicate its inability to respond to nonced > requests? > > Please respond with either YES or NO. > > Mike > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IKEFI7030020 for <ietf-pkix-bks@above.proper.com>; Sat, 18 Oct 2003 13:14:15 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9IKEF75030019 for ietf-pkix-bks; Sat, 18 Oct 2003 13:14:15 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IKEFI7030008 for <ietf-pkix@imc.org>; Sat, 18 Oct 2003 13:14:15 -0700 (PDT) (envelope-from dave@corestreet.com) Received: from localhost (h005008001124.ne.client2.attbi.com[66.31.43.88]) by comcast.net (rwcrmhc12) with ESMTP id <200310182014110140074kv2e>; Sat, 18 Oct 2003 20:14:11 +0000 Received: from localhost ([127.0.0.1] helo=corestreet.com ident=dave) by localhost with esmtp (Exim 3.35 #1 (Debian)) id 1AAxSy-0000FU-00; Sat, 18 Oct 2003 16:14:24 -0400 Message-ID: <3F919F1F.4090504@corestreet.com> Date: Sat, 18 Oct 2003 16:14:23 -0400 From: David Engberg <dave@corestreet.com> Organization: CoreStreet User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Michael Myers <mmyers@fastq.com> CC: ietf-pkix@imc.org Subject: Re: DISCUSSION: Nonce-specific error code for OCSP References: <EOEGJNFMMIBDKGFONJJDKEFPDFAA.mmyers@fastq.com> In-Reply-To: <EOEGJNFMMIBDKGFONJJDKEFPDFAA.mmyers@fastq.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael Myers wrote: > Further, the requestor which sent a nonce and received a > non-nonced response can today infer "responder does not support > nonces." Something like 11 of 12 client side implementors claim > ability to detect such. Inclusion of an extension which in > effect asserts that "I as responder give myself permission to > disregard your nonce" does nothing to improve upon that. I believe that it is not currently possible to infer this under the current spec. An existing client can't tell the difference between a server that doesn't support nonces and a replay attack by an attacker who made a nonceless request. An explicit "nonceUnsupported" extension in the signed body of the response allows a client to securely tell the difference between these cases. OCSP and other PKIX standards currently allow some policy decisions to be made by the infrastructure authorities (CAs, responders) and others by the relying parties. For example, the pkix-nocheck extension allows the infrastructure to tell clients that they should accept a delegated responder cert without performing validation. This extension was approved, even though someone could have made an argument that "only clients should be allowed to set responder validation policies." Something like "nonceUnsupported" would fall in the same category ... the infrastructure is telling interested clients about the security characteristics of that PK infrastructure and suggesting a security policy based on that information. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IHnsI7025624 for <ietf-pkix-bks@above.proper.com>; Sat, 18 Oct 2003 10:49:54 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9IHns2w025623 for ietf-pkix-bks; Sat, 18 Oct 2003 10:49:54 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout07.sul.t-online.com (mailout07.sul.t-online.com [194.25.134.83]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IHnnI7025612 for <ietf-pkix@imc.org>; Sat, 18 Oct 2003 10:49:52 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: from fwd04.aul.t-online.de by mailout07.sul.t-online.com with smtp id 1AAvCq-0002U5-07; Sat, 18 Oct 2003 19:49:36 +0200 Received: from hagen (GQVxR6ZU8eDjMs8StLb-L3DjN-eDDaug0+KoryqDXMcCEsHThb3Tk5@[80.128.92.191]) by fmrl04.sul.t-online.com with esmtp id 1AAvCe-0h9Ioq0; Sat, 18 Oct 2003 19:49:24 +0200 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Michael Myers'" <mmyers@fastq.com>, "'David Engberg'" <dave@corestreet.com> Cc: <ietf-pkix@imc.org> Subject: RE: DISCUSSION: Nonce-specific error code for OCSP Date: Sat, 18 Oct 2003 19:49:23 +0200 Organization: SyTrust Message-ID: <000901c395a0$2ade3ee0$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <EOEGJNFMMIBDKGFONJJDKEFPDFAA.mmyers@fastq.com> X-Seen: false X-ID: GQVxR6ZU8eDjMs8StLb-L3DjN-eDDaug0+KoryqDXMcCEsHThb3Tk5@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > It seems to me that an extended response is no improvement > upon a plain response when applied to replay detection. It > too can be replayed because there is no dynamic binding > between request and response. That's what the nonce > extension was defined to > enable: client-side elimination of replay risks via dynamic binding. The response can be replayed. Thats true. But the client now has a way of dectecting if the responder supports nonces. So the client will ask itself: Why should I accept a response without nonce from a responder that supports nonce? Coming to the conclusion that something is wrong the client can now disregard the response. Today, when a client sends a request with nonce and gets a response without nonce that can mean: A) the responder does not support nonces B) the responder would support nonces but this is a replay (the attacker is replaying the response to a request without nonce) With either one of the proposed extensions, the client would get a secure method of differentiation between these two cases. Imagine an attacker now recording an OCSP response to a request without nonce and replaying this response to another request with nonce. With the proposed extensions, the replayed response contains information saying that this responder usually supports nonces. Thus the client will reject the response, as it did not contain a nonce but the responder simultaneous indicates that it would support nonce generation. > Further, the requestor which sent a nonce and received a > non-nonced response can today infer "responder does not > support nonces." Something like 11 of 12 client side > implementors claim ability to detect such. Inclusion of an > extension which in effect asserts that "I as responder give > myself permission to disregard your nonce" does nothing to > improve upon that. I know that 11 of 12 client side implementors think they can infer such a conclusion. But - sad to say - this conclusion is not necessarily true in the current state of RfC2560. The response could also be a replay of a response to a request without nonce. Thats why we need the extension (or server-generated nonces as a work-around). So the inclusion of an extension saying that "I AS RESPONDER give myself permission to disregard your nonce" has a real value. It indicates that the responder KNOWS that this response may be used in replay or caching situations. It is a lot better than the current situation. Currently a response without nonce asserts that "I as responder OR ATTACKER give myself permission to disregard your nonce". I hope that clarifies why we want something to the effect of this proposal so urgently. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IHM1I7024690 for <ietf-pkix-bks@above.proper.com>; Sat, 18 Oct 2003 10:22:05 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9IHM1LA024689 for ietf-pkix-bks; Sat, 18 Oct 2003 10:22:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IHLsI7024681 for <ietf-pkix@imc.org>; Sat, 18 Oct 2003 10:21:59 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h9IHLpt44835; Sat, 18 Oct 2003 10:21:51 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: "Florian Oelmaier" <oelmaier@sytrust.com>, "'David Engberg'" <dave@corestreet.com> Cc: <ietf-pkix@imc.org> Subject: RE: DISCUSSION: Nonce-specific error code for OCSP Date: Sat, 18 Oct 2003 10:24:51 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKEFPDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <000001c39565$69ee5b50$4228a8c0@hagen> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> It seems to me that an extended response is no improvement upon a plain response when applied to replay detection. It too can be replayed because there is no dynamic binding between request and response. That's what the nonce extension was defined to enable: client-side elimination of replay risks via dynamic binding. Further, the requestor which sent a nonce and received a non-nonced response can today infer "responder does not support nonces." Something like 11 of 12 client side implementors claim ability to detect such. Inclusion of an extension which in effect asserts that "I as responder give myself permission to disregard your nonce" does nothing to improve upon that. Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IDNSI7018885 for <ietf-pkix-bks@above.proper.com>; Sat, 18 Oct 2003 06:23:28 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9IDNSwT018884 for ietf-pkix-bks; Sat, 18 Oct 2003 06:23:28 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IDNRI7018879 for <ietf-pkix@imc.org>; Sat, 18 Oct 2003 06:23:28 -0700 (PDT) (envelope-from cwallace@orionsec.com) Received: from wcwallace (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id h9IDNSKj001157 for <ietf-pkix@imc.org>; Sat, 18 Oct 2003 09:23:28 -0400 From: "Carl Wallace" <cwallace@orionsec.com> To: <ietf-pkix@imc.org> Subject: new WG Date: Sat, 18 Oct 2003 09:23:22 -0400 Message-ID: <002d01c3957b$04414bd0$6401a8c0@hq.orionsec.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_002E_01C39559.7D2FABD0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_002E_01C39559.7D2FABD0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit A new working group is being formed to address long-term archive and notary services. Mailing list information can be found at http://www.imc.org/ietf-ltans/index.html; additional details can be found at: http://ltans.edelweb.fr. We'll be meeting for the first time at the upcoming IETF meeting in Minneapolis. Anyone interested in giving a presentation during the WG session should send a request to tobias.gondrom@ixos.de or cwallace@orionsec.com. ------=_NextPart_000_002E_01C39559.7D2FABD0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <TITLE>Message</TITLE> <META content=3D"MSHTML 6.00.2800.1264" name=3DGENERATOR></HEAD> <BODY> <DIV><SPAN class=3D774390113-18102003><FONT face=3DArial size=3D2>A new = working group=20 is being formed to address long-term archive and notary=20 services. Mailing list information can be found at <A=20 href=3D"http://www.imc.org/ietf-ltans/index.html">http://www.imc.org/ietf= -ltans/index.html</A>;=20 additional details can be found at: <A=20 href=3D"http://ltans.edelweb.fr">http://ltans.edelweb.fr</A>. = We'll be=20 meeting for the first time at the upcoming IETF meeting in = Minneapolis. =20 Anyone interested in giving a presentation during the WG session should = send a=20 request to <A=20 href=3D"mailto:tobias.gondrom@ixos.de">tobias.gondrom@ixos.de</A> or= <A=20 href=3D"mailto:cwallace@orionsec.com">cwallace@orionsec.com</A>.</FONT></= SPAN></DIV></BODY></HTML> ------=_NextPart_000_002E_01C39559.7D2FABD0-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IAqVI7012177 for <ietf-pkix-bks@above.proper.com>; Sat, 18 Oct 2003 03:52:31 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9IAqVOh012176 for ietf-pkix-bks; Sat, 18 Oct 2003 03:52:31 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout05.sul.t-online.com (mailout05.sul.t-online.com [194.25.134.82]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IAqTI7012171 for <ietf-pkix@imc.org>; Sat, 18 Oct 2003 03:52:30 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: from fwd04.aul.t-online.de by mailout05.sul.t-online.com with smtp id 1AAoh0-0005ly-01; Sat, 18 Oct 2003 12:52:18 +0200 Received: from hagen (VgaSraZSZeEshxY5S8DyZc+8Cnzqumh2rD+A5PUL8gisdioAtyt7s4@[80.128.92.191]) by fmrl04.sul.t-online.com with esmtp id 1AAogr-0PUK4O0; Sat, 18 Oct 2003 12:52:09 +0200 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Michael Myers'" <mmyers@fastq.com>, <ietf-pkix@imc.org> Cc: "'David Engberg'" <dave@corestreet.com>, "'Alex Deacon'" <alex@verisign.com> Subject: RE: DISCUSSION: Nonce-specific error code for OCSP Date: Sat, 18 Oct 2003 12:52:06 +0200 Organization: SyTrust Message-ID: <000101c39565$df858190$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: <EOEGJNFMMIBDKGFONJJDIEFNDFAA.mmyers@fastq.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Seen: false X-ID: VgaSraZSZeEshxY5S8DyZc+8Cnzqumh2rD+A5PUL8gisdioAtyt7s4@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Because willful disregard of a client's nonce violates first > principles. Enabling service providers a legal basis to do > so via reliance on an IETF standard is a whole different question. It is not a "willful disregard"! A caching responder CANNOT answer nonces. And the IETF standard already defines a "legal basis" for a service provide to do so: simply not answering the nonce. Thats not a perfect way - but thats the way RfC2560 suggests. Can you please tell me where those "first principles" of the IETF you mention are defined? Where can I read more about it? What "first principles" do you mean exactly? Thanks for your help, -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IAn7I7011931 for <ietf-pkix-bks@above.proper.com>; Sat, 18 Oct 2003 03:49:07 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9IAn7Pw011930 for ietf-pkix-bks; Sat, 18 Oct 2003 03:49:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9IAn5I7011924 for <ietf-pkix@imc.org>; Sat, 18 Oct 2003 03:49:06 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: from fwd04.aul.t-online.de by mailout09.sul.t-online.com with smtp id 1AAodr-0000qV-00; Sat, 18 Oct 2003 12:49:03 +0200 Received: from hagen (EkzUhTZ1ge6JE7tBpjmeDiWuVyRWe+hUKqbkkMSUoqmvsi-n3cTxUe@[80.128.92.191]) by fmrl04.sul.t-online.com with esmtp id 1AAodg-1m2rUO0; Sat, 18 Oct 2003 12:48:52 +0200 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'David Engberg'" <dave@corestreet.com>, "'Michael Myers'" <mmyers@fastq.com> Cc: <ietf-pkix@imc.org> Subject: RE: DISCUSSION: Nonce-specific error code for OCSP Date: Sat, 18 Oct 2003 12:48:49 +0200 Organization: SyTrust Message-ID: <000001c39565$69ee5b50$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: <3F905E84.2040005@corestreet.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Seen: false X-ID: EkzUhTZ1ge6JE7tBpjmeDiWuVyRWe+hUKqbkkMSUoqmvsi-n3cTxUe@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David Engberg wrote: > Dumb question: why is it possible to add a new > OCSPResponseStatus code > value (a non-backward-compatible addition) for v1, but not to convey > this information through a new responseExtension in the > signed body (a > backward compatible change with better security semantics)? /agree Even more as all extension procressing is optional, meaning that such an addition IS completely backward compatible with all clients out there by definiton. Why did we add the extension system in the first place? I thought this was done with such extensions in mind. After all this discussion, we have two options for adding such an extension: Option A) "The-signer-of-this-response-intended-it-to-be-cached extension": Even when the request containes a nonce a responder may answer with a response containing no nonce but this extension. Clients supporting nonces should not accept a nonce-less response without this extension. Option B) "Usually-I-support-nonce extension": Responders that are able to generate nonces and get a request without nonce add this extension. (A responder could also indicate this by producing a server-generated nonce). Clients supporting nonces should not accept responses containing this extension but NOT containing a fitting nonce. Getting a response without nonce and without this extension indicates, that the responder is not able to generate nonces. Mind: These options do basically the same, we only need one of them. I strongly vote to include an extension according option A (Davids proposal) into OCSPv1. If this is not possible, I would like to advise all responder implementers to use Option B with server-generated nonces, as this behaviour is already covered by OCSPv1 and does not need any changes to the RfC. For OCSPv2 we should then go for an extension according to option A. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9I14QI7031801 for <ietf-pkix-bks@above.proper.com>; Fri, 17 Oct 2003 18:04:26 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9I14Qdm031800 for ietf-pkix-bks; Fri, 17 Oct 2003 18:04:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from infoblox.com (trevise.infoblox.com [209.209.39.217]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9I14OI7031794 for <ietf-pkix@imc.org>; Fri, 17 Oct 2003 18:04:24 -0700 (PDT) (envelope-from sinn@infoblox.com) Received: from DICK (205.158.171.194.ptr.us.xo.net [205.158.171.194]) by infoblox.com (Postfix) with SMTP id B91C9544C0; Fri, 17 Oct 2003 18:04:26 -0700 (PDT) Message-ID: <002a01c39513$b7112fe0$ac01000a@openloop.com> From: "Richard Sinn (Infoblox)" <sinn@infoblox.com> To: "Miguel Rodriguez" <mars@seguridata.com>, "'Michael Myers'" <mmyers@fastq.com> Cc: <ietf-pkix@imc.org> References: <001701c394b4$c71ee260$a600a8c0@seguridata.com> Subject: Re: POLL: Nonce-specific error code for OCSP Date: Fri, 17 Oct 2003 18:03:59 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> NO. Clearly after all these discussion. - Richard. ----- Original Message ----- From: "Miguel Rodriguez" <mars@seguridata.com> To: "'Michael Myers'" <mmyers@fastq.com> Cc: <ietf-pkix@imc.org> Sent: Friday, October 17, 2003 6:44 AM Subject: RE: POLL: Nonce-specific error code for OCSP > > NO > > Miguel A Rodriguez > SeguriDATA > Mexico > > > > > This poll is focussed on the narrower v1 issue ONLY. Should we > > or should we not standardize a v1 error code? If this poll is > > inconclusive, then I suppose we'll get into the heart of the > > matter, which is whether it is acceptable in v1 to disregard a > > client's nonce. But let's leave those discussions to another > > thread and first get a vote tally. > > > > Mike > > > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9HMo1I7028835 for <ietf-pkix-bks@above.proper.com>; Fri, 17 Oct 2003 15:50:01 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9HMo1hP028834 for ietf-pkix-bks; Fri, 17 Oct 2003 15:50:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9HMo0I7028825 for <ietf-pkix@imc.org>; Fri, 17 Oct 2003 15:50:00 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h9HMo2t47044; Fri, 17 Oct 2003 15:50:02 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: <ietf-pkix@imc.org> Cc: "David Engberg" <dave@corestreet.com>, "Alex Deacon" <alex@verisign.com> Subject: RE: DISCUSSION: Nonce-specific error code for OCSP Date: Fri, 17 Oct 2003 15:53:02 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDIEFNDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal In-Reply-To: <3F905E84.2040005@corestreet.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Because willful disregard of a client's nonce violates first principles. Enabling service providers a legal basis to do so via reliance on an IETF standard is a whole different question. Mike > -----Original Message----- > From: David Engberg [mailto:dave@corestreet.com] > Sent: Friday, October 17, 2003 2:26 PM > To: Michael Myers > Cc: ietf-pkix@imc.org > Subject: DISCUSSION: Nonce-specific error code for OCSP > > > > Dumb question: why is it possible to add a new > OCSPResponseStatus code value (a non-backward- > compatible addition) for v1, but not to convey > this information through a new responseExtension in > the signed body (a backward compatible change with > better security semantics)? Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9HLQdI7026446 for <ietf-pkix-bks@above.proper.com>; Fri, 17 Oct 2003 14:26:39 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9HLQd6w026445 for ietf-pkix-bks; Fri, 17 Oct 2003 14:26:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from the-humungus.corestreet.com ([68.162.232.130]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9HLQcI7026433 for <ietf-pkix@imc.org>; Fri, 17 Oct 2003 14:26:38 -0700 (PDT) (envelope-from dave@corestreet.com) Received: from corestreet.com (engberg2.corestreet.com [192.168.2.119]) by the-humungus.corestreet.com (8.12.8/8.12.8) with ESMTP id h9HLQSxh018929; Fri, 17 Oct 2003 17:26:28 -0400 Message-ID: <3F905E84.2040005@corestreet.com> Date: Fri, 17 Oct 2003 17:26:28 -0400 From: David Engberg <dave@corestreet.com> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Michael Myers <mmyers@fastq.com> CC: ietf-pkix@imc.org Subject: DISCUSSION: Nonce-specific error code for OCSP References: <EOEGJNFMMIBDKGFONJJDKEFHDFAA.mmyers@fastq.com> In-Reply-To: <EOEGJNFMMIBDKGFONJJDKEFHDFAA.mmyers@fastq.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Dumb question: why is it possible to add a new OCSPResponseStatus code value (a non-backward-compatible addition) for v1, but not to convey this information through a new responseExtension in the signed body (a backward compatible change with better security semantics)? Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9HDibI7010579 for <ietf-pkix-bks@above.proper.com>; Fri, 17 Oct 2003 06:44:37 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9HDibgu010578 for ietf-pkix-bks; Fri, 17 Oct 2003 06:44:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from seguridata1.seguridata.com ([200.57.34.107]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9HDiZI7010569 for <ietf-pkix@imc.org>; Fri, 17 Oct 2003 06:44:36 -0700 (PDT) (envelope-from mars@seguridata.com) Received: from MarsXP ([200.67.231.235]) by seguridata1.seguridata.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 17 Oct 2003 08:45:35 -0500 From: "Miguel Rodriguez" <mars@seguridata.com> To: "'Michael Myers'" <mmyers@fastq.com> Cc: <ietf-pkix@imc.org> Subject: RE: POLL: Nonce-specific error code for OCSP Date: Fri, 17 Oct 2003 08:44:19 -0500 Message-ID: <001701c394b4$c71ee260$a600a8c0@seguridata.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <EOEGJNFMMIBDKGFONJJDKEFHDFAA.mmyers@fastq.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal X-OriginalArrivalTime: 17 Oct 2003 13:45:35.0156 (UTC) FILETIME=[F0CDF740:01C394B4] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> NO Miguel A Rodriguez SeguriDATA Mexico > > This poll is focussed on the narrower v1 issue ONLY. Should we > or should we not standardize a v1 error code? If this poll is > inconclusive, then I suppose we'll get into the heart of the > matter, which is whether it is acceptable in v1 to disregard a > client's nonce. But let's leave those discussions to another > thread and first get a vote tally. > > Mike > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9H6HQI7048895 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 23:17:26 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9H6HQgl048893 for ietf-pkix-bks; Thu, 16 Oct 2003 23:17:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ddba033.netstream.ch (ddba033.netstream.ch [62.65.128.33]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9H6HOI7048833 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 23:17:25 -0700 (PDT) (envelope-from joseph.doekbrijder@swisssign.com) Received: from [62.65.151.222] (helo=laptopjad) by ddba033.netstream.ch with esmtp (Exim 4.10) id 1AANvN-000LEj-00; Fri, 17 Oct 2003 08:17:21 +0200 From: "Joseph A. Doekbrijder" <joseph.doekbrijder@swisssign.com> To: <mmyers@fastq.com>, <ietf-pkix@imc.org> Subject: RE: POLL: Nonce-specific error code for OCSP Date: Fri, 17 Oct 2003 08:17:16 +0200 Organization: SwissSign Message-ID: <001201c39476$508c9c70$2103a8c0@laptopjad> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <EOEGJNFMMIBDKGFONJJDKEFHDFAA.mmyers@fastq.com> Importance: Normal Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9H6HPI7048883 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> No. Joseph A. Doekbrijder -------------------------------------------------- SwissSign AG Löwenstrasse 1, CH-8001 Zürich Tel: +41 433 44 88 11 Mobile: +41 79 211 24 46 www.swisssign.com -------------------------------------------------- > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Michael Myers > Sent: Thursday, October 16, 2003 18:05 > To: ietf-pkix@imc.org > Subject: RE: POLL: Nonce-specific error code for OCSP > > > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > > Sent: Thursday, October 16, 2003 12:34 AM > > To: Michael Myers > > Cc: ietf-pkix@imc.org > > Subject: Re: POLL: Nonce-specific error code for OCSP > > > > > > > > Mike, > > > > > All, > > > > > I recently received permission from the chairs to > > poll the WG > > > against the following question. > > > > > Should we standardize an OCSP *V1* error code that enables a > > > responder to indicate its inability to respond to nonced requests? > > > > > Please respond with either YES or NO. > > > > I would suggest to you provide a resumé of the > > advantages of this new error > > code (and disadvantages if not supported), so that > > people do not have to > > look back at that long thread on that topic to make > > up their opinion. > > > > Denis > > > > > Mike > > > > A reasonable request. > > In summary, we need to standardize the treatment of nonces > when nonces aren't supported. RFC2560 is regrettably silent > on the point. The need to do so is particularly acute in the > context of heterogeneous populations of clients and servers > (i.e. not operating under a single administrative authority). > Some may be set up to use or support nonces and some may > not. The question is of course moot for requests that don't > contain nonces. > > The issue is further complicated by the use of pre-produced > responses to achieve scalability through caching (i.e. > non-signing) servers. A relay back to a master signing > server could work, but that doesn't seem to be a popular > option. So that leaves us with two server-side options. > Either: 1) send back a non-nonced response anyway with > technical extensions; or > 2) send back an error code. > > Variations on option 1 have been discussed, with the > likelihood that an extended response syntax or equivalent > technical mechanisms will force a v2 and all that entails > with regard to IETF process. > > Yet we also need to do something sooner about v1. In this > case, an existing error could be designated or we could > define a new one that servers can send back in the event they > don't support nonces. Absent a designated error code, it is > predictable that ad-hoc selections will be made to to address > the issue with a consequent reduction in Internet-wide OCSP > interoperability and security. > > This poll is focussed on the narrower v1 issue ONLY. Should > we or should we not standardize a v1 error code? If this poll > is inconclusive, then I suppose we'll get into the heart of > the matter, which is whether it is acceptable in v1 to > disregard a client's nonce. But let's leave those > discussions to another thread and first get a vote tally. > > Mike > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9H38uI7026364 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 20:08:56 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9H38uPd026362 for ietf-pkix-bks; Thu, 16 Oct 2003 20:08:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9H38tI7026356 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 20:08:55 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h9H38vt95630 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 20:08:58 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: <ietf-pkix@imc.org> Subject: DISCUSS: Nonce-specific error code for OCSP Date: Thu, 16 Oct 2003 20:12:01 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDCEFLDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-reply-to: <3F8F34D3.9070800@aol.net> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Julien, Perhaps this time the subject line modification will stick. Two discussion points embedded below. Apologies in advance for the abbreviation of your thoughtful comments. Mike > -----Original Message----- > From: Julien Pierre > > . . . > > What prompted this discussion is that due to > performance (and other) concerns, a lot of > people are running caching responders today, > and want their responses to be accepted by > clients of type 2. [mm] To my count, "a lot" is two among the twelve server-side implementors who responded to the prior poll. > > [well-reasoned v2-relevant discussion . . . ] > [mm] I agree there exists many variations in a v2 context and I agree that this WG should consider all such in the timeframe of that potential standard. [mm] Meanwhile, what should we do for v1? The current de-facto default is that a nonce may be ignored. Does this WG support that premise? Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9H1a0I7023814 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 18:36:00 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9H1Zxui023813 for ietf-pkix-bks; Thu, 16 Oct 2003 18:35:59 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from imr7.us.db.com (imr7.us.db.com [160.83.77.105]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9H1ZwI7023808 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 18:35:59 -0700 (PDT) (envelope-from frank.balluffi@db.com) Received: from sdbo1005.db.com by imr7.us.db.com id h9H1ZvFa025814; Thu, 16 Oct 2003 21:35:57 -0400 Subject: Re: POLL: Nonce-specific error code for OCSP To: mmyers@fastq.com Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: <OF65D366BB.B9A5EA7E-ON85256DC2.0008B315@db.com> From: "Frank Balluffi" <frank.balluffi@db.com> Date: Thu, 16 Oct 2003 21:35:56 -0400 X-MIMETrack: Serialize by Router on sdbo1005/DBNA/DeuBaInt/DeuBa(Release 5.0.12 |February 13, 2003) at 10/16/2003 09:35:57 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> NO Frank "Michael Myers" <mmyers@fastq.com To: <ietf-pkix@imc.org> > cc: Sent by: Subject: POLL: Nonce-specific error code for OCSP owner-ietf-pkix@m ail.imc.org 10/15/2003 05:02 PM All, I recently received permission from the chairs to poll the WG against the following question. Should we standardize an OCSP *V1* error code that enables a responder to indicate its inability to respond to nonced requests? Please respond with either YES or NO. Mike -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9H0IpI7021117 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 17:18:51 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9H0IpIx021116 for ietf-pkix-bks; Thu, 16 Oct 2003 17:18:51 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mcom.com (c3po.aoltw.net [64.236.137.25]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9H0IoI7021110 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 17:18:50 -0700 (PDT) (envelope-from jpierre@aol.net) Received: from judge.mcom.com (judge.nscp.aoltw.net [10.169.8.47]) by mcom.com (8.10.0/8.10.0) with ESMTP id h9H0Ilq10893 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 17:18:47 -0700 (PDT) Received: from kitty.nscp.aoltw.net ([10.169.25.23]) by judge.mcom.com (Netscape Messaging Server 4.15) with ESMTP id HMVKV900.72M; Thu, 16 Oct 2003 17:18:45 -0700 Date: Thu, 16 Oct 2003 17:20:34 -0700 From: jpierre@aol.net (Julien Pierre) Subject: Re: POLL: Nonce-specific error code for OCSP To: mmyers@fastq.com cc: ietf-pkix@imc.org In-Reply-To: <EOEGJNFMMIBDKGFONJJDEEFDDFAA.mmyers@fastq.com> Message-ID: <3F8F35D2.6010404@aol.net> References: <EOEGJNFMMIBDKGFONJJDEEFDDFAA.mmyers@fastq.com> X-Mailer: AOL Communicator (20031015Trnk.3 Win) Organization: Netscape MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms010704000904080802040505" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms010704000904080802040505 Content-Type: TEXT/PLAIN; CHARSET=us-ascii NO. -- I am the dog in dogfood --------------ms010704000904080802040505 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKIjCC AoQwggFsoAMCAQICAgORMA0GCSqGSIb3DQEBBQUAMDMxDDAKBgNVBAoTA0FPTDERMA8GA1UE CxMIVEVDSCBERVYxEDAOBgNVBAMTB0FPTCBLRVkwHhcNMDMxMDE2MDI0NzMzWhcNMDQwNDEz MDI0NzMzWjAWMRQwEgYDVQQDEwtqcGllcnJlMDI2NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEAvOtZTw6Jx0k4YN4jvCraClKIRXv6u0lI43XeVqTj30wHrZ7mcYq8+MSvoiKyCk4y 9tK81T2c6ECWWvzn9CuzHztax0EWBctoqnf4V7kzhZfeKUi7zJ6UUa/DkzFYOHWLzybIRcdV 2v9Lvmb4cQPOSOhFO61ccfE9vs4zm+2VrdcCAwEAAaNDMEEwDgYDVR0PAQH/BAQDAgXgMC8G A1UdEQQoMCaBD2pwaWVycmVAYW9sLm5ldIETanBpZXJyZTAyNjRAYW9sLmNvbTANBgkqhkiG 9w0BAQUFAAOCAQEATiGEDdIha9TCGhP75eTa0cTiI+1Hehs0wvYbiYNf5tu/PD8uae8SUXFn 6USDucxhCEaCtJK5GEYYYk7fBuatSib61/K6Sq413adHwk8HICtWuyU0PTKxZk1A740GfxnK HY1dZlJVIgcBxAUXG+mxgtLgvFizPHb6pBmGa/BGGDHfbuCOFmetX8kc5JFLxL8vss+PiZWA JIhwp6UREvU3NQwaFLq69/zGfzEMGcugavG4124ZWdMSebezXeRWNaRFM2afD9KjGBC4FV5f BqotN6idCnpqKnDwhGuI/N/N91F5MMacDD/PdNjt/DuBR78xl5fd+nBwjIAgJKRMXk4OmDCC A5kwggKBoAMCAQICAQcwDQYJKoZIhvcNAQEFBQAwMzEMMAoGA1UEChMDQU9MMREwDwYDVQQL EwhURUNIIERFVjEQMA4GA1UEAxMHVEVTVCBDQTAeFw0wMzA2MjYwMDM5NTFaFw0wODA2MjQy MzM5NTFaMDMxDDAKBgNVBAoTA0FPTDERMA8GA1UECxMIVEVDSCBERVYxEDAOBgNVBAMTB0FP TCBLRVkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPuXAqR0wNCMoPF1qnFDix K2db1P9v1f/9i1nyejlYCuwAykidFIo+gaNKU6OHjnQAW0eDzwdfa/yq+AqZI8P2weMWdxA1 KeGCvEvYuYk9PmjEjLx5vXPVCSSTb4vOeoBsWXlZElNF9bWReJ+mgp5TmujRS6PaG7PkVWsk T9OAozvVKRMY7SMvqIznOK6nm9A9d9hyFFMy9X3wL46k56782kXDAx6XzsGnxN6aJpo7aISd e7fuvDj60EkEnVe3D7XOuqqWN1riTXiH4NlapFnNrpBlrqPx4Zz6ckCp0yA9NfsP0IqLp0tI WsU5t+zODIQtmAwXIiyMJ1LOHXibSQRpAgMBAAGjgbcwgbQwHwYDVR0jBBgwFoAU8hIIcf+A y6tpx1QG2H1tOkOIj8gwHQYDVR0OBBYEFNTbBXTfuPOxMnsfcMZ3mLYUE5dnMA8GA1UdEwEB /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIBAQQEAwIDuDA+BggrBgEFBQcB AQQyMDAwLgYIKwYBBQUHMAGGImh0dHA6Ly90ZGNhLm5zY3AuYW9sdHcubmV0OjgxL29jc3Aw DQYJKoZIhvcNAQEFBQADggEBAGYJn/C6nQ827CKmOGsMJCpAqnkc7/lAkMPMtuAIWdNIg1es 5//U4pmn9okHrm2wenT5lFk5X0SihHiaIGChY/RkgGVzPGiVBJpBcxDJiqT2HOWOsPIU6uhq dHZctRbZl10qz4Y1lPlfymBfXJ4zNbeoV8z+G2zNFPwzRZS1OYifWjwXc8b4qLwRdMRYaWaa QALnXf9bopjnjK9Qo+55Vmfr1QZaAx9wktMi5f3dSu5eeUK1f+5M3Yuc/SylbpiFD5daLhpL fQIkBhG3juuARY/7fblxpo6eldml2g41cKowxlU2GMg4OCRiPvCvHAetPKQ0Fv4MRor1hsQS OC8GsuIwggP5MIIDYqADAgECAgJwuTANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJBbWVyaWNh IE9ubGluZSBJbmMxGTAXBgNVBAsTEEFPTCBUZWNobm9sb2dpZXMxJzAlBgNVBAMTHkludHJh bmV0IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMzA4MjYyMDIxMjJaFw0wNDAyMjIyMDIx MjJaMHsxCzAJBgNVBAYTAlVTMRswGQYDVQQKExJBbWVyaWNhIE9ubGluZSBJbmMxFzAVBgoJ kiaJk/IsZAEBEwdqcGllcnJlMR4wHAYJKoZIhvcNAQkBFg9qcGllcnJlQGFvbC5uZXQxFjAU BgNVBAMTDUp1bGllbiBQaWVycmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWhFGwP NuTnPV2LjYcyYghp5ZR1wjC7LDUbets5CsANFCGY2FHJ/eZBzOzO8/gWrCrX4xdcwA9nji9k lajS28uGWxA7Hyco3VmdMOmUwUfJqxcudm0gf991Ut+qQC6pFXLXmuVJuVy8kNOrMxr2Ml7U I5/1JbmB2839L+W9pibpAgMBAAGjggFxMIIBbTAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0lBBYw FAYIKwYBBQUHAwIGCCsGAQUFBwMEMEMGCWCGSAGG+EIBDQQ2FjRJc3N1ZWQgYnkgTmV0c2Nh cGUgQ2VydGlmaWNhdGUgTWFuYWdlbWVudCBTeXN0ZW0gNC41MIGSBgNVHREEgYowgYeBD2pw aWVycmVAYW9sLm5ldIEWanVsaWVuX3BpZXJyZUBtY29tLmNvbYEQanBpZXJyZUBtY29tLmNv bYEaanVsaWVuX3BpZXJyZUBuZXRzY2FwZS5jb22BFGpwaWVycmUwMjY0QG1jb20uY29tgRhq cGllcnJlMDI2NEBuZXRzY2FwZS5jb20wHwYDVR0jBBgwFoAUKduyLYN+f4sju8LMZrk56Cnz AoYwQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUFBzABhiVodHRwOi8vY2VydGlmaWNhdGVzLm5l dHNjYXBlLmNvbS9vY3NwMA0GCSqGSIb3DQEBBQUAA4GBANnuPQppIwMT5atjpnKRyPr7o2wN cXgkmRwQ+IsGqxjObF0xiU5/r2aBVnOFClxsfo9bKGXYPpz8YiKiQPDC3gz903RznGmBjzHZ VmXW6syq3tnkFm4l7Ya55AOSsJ7psNdmOcnMQp8P4ZphLanh3wcgYO7DRq1YavxEVAnHxBcB MYIC8jCCAu4CAQEwOTAzMQwwCgYDVQQKEwNBT0wxETAPBgNVBAsTCFRFQ0ggREVWMRAwDgYD VQQDEwdBT0wgS0VZAgIDkTAJBgUrDgMCGgUAoIICDzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0wMzEwMTcwMDIwMzVaMCMGCSqGSIb3DQEJBDEWBBRYkkgG qOiudkPq93RrzKkqZhx2EjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3 DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBqwYJKwYB BAGCNxAEMYGdMIGaMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1v dW50YWluIFZpZXcxGzAZBgNVBAoTEkFtZXJpY2EgT25saW5lIEluYzEZMBcGA1UECxMQQU9M IFRlY2hub2xvZ2llczEnMCUGA1UEAxMeSW50cmFuZXQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 AgJwuTCBrQYLKoZIhvcNAQkQAgsxgZ2ggZowgZMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD QTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEbMBkGA1UEChMSQW1lcmljYSBPbmxpbmUgSW5j MRkwFwYDVQQLExBBT0wgVGVjaG5vbG9naWVzMScwJQYDVQQDEx5JbnRyYW5ldCBDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkCAnC5MA0GCSqGSIb3DQEBAQUABIGAf+5gLhSVNhtjyGMEwJCVoLIq F8O33DY2MPTN41XL0cwd93z5lXRi/pRZGhL3ykm1+gRllmYRyOEGpOiTvo4heQYc9GVLJAhi R2DAhHkFRKwGA85P+2ZbX/6KMOmCIbPu7yMHJ3M2LsxhS5Jz04xb9UuCjy1y85T7A2XJcLiE hhoAAAAAAAA= --------------ms010704000904080802040505-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9H0EbI7020884 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 17:14:37 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9H0Eb4p020883 for ietf-pkix-bks; Thu, 16 Oct 2003 17:14:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from scale01.mcom.com (h-64-236-139-249.aoltw.net [64.236.139.249]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9H0EVI7020873 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 17:14:32 -0700 (PDT) (envelope-from jpierre@aol.net) Received: from aol.net ([10.169.25.23]) by scale01.nscp.aoltw.net (Netscape Messaging Server 6.1 (built Oct 3 2002)) with ESMTP id <0HMV00AG4KNTHR@scale01.nscp.aoltw.net> for ietf-pkix@imc.org; Thu, 16 Oct 2003 17:14:17 -0700 (PDT) Date: Thu, 16 Oct 2003 17:16:19 -0700 From: Julien Pierre <jpierre@aol.net> Subject: Re: POLL: Nonce-specific error code for OCSP In-reply-to: <EOEGJNFMMIBDKGFONJJDIEFJDFAA.mmyers@fastq.com> To: ietf-pkix@imc.org Reply-to: jpierre@aol.net Message-id: <3F8F34D3.9070800@aol.net> Organization: America On-Line, Inc MIME-version: 1.0 Content-type: multipart/signed; boundary=------------ms060809060100060006010102; micalg=sha1; protocol="application/x-pkcs7-signature" X-Accept-Language: en-us, en User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 References: <EOEGJNFMMIBDKGFONJJDIEFJDFAA.mmyers@fastq.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms060809060100060006010102 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Michael Myers wrote: >Julien, > >I modified the subject line to keep the POLL thread clean for >votes. > >OCSP errors are unsigned to enable handling of DOS-type attacks >at the edge rather than the core. This feature was argued in >favor of those who might deploy this protocol using pre-produced >responses. > The nonce extension was introduced so that clients could make sure that they would get fresh responses from a live OCSP responder. If we add an unsigned error code in the clear to state that the OCSP responder is not live and therefore can't sign nonce requests, then the purpose of the nonce extension can be easily defeated by a attacker who can replay that error code and fool the client into thinking that he is not talking to a live responder. I believe that is a security hole that defeats the purpose of nonce. This case is much different from DOS cases. Due to the other unsigned error codes in OCSP, DOS attacks cannot be avoided. But a client can handle them properly, by considering them the same as a failure to validate. On the other hand with this "caching responder" error code, some invalid certs that were recently revoked might be considered valid because an attacker sent this error code, then served an older good cached response for the recently revoked cert. Validating invalid certs is a much more serious problem than DOS, in my opinion. In the end, there are really only two real-world cases, and they come down to the OCSP client's policy : 1) If the client is willing to accept pre-produced responses, it should not send nonce in the OCSP request. End of story, all signed responses are good. The client is subject to replay attacks, but it is aware of that fact - that's how it was configured. 2) If the client insists on talking to a live responder, it should send nonce in the OCSP request, and check for the same nonce in the OCSP response. If they match, the response is accepted, otherwise, they are not accepted. What prompted this discussion is that due to performance (and other) concerns, a lot of people are running caching responders today, and want their responses to be accepted by clients of type 2. I don't think that's a good thing because nonce was specifically introduced to prevent replay attacks, and as a result, is incompatible with caching responders. The clients that send nonce in their requests are very few, but they probably have good reasons to do so. > That said, presenting a pre-fetched (pre-signed?) >error response does nothing to mitigate anti-replay. > Not true if that response has an expiration time. As I mentioned above, to be useful, this signed error response would need to have a validity period : ie. between times t1 and t2, this responder may send pre-produced responses. If this cached signed response was sent, the client could be reasonably sure that the server truly intended to send cached responses for that period. This does mean that periodically (when t2 comes up), the caching responders would have to refetch this error response from the master (live) responder. However it still allows caching to work by dramatically reducing the signature operations. This new type of error response would enable a third type of OCSP client policy that is not possible today : 3) Clients that prefer signed OCSP responses, but are willing to accept cached responses if the server can convince them that it is a caching responder. They would work by sending a request with nonce. They would only fall back to accepting no-nonce responses if they first received a signed response with the "caching responder" error code from the responder. And they would only accept the pre-produced responses if the time of their OCSP requests fell between t1 and t2. There could also be a statement in the "caching responder" response as to the maximum age of the subsequent cached responses. This would partially protect against replay attacks from the beginning of time. I think this is definitely not something to consider for OCSP v1, but it can be discussed for v2. --------------ms060809060100060006010102 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIK7zCC A1cwggLAoAMCAQICAwpBMjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCWkExFTATBgNV BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUx HTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVl bWFpbCBSU0EgMjAwMC44LjMwMB4XDTAzMDYzMDIxMjQwMFoXDTA0MDYyOTIxMjQwMFowgYIx DzANBgNVBAQTBlBpZXJyZTEPMA0GA1UEKhMGSnVsaWVuMRYwFAYDVQQDEw1KdWxpZW4gUGll cnJlMSMwIQYJKoZIhvcNAQkBFhRqcGllcnJlQG5ldHNjYXBlLmNvbTEhMB8GCSqGSIb3DQEJ ARYSbWFkYnJhaW5AcmF3YncuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA yifKcMKlTYGJ06ltDGQUcwqnWv0I+GegpPVluxR2MvRTunWog7k4ZlmDoFRIpZHOlmxC3K9q Jda876lUkonNNdDgS87qGyWIxylrzLNFfiZBKzcx2ivSiLkz9GXihPQLtv5z/slSEGYNPafh HaWcm01oLrywNbhY4zb9qAgru3vw+4ZFRCqNE1wgZoZAGxgGNiO4jWUSN3HNqk9ZGTyC+Adp Tzmms8TXMA69PUZgyK6WwMwzsWHPnx008hmVpAzHyYcX0ZHKCoF/h5PSOHptCKMzZ0IOz9gB F3ngNZxXEoEsle0Ynnu7I5/CcYO3NmBoH7fWsFwfl1cbl8v1oIX2lQIDAQABo0UwQzAzBgNV HREELDAqgRRqcGllcnJlQG5ldHNjYXBlLmNvbYESbWFkYnJhaW5AcmF3YncuY29tMAwGA1Ud EwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAuTVM8HQ/hcLrNzrtCm/4tuRXXxxf6HQW4pxu 0Pojr49aloK7MX3ZVTHGpnRlMuxKNyHgjh7aAFM66GgaRticjuYEQOAPCz0VAR25nkV87ONK D8CVo///cL7Xy5T8B9d0NQVo0zdK4GjPRabIi3woNF1fbvzZXUwhNRDJh5MaSoUwggOSMIIC +6ADAgECAgQEAAMRMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9H VEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJvb3QwHhcNMDMwODA3 MTQwNjAwWhcNMDQwODA3MjM1OTAwWjCBkzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYw FAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJBbWVyaWNhIE9ubGluZSBJbmMxGTAX BgNVBAsTEEFPTCBUZWNobm9sb2dpZXMxJzAlBgNVBAMTHkludHJhbmV0IENlcnRpZmljYXRl IEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4u9fLHZDiUsaX7Pl+Kpv iy+BTWf/vUoPYy7E3IX2nixJJiD/ABfkiIhp3v2DV+CjERkRqtbcvO+z0hUuVMZufL/ZucNG 0wkFhOVTXEjthIWaDjs9Fgdc8LN5q5oQpbzBpNF4TAblZEH8BSVjJuvvDMduVKGMzlRXth+S 2rISS40CAwEAAaOCAT4wggE6MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93d3cucHVibGlj LXRydXN0LmNvbS9jZ2ktYmluL0NSTC8yMDA2L2NkcC5jcmwwHQYDVR0OBBYEFCnbsi2Dfn+L I7vCzGa5Oegp8wKGMFQGA1UdIARNMEswSQYKKoZIhvhjAQIBBTA7MDkGCCsGAQUFBwIBFi1o dHRwOi8vd3d3LnB1YmxpYy10cnVzdC5jb20vQ1BTL09tbmlSb290Lmh0bWwwWAYDVR0jBFEw T6FJpEcwRTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEcMBoGA1UE AxMTR1RFIEN5YmVyVHJ1c3QgUm9vdIICAaMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI MAYBAf8CAQEwDQYJKoZIhvcNAQEFBQADgYEAQyL9bXdvIuqlX+GUiI5s0kxfCeUovkr7qTuc rXa0vizFB6/md/zNy0uCTtQnTX99HdJp4GWjFlsUc510rsfyDt6goK5C12l90nKSILxfRfRJ FfWUz7n6KhsXM9TdkVjd6TpCdSZunuSQC0YeVQPQ81t5joJvuEK3BJrvIjYWyj4wggP6MIID Y6ADAgECAgJwujANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJBbWVyaWNhIE9ubGluZSBJbmMx GTAXBgNVBAsTEEFPTCBUZWNobm9sb2dpZXMxJzAlBgNVBAMTHkludHJhbmV0IENlcnRpZmlj YXRlIEF1dGhvcml0eTAeFw0wMzA4MjYyMDIxMjJaFw0wNDAyMjIyMDIxMjJaMHsxCzAJBgNV BAYTAlVTMRswGQYDVQQKExJBbWVyaWNhIE9ubGluZSBJbmMxFzAVBgoJkiaJk/IsZAEBEwdq cGllcnJlMR4wHAYJKoZIhvcNAQkBFg9qcGllcnJlQGFvbC5uZXQxFjAUBgNVBAMTDUp1bGll biBQaWVycmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgwx0yMW+8PDIrR6gBCA+eL 3K6RKwiuQSAaYc33/kS/Jf0vsmVbl+ozQfwChPlBA4+fAA/LoKNMnP1RXcYihwY2FZvWjAKJ GWFBBkND2m6BLDbxvfXosJd9IsO/VqloSAbfEbLq6SFFi/UK/HezzOCDwfb5viHJPbJI/Stk HVHhAgMBAAGjggFyMIIBbjAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdJQQWMBQGCCsGAQUFBwMC BggrBgEFBQcDBDBDBglghkgBhvhCAQ0ENhY0SXNzdWVkIGJ5IE5ldHNjYXBlIENlcnRpZmlj YXRlIE1hbmFnZW1lbnQgU3lzdGVtIDQuNTCBkgYDVR0RBIGKMIGHgQ9qcGllcnJlQGFvbC5u ZXSBFmp1bGllbl9waWVycmVAbWNvbS5jb22BEGpwaWVycmVAbWNvbS5jb22BGmp1bGllbl9w aWVycmVAbmV0c2NhcGUuY29tgRRqcGllcnJlMDI2NEBtY29tLmNvbYEYanBpZXJyZTAyNjRA bmV0c2NhcGUuY29tMB8GA1UdIwQYMBaAFCnbsi2Dfn+LI7vCzGa5Oegp8wKGMEEGCCsGAQUF BwEBBDUwMzAxBggrBgEFBQcwAYYlaHR0cDovL2NlcnRpZmljYXRlcy5uZXRzY2FwZS5jb20v b2NzcDANBgkqhkiG9w0BAQUFAAOBgQBLVKWb0Z7oB/sCYOEJXHixg3913rpO9KulCIJSFxxT 3KRUUuicC6NL1r70RnGmw4FINOIzNtsvADuha/WXARlEP8tmrMLCnaFGRPkcHq3P/7fa8hIa XzxTlJzqIqvW9UkURT/ROEscB+9bnWqXp6g31KNbrl6iY6FWkTH1/9vxBzGCA1QwggNQAgEB MIGaMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZp ZXcxGzAZBgNVBAoTEkFtZXJpY2EgT25saW5lIEluYzEZMBcGA1UECxMQQU9MIFRlY2hub2xv Z2llczEnMCUGA1UEAxMeSW50cmFuZXQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5AgJwujAJBgUr DgMCGgUAoIICDzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0w MzEwMTcwMDE2MTlaMCMGCSqGSIb3DQEJBDEWBBSshVvqjclS+MzjX5lEaVqb6MAlLzBSBgkq hkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIB QDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBqwYJKwYBBAGCNxAEMYGdMIGaMIGSMQswCQYD VQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzAN BgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMT H1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAwLjguMzACAwpBMjCBrQYLKoZIhvcNAQkQAgsx gZ2ggZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT CUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2 aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDCkEyMA0G CSqGSIb3DQEBAQUABIGA0uLcb0OKx9oWzUlhv0eLhvt8cxIYlAa5/lYEgco97gOFSEt/wkry i5b3UqdTj5+m/FMaFNL117J6OMjSCT7OpXYoUJGMytS7CSNhPn1jopkvTFH3OBpWLuTglwAl pBLjOk4ZYd5b3iVJCe+Vu0TZA9gL5pniwRwuSnCuNt0E4Y0AAAAAAAA= --------------ms060809060100060006010102-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GNakI7019273 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 16:36:46 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9GNakLn019272 for ietf-pkix-bks; Thu, 16 Oct 2003 16:36:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GNajI7019267 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 16:36:45 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h9GNajt85060; Thu, 16 Oct 2003 16:36:45 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: <jpierre@aol.net>, <ietf-pkix@imc.org> Subject: RE: POLL: Nonce-specific error code for OCSP Date: Thu, 16 Oct 2003 16:39:49 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDIEFJDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-reply-to: <3F8F0D55.80502@aol.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Julien, I modified the subject line to keep the POLL thread clean for votes. OCSP errors are unsigned to enable handling of DOS-type attacks at the edge rather than the core. This feature was argued in favor of those who might deploy this protocol using pre-produced responses. That said, presenting a pre-fetched (pre-signed?) error response does nothing to mitigate anti-replay. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Julien Pierre > Sent: Thursday, October 16, 2003 2:28 PM > To: ietf-pkix@imc.org > Subject: Re: POLL: Nonce-specific error code for OCSP > > > Florian Oelmaier wrote: > > >Rationale: > >My first idea was to say: if it is OPTIONAL for the > responder to use that error code it is ok. But in > fact even the OPTIONAL inclusion harms the security > of the protocol, as an attacker can fool clients into > believing a particular OCSP-Responder would not > support nonces, when in fact it does. > > > Agreed. The OCSP responses with error codes are not > signed, so this > would present a security hole. We should not let the > server return this > error code in an unsigned response. > > IMO, it would be acceptable to have an error code > only if the response > was signed and included a validity period. Each > caching responder would > have to prefetch such a response in order to be able > to serve it back to > clients that send nonces. > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GNS2I7019020 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 16:28:02 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9GNS2tG019019 for ietf-pkix-bks; Thu, 16 Oct 2003 16:28:02 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailbo.ntcif.telstra.com.au ([202.12.233.19]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GNS0I7019008 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 16:28:01 -0700 (PDT) (envelope-from James.H.Manger@team.telstra.com) Received: (from uucp@localhost) by mailbo.ntcif.telstra.com.au (8.8.2/8.6.9) id JAA17520 for <ietf-pkix@imc.org>; Fri, 17 Oct 2003 09:27:53 +1000 (EST) Received: from mailbi.ntcif.telstra.com.au(202.12.162.19) via SMTP by mailbo.ntcif.telstra.com.au, id smtpdvZaOLY; Fri Oct 17 09:11:08 2003 Received: (from uucp@localhost) by mailbi.ntcif.telstra.com.au (8.8.2/8.6.9) id JAA07014 for <ietf-pkix@imc.org>; Fri, 17 Oct 2003 09:11:04 +1000 (EST) Received: from localhost(127.0.0.1), claiming to be "mail.cdn.telstra.com.au" via SMTP by localhost, id smtpdalaOcn; Fri Oct 17 09:10:37 2003 Received: from WSMSG0004.srv.dir.telstra.com (wsmsg0004.srv.dir.telstra.com [192.74.168.133]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id JAA18772 for <ietf-pkix@imc.org>; Fri, 17 Oct 2003 09:10:36 +1000 (EST) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Subject: RE: POLL: Nonce-specific error code for OCSP Date: Fri, 17 Oct 2003 09:10:13 +1000 Message-ID: <73388857A695D31197EF00508B08F29806EE195C@ntmsg0131.corpmail.telstra.com.au> Thread-Topic: POLL: Nonce-specific error code for OCSP Thread-Index: AcOTeSAPI4+xTpd0QSCIm0NHvcO4JQAwTS2w From: "Manger, James H" <James.H.Manger@team.telstra.com> To: <ietf-pkix@imc.org> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9GNS1I7019015 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> NO ---------- From: Michael Myers [mailto:mmyers@fastq.com] Sent: Thursday, 16 October 2003 7:03 AM Should we standardize an OCSP *V1* error code that enables a responder to indicate its inability to respond to nonced requests? Please respond with either YES or NO. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GLZQI7011562 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 14:35:26 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9GLZQXJ011561 for ietf-pkix-bks; Thu, 16 Oct 2003 14:35:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from asgard.ietf.org (asgard.ietf.org [132.151.6.40]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GLZPI7011554 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 14:35:25 -0700 (PDT) (envelope-from apache@asgard.ietf.org) Received: from apache by asgard.ietf.org with local (Exim 4.14) id 1AAFjN-0002ah-P5; Thu, 16 Oct 2003 17:32:25 -0400 X-test-idtracker: no To: IETF-Announce :; Cc: ietf-pkix@imc.org From: The IESG <iesg-secretary@ietf.org> Subject: Last Call: 'X.509 Extensions for IP Addresses and AS Identifiers' to Proposed Standard Reply-to: iesg@ietf.org Message-Id: <E1AAFjN-0002ah-P5@asgard.ietf.org> Date: Thu, 16 Oct 2003 17:32:25 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The IESG has received a request from the Public-Key Infrastructure (X.509) WG to consider the following document: - 'X.509 Extensions for IP Addresses and AS Identifiers' <draft-ietf-pkix-x509-ipaddr-as-extn-03.txt> as a Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send any comments to the iesg@ietf.org or ietf@ietf.org mailing lists by 2003-10-30. The file can be obtained via http://www.ietf.org/internet-drafts/draft-ietf-pkix-x509-ipaddr-as-extn-03.txt Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GLQ6I7010870 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 14:26:06 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9GLQ6ol010869 for ietf-pkix-bks; Thu, 16 Oct 2003 14:26:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from scale01.mcom.com (h-64-236-139-249.aoltw.net [64.236.139.249]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GLQ5I7010859 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 14:26:06 -0700 (PDT) (envelope-from jpierre@aol.net) Received: from aol.net ([10.169.25.23]) by scale01.nscp.aoltw.net (Netscape Messaging Server 6.1 (built Oct 3 2002)) with ESMTP id <0HMV00A8DCUZHR@scale01.nscp.aoltw.net> for ietf-pkix@imc.org; Thu, 16 Oct 2003 14:25:47 -0700 (PDT) Date: Thu, 16 Oct 2003 14:27:49 -0700 From: Julien Pierre <jpierre@aol.net> Subject: Re: POLL: Nonce-specific error code for OCSP In-reply-to: <20031016084841.5371.qmail@www16.your-server.de> To: ietf-pkix@imc.org Reply-to: jpierre@aol.net Message-id: <3F8F0D55.80502@aol.net> Organization: America On-Line, Inc MIME-version: 1.0 Content-type: multipart/signed; boundary=------------ms010503050308040105020007; micalg=sha1; protocol="application/x-pkcs7-signature" X-Accept-Language: en-us, en User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 References: <20031016084841.5371.qmail@www16.your-server.de> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms010503050308040105020007 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Florian Oelmaier wrote: >Rationale: >My first idea was to say: if it is OPTIONAL for the responder to use that error code it is ok. But in fact even the OPTIONAL inclusion harms the security of the protocol, as an attacker can fool clients into believing a particular OCSP-Responder would not support nonces, when in fact it does. > Agreed. The OCSP responses with error codes are not signed, so this would present a security hole. We should not let the server return this error code in an unsigned response. IMO, it would be acceptable to have an error code only if the response was signed and included a validity period. Each caching responder would have to prefetch such a response in order to be able to serve it back to clients that send nonces. --------------ms010503050308040105020007 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIK7zCC A1cwggLAoAMCAQICAwpBMjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCWkExFTATBgNV BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUx HTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVl bWFpbCBSU0EgMjAwMC44LjMwMB4XDTAzMDYzMDIxMjQwMFoXDTA0MDYyOTIxMjQwMFowgYIx DzANBgNVBAQTBlBpZXJyZTEPMA0GA1UEKhMGSnVsaWVuMRYwFAYDVQQDEw1KdWxpZW4gUGll cnJlMSMwIQYJKoZIhvcNAQkBFhRqcGllcnJlQG5ldHNjYXBlLmNvbTEhMB8GCSqGSIb3DQEJ ARYSbWFkYnJhaW5AcmF3YncuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA yifKcMKlTYGJ06ltDGQUcwqnWv0I+GegpPVluxR2MvRTunWog7k4ZlmDoFRIpZHOlmxC3K9q Jda876lUkonNNdDgS87qGyWIxylrzLNFfiZBKzcx2ivSiLkz9GXihPQLtv5z/slSEGYNPafh HaWcm01oLrywNbhY4zb9qAgru3vw+4ZFRCqNE1wgZoZAGxgGNiO4jWUSN3HNqk9ZGTyC+Adp Tzmms8TXMA69PUZgyK6WwMwzsWHPnx008hmVpAzHyYcX0ZHKCoF/h5PSOHptCKMzZ0IOz9gB F3ngNZxXEoEsle0Ynnu7I5/CcYO3NmBoH7fWsFwfl1cbl8v1oIX2lQIDAQABo0UwQzAzBgNV HREELDAqgRRqcGllcnJlQG5ldHNjYXBlLmNvbYESbWFkYnJhaW5AcmF3YncuY29tMAwGA1Ud EwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAuTVM8HQ/hcLrNzrtCm/4tuRXXxxf6HQW4pxu 0Pojr49aloK7MX3ZVTHGpnRlMuxKNyHgjh7aAFM66GgaRticjuYEQOAPCz0VAR25nkV87ONK D8CVo///cL7Xy5T8B9d0NQVo0zdK4GjPRabIi3woNF1fbvzZXUwhNRDJh5MaSoUwggOSMIIC +6ADAgECAgQEAAMRMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9H VEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJvb3QwHhcNMDMwODA3 MTQwNjAwWhcNMDQwODA3MjM1OTAwWjCBkzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYw FAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJBbWVyaWNhIE9ubGluZSBJbmMxGTAX BgNVBAsTEEFPTCBUZWNobm9sb2dpZXMxJzAlBgNVBAMTHkludHJhbmV0IENlcnRpZmljYXRl IEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4u9fLHZDiUsaX7Pl+Kpv iy+BTWf/vUoPYy7E3IX2nixJJiD/ABfkiIhp3v2DV+CjERkRqtbcvO+z0hUuVMZufL/ZucNG 0wkFhOVTXEjthIWaDjs9Fgdc8LN5q5oQpbzBpNF4TAblZEH8BSVjJuvvDMduVKGMzlRXth+S 2rISS40CAwEAAaOCAT4wggE6MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93d3cucHVibGlj LXRydXN0LmNvbS9jZ2ktYmluL0NSTC8yMDA2L2NkcC5jcmwwHQYDVR0OBBYEFCnbsi2Dfn+L I7vCzGa5Oegp8wKGMFQGA1UdIARNMEswSQYKKoZIhvhjAQIBBTA7MDkGCCsGAQUFBwIBFi1o dHRwOi8vd3d3LnB1YmxpYy10cnVzdC5jb20vQ1BTL09tbmlSb290Lmh0bWwwWAYDVR0jBFEw T6FJpEcwRTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEcMBoGA1UE AxMTR1RFIEN5YmVyVHJ1c3QgUm9vdIICAaMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI MAYBAf8CAQEwDQYJKoZIhvcNAQEFBQADgYEAQyL9bXdvIuqlX+GUiI5s0kxfCeUovkr7qTuc rXa0vizFB6/md/zNy0uCTtQnTX99HdJp4GWjFlsUc510rsfyDt6goK5C12l90nKSILxfRfRJ FfWUz7n6KhsXM9TdkVjd6TpCdSZunuSQC0YeVQPQ81t5joJvuEK3BJrvIjYWyj4wggP6MIID Y6ADAgECAgJwujANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJBbWVyaWNhIE9ubGluZSBJbmMx GTAXBgNVBAsTEEFPTCBUZWNobm9sb2dpZXMxJzAlBgNVBAMTHkludHJhbmV0IENlcnRpZmlj YXRlIEF1dGhvcml0eTAeFw0wMzA4MjYyMDIxMjJaFw0wNDAyMjIyMDIxMjJaMHsxCzAJBgNV BAYTAlVTMRswGQYDVQQKExJBbWVyaWNhIE9ubGluZSBJbmMxFzAVBgoJkiaJk/IsZAEBEwdq cGllcnJlMR4wHAYJKoZIhvcNAQkBFg9qcGllcnJlQGFvbC5uZXQxFjAUBgNVBAMTDUp1bGll biBQaWVycmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgwx0yMW+8PDIrR6gBCA+eL 3K6RKwiuQSAaYc33/kS/Jf0vsmVbl+ozQfwChPlBA4+fAA/LoKNMnP1RXcYihwY2FZvWjAKJ GWFBBkND2m6BLDbxvfXosJd9IsO/VqloSAbfEbLq6SFFi/UK/HezzOCDwfb5viHJPbJI/Stk HVHhAgMBAAGjggFyMIIBbjAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdJQQWMBQGCCsGAQUFBwMC BggrBgEFBQcDBDBDBglghkgBhvhCAQ0ENhY0SXNzdWVkIGJ5IE5ldHNjYXBlIENlcnRpZmlj YXRlIE1hbmFnZW1lbnQgU3lzdGVtIDQuNTCBkgYDVR0RBIGKMIGHgQ9qcGllcnJlQGFvbC5u ZXSBFmp1bGllbl9waWVycmVAbWNvbS5jb22BEGpwaWVycmVAbWNvbS5jb22BGmp1bGllbl9w aWVycmVAbmV0c2NhcGUuY29tgRRqcGllcnJlMDI2NEBtY29tLmNvbYEYanBpZXJyZTAyNjRA bmV0c2NhcGUuY29tMB8GA1UdIwQYMBaAFCnbsi2Dfn+LI7vCzGa5Oegp8wKGMEEGCCsGAQUF BwEBBDUwMzAxBggrBgEFBQcwAYYlaHR0cDovL2NlcnRpZmljYXRlcy5uZXRzY2FwZS5jb20v b2NzcDANBgkqhkiG9w0BAQUFAAOBgQBLVKWb0Z7oB/sCYOEJXHixg3913rpO9KulCIJSFxxT 3KRUUuicC6NL1r70RnGmw4FINOIzNtsvADuha/WXARlEP8tmrMLCnaFGRPkcHq3P/7fa8hIa XzxTlJzqIqvW9UkURT/ROEscB+9bnWqXp6g31KNbrl6iY6FWkTH1/9vxBzGCA1QwggNQAgEB MIGaMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZp ZXcxGzAZBgNVBAoTEkFtZXJpY2EgT25saW5lIEluYzEZMBcGA1UECxMQQU9MIFRlY2hub2xv Z2llczEnMCUGA1UEAxMeSW50cmFuZXQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5AgJwujAJBgUr DgMCGgUAoIICDzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0w MzEwMTYyMTI3NDlaMCMGCSqGSIb3DQEJBDEWBBQzuEKS2OpFZ6bfgJU65wteqNILazBSBgkq hkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIB QDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBqwYJKwYBBAGCNxAEMYGdMIGaMIGSMQswCQYD VQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzAN BgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMT H1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAwLjguMzACAwpBMjCBrQYLKoZIhvcNAQkQAgsx gZ2ggZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT CUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2 aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDCkEyMA0G CSqGSIb3DQEBAQUABIGAD7+S+pfCqKRsVFAj1BkXSCpogscIUyVbL2GaMn8dfso4xsaqoUQ4 5xpvPSuK4AWuDR0r5+K+4fVY3o3Ox/x153s5EdS/SlpLb53Qqy7QDjRNkTd2ifuqQ6J7sgPg VWfaSvKHyF0soB3ELaSlln6US6TieGoHxWnxE9M40hWLVrsAAAAAAAA= --------------ms010503050308040105020007-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GKfqI7007804 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 13:41:52 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9GKfqaq007803 for ietf-pkix-bks; Thu, 16 Oct 2003 13:41:52 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from imo-m02.mx.aol.com (imo-m02.mx.aol.com [64.12.136.5]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GKfoI7007797 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 13:41:50 -0700 (PDT) (envelope-from THayes0993@aol.com) Received: from THayes0993@aol.com by imo-m02.mx.aol.com (mail_out_v36_r1.1.) id 7.142.1ac23445 (16111) for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 16:38:47 -0400 (EDT) Received: from pc655301.nscp.aoltw.net (h-10-169-25-82.nscp.aoltw.net [10.169.25.82]) by air-id12.mx.aol.com (v96.8) with ESMTP id MAILINID123-3eef3f8f01d529e; Thu, 16 Oct 2003 16:38:46 -0400 Date: Thu, 16 Oct 2003 13:38:40 -0700 From: "Terry Hayes" <thayes0993@aol.com> Subject: Re: POLL: Nonce-specific error code for OCSP To: ietf-pkix@imc.org Message-ID: <3F8F01D0.4030008@aol.com> X-Mailer: AOL Communicator (20031013Trnk.1 Win) Organization: AOL MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=us-ascii X-AOL-IP: 10.169.25.82 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> NO The response should be as if the nonce extension was not present in the request. An implementation that does not support nonces should simply ignore the extension and generate (provide) a non-nonced response. The error code does not serve any purpose. Since, the error response is not signed, the client cannot use it to implement a policy that allows using a non-nonced response in cases where the server does not support nonces. I believe this is one proposed use of this error code. Terry Michael Myers wrote on 10/15/2003, 2:02 PM: All, I recently received permission from the chairs to poll the WG against the following question. Should we standardize an OCSP *V1* error code that enables a responder to indicate its inability to respond to nonced requests? Please respond with either YES or NO. Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GHckI7097411 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 10:38:46 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9GHckVB097410 for ietf-pkix-bks; Thu, 16 Oct 2003 10:38:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from infoblox.com (trevise.infoblox.com [209.209.39.217]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GHciI7097405 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 10:38:44 -0700 (PDT) (envelope-from sinn@infoblox.com) Received: from infoblox.com (205.158.171.194.ptr.us.xo.net [205.158.171.194]) by infoblox.com (Postfix) with ESMTP id 0633754437; Thu, 16 Oct 2003 10:38:43 -0700 (PDT) Message-ID: <3F8ED73B.3000109@infoblox.com> Date: Thu, 16 Oct 2003 10:36:59 -0700 From: Richard Sinn <sinn@infoblox.com> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Michael Myers <mmyers@fastq.com>, ietf-pkix@imc.org Subject: Re: POLL: Nonce-specific error code for OCSP References: <EOEGJNFMMIBDKGFONJJDEEFDDFAA.mmyers@fastq.com> In-Reply-To: <EOEGJNFMMIBDKGFONJJDEEFDDFAA.mmyers@fastq.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> YES. In general, the less information given out, the more secure the environment is. However, if I view OCSP could run in two different modes, one with nonce and one without, then, an error code will be useful to indicate which type of responder is out there. However, I agree with Denis, a resume of advantages vs disadvantages would be useful ... just do not want to miss anything. Thanks, Richard Sinn Infoblox, Inc. Michael Myers wrote: >All, > >I recently received permission from the chairs to poll the WG >against the following question. > >Should we standardize an OCSP *V1* error code that enables a >responder to indicate its inability to respond to nonced >requests? > >Please respond with either YES or NO. > >Mike > > > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GG25I7094113 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 09:02:05 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9GG25qn094112 for ietf-pkix-bks; Thu, 16 Oct 2003 09:02:05 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GG24I7094106 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 09:02:04 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h9GG25t58730 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 09:02:05 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: <ietf-pkix@imc.org> Subject: RE: POLL: Nonce-specific error code for OCSP Date: Thu, 16 Oct 2003 09:05:09 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKEFHDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <3F8E49F1.9070900@bull.net> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Thursday, October 16, 2003 12:34 AM > To: Michael Myers > Cc: ietf-pkix@imc.org > Subject: Re: POLL: Nonce-specific error code for OCSP > > > > Mike, > > > All, > > > I recently received permission from the chairs to > poll the WG > > against the following question. > > > Should we standardize an OCSP *V1* error code that enables a > > responder to indicate its inability to respond to nonced > > requests? > > > Please respond with either YES or NO. > > I would suggest to you provide a resumé of the > advantages of this new error > code (and disadvantages if not supported), so that > people do not have to > look back at that long thread on that topic to make > up their opinion. > > Denis > > > Mike A reasonable request. In summary, we need to standardize the treatment of nonces when nonces aren't supported. RFC2560 is regrettably silent on the point. The need to do so is particularly acute in the context of heterogeneous populations of clients and servers (i.e. not operating under a single administrative authority). Some may be set up to use or support nonces and some may not. The question is of course moot for requests that don't contain nonces. The issue is further complicated by the use of pre-produced responses to achieve scalability through caching (i.e. non-signing) servers. A relay back to a master signing server could work, but that doesn't seem to be a popular option. So that leaves us with two server-side options. Either: 1) send back a non-nonced response anyway with technical extensions; or 2) send back an error code. Variations on option 1 have been discussed, with the likelihood that an extended response syntax or equivalent technical mechanisms will force a v2 and all that entails with regard to IETF process. Yet we also need to do something sooner about v1. In this case, an existing error could be designated or we could define a new one that servers can send back in the event they don't support nonces. Absent a designated error code, it is predictable that ad-hoc selections will be made to to address the issue with a consequent reduction in Internet-wide OCSP interoperability and security. This poll is focussed on the narrower v1 issue ONLY. Should we or should we not standardize a v1 error code? If this poll is inconclusive, then I suppose we'll get into the heart of the matter, which is whether it is acceptable in v1 to disregard a client's nonce. But let's leave those discussions to another thread and first get a vote tally. Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GERRI7089219 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 07:27:27 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9GERRax089218 for ietf-pkix-bks; Thu, 16 Oct 2003 07:27:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from zinc.btinternet.com (zinc.btinternet.com [194.73.73.148]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9GERPI7089211 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 07:27:26 -0700 (PDT) (envelope-from liaquat.khan@ascertia.com) Received: from dial81-135-45-31.in-addr.btopenworld.com ([81.135.45.31] helo=LiaquatDELL) by zinc.btinternet.com with esmtp (Exim 3.22 #23) id 1AA95s-00027P-00; Thu, 16 Oct 2003 15:27:13 +0100 Reply-To: <liaquat.khan@ascertia.com> From: "Liaquat Khan" <liaquat.khan@ascertia.com> To: "'Michael Myers'" <mmyers@fastq.com>, <ietf-pkix@imc.org> Subject: RE: POLL: Nonce-specific error code for OCSP Date: Thu, 16 Oct 2003 15:26:37 +0100 Message-ID: <006a01c393f1$95d8ca40$5ed58351@LiaquatDELL> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <EOEGJNFMMIBDKGFONJJDEEFDDFAA.mmyers@fastq.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> NO Not really needed in my opinion, generally the person (i.e. an administrator) setting up the OCSP client software will know upfront the capabilities of the responders that will be accessed by the OCSP client and therefore configure the client accordingly (i.e. with or without nonce). In the case that OCSP clients are dealing with random, previously unknown OCSP responders, then such an error code may have some use in pin-pointing the problem from the various things that may go wrong. But I don't think the limited value it adds is worth the change. Anyway, I agree with Denis, a summary would be useful though...in case I have missed something important somewhere down the line... Regards, LK -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Michael Myers Sent: 15 October 2003 22:03 To: ietf-pkix@imc.org Subject: POLL: Nonce-specific error code for OCSP All, I recently received permission from the chairs to poll the WG against the following question. Should we standardize an OCSP *V1* error code that enables a responder to indicate its inability to respond to nonced requests? Please respond with either YES or NO. Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9G8mnI7066237 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 01:48:49 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9G8mmUF066235 for ietf-pkix-bks; Thu, 16 Oct 2003 01:48:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from www16.your-server.de (IDENT:qmailr@www16.your-server.de [213.133.104.16]) by above.proper.com (8.12.10/8.12.8) with SMTP id h9G8mkI7066192 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 01:48:47 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: (qmail 5372 invoked by uid 1649); 16 Oct 2003 08:48:41 -0000 Date: 16 Oct 2003 08:48:41 -0000 Message-ID: <20031016084841.5371.qmail@www16.your-server.de> From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "Michael Myers" <mmyers@fastq.com>, <ietf-pkix@imc.org> Subject: Re: POLL: Nonce-specific error code for OCSP References: <> In-Reply-To: <> X-Mailer: oMail 0.98.2 - http://webmail.omnis.ch X-IPAddress: 195.212.95.34 X-Sender: oelmaier@sytrust.de MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Should we standardize an OCSP *V1* error code that enables a > responder to indicate its inability to respond to nonced > requests? > > Please respond with either YES or NO. NO Rationale: My first idea was to say: if it is OPTIONAL for the responder to use that error code it is ok. But in fact even the OPTIONAL inclusion harms the security of the protocol, as an attacker can fool clients into believing a particular OCSP-Responder would not support nonces, when in fact it does. My conclusion: Dont include such an error code, due to security reasons. If other reasons (yet unknown to me) overrule these concerns make the use of this error code OPTIONAL for responders to allow compatibility with existing installations and not to harm the functionality of the protocol. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9G7YHI7044158 for <ietf-pkix-bks@above.proper.com>; Thu, 16 Oct 2003 00:34:17 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9G7YGB8044156 for ietf-pkix-bks; Thu, 16 Oct 2003 00:34:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9G7YEI7044136 for <ietf-pkix@imc.org>; Thu, 16 Oct 2003 00:34:15 -0700 (PDT) (envelope-from Denis.Pinkas@bull.net) Received: from clbull.frcl.bull.fr (IDENT:root@clbull.frcl.bull.fr [129.182.8.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id JAA11606; Thu, 16 Oct 2003 09:40:13 +0200 Received: from bull.net (frcls4013.frcl.bull.fr [129.182.108.120]) by clbull.frcl.bull.fr (8.9.3/8.9.3) with ESMTP id JAA18916; Thu, 16 Oct 2003 09:35:49 +0200 Message-ID: <3F8E49F1.9070900@bull.net> Date: Thu, 16 Oct 2003 09:34:09 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en, fr MIME-Version: 1.0 To: Michael Myers <mmyers@fastq.com> CC: ietf-pkix@imc.org Subject: Re: POLL: Nonce-specific error code for OCSP References: <EOEGJNFMMIBDKGFONJJDEEFDDFAA.mmyers@fastq.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h9G7YGI7044149 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike, > All, > I recently received permission from the chairs to poll the WG > against the following question. > Should we standardize an OCSP *V1* error code that enables a > responder to indicate its inability to respond to nonced > requests? > Please respond with either YES or NO. I would suggest to you provide a resumé of the advantages of this new error code (and disadvantages if not supported), so that people do not have to look back at that long thread on that topic to make up their opinion. Denis > Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9FMVbI7094449 for <ietf-pkix-bks@above.proper.com>; Wed, 15 Oct 2003 15:31:37 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9FMVbRh094448 for ietf-pkix-bks; Wed, 15 Oct 2003 15:31:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9FMVZI7094443 for <ietf-pkix@imc.org>; Wed, 15 Oct 2003 15:31:36 -0700 (PDT) (envelope-from kent@bbn.com) Received: from [128.89.89.75] (dhcp89-089-075.bbn.com [128.89.89.75]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id h9FMVWTX017046; Wed, 15 Oct 2003 18:31:32 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po2.bbn.com Message-Id: <p06002017bbb37a59c2cb@[128.89.89.75]> Date: Wed, 15 Oct 2003 18:29:24 -0400 To: ietf-pkix@imc.org From: Stephen Kent <kent@bbn.com> Subject: draft-ietf-pkix-x509-ipaddr-as-extn-03.txt Cc: russ housley <housley@vigilsec.com> Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The subject ID was revised in response to comments during last call, and the new version was posted late last month, so I am now forwarding it to Russ Housely for IESG review. Steve Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9FKxeI7091572 for <ietf-pkix-bks@above.proper.com>; Wed, 15 Oct 2003 13:59:40 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9FKxeCP091571 for ietf-pkix-bks; Wed, 15 Oct 2003 13:59:40 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9FKxcI7091566 for <ietf-pkix@imc.org>; Wed, 15 Oct 2003 13:59:38 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h9FKxet09803 for <ietf-pkix@imc.org>; Wed, 15 Oct 2003 13:59:40 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: <ietf-pkix@imc.org> Subject: POLL: Nonce-specific error code for OCSP Date: Wed, 15 Oct 2003 14:02:39 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDEEFDDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <EOEGJNFMMIBDKGFONJJDCEEFDFAA.mmyers@fastq.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All, I recently received permission from the chairs to poll the WG against the following question. Should we standardize an OCSP *V1* error code that enables a responder to indicate its inability to respond to nonced requests? Please respond with either YES or NO. Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9AHkRZA002794 for <ietf-pkix-bks@above.proper.com>; Fri, 10 Oct 2003 10:46:27 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9AHkR6X002793 for ietf-pkix-bks; Fri, 10 Oct 2003 10:46:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mgate11.so-net.ne.jp (mgate11.so-net.ne.jp [210.139.254.158]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9AHkOZA002784 for <ietf-pkix@imc.org>; Fri, 10 Oct 2003 10:46:25 -0700 (PDT) (envelope-from nakagawa@japanpkiforum.jp) Received: from mail.dc5.so-net.ne.jp (mspool14.so-net.ne.jp [210.139.248.14]) by mgate11.so-net.ne.jp with ESMTP id h9AHkOH15444; Sat, 11 Oct 2003 02:46:25 +0900 (JST) Received: from [192.168.1.14] (eatky65-p17.hi-ho.ne.jp [219.105.30.18]) by mail.dc5.so-net.ne.jp with ESMTP id h9AHkOI28716; Sat, 11 Oct 2003 02:46:24 +0900 (JST) Date: Sat, 11 Oct 2003 02:46:07 +0900 From: Nakagawa <nakagawa@japanpkiforum.jp> To: "Anders Rundgren" <anders.rundgren@telia.com> Subject: Re: request for reviewing our interoperability experiment report Cc: <ietf-pkix@imc.org> In-Reply-To: <029f01c38745$5608db20$0500a8c0@arport> References: <20030929183921.BA83.NAKAGAWA@japanpkiforum.jp> <029f01c38745$5608db20$0500a8c0@arport> Message-Id: <20031011024343.FC1C.NAKAGAWA@japanpkiforum.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.06.02 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Dear Rundgren-san, Thank you for your comment, and very sorry for my late reply. I conveyed your opinion to our team and am waiting for their comment. If I get any, I'll post it to this mailing list ASAP. Anyway, we'll take your comment into consideration when we have chance to revise the Final Report. Best Regards, Nakagawa Japan PKI Forum ----------------------- Original Message ----------------------- On Tue, 30 Sep 2003 13:23:43 +0200 "Anders Rundgren" <anders.rundgren@telia.com> wrote: > > Dear Nakagawa-San, > May I offer some comments not so much on the report itself, but > on the architectures that you are working with? The described > CA structures represent one of three IMO entirely different ways > to apply PKI: > > 1. The "Classic". Often using Cross-Certification (CC) and is fairly complex. > Used by the FED-PKI and the PKIs described in the report. Adding > CP extensions as "application trust filters", things get even more complex > to scale-up as the extensions are (and will likely continue to be) never > agreed upon except within certain "communities". It is interesting to > note that AFAIK, no commercial TTP CA make their > issuance depending on CP extensions. I.e., they all use the > "universal issuing formula" CA <=> Policy. > > 2. Relying-party-only. RP=CA. Limited interoperability concerns but > potentially awkward out-of-band RA-arrangements when the number > of external partners increase. > > 3. The bank-model PKI [*]. Builds on legacy IT architectures and is > simpler (but magnitudes more flexible) compared to the "Classic". > Short "promotional" description: http://www.x-obi.com/OBI400/b2bsign.pdf > Long(-winding) description: http://www.x-obi.com/OBI400/pki4org.pdf > > Regarding interoperability I noted that you did not mention the four-corner > model which if I'm not misinformed possibly to be used by the coming Japanese > government PKI hosted by Identrus. This system eliminates CC and > interoperability (as it is a closed trust-network) but dramatically > complicates RP software handling as there are no standards for > managing independent (they all are) four-corner trust-networks. > Most of these competing trust-networks require you to pay license > fees and only use certified software. This is how the Swedish > banks currently operate. A short [negative] description of four-corner: > http://www.x-obi.com/OBI400/e-government-ID-A.Rundgren.pdf > > Press-release indicating that the Japanese government indeed > is considering supporting four-corner models: > http://www.identrus.com/company/press_releases/release_030717.html > > Regards > Anders Rundgren > > *] My participation in more or less related standards: > http://shibboleth.internet2.edu/minutes/SHIB-05-Sept-2001.html > > > ----- Original Message ----- > From: "Nakagawa" <nakagawa@japanpkiforum.jp> > To: <ietf-pkix@imc.org> > Cc: <suishin3@www.japanpkiforum.jp> > Sent: Monday, September 29, 2003 11:50 > Subject: request for reviewing our interoperability experiment report > > > > Dear PKIX list members, > > Korea PKI Forum, PKI Forum Singapore, Chinese Taipei PKI Forum, and Japan > PKI Forum are pleased to announce the completion of the Final Report for > the Experiment in PKI Interoperability in Asia region in 2002. These > four countries/areas have been conducting the Experiment in PKI > interoperability since 2001, and compiled the first report for the 2001 > experiment in the middle of 2002. A report compiled this time is > extended version of the previous one. > > In 2002, we have conducted 3 experiments as follows: > > 1) CA-CA Interoperability Experiment with Cross Certification / Cross > Recognition models; > > 2) Path Processing Experiment intending to Resolve the certificate path > processing issues of repository by clarifying the path processing logic > described in RFC3280; > > 3) PKCS#11 Experiment tempting to approach PKI application > interoperability using a commonly defined API (application interface). > The Final Report contains the recommended technical specifications and > the lessons learnt, which are valuable for CA operators, VA (validation > authority) and application developers when dealing with relevant > interoperability matters. > > In addition to this overall project result document, other five documents > were developed as appendixes, which are: > - Appendix 1. IWG Recommended Profiles > - Appendix 2. CA-CA Interoperability Interface Specification for > experiment > - Appendix 3. Certificate Path Processing Implementation Guideline > - Appendix 4. Certificate Path Processing Testing Guideline > - Appendix 5. PKCS#11 Testing > > It will be highly appreciated if IETF members examine the > report and let us know your thoughts/comments. > You can download the report and the appendix from: > > Achieving PKI Interoperability 2003 -Results of the JKST-IWG Interoperability project- > http://www.japanpkiforum.jp/shiryou/IWG_2002/FinalReport2003-Version1.0.pdf > Appendix > http://www.japanpkiforum.jp/shiryou/IWG_2002/Appendix.pdf > > Regards, > > -- > Hiroyuki Nakagawa > Japan PKI Forum Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h94EiUKP036402 for <ietf-pkix-bks@above.proper.com>; Sat, 4 Oct 2003 07:44:30 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h94EiTHn036401 for ietf-pkix-bks; Sat, 4 Oct 2003 07:44:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h94EiSKP036396 for <ietf-pkix@imc.org>; Sat, 4 Oct 2003 07:44:28 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h94EiSt68829; Sat, 4 Oct 2003 07:44:28 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: <ietf-pkix@imc.org> Cc: "Russ Housley" <housley@vigilsec.com>, "Stephen Kent" <kent@bbn.com>, "Tim Polk" <tim.polk@nist.gov>, "Carlisle Adams" <carlisle.adams@entrust.com> Subject: RE: OCSP response pre-production Date: Sat, 4 Oct 2003 07:47:48 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDCEEFDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <F5678115F458B4458C227F0EC02691BB013B0171@mou1wnexm04.vcorp.ad.vrsn.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Well, it certainly wasn't in *my* mind at the time that nonces, if used, would be ignored. To my recollection, the discussions between Carlisle and myself that lead to their definition were quite robust on the point. Indeed, as the poll indicates something close to 11 of 12 of client side implementors treat (or can treat) the practice as an error. So it's not like this is a great revelation to anybody. Yes, extensions are optional. But extensions may have additional semantics associated with their use. The fact that the definition of the nonce extension does not is where we got started with a view towards clarifying original intent. Since nonces break caching, don't use nonces in a cached environment. Send a non-nonced response anyway due to server-side lack of control on the client side? Maybe. If the chairs and the AD are comfortable allowing the IETF to standardize the practice, I'd be happy to oblige. Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h9425hKP052611 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 19:05:43 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h9425hOM052610 for ietf-pkix-bks; Fri, 3 Oct 2003 19:05:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout06.sul.t-online.com (mailout06.sul.t-online.com [194.25.134.19]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h9425fKP052605 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 19:05:41 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: from fwd09.aul.t-online.de by mailout06.sul.t-online.com with smtp id 1A5bna-0005SR-00; Sat, 04 Oct 2003 04:05:34 +0200 Received: from hagen (SaX0s2ZaYeJJ2sG3sVLuEk+3KdZBM5ro57Rv403kD4gKiu7k+BKCgf@[217.228.236.213]) by fmrl09.sul.t-online.com with esmtp id 1A5bnY-1ej8nA0; Sat, 4 Oct 2003 04:05:32 +0200 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Jean-Marc Desperrier'" <jmdesp@alussinan.org>, <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Sat, 4 Oct 2003 04:05:33 +0200 Organization: SyTrust Message-ID: <001b01c38a1b$fee079a0$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <3F7DD53A.6050303@alussinan.org> Importance: Normal X-Seen: false X-ID: SaX0s2ZaYeJJ2sG3sVLuEk+3KdZBM5ro57Rv403kD4gKiu7k+BKCgf@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > >>- re-assert that it is not conformant to RFC2560 to send back > >>a response > >>without to nonce to a request requiring a nonce (it might > >>change in OCSPv2) > > > > The RfC states: "[A request includes] [...] optional > extensions which > > MAY be processed by the OCSP Responder". > > I don't know. > This is not in line with RFC3280 definition of extensions, in > which if > you *do* recognize an extension, you have to treat it > correctly and not > simply ignore it. > With that definition if you implement RFC2560, you can say I > don't know > what id-pkix-ocsp-nonce means so I don't care about it, because it's > defined in the standard. You are partly right for RfC3280 - while it in fact lists some extensions that SHALL be recognized by CAs/applications, in general extension are optional. The exact wording of RfC3280 is: "A certificate using system MUST reject the certificate if it encounters a critical extension it does not recognize; however, a non-critical extension MAY be ignored if it is not recognized. [...] [List of extensions CAs and Applications SHOULD recognize] Support for the remaining extensions is OPTIONAL." [nearly same wording for CRLs] Nevertheless the wording of RfC3280 and RfC2560 is very different. If we apply the rationale behind RfC3280 to RfC2560, we should allow a client to mark his nonce-extension critical, thus indicating that it does not wish that any responder ignores the nonce. But currently RfC2560 states clearly: "Support for any specific extension is OPTIONAL. The critical flag SHOULD NOT be set for any of them." Allowing an extension (e.g. the nonce-extension) to be critical would be a change to RfC2560. I would really like such a change, but as Ambarish already pointed out, this may put an unwanted semantic into the requests of some existing clients out there. As these clients adhere to RfC2560, the nonce is not critical - thus they would indicate that a nonceless response is ok for them. Remark: With this whole system, we have not yet solved the problem adressed by David's proposal: A client wants to know securely if a response without nonce was generated by an OCSP-responder not supporting nonces or by an OCSP-responder normally being able to generate nonces. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93MsxKP048151 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 15:55:01 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93Msxs5048150 for ietf-pkix-bks; Fri, 3 Oct 2003 15:54:59 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93MsxKP048145 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 15:54:59 -0700 (PDT) (envelope-from alex@verisign.com) Received: from mou1wnexc02.vcorp.ad.vrsn.com (verisign.com [65.205.251.54]) by peacock.verisign.com (8.12.10/) with ESMTP id h93MsuFI029851; Fri, 3 Oct 2003 15:54:56 -0700 (PDT) Received: by mou1wnexc02.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <TTLKZ9G9>; Fri, 3 Oct 2003 15:54:55 -0700 Message-ID: <F5678115F458B4458C227F0EC02691BB013B0171@mou1wnexm04.vcorp.ad.vrsn.com> From: "Deacon, Alex" <alex@verisign.com> To: "'Ambarish Malpani'" <ambarish@malpani.biz>, "'Michael Myers'" <mmyers@fastq.com>, "'Jean-Marc Desperrier'" <jmdesp@alussinan.org>, ietf-pkix@imc.org Subject: RE: OCSP response pre-production Date: Fri, 3 Oct 2003 15:54:49 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Yes, I have an issue with "re-assert[ing] that it is not conformant to RFC2560 to send back a response without to nonce to a request requiring a nonce" You can't re-assert something that was never asserted in the first place. The current spec does not mandate that servers support extensions in OCSP requests. (as Florian pointed out in a recent email) Mandating that servers MUST respond to a nonce extension would make currently compliant responders non-compliant. Not good... Alex > -----Original Message----- > From: Ambarish Malpani [mailto:ambarish@malpani.biz] > Sent: Friday, October 03, 2003 10:35 AM > To: 'Michael Myers'; 'Jean-Marc Desperrier'; ietf-pkix@imc.org > Subject: RE: OCSP response pre-production > > > > > Yup, sounds good to me. Is there rough concensus that this is what > folks want? Anybody with a strong opinion to the contrary, please > pipe up now. > > Regards, > Ambarish > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Michael Myers > > Sent: Friday, October 03, 2003 9:17 AM > > To: Jean-Marc Desperrier; ietf-pkix@imc.org > > Subject: RE: OCSP response pre-production > > > > > > > > > > This works for me, especially the part about getting > > definitive on 2560 as it stands. Ambarish? > > > > Mike > > > > > -----Original Message----- > > > From: owner-ietf-pkix@mail.imc.org > > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Jean-Marc > > Desperrier > > > Sent: Friday, October 03, 2003 8:09 AM > > > To: ietf-pkix@imc.org > > > Subject: Re: OCSP response pre-production > > > > > > > > > > > > Frank Balluffi wrote: > > > > My preference would be to define an extension (e.g., via an > > > > informational RFC) that can be used with v1 bits on > > > the wire, and > > > > then to formally incorporate the extension into v2. > > > Again, if a > > > > strong case can be made for v2 to use a different > > > mechanism (than the > > > > extension defined above), I am OK with that. > > > > > > I know understand better the case against the > > > round-trip error discovery > > > solution without a signed assertion from server. > > > > > > I think the above solution is something everybody can > > > agree on, and stop > > > discussing the point for ever. > > > > > > So can everybody agree on creating an informationnal > > > RFC about how to > > > handle cache response in OCSP v1 that would : > > > > > > - define an extension that enable a responder to > > > assert the answer is a > > > cached answer and not an answer to a nonce-less request > > > > > > - [MAYBE] define a value for that extension that says > > > this answer does > > > not include a nonce, but that the server can provide > > > one if requested > > > > > > - re-assert that it is not conformant to RFC2560 to > > > send back a response > > > without to nonce to a request requiring a nonce (it > > > might change in OCSPv2) > > > > > > - precise what error amongst the already defined one > > > the OCSP server > > > should send back when receiving a nonce if it can not > > > send one back > > > > > > - describe that a client who wants the best possible > > > answer can : > > > * Ask for a nonce > > > * Receive an error > > > * Ask without nonce > > > * Receive an answer that includes the extension that > > > the server can not > > > able to include nonces in answers. > > > > > > - describe another possible solution : > > > * Don't ask for a nonce > > > * Receive an answer that includes the extension that > > > the server can > > > include nonces in answers. > > > * Ask with a nonce, because I want the very best I can have. > > > > > > The second solution might be better if the servers > > > that send back cached > > > answer have a very heavy load and want to avoid the > > round-trip, whilst > > > the one that are ready to provide nonces are more > > > likely not to have a > > > problem with round-trips. > > > > > > An evolution could then be included in OCSPv2 to > > > avoid the round-trip > > > completely. > > > > > > > > > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93LN8KP044884 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 14:23:08 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93LN8G3044883 for ietf-pkix-bks; Fri, 3 Oct 2003 14:23:08 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout03.sul.t-online.com (mailout03.sul.t-online.com [194.25.134.81]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93LN6KP044877 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 14:23:07 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: from fwd09.aul.t-online.de by mailout03.sul.t-online.com with smtp id 1A5XOA-0003bL-03; Fri, 03 Oct 2003 23:23:02 +0200 Received: from hagen (rxbHHTZQ8ecYD64RXHTXxLiTluHypgqgB+Wv1TrxoGNl49NktwSWk-@[217.228.236.213]) by fmrl09.sul.t-online.com with esmtp id 1A5XO8-0WOTDc0; Fri, 3 Oct 2003 23:23:00 +0200 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Jean-Marc Desperrier'" <jmdesp@alussinan.org>, <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Fri, 3 Oct 2003 23:23:00 +0200 Organization: SyTrust Message-ID: <001701c389f4$861f0030$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <3F7DB769.8080101@alussinan.org> Importance: Normal X-Seen: false X-ID: rxbHHTZQ8ecYD64RXHTXxLiTluHypgqgB+Wv1TrxoGNl49NktwSWk-@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > What would you think if it'd also define an extension that the client > can use in a request including a nonce, in order to indicate it will > accept an answer without a nonce if it includes the > pre-produced extension. If we do that, I agree with your course, Jean-Marc. Otherwise I would feel strongly against it. In any case I would vote to go with Davids proposal - it seems more simple to me while accomplishing the same task with additional security. > The server would be breaking RFC 2560 by sending back the > pre-produced > answer, but only with a client that has explicitly indicated it is > expecting this behaviour. Once again: RfC2560 allows sending of nonceless responses to nonced requests. It clearly states that processing of every extension (and "nonce" is an extension) is optional for both responder and client. And OPTIONAL is clearly defined. So if we define that request-extension, the responder would be fully on the ground of RfC2560. In fact I would bet that currently nearly all caching servers send back nonceless responses to nonced requests - as this is what the RfC seems to suggest in ist current wording. At least this is what our responder does when configured for caching. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93K00KP041348 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 13:00:00 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93K00Jb041347 for ietf-pkix-bks; Fri, 3 Oct 2003 13:00:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-ft6.fr.colt.net (smtp-ft6.fr.colt.net [213.41.78.205]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93JxwKP041337 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 12:59:58 -0700 (PDT) (envelope-from jmdesp@alussinan.org) Received: from alussinan.org (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft6.fr.colt.net with ESMTP id h93JxuO28332 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 21:59:56 +0200 Message-ID: <3F7DD53A.6050303@alussinan.org> Date: Fri, 03 Oct 2003 21:59:54 +0200 From: Jean-Marc Desperrier <jmdesp@alussinan.org> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a) Gecko/20031002 X-Accept-Language: en, fr, en-us, ja MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: OCSP response pre-production References: <000001c389dd$262fcb30$4228a8c0@hagen> In-Reply-To: <000001c389dd$262fcb30$4228a8c0@hagen> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Florian Oelmaier wrote: >>- re-assert that it is not conformant to RFC2560 to send back >>a response >>without to nonce to a request requiring a nonce (it might >>change in OCSPv2) > > The RfC states: "[A request includes] [...] optional extensions which > MAY be processed by the OCSP Responder". I don't know. This is not in line with RFC3280 definition of extensions, in which if you *do* recognize an extension, you have to treat it correctly and not simply ignore it. With that definition if you implement RFC2560, you can say I don't know what id-pkix-ocsp-nonce means so I don't care about it, because it's defined in the standard. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93Ia4KP037476 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 11:36:04 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93Ia4L0037475 for ietf-pkix-bks; Fri, 3 Oct 2003 11:36:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout10.sul.t-online.com (mailout10.sul.t-online.com [194.25.134.21]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93Ia0KP037467 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 11:36:02 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: from fwd09.aul.t-online.de by mailout10.sul.t-online.com with smtp id 1A5UmW-0005U2-09; Fri, 03 Oct 2003 20:36:00 +0200 Received: from hagen (E2touuZeoeFZXU4Uo7qdQY4gUx9woZ24EaxuugIcWefj2uCcVlUh8B@[217.228.236.213]) by fmrl09.sul.t-online.com with esmtp id 1A5UmD-0OfS1Q0; Fri, 3 Oct 2003 20:35:41 +0200 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Jean-Marc Desperrier'" <jmdesp@alussinan.org>, <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Fri, 3 Oct 2003 20:35:41 +0200 Organization: SyTrust Message-ID: <000001c389dd$262fcb30$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: <3F7D911C.4090602@alussinan.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Seen: false X-ID: E2touuZeoeFZXU4Uo7qdQY4gUx9woZ24EaxuugIcWefj2uCcVlUh8B@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > - re-assert that it is not conformant to RFC2560 to send back > a response > without to nonce to a request requiring a nonce (it might > change in OCSPv2) The RfC states: "[A request includes] [...] optional extensions which MAY be processed by the OCSP Responder". With the clear definition of MAY according to RfC 2119: 5. MAY This word, or the adjective "OPTIONAL", mean that an item is truly optional. One vendor may choose to include the item because a particular marketplace requires it or because the vendor feels that it enhances the product while another vendor may omit the same item. An implementation which does not include a particular option MUST be prepared to interoperate with another implementation which does include the option, though perhaps with reduced functionality. In the same vein an implementation which does include a particular option MUST be prepared to interoperate with another implementation which does not include the option (except, of course, for the feature the option provides.) When writing such an informational RfC we also have to clarify that extension processing is not optional anymore with this change (as every responder MUST detect a nonce). -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93HqkKP035237 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 10:52:46 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93HqkX8035236 for ietf-pkix-bks; Fri, 3 Oct 2003 10:52:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-ft2.fr.colt.net (smtp-ft2.fr.colt.net [213.41.78.26]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93HqiKP035231 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 10:52:45 -0700 (PDT) (envelope-from jmdesp@alussinan.org) Received: from alussinan.org (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft2.fr.colt.net with ESMTP id h93Hqg610137 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 19:52:42 +0200 Message-ID: <3F7DB769.8080101@alussinan.org> Date: Fri, 03 Oct 2003 19:52:41 +0200 From: Jean-Marc Desperrier <jmdesp@alussinan.org> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a) Gecko/20031002 X-Accept-Language: en, fr, en-us, ja MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: OCSP response pre-production References: <EOEGJNFMMIBDKGFONJJDCEECDFAA.mmyers@fastq.com> In-Reply-To: <EOEGJNFMMIBDKGFONJJDCEECDFAA.mmyers@fastq.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael Myers wrote: > This works for me, especially the part about getting definitive > on 2560 as it stands. Ambarish? I've been thinking about something more, I hope it doesn't reopen the whole can of worms. What would you think if it'd also define an extension that the client can use in a request including a nonce, in order to indicate it will accept an answer without a nonce if it includes the pre-produced extension. The server would be breaking RFC 2560 by sending back the pre-produced answer, but only with a client that has explicitly indicated it is expecting this behaviour. This, if acceptable, would enable to fully avoid the round-trip with compatible servers. Legacy servers would send back an error to this kind of request if they can not supply a nonce, which does not break the expected behaviour. >> - define an extension that enable a responder to >> assert the answer is a >> cached answer and not an answer to a nonce-less request I'll correct myself : "is a pre-produced answer and this server can not successfully answer requests requiring a nonce." Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93HZKKP034446 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 10:35:20 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93HZKpB034445 for ietf-pkix-bks; Fri, 3 Oct 2003 10:35:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ns.malpani.biz (adsl-63-194-89-166.dsl.snfc21.pacbell.net [63.194.89.166]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93HZJKP034436 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 10:35:19 -0700 (PDT) (envelope-from ambarish@malpani.biz) Received: from AMBARISHW2K (ns.malpani.biz [192.168.25.5]) by ns.malpani.biz (8.12.9/8.12.9) with ESMTP id h93HYa4c002520; Fri, 3 Oct 2003 10:34:36 -0700 From: "Ambarish Malpani" <ambarish@malpani.biz> To: "'Michael Myers'" <mmyers@fastq.com>, "'Jean-Marc Desperrier'" <jmdesp@alussinan.org>, <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Fri, 3 Oct 2003 10:34:40 -0700 Message-ID: <000201c389d4$a05e42f0$3d00010a@caymas.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <EOEGJNFMMIBDKGFONJJDCEECDFAA.mmyers@fastq.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Yup, sounds good to me. Is there rough concensus that this is what folks want? Anybody with a strong opinion to the contrary, please pipe up now. Regards, Ambarish > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Michael Myers > Sent: Friday, October 03, 2003 9:17 AM > To: Jean-Marc Desperrier; ietf-pkix@imc.org > Subject: RE: OCSP response pre-production > > > > > This works for me, especially the part about getting > definitive on 2560 as it stands. Ambarish? > > Mike > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Jean-Marc > Desperrier > > Sent: Friday, October 03, 2003 8:09 AM > > To: ietf-pkix@imc.org > > Subject: Re: OCSP response pre-production > > > > > > > > Frank Balluffi wrote: > > > My preference would be to define an extension (e.g., via an > > > informational RFC) that can be used with v1 bits on > > the wire, and > > > then to formally incorporate the extension into v2. > > Again, if a > > > strong case can be made for v2 to use a different > > mechanism (than the > > > extension defined above), I am OK with that. > > > > I know understand better the case against the > > round-trip error discovery > > solution without a signed assertion from server. > > > > I think the above solution is something everybody can > > agree on, and stop > > discussing the point for ever. > > > > So can everybody agree on creating an informationnal > > RFC about how to > > handle cache response in OCSP v1 that would : > > > > - define an extension that enable a responder to > > assert the answer is a > > cached answer and not an answer to a nonce-less request > > > > - [MAYBE] define a value for that extension that says > > this answer does > > not include a nonce, but that the server can provide > > one if requested > > > > - re-assert that it is not conformant to RFC2560 to > > send back a response > > without to nonce to a request requiring a nonce (it > > might change in OCSPv2) > > > > - precise what error amongst the already defined one > > the OCSP server > > should send back when receiving a nonce if it can not > > send one back > > > > - describe that a client who wants the best possible > > answer can : > > * Ask for a nonce > > * Receive an error > > * Ask without nonce > > * Receive an answer that includes the extension that > > the server can not > > able to include nonces in answers. > > > > - describe another possible solution : > > * Don't ask for a nonce > > * Receive an answer that includes the extension that > > the server can > > include nonces in answers. > > * Ask with a nonce, because I want the very best I can have. > > > > The second solution might be better if the servers > > that send back cached > > answer have a very heavy load and want to avoid the > round-trip, whilst > > the one that are ready to provide nonces are more > > likely not to have a > > problem with round-trips. > > > > An evolution could then be included in OCSPv2 to > > avoid the round-trip > > completely. > > > > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93GDEKP029038 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 09:13:14 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93GDEpW029037 for ietf-pkix-bks; Fri, 3 Oct 2003 09:13:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93GDDKP029032 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 09:13:13 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h93GD9t28189; Fri, 3 Oct 2003 09:13:09 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: "Jean-Marc Desperrier" <jmdesp@alussinan.org>, <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Fri, 3 Oct 2003 09:16:31 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDCEECDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3F7D911C.4090602@alussinan.org> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This works for me, especially the part about getting definitive on 2560 as it stands. Ambarish? Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Jean-Marc Desperrier > Sent: Friday, October 03, 2003 8:09 AM > To: ietf-pkix@imc.org > Subject: Re: OCSP response pre-production > > > > Frank Balluffi wrote: > > My preference would be to define an extension (e.g., via an > > informational RFC) that can be used with v1 bits on > the wire, and > > then to formally incorporate the extension into v2. > Again, if a > > strong case can be made for v2 to use a different > mechanism (than the > > extension defined above), I am OK with that. > > I know understand better the case against the > round-trip error discovery > solution without a signed assertion from server. > > I think the above solution is something everybody can > agree on, and stop > discussing the point for ever. > > So can everybody agree on creating an informationnal > RFC about how to > handle cache response in OCSP v1 that would : > > - define an extension that enable a responder to > assert the answer is a > cached answer and not an answer to a nonce-less request > > - [MAYBE] define a value for that extension that says > this answer does > not include a nonce, but that the server can provide > one if requested > > - re-assert that it is not conformant to RFC2560 to > send back a response > without to nonce to a request requiring a nonce (it > might change in OCSPv2) > > - precise what error amongst the already defined one > the OCSP server > should send back when receiving a nonce if it can not > send one back > > - describe that a client who wants the best possible > answer can : > * Ask for a nonce > * Receive an error > * Ask without nonce > * Receive an answer that includes the extension that > the server can not > able to include nonces in answers. > > - describe another possible solution : > * Don't ask for a nonce > * Receive an answer that includes the extension that > the server can > include nonces in answers. > * Ask with a nonce, because I want the very best I can have. > > The second solution might be better if the servers > that send back cached > answer have a very heavy load and want to avoid the > round-trip, whilst > the one that are ready to provide nonces are more > likely not to have a > problem with round-trips. > > An evolution could then be included in OCSPv2 to > avoid the round-trip > completely. > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93F9NKP025166 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 08:09:23 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93F9NIo025165 for ietf-pkix-bks; Fri, 3 Oct 2003 08:09:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-ft2.fr.colt.net (smtp-ft2.fr.colt.net [213.41.78.26]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93F9LKP025158 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 08:09:22 -0700 (PDT) (envelope-from jmdesp@alussinan.org) Received: from alussinan.org (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft2.fr.colt.net with ESMTP id h93F9H617164 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 17:09:17 +0200 Message-ID: <3F7D911C.4090602@alussinan.org> Date: Fri, 03 Oct 2003 17:09:16 +0200 From: Jean-Marc Desperrier <jmdesp@alussinan.org> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030811 X-Accept-Language: en, fr, en-us, ja MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: OCSP response pre-production References: <OFC1590B41.FAF04B09-ON85256DB4.00478EE3@db.com> In-Reply-To: <OFC1590B41.FAF04B09-ON85256DB4.00478EE3@db.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Frank Balluffi wrote: > My preference would be to define an extension (e.g., via an > informational RFC) that can be used with v1 bits on the wire, and > then to formally incorporate the extension into v2. Again, if a > strong case can be made for v2 to use a different mechanism (than the > extension defined above), I am OK with that. I know understand better the case against the round-trip error discovery solution without a signed assertion from server. I think the above solution is something everybody can agree on, and stop discussing the point for ever. So can everybody agree on creating an informationnal RFC about how to handle cache response in OCSP v1 that would : - define an extension that enable a responder to assert the answer is a cached answer and not an answer to a nonce-less request - [MAYBE] define a value for that extension that says this answer does not include a nonce, but that the server can provide one if requested - re-assert that it is not conformant to RFC2560 to send back a response without to nonce to a request requiring a nonce (it might change in OCSPv2) - precise what error amongst the already defined one the OCSP server should send back when receiving a nonce if it can not send one back - describe that a client who wants the best possible answer can : * Ask for a nonce * Receive an error * Ask without nonce * Receive an answer that includes the extension that the server can not able to include nonces in answers. - describe another possible solution : * Don't ask for a nonce * Receive an answer that includes the extension that the server can include nonces in answers. * Ask with a nonce, because I want the very best I can have. The second solution might be better if the servers that send back cached answer have a very heavy load and want to avoid the round-trip, whilst the one that are ready to provide nonces are more likely not to have a problem with round-trips. An evolution could then be included in OCSPv2 to avoid the round-trip completely. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93E8kKP022157 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 07:08:46 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93E8kO9022156 for ietf-pkix-bks; Fri, 3 Oct 2003 07:08:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from imr5.us.db.com (imr5.us.db.com [160.83.65.196]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93E8jKP022151 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 07:08:45 -0700 (PDT) (envelope-from frank.balluffi@db.com) Received: from sdbo1005.db.com by imr5.us.db.com id h93E8hGa019455; Fri, 3 Oct 2003 10:08:43 -0400 (EDT) Subject: RE: OCSP response pre-production To: mmyers@fastq.com Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: <OFAF2AEDC8.1341820D-ON85256DB4.004D858B@db.com> From: "Frank Balluffi" <frank.balluffi@db.com> Date: Fri, 3 Oct 2003 10:08:41 -0400 X-MIMETrack: Serialize by Router on sdbo1005/DBNA/DeuBaInt/DeuBa(Release 5.0.12 |February 13, 2003) at 10/03/2003 10:08:42 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Please disregard "Again," below. It referred to something I deleted before sending. Frank "Frank Balluffi" <frank.balluffi+exter To: mmyers@fastq.com nal@db.com> cc: ietf-pkix@imc.org Sent by: Subject: RE: OCSP response pre-production owner-ietf-pkix@mail. imc.org 10/03/2003 09:11 AM Mike, My preference would be to define an extension (e.g., via an informational RFC) that can be used with v1 bits on the wire, and then to formally incorporate the extension into v2. Again, if a strong case can be made for v2 to use a different mechanism (than the extension defined above), I am OK with that. I hope this answers your question. Frank "Michael Myers" <mmyers@fastq.com To: Frank Balluffi/NewYork/DBNA/DeuBa@DBNA, <thayes0993@aol.com> > cc: "David Engberg" <dave@corestreet.com>, <ietf-pkix@imc.org> Sent by: Subject: RE: OCSP response pre-production owner-ietf-pkix@m ail.imc.org 10/02/2003 06:08 PM > -----Original Message----- > From: Frank Balluffi > > . . . > > I too like the proposal to use a flag or an > extension. Perhaps an extension could say the > equivalent of, "This is a cached response." Frank, Would you object the v1/v2 dual paths as means of getting this into place? Mike -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93DJ5KP019898 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 06:19:05 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93DJ5Zb019897 for ietf-pkix-bks; Fri, 3 Oct 2003 06:19:05 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from osf1.gmu.edu (osf1.gmu.edu [129.174.1.13]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93DJ3KP019890 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 06:19:03 -0700 (PDT) (envelope-from pmhesse@geminisecurity.com) Received: from phessel ([129.174.244.115]) by osf1.gmu.edu (8.8.8/8.8.8) with ESMTP id JAA59605 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 09:18:53 -0400 (EDT) From: "Peter Hesse" <pmhesse@geminisecurity.com> To: <ietf-pkix@imc.org> Subject: RE: I-D ACTION:draft-ietf-pkix-certpathbuild-01.txt Date: Fri, 3 Oct 2003 09:17:55 -0400 Organization: Gemini Security Solutions, Inc. Message-ID: <00b501c389b0$c7babfa0$6701a8c0@gemsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 In-Reply-To: <200310021450.KAA23250@ietf.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All, To save everyone the trouble of trying to read through our entire internet draft a second time, the following lists outline the main changes made in the document since version 00. Overall changes: - made certain terminology more consistent ("certification path" throughout the document instead of "certificate path", "cert path", etc.) - softened the tone; made it clear that the document provides informational recommendations and does not prescribe a particular method for certification path building - removed statements on the document providing guidance based on "best practices" but instead explicitly defined the motivation and purpose behind the document, as well as the criteria that led to the guidance provided. - removed some non-ascii characters that had snuck in Specific changes: - Thoroughly updated section 1.1 (Motivation) and 1.2 (Purpose) - updated terminology section to include a few additional terms - updated mesh PKI figure to better differentiate it from other structures - included a section (2.2) that clearly identifies the authors' criteria for a path building implementation - broke up section 2.4 (How to Build a Certification Path) with some subsections - added section 3.3 (Representing the Decision Tree Programmatically) - updated section 3.5 to include additional information about the sorting methods that follow. Sorting methods are no longer called "rules". - added section 5.4 (Distinguished Name Encoding) - added section 6.3 (Subject Information Access) Cheers, --Peter Hesse +---------------------------------------------------------------+ | Peter Hesse pmhesse@geminisecurity.com | | Phone: (703)934-2031 Gemini Security Solutions, Inc. | | ICQ: 1942828 www.geminisecurity.com | +---------------------------------------------------------------+ "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Internet-Drafts@ietf.org Sent: Thursday, October 02, 2003 10:51 AM To: IETF-Announce:; pmhesse@geminisecurity.com Cc: ietf-pkix@imc.org Subject: I-D ACTION:draft-ietf-pkix-certpathbuild-01.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure: Certification Path Building Author(s) : M. Cooper, Y. Dzambasow et al. Filename : draft-ietf-pkix-certpathbuild-01.txt Pages : 67 Date : 2003-10-2 This document was written to provide guidance and recommendations to developers building X.509 public-key certification paths within their applications. By following the guidance and recommendations defined in this document, an application developer is more likely to develop a robust X.509 certificate enabled application that can build valid certification paths across a wide range of PKI environments. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-certpathbuild-01.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-certpathbuild-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-certpathbuild-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93DBLKP019417 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 06:11:21 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93DBLVu019416 for ietf-pkix-bks; Fri, 3 Oct 2003 06:11:21 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from imr5.us.db.com (imr5.us.db.com [160.83.65.196]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93DBJKP019408 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 06:11:20 -0700 (PDT) (envelope-from frank.balluffi@db.com) Received: from sdbo1005.db.com by imr5.us.db.com id h93DBIGa025435; Fri, 3 Oct 2003 09:11:18 -0400 (EDT) Subject: RE: OCSP response pre-production To: mmyers@fastq.com Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: <OFC1590B41.FAF04B09-ON85256DB4.00478EE3@db.com> From: "Frank Balluffi" <frank.balluffi@db.com> Date: Fri, 3 Oct 2003 09:11:15 -0400 X-MIMETrack: Serialize by Router on sdbo1005/DBNA/DeuBaInt/DeuBa(Release 5.0.12 |February 13, 2003) at 10/03/2003 09:11:18 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike, My preference would be to define an extension (e.g., via an informational RFC) that can be used with v1 bits on the wire, and then to formally incorporate the extension into v2. Again, if a strong case can be made for v2 to use a different mechanism (than the extension defined above), I am OK with that. I hope this answers your question. Frank "Michael Myers" <mmyers@fastq.com To: Frank Balluffi/NewYork/DBNA/DeuBa@DBNA, <thayes0993@aol.com> > cc: "David Engberg" <dave@corestreet.com>, <ietf-pkix@imc.org> Sent by: Subject: RE: OCSP response pre-production owner-ietf-pkix@m ail.imc.org 10/02/2003 06:08 PM > -----Original Message----- > From: Frank Balluffi > > . . . > > I too like the proposal to use a flag or an > extension. Perhaps an extension could say the > equivalent of, "This is a cached response." Frank, Would you object the v1/v2 dual paths as means of getting this into place? Mike -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93BEEKP013916 for <ietf-pkix-bks@above.proper.com>; Fri, 3 Oct 2003 04:14:14 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h93BEEGR013915 for ietf-pkix-bks; Fri, 3 Oct 2003 04:14:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout11.sul.t-online.com (mailout11.sul.t-online.com [194.25.134.85]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93BECKP013909 for <ietf-pkix@imc.org>; Fri, 3 Oct 2003 04:14:13 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: from fwd09.aul.t-online.de by mailout11.sul.t-online.com with smtp id 1A5Nsw-0001K2-01; Fri, 03 Oct 2003 13:14:10 +0200 Received: from hagen (VTok2kZLge3X46kdpITlNEW1w736REvpcf445rz9DLwTouqmZlXs8j@[217.228.236.213]) by fmrl09.sul.t-online.com with esmtp id 1A5Nsk-02o3xQ0; Fri, 3 Oct 2003 13:13:58 +0200 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Michael Myers'" <mmyers@fastq.com>, "'David Engberg'" <dave@corestreet.com> Cc: <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Fri, 3 Oct 2003 13:13:56 +0200 Organization: SyTrust Message-ID: <000001c3899f$6feec430$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: <EOEGJNFMMIBDKGFONJJDOEDPDFAA.mmyers@fastq.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Seen: false X-ID: VTok2kZLge3X46kdpITlNEW1w736REvpcf445rz9DLwTouqmZlXs8j@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael, > [...] An > environment called to task by a security auditor for sending > a canned response to a nonced request, the latter which by > technical definition is an assertion by a relying party that > the RP does NOT wish to receive a canned response, can very > easily send back any unsigned error. I want to comment two points here: 1) the "technical definition" you give in the sentence above: "[sending] a nonced request [is by] technical definition [an] assertion by a relying party [client] that the RP [client] does NOT wish to receive a canned [pre-produced/cached] response". I think the discussion here on the list shows that your "technical definition" is not common ground here. It is NOT what I think and it is NOT what RfC2560 states. There is another definition supported by RfC2560 and some people here on the list: "A client sending a nonce expresses its wish to get a nonced response." >From my point of view this discussion showed: A) your definition is not covered in RfC2560 B) there are multiple clients out there that make use of the benefits of the definition as stated in RfC2560 C) there are multiple installations out there relying on these benefits If you want to add such a change to the definition into the current wording of RfC2560 one way or the other I think YOU are calling for OCSPv2 - as this is a major change to some/many installations out there. But I think thats the point where our discussion started :( > [...] An > environment called to task by a security auditor for sending > a canned response to a nonced request, the latter which by > technical definition is an assertion by a relying party that > the RP does NOT wish to receive a canned response, can very > easily send back any unsigned error. It's best if we at least > standardize one for interoperability if nothing else. 2) I am not against an additional error message, as long as its use is OPTIONAL for the responder and the current behaviour of the responders (sending a non-nonced response back) is allowed, too. We can readily go for a wording like this, if you need this error response urgently: "If a responder cannot process a nonce he SHALL indicate this by sending an error status "NonceNotAllowed" or by sending a response without nonce." -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93203KP026360 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 19:00:09 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h932036H026359 for ietf-pkix-bks; Thu, 2 Oct 2003 19:00:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h93202KP026353 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 19:00:02 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h931xtt04618; Thu, 2 Oct 2003 18:59:55 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: "Florian Oelmaier" <oelmaier@sytrust.com>, "'David Engberg'" <dave@corestreet.com> Cc: <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Thu, 2 Oct 2003 19:03:18 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDOEDPDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <000001c3894c$31b681b0$4228a8c0@hagen> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > From: Florian Oelmaier > > . . . > > I am not a friend of adding an error message that > adds nothing to the security of the protocol but > introduces the need for a second round-trip > into OCSPv1. As a client cannot really rely on the > error message the situation will not get better. > From a security point of view, the proposed error > message does not bring any advantage (as it can be > faked), technically it introduces the disadvantage of > having to do two requests. > > *** I therefore suggest to leave OCSPv1 as it is > (instead of making it worse) and work with Davids > extension to go in for OCSPv2. *** Florian, As I've been trying to explain, the capability for error-triggered nonce discovery is already in place. An environment called to task by a security auditor for sending a canned response to a nonced request, the latter which by technical definition is an assertion by a relying party that the RP does NOT wish to receive a canned response, can very easily send back any unsigned error. It's best if we at least standardize one for interoperability if nothing else. Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h931ILKP024690 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 18:18:21 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h931ILKd024689 for ietf-pkix-bks; Thu, 2 Oct 2003 18:18:21 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout10.sul.t-online.com (mailout10.sul.t-online.com [194.25.134.21]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h931IJKP024670 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 18:18:19 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: from fwd07.aul.t-online.de by mailout10.sul.t-online.com with smtp id 1A5EaB-0003sQ-01; Fri, 03 Oct 2003 03:18:11 +0200 Received: from hagen (EYMBDTZvoepZDIV+NhwDomOtKuFVKAxlqAOoJhHH9fyl37-VCcNRs6@[217.80.250.25]) by fmrl07.sul.t-online.com with esmtp id 1A5Ea5-1kQlge0; Fri, 3 Oct 2003 03:18:05 +0200 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Michael Myers'" <mmyers@fastq.com>, "'David Engberg'" <dave@corestreet.com> Cc: <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Fri, 3 Oct 2003 03:18:03 +0200 Organization: SyTrust Message-ID: <000001c3894c$31b681b0$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: <EOEGJNFMMIBDKGFONJJDMEDLDFAA.mmyers@fastq.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Seen: false X-ID: EYMBDTZvoepZDIV+NhwDomOtKuFVKAxlqAOoJhHH9fyl37-VCcNRs6@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > The simple fix I most recently proposed could, I believe, be > applied to RFC 2560 as it progresses from Proposed to Draft > due to the poll's consensus. Meanwhile, I strongly suspect > that the syntax and semantic changes of more sophisticated > solutions will force a version delta, a new I-D and all that > entails regarding WG, IETF and IESG ratification. That is, OCSPv2. I am not a friend of adding an error message that adds nothing to the security of the protocol but introduces the need for a second round-trip into OCSPv1. As a client cannot really rely on the error message the situation will not get better. From a security point of view, the proposed error message does not bring any advantage (as it can be faked), technically it introduces the disadvantage of having to do two requests. *** I therefore suggest to leave OCSPv1 as it is (instead of making it worse) and work with Davids extension to go in for OCSPv2. *** In the meantime (until we get OCSPv2) people can use server-generated nonces (which are compliant with the current state of RfC2560 and with all existing clients out there). -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92M5sKP016848 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 15:05:54 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92M5rrt016847 for ietf-pkix-bks; Thu, 2 Oct 2003 15:05:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92M5mKP016842 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 15:05:52 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h92M5Kt94833; Thu, 2 Oct 2003 15:05:20 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: "Frank Balluffi" <frank.balluffi@db.com>, <thayes0993@aol.com> Cc: "David Engberg" <dave@corestreet.com>, <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Thu, 2 Oct 2003 15:08:42 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDCEDPDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <OFCD7E3895.2171AD1A-ON85256DB3.007205AE@db.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > From: Frank Balluffi > > . . . > > I too like the proposal to use a flag or an > extension. Perhaps an extension could say the > equivalent of, "This is a cached response." Frank, Would you object the v1/v2 dual paths as means of getting this into place? Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92KmiKP013883 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 13:48:44 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92KmiBq013882 for ietf-pkix-bks; Thu, 2 Oct 2003 13:48:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from imr6.us.db.com (imr6.us.db.com [160.83.65.199]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92KmhKP013877 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 13:48:43 -0700 (PDT) (envelope-from frank.balluffi@db.com) Received: from sdbo1005.db.com by imr6.us.db.com id h92Km5KK016366; Thu, 2 Oct 2003 16:48:06 -0400 (EDT) Subject: RE: OCSP response pre-production To: thayes0993@aol.com Cc: "David Engberg" <dave@corestreet.com>, ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: <OFCD7E3895.2171AD1A-ON85256DB3.007205AE@db.com> From: "Frank Balluffi" <frank.balluffi@db.com> Date: Thu, 2 Oct 2003 16:48:36 -0400 X-MIMETrack: Serialize by Router on sdbo1005/DBNA/DeuBaInt/DeuBa(Release 5.0.12 |February 13, 2003) at 10/02/2003 04:48:39 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I too like the proposal to use a flag or an extension. Perhaps an extension could say the equivalent of, "This is a cached response." Frank "Terry Hayes" <thayes0993@aol.c To: "David Engberg" <dave@corestreet.com> om> cc: ietf-pkix@imc.org Sent by: Subject: RE: OCSP response pre-production owner-ietf-pkix@m ail.imc.org 10/02/2003 01:47 PM I also like this proposal. I believe that it is compatible with existing responders that use pre-produced nonces, in the sense that there aren't any changes required to allow them to continue operations. Responders that only use pre-produced responses (with no nonce) would benefit from changing their implement to add the extension. This would allow them to support the clients that implement dual-mode policy as described in this thread. As Florian has pointed out, this proposal is easier to understand than having the server generate nonces. In fact, I was going to write an email that complained about overloading the nonce field to represent this bit of information. Given this proposal, I don't have to! I also agree with Mike that we need to define an error that says that a nonce is required for this responder. This error is subject to denial-of-service attacks (since it's unsigned), but we're already exposed to that in this protocol anyway. Terry David Engberg wrote on 10/1/2003, 3:10 PM: > As an alternative, pre-generated responses could include a flag or > extension in their signed body to indicate that not only are they not > supplying a nonce with this response, but that they don't supply nonces > with any response, and if you trust that responder (via its public key > cert), then you may choose to accept the non-nonce-bearing response from > that server with this explicit flag (if that is your policy). > > This avoids the risk of someone replaying a response to you in which the > attacker chose not to supply a nonce, but you did. It allows a client > to distinguish between a server saying "Here's a response without a > nonce because you I think you didn't ask for one" and "Here's a response > without a nonce because the responder for you or your CA does not use > nonces." > > I believe the following is a valid security policy which some (most?) > clients may choose to implement as an option: > > - Send a nonce with every request > - Accept a response with a matching nonce from any trusted responder > - Accept a response with a nonceUnsupported extension from any > trusted responder > - Reject a response with no nonce and no nonceUnsupported extension > > This would allow the client to be much more usable with random public > certs (using AIA fields and delegated responder certs) in real-world > settings like secure email, etc. > -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92JNWKP011305 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 12:23:32 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92JNW55011304 for ietf-pkix-bks; Thu, 2 Oct 2003 12:23:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from the-humungus.corestreet.com ([68.162.232.130]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92JNTKP011293 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 12:23:30 -0700 (PDT) (envelope-from dave@corestreet.com) Received: from corestreet.com (engberg.corestreet.com [192.168.2.87]) by the-humungus.corestreet.com (8.12.8/8.12.8) with ESMTP id h92JNIxh026076; Thu, 2 Oct 2003 15:23:18 -0400 Message-ID: <3F7C7AF7.1040908@corestreet.com> Date: Thu, 02 Oct 2003 15:22:31 -0400 From: David Engberg <dave@corestreet.com> Organization: CoreStreet, Ltd. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Michael Myers <mmyers@fastq.com> CC: ietf-pkix@imc.org Subject: Re: OCSP response pre-production References: <EOEGJNFMMIBDKGFONJJDMEDLDFAA.mmyers@fastq.com> In-Reply-To: <EOEGJNFMMIBDKGFONJJDMEDLDFAA.mmyers@fastq.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> If adding a new top-level error code is possible in v1, and adding a new response extension to indicate nonceUnsupported (or similar solution) is only possible in v2, then this may be the best course of action. Thanks, Dave Michael Myers wrote: > Dave, > > Even if we do nothing, means currently exist for clients to > discover if a server respects nonces via error signalling. A > non-nonced response to a nonced request itself being an error in > perhaps then 11 of 12 client side implementions, including your > own. > > All along I've been trying to avoid opening the pandora's box of > OCSPv2, but I guess it's time to do so. > > The simple fix I most recently proposed could, I believe, be > applied to RFC 2560 as it progresses from Proposed to Draft due > to the poll's consensus. Meanwhile, I strongly suspect that the > syntax and semantic changes of more sophisticated solutions will > force a version delta, a new I-D and all that entails regarding > WG, IETF and IESG ratification. That is, OCSPv2. > > We have a narrow window of opportunity to fix v1 as proposed and > so stem the tide of unilateral approaches to resolving its > current ambiguity regarding the use of nonces. This way, > everybody's at least on the same page in the near term. > > I propose we do so and in parallel move on to v2. The v2 > discussions will predictably lead us into latent issues not > associated with nonces. As these things go, that will take a > while. > > Do you agree to this course of action? > > Mike > > > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92Ie2KP009671 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 11:40:02 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92Ie2pS009670 for ietf-pkix-bks; Thu, 2 Oct 2003 11:40:02 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92Ie1KP009664 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 11:40:01 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h92Idwt85708; Thu, 2 Oct 2003 11:39:58 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: "Terry Hayes" <thayes0993@aol.com>, "David Engberg" <dave@corestreet.com> Cc: <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Thu, 2 Oct 2003 11:43:22 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDIEDMDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3F7C64B2.7070507@aol.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > From: Terry Hayes > > . . . > > I also agree with Mike that we need to define an > error that says that a nonce is required for this > responder. This error is subject to > denial-of-service attacks (since it's unsigned), > but we're already exposed to that in this protocol > anyway. Actually, Terry, errors were left unsigned largely to enable edge servers to respond more effectively to a DOS flood than might an interior signing server. Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92IVHKP009200 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 11:31:17 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92IVHlT009199 for ietf-pkix-bks; Thu, 2 Oct 2003 11:31:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92IVEKP009194 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 11:31:16 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h92IVDt85343; Thu, 2 Oct 2003 11:31:13 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: "David Engberg" <dave@corestreet.com> Cc: <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Thu, 2 Oct 2003 11:34:37 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDMEDLDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3F7C5522.1030705@corestreet.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Dave, Even if we do nothing, means currently exist for clients to discover if a server respects nonces via error signalling. A non-nonced response to a nonced request itself being an error in perhaps then 11 of 12 client side implementions, including your own. All along I've been trying to avoid opening the pandora's box of OCSPv2, but I guess it's time to do so. The simple fix I most recently proposed could, I believe, be applied to RFC 2560 as it progresses from Proposed to Draft due to the poll's consensus. Meanwhile, I strongly suspect that the syntax and semantic changes of more sophisticated solutions will force a version delta, a new I-D and all that entails regarding WG, IETF and IESG ratification. That is, OCSPv2. We have a narrow window of opportunity to fix v1 as proposed and so stem the tide of unilateral approaches to resolving its current ambiguity regarding the use of nonces. This way, everybody's at least on the same page in the near term. I propose we do so and in parallel move on to v2. The v2 discussions will predictably lead us into latent issues not associated with nonces. As these things go, that will take a while. Do you agree to this course of action? Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92HlcKP006771 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 10:47:38 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92HlcjS006770 for ietf-pkix-bks; Thu, 2 Oct 2003 10:47:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from imo-m03.mx.aol.com (imo-m03.mx.aol.com [64.12.136.6]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92HlaKP006763 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 10:47:37 -0700 (PDT) (envelope-from THayes0993@aol.com) Received: from THayes0993@aol.com by imo-m03.mx.aol.com (mail_out_v36_r1.1.) id z.141.1a10d10a (16086); Thu, 2 Oct 2003 13:47:25 -0400 (EDT) Received: from pc655301.nscp.aoltw.net (h-10-169-25-113.nscp.aoltw.net [10.169.25.113]) by air-id10.mx.aol.com (v96.8) with ESMTP id MAILINID103-3ed63f7c64ac17e; Thu, 02 Oct 2003 13:47:25 -0400 Date: Thu, 2 Oct 2003 10:47:30 -0700 From: "Terry Hayes" <thayes0993@aol.com> Subject: RE: OCSP response pre-production To: "David Engberg" <dave@corestreet.com> cc: ietf-pkix@imc.org In-Reply-To: <3F7B50D9.70107@corestreet.com> Message-ID: <3F7C64B2.7070507@aol.com> References: <3F7B50D9.70107@corestreet.com> X-Mailer: AOL Communicator (20030917.2 Win) Organization: AOL MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=us-ascii X-AOL-IP: 10.169.25.113 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I also like this proposal. I believe that it is compatible with existing responders that use pre-produced nonces, in the sense that there aren't any changes required to allow them to continue operations. Responders that only use pre-produced responses (with no nonce) would benefit from changing their implement to add the extension. This would allow them to support the clients that implement dual-mode policy as described in this thread. As Florian has pointed out, this proposal is easier to understand than having the server generate nonces. In fact, I was going to write an email that complained about overloading the nonce field to represent this bit of information. Given this proposal, I don't have to! I also agree with Mike that we need to define an error that says that a nonce is required for this responder. This error is subject to denial-of-service attacks (since it's unsigned), but we're already exposed to that in this protocol anyway. Terry David Engberg wrote on 10/1/2003, 3:10 PM: > As an alternative, pre-generated responses could include a flag or > extension in their signed body to indicate that not only are they not > supplying a nonce with this response, but that they don't supply nonces > with any response, and if you trust that responder (via its public key > cert), then you may choose to accept the non-nonce-bearing response from > that server with this explicit flag (if that is your policy). > > This avoids the risk of someone replaying a response to you in which the > attacker chose not to supply a nonce, but you did. It allows a client > to distinguish between a server saying "Here's a response without a > nonce because you I think you didn't ask for one" and "Here's a response > without a nonce because the responder for you or your CA does not use > nonces." > > I believe the following is a valid security policy which some (most?) > clients may choose to implement as an option: > > - Send a nonce with every request > - Accept a response with a matching nonce from any trusted responder > - Accept a response with a nonceUnsupported extension from any > trusted responder > - Reject a response with no nonce and no nonceUnsupported extension > > This would allow the client to be much more usable with random public > certs (using AIA fields and delegated responder certs) in real-world > settings like secure email, etc. > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92H3XKP004181 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 10:03:33 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92H3Xf8004180 for ietf-pkix-bks; Thu, 2 Oct 2003 10:03:33 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92H3WKP004169 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 10:03:32 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h92H3St80803; Thu, 2 Oct 2003 10:03:28 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: "David Engberg" <dave@corestreet.com> Cc: <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Thu, 2 Oct 2003 10:06:52 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKEDJDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3F7C5522.1030705@corestreet.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Dave, I used the pop-up as an example. It could very well be a one-time configuration issue. Or, as Jean-Marc Desperrier suggested, all this hoo-hah could be a moot point when reduced to practice. In any case, specific software design features are out of scope. As you point out, caching servers today send back a non-nonced response to a nonced request because 2560 is regrettably silent on the point. 10 of 12 implementors seem to have understood the principles of nonce use anyhow. If that isn't rough consensus and running code, I don't know what is. Despite that, if this WG, its chairs and our AD wish to condone the practice of ignoring a nonce, I'd be happy to abide by that decision. Mike > -----Original Message----- > From: David Engberg [mailto:dave@corestreet.com] > Sent: Thursday, October 02, 2003 9:41 AM > To: Michael Myers > Cc: ietf-pkix@imc.org > Subject: Re: OCSP response pre-production > > > > If the only change is an error code in the unsigned > portion of the > protocol, there is no way for a client to > automatically tell that the > responder is intentionally configured to never send nonces. > > This prevents a client from choosing this > automatically-enforced > security policy: > > Require nonce from servers that support nonces. > Accept responses without nonces from trusted > responders that > securely indicate they won't ever provide a nonce. > > Like you said, a solution based only around an > unsigned error code would > require explicit user acceptance for each responder, > while the most > users don't have the faintest idea what nonces (or > OCSP for that matter) > are. The pop-up example you listed may as well be in > Latin for the > majority of users. > > If nothing changes in the spec, caching-only servers > will continue to > send back a response without a nonce. They won't > send back any error > because this is not an error under the current RFC. > > > Michael Myers wrote: > > > > > > If we don't define a nonce-specific error, it's > predictable that > > client developers will choose one of the existing 5 unsigned > > error values in order to pop up a dialog that says, > essentially, > > "You used a nonce and received an error. If you want to try > > again not using nonces, click here." > > > > It doesn't matter much which error; any one will do > in order to > > discover if nonce use is the problem. In fact if nothing > > changed I'm wondering what the server side *would* > send back? > > I've recently seen suggestions on this list for > > malFormedRequest, internalError and unauthorized. > > > > Not defining a nonce-specific error value escapes nothing. > > Clients can today enable relying parties to achieve their > > intended goals via error-triggered nonce capability > discovery. > > > > Mike > > > > > > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92Gg7KP003454 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 09:42:08 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92Gg7P2003453 for ietf-pkix-bks; Thu, 2 Oct 2003 09:42:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from the-humungus.corestreet.com ([68.162.232.130]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92Gg6KP003439 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 09:42:07 -0700 (PDT) (envelope-from dave@corestreet.com) Received: from corestreet.com (engberg.corestreet.com [192.168.2.87]) by the-humungus.corestreet.com (8.12.8/8.12.8) with ESMTP id h92Gfrxh024493; Thu, 2 Oct 2003 12:41:53 -0400 Message-ID: <3F7C5522.1030705@corestreet.com> Date: Thu, 02 Oct 2003 12:41:06 -0400 From: David Engberg <dave@corestreet.com> Organization: CoreStreet, Ltd. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Michael Myers <mmyers@fastq.com> CC: ietf-pkix@imc.org Subject: Re: OCSP response pre-production References: <EOEGJNFMMIBDKGFONJJDIEDIDFAA.mmyers@fastq.com> In-Reply-To: <EOEGJNFMMIBDKGFONJJDIEDIDFAA.mmyers@fastq.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> If the only change is an error code in the unsigned portion of the protocol, there is no way for a client to automatically tell that the responder is intentionally configured to never send nonces. This prevents a client from choosing this automatically-enforced security policy: Require nonce from servers that support nonces. Accept responses without nonces from trusted responders that securely indicate they won't ever provide a nonce. Like you said, a solution based only around an unsigned error code would require explicit user acceptance for each responder, while the most users don't have the faintest idea what nonces (or OCSP for that matter) are. The pop-up example you listed may as well be in Latin for the majority of users. If nothing changes in the spec, caching-only servers will continue to send back a response without a nonce. They won't send back any error because this is not an error under the current RFC. Michael Myers wrote: > > > If we don't define a nonce-specific error, it's predictable that > client developers will choose one of the existing 5 unsigned > error values in order to pop up a dialog that says, essentially, > "You used a nonce and received an error. If you want to try > again not using nonces, click here." > > It doesn't matter much which error; any one will do in order to > discover if nonce use is the problem. In fact if nothing > changed I'm wondering what the server side *would* send back? > I've recently seen suggestions on this list for > malFormedRequest, internalError and unauthorized. > > Not defining a nonce-specific error value escapes nothing. > Clients can today enable relying parties to achieve their > intended goals via error-triggered nonce capability discovery. > > Mike > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92GSoKP003051 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 09:28:50 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92GSo8f003050 for ietf-pkix-bks; Thu, 2 Oct 2003 09:28:50 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from hermes.cs.auckland.ac.nz (hermes.cs.aauckland.ac.nz [130.216.33.151] (may be forged)) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92GSgKP003040 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 09:28:49 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h92GSc4W022842; Fri, 3 Oct 2003 04:28:38 +1200 Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h92GU4Q23093; Fri, 3 Oct 2003 04:30:04 +1200 Date: Fri, 3 Oct 2003 04:30:04 +1200 Message-Id: <200310021630.h92GU4Q23093@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-pkix@imc.org, mmyers@fastq.com Subject: RE: OCSP response pre-production Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Michael Myers" <mmyers@fastq.com> writes: >If we don't define a nonce-specific error, it's predictable that client >developers will choose one of the existing 5 unsigned error values in order >to pop up a dialog that says, essentially, "You used a nonce and received an >error. If you want to try again not using nonces, click here." .... which the user will mentally translate to "Quadrant change in relocatable expression in subspace $CODE$" (yes, that's a real error message from HP-UX) which after another level of mental translation becomes "Go boom fall down. Click here make better". After clicking OK, everything works again (or at least something happens, either a cached response or a replay attack, but in any case the annoying warning goes away so everything's all right). Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92G1TKP001887 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 09:01:29 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92G1Tvm001886 for ietf-pkix-bks; Thu, 2 Oct 2003 09:01:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from seguridata1.seguridata.com ([200.57.34.107]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92G1SKP001879 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 09:01:28 -0700 (PDT) (envelope-from mars@seguridata.com) Received: from MarsXP ([200.67.231.235]) by seguridata1.seguridata.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 2 Oct 2003 11:02:30 -0500 From: "Miguel Rodriguez" <mars@seguridata.com> To: "'Julien Stern'" <julien.stern@cryptolog.com> Cc: <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Thu, 2 Oct 2003 11:00:22 -0500 Message-ID: <000401c388fe$4d3b2ba0$a600a8c0@seguridata.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <20031002134038.GA772@cryptolog.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal X-OriginalArrivalTime: 02 Oct 2003 16:02:30.0921 (UTC) FILETIME=[9595F790:01C388FE] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I agree with this too, the support for nonces should indicated in the signed content, either as a special flag or as Julien suggested using the nextUpdate field. I prefer any of these options over the definition of a new (unsigned) error message. Miguel A Rodriguez SeguriDATA Mexico > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > On Behalf Of Julien Stern > Sent: Thursday, October 02, 2003 8:41 AM > To: ietf-pkix@imc.org > Subject: Re: OCSP response pre-production > > > I fully agree with this too. The server has to indicate whether it > supports nonces or not INSIDE the signed content. Server generated > nonces are a way, this extension is another (hmm, well, the equivalent > of server generated nonces would be an ICanProvideANonceIfYouWish > extension, but ...). > On this other hand, I think that it is dangerous to indicate this fact > as an _unsigned_ error, as this error reply could easily be faked by an > attacker, making him think a server does not support nonces while in > fact it does. > > -- > Julien Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92FkfKP001338 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 08:46:41 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92Fkf8D001337 for ietf-pkix-bks; Thu, 2 Oct 2003 08:46:41 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92FkeKP001332 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 08:46:40 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h92Fkft77150 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 08:46:41 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Thu, 2 Oct 2003 08:50:05 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDIEDIDFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20031002134038.GA772@cryptolog.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> If we don't define a nonce-specific error, it's predictable that client developers will choose one of the existing 5 unsigned error values in order to pop up a dialog that says, essentially, "You used a nonce and received an error. If you want to try again not using nonces, click here." It doesn't matter much which error; any one will do in order to discover if nonce use is the problem. In fact if nothing changed I'm wondering what the server side *would* send back? I've recently seen suggestions on this list for malFormedRequest, internalError and unauthorized. Not defining a nonce-specific error value escapes nothing. Clients can today enable relying parties to achieve their intended goals via error-triggered nonce capability discovery. Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92Ep4KP098912 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 07:51:04 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92Ep4WR098910 for ietf-pkix-bks; Thu, 2 Oct 2003 07:51:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92Ep2KP098905 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 07:51:03 -0700 (PDT) (envelope-from nsyracus@cnri.reston.va.us) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23250; Thu, 2 Oct 2003 10:50:53 -0400 (EDT) Message-Id: <200310021450.KAA23250@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-certpathbuild-01.txt Date: Thu, 02 Oct 2003 10:50:53 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure: Certification Path Building Author(s) : M. Cooper, Y. Dzambasow et al. Filename : draft-ietf-pkix-certpathbuild-01.txt Pages : 67 Date : 2003-10-2 This document was written to provide guidance and recommendations to developers building X.509 public-key certification paths within their applications. By following the guidance and recommendations defined in this document, an application developer is more likely to develop a robust X.509 certificate enabled application that can build valid certification paths across a wide range of PKI environments. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-certpathbuild-01.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-certpathbuild-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-certpathbuild-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-10-2105942.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-certpathbuild-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-certpathbuild-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-10-2105942.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92ECnKP097729 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 07:12:49 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92ECnVL097728 for ietf-pkix-bks; Thu, 2 Oct 2003 07:12:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ns.malpani.biz (adsl-63-194-89-166.dsl.snfc21.pacbell.net [63.194.89.166]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92ECmKP097721 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 07:12:48 -0700 (PDT) (envelope-from ambarish@malpani.biz) Received: from nt1 (nt1.malpani.biz [192.168.25.13]) by ns.malpani.biz (8.12.9/8.12.9) with SMTP id h92ECe4c001409; Thu, 2 Oct 2003 07:12:40 -0700 From: "Ambarish Malpani" <ambarish@malpani.biz> To: "Jean-Marc Desperrier" <jmdesp@free.fr>, <ietf-pkix@imc.org> Subject: RE: OCSP response pre-production Date: Thu, 2 Oct 2003 07:15:41 -0700 Message-ID: <BFEMKEKPCAINGFNEOGMEEEPCCBAA.ambarish@malpani.biz> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <3F7BED88.8050304@free.fr> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I agree. A > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Jean-Marc Desperrier > Sent: Thursday, October 02, 2003 2:19 AM > To: ietf-pkix@imc.org > Subject: Re: OCSP response pre-production > > > > David Engberg wrote: > > I would prefer a signalling mechanism that does not require two > > round-trip communications to establish nonce support, > > May I say we should *NOT* aim to fullfill this ? > > If we don't, everything is easy. > > Clients that requires freshest response send a nonce, and get back an > error if it's not possible to give freshest response. > Client that don't require it, send no nonce. > > Client that would like it, but don't require it, make a round trip, and > cache the fact the server can't supply freshest response, so they do the > round trip only once. > > My opinion is : > - in real life implementations, it's not so common to both trust an OCSP > responder, and not know in advance if it can supply fresh responses or > not. Even if it's the case, there won't be so many different OCSP > responders, and it won't take long to discover they don't provide fresh > answers. > > - The global security brought by trying to get a fresh response, but > being ready to accept a non-fresh one, can hardly be said to be any > different from directly accepting a non-fresh one. If the system was > audited, I'm doubtful auditors would think it brings any real difference. > > So I don't see a reason to go such lengths to support this. > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92DehKP095797 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 06:40:43 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92Deheg095796 for ietf-pkix-bks; Thu, 2 Oct 2003 06:40:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mallaury.noc.nerim.net (smtp-104-thursday.noc.nerim.net [62.4.17.104]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92DefKP095791 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 06:40:42 -0700 (PDT) (envelope-from julien.stern@cryptolog.com) Received: from jupiter.cry.pto (cryptolog.net1.nerim.net [80.65.224.225]) by mallaury.noc.nerim.net (Postfix) with ESMTP id 42D7262DB9 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 15:40:38 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by jupiter.cry.pto (Postfix) with ESMTP id 035504305 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 15:40:39 +0200 (CEST) Received: from jupiter.cry.pto ([127.0.0.1]) by localhost (jupiter [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 09156-07 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 15:40:38 +0200 (CEST) Received: from callisto.cry.pto (callisto.cry.pto [10.0.1.4]) by jupiter.cry.pto (Postfix) with SMTP id C7027409E for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 15:40:38 +0200 (CEST) Received: by callisto.cry.pto (sSMTP sendmail emulation); Thu, 2 Oct 2003 15:40:38 +0200 From: "Julien Stern" <julien.stern@cryptolog.com> Date: Thu, 2 Oct 2003 15:40:38 +0200 To: ietf-pkix@imc.org Subject: Re: OCSP response pre-production Message-ID: <20031002134038.GA772@cryptolog.com> References: <20031002084539.2858.qmail@www16.your-server.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031002084539.2858.qmail@www16.your-server.de> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new-20030314-p2 (Debian) at cryptolog.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> On Thu, Oct 02, 2003 at 08:45:39AM -0000, Florian Oelmaier wrote: > > > As an alternative, pre-generated responses could include a flag or > > extension in their signed body to indicate that not only are they not > > supplying a nonce with this response, but that they don't supply nonces > > with any response, and if you trust that responder (via its public key > > cert), then you may choose to accept the non-nonce-bearing response from > > that server with this explicit flag (if that is your policy). > > > > This avoids the risk of someone replaying a response to you in which the > > attacker chose not to supply a nonce, but you did. It allows a client > > to distinguish between a server saying "Here's a response without a > > nonce because you I think you didn't ask for one" and "Here's a response > > without a nonce because the responder for you or your CA does not use > > nonces." > > > > I believe the following is a valid security policy which some (most?) > > clients may choose to implement as an option: > > > > - Send a nonce with every request > > - Accept a response with a matching nonce from any trusted responder > > - Accept a response with a nonceUnsupported extension from any > > trusted responder > > - Reject a response with no nonce and no nonceUnsupported extension > > > > This would allow the client to be much more usable with random public > > certs (using AIA fields and delegated responder certs) in real-world > > settings like secure email, etc. > > > > I fully agree with this. It seems to be a good idea. > > My idea of server-generated nonces is simply the other way round: If the responder wants to signal "nonceUnsupported", the response does not include a nonce, if the responder generally supports nonces it simply generates one for requests not containing one. > > From my point of view both proposals do technically the same and are fine for me. Davids "nonceUnsupported"-extension is easier to understand and more clear while server generated nonces do not need changes in clients like Juliens or mine. I am fine with both - tell me when to begin implementing. I fully agree with this too. The server has to indicate whether it supports nonces or not INSIDE the signed content. Server generated nonces are a way, this extension is another (hmm, well, the equivalent of server generated nonces would be an ICanProvideANonceIfYouWish extension, but ...). On this other hand, I think that it is dangerous to indicate this fact as an _unsigned_ error, as this error reply could easily be faked by an attacker, making him think a server does not support nonces while in fact it does. -- Julien Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92CErKP092095 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 05:14:53 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92CEr3f092094 for ietf-pkix-bks; Thu, 2 Oct 2003 05:14:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92CEqKP092085 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 05:14:52 -0700 (PDT) (envelope-from dave@corestreet.com) Received: from localhost (h005008001124.ne.client2.attbi.com[66.31.43.88]) by comcast.net (sccrmhc11) with ESMTP id <20031002121447011006slfpe>; Thu, 2 Oct 2003 12:14:47 +0000 Received: from localhost ([127.0.0.1] helo=corestreet.com ident=dave) by localhost with esmtp (Exim 3.35 #1 (Debian)) id 1A52Os-0008Qd-00; Thu, 02 Oct 2003 08:17:42 -0400 Message-ID: <3F7C1765.7060706@corestreet.com> Date: Thu, 02 Oct 2003 08:17:41 -0400 From: David Engberg <dave@corestreet.com> Organization: CoreStreet User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jean-Marc Desperrier <jmdesp@free.fr> CC: ietf-pkix@imc.org Subject: Re: OCSP response pre-production References: <3F7B50D9.70107@corestreet.com> <3F7BED88.8050304@free.fr> In-Reply-To: <3F7BED88.8050304@free.fr> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Jean-Marc Desperrier wrote: > Clients that requires freshest response send a nonce, and get back an > error if it's not possible to give freshest response. > Client that don't require it, send no nonce. > > Client that would like it, but don't require it, make a round trip, and > cache the fact the server can't supply freshest response, so they do the > round trip only once. I could live with a two-trip solution as an alternative as long as the error is contained in a signed message which can be pre-generated for that responder. If the error is in the unsigned portion of the protocol, a client can't really tell a nonceUnsupported server from an attacker on the network, which means its only realistic option is to reject the response and quit. An extra round-trip communication is unfortunate, but not a show-stopper if it conveys some other fundamental advantage that I'm missing. > - in real life implementations, it's not so common to both trust an OCSP > responder, and not know in advance if it can supply fresh responses or > not. Even if it's the case, there won't be so many different OCSP > responders, and it won't take long to discover they don't provide fresh > answers. You may be only thinking of closed internal PKIs with one or two CAs and hard-coded clients. I'm thinking of the broader case where I may want to accept signed emails from everyone that chains or bridges to one of my trusted roots. I may accept signed emails from employees of Acme Novelties because their CA chains to a Verisign root, and their AIA OCSP responder was properly delegated by their CA (OCSP Signing). I certainly have no idea whether Acme's responder keys are online (nonce-supporting) or off (nonceUnsupported) before my first request, even though I'm prepared to accept whichever security policy the CA chooses. I think it is a valid and secure _option_ for a client to say "accept the revocation security policies chosen by trusted CAs and/or responders." If a CA only publishes CRLs every 24 hours, its OCSP infrastructure should be able to signal to interested clients that they shouldn't waste everyone's time and CPU cycles by sending nonces just to get "fresh" views of the same cached CRL. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h92BhuKP090756 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 04:43:56 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h92Bht8f090755 for ietf-pkix-bks; Thu, 2 Oct 2003 04:43:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from www16.your-server.de (IDENT:qmailr@www16.your-server.de [213.133.104.16]) by above.proper.com (8.12.9/8.12.8) with SMTP id h92BhrKP090749 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 04:43:54 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: (qmail 4129 invoked by uid 1649); 2 Oct 2003 11:43:54 -0000 Date: 2 Oct 2003 11:43:54 -0000 Message-ID: <20031002114354.4124.qmail@www16.your-server.de> From: "Florian Oelmaier" <oelmaier@sytrust.com> To: Jean-Marc Desperrier <jmdesp@free.fr>, ietf-pkix@imc.org Subject: Re: OCSP response pre-production References: <> In-Reply-To: <> X-Mailer: oMail 0.98.2 - http://webmail.omnis.ch X-IPAddress: 195.212.95.34 X-Sender: oelmaier@sytrust.de MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > David Engberg wrote: > > I would prefer a signalling mechanism that does not require two > > round-trip communications to establish nonce support, > > May I say we should *NOT* aim to fullfill this ? Seeing that it is rather easy to do it (as shown in both proposals), I would vote for fullfilling this requirement. > My opinion is : > - in real life implementations, it's not so common to both trust an OCSP > responder, and not know in advance if it can supply fresh responses or > not. A lot of clients use AIA to find the OCSP-URL and use the OCSP-signing certificate extension to trust the OCSP Responder. The case of contacting an "unknown" OCSP-Responder will even become more important the more PKIs we find our there. > - The global security brought by trying to get a fresh response, but > being ready to accept a non-fresh one, can hardly be said to be any > different from directly accepting a non-fresh one. If the system was > audited, I'm doubtful auditors would think it brings any real difference. With our proposals this depends on the responder. If your responder supports nonces, the described client WILL use it. If your responder does not, the client will not. The client will NOT accept a nonce-less response from a responder being able to support nonces. Thus an auditor will see a real difference regarding certificates from some CAs - as for certain CAs a client will not accept nonce-less OCSP responses. This is a very common thing for every auditor out there: having CAs with different trust levels. Additionally when an OCSP client (for example an SCVP server) detects multiple paths for a given certificate, the "freshness" of a validation may be used in a policy to establish a certain "trust level". -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h929JBKP085091 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 02:19:11 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h929JBcg085090 for ietf-pkix-bks; Thu, 2 Oct 2003 02:19:11 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-ft4.fr.colt.net (smtp-ft4.fr.colt.net [213.41.78.203]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h929J9KP085082 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 02:19:09 -0700 (PDT) (envelope-from jmdesp@free.fr) Received: from free.fr (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft4.fr.colt.net with ESMTP id h929J4m31340 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 11:19:04 +0200 Message-ID: <3F7BED88.8050304@free.fr> Date: Thu, 02 Oct 2003 11:19:04 +0200 From: Jean-Marc Desperrier <jmdesp@free.fr> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030811 X-Accept-Language: en, fr, en-us, ja MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: OCSP response pre-production References: <3F7B50D9.70107@corestreet.com> In-Reply-To: <3F7B50D9.70107@corestreet.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David Engberg wrote: > I would prefer a signalling mechanism that does not require two > round-trip communications to establish nonce support, May I say we should *NOT* aim to fullfill this ? If we don't, everything is easy. Clients that requires freshest response send a nonce, and get back an error if it's not possible to give freshest response. Client that don't require it, send no nonce. Client that would like it, but don't require it, make a round trip, and cache the fact the server can't supply freshest response, so they do the round trip only once. My opinion is : - in real life implementations, it's not so common to both trust an OCSP responder, and not know in advance if it can supply fresh responses or not. Even if it's the case, there won't be so many different OCSP responders, and it won't take long to discover they don't provide fresh answers. - The global security brought by trying to get a fresh response, but being ready to accept a non-fresh one, can hardly be said to be any different from directly accepting a non-fresh one. If the system was audited, I'm doubtful auditors would think it brings any real difference. So I don't see a reason to go such lengths to support this. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h928jkKP083946 for <ietf-pkix-bks@above.proper.com>; Thu, 2 Oct 2003 01:45:46 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h928jkDh083945 for ietf-pkix-bks; Thu, 2 Oct 2003 01:45:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from www16.your-server.de (IDENT:qmailr@www16.your-server.de [213.133.104.16]) by above.proper.com (8.12.9/8.12.8) with SMTP id h928jiKP083939 for <ietf-pkix@imc.org>; Thu, 2 Oct 2003 01:45:45 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: (qmail 2863 invoked by uid 1649); 2 Oct 2003 08:45:39 -0000 Date: 2 Oct 2003 08:45:39 -0000 Message-ID: <20031002084539.2858.qmail@www16.your-server.de> From: "Florian Oelmaier" <oelmaier@sytrust.com> To: David Engberg <dave@corestreet.com>, ietf-pkix@imc.org Subject: RE: OCSP response pre-production References: <> In-Reply-To: <> X-Mailer: oMail 0.98.2 - http://webmail.omnis.ch X-IPAddress: 195.212.95.34 X-Sender: oelmaier@sytrust.de MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > As an alternative, pre-generated responses could include a flag or > extension in their signed body to indicate that not only are they not > supplying a nonce with this response, but that they don't supply nonces > with any response, and if you trust that responder (via its public key > cert), then you may choose to accept the non-nonce-bearing response from > that server with this explicit flag (if that is your policy). > > This avoids the risk of someone replaying a response to you in which the > attacker chose not to supply a nonce, but you did. It allows a client > to distinguish between a server saying "Here's a response without a > nonce because you I think you didn't ask for one" and "Here's a response > without a nonce because the responder for you or your CA does not use > nonces." > > I believe the following is a valid security policy which some (most?) > clients may choose to implement as an option: > > - Send a nonce with every request > - Accept a response with a matching nonce from any trusted responder > - Accept a response with a nonceUnsupported extension from any > trusted responder > - Reject a response with no nonce and no nonceUnsupported extension > > This would allow the client to be much more usable with random public > certs (using AIA fields and delegated responder certs) in real-world > settings like secure email, etc. > I fully agree with this. It seems to be a good idea. My idea of server-generated nonces is simply the other way round: If the responder wants to signal "nonceUnsupported", the response does not include a nonce, if the responder generally supports nonces it simply generates one for requests not containing one. >From my point of view both proposals do technically the same and are fine for me. Davids "nonceUnsupported"-extension is easier to understand and more clear while server generated nonces do not need changes in clients like Juliens or mine. I am fine with both - tell me when to begin implementing. -- Florian Oelmaier SyTrust Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91MfDKP005941 for <ietf-pkix-bks@above.proper.com>; Wed, 1 Oct 2003 15:41:13 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h91MfDAv005940 for ietf-pkix-bks; Wed, 1 Oct 2003 15:41:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91MfBKP005926 for <ietf-pkix@imc.org>; Wed, 1 Oct 2003 15:41:11 -0700 (PDT) (envelope-from oelmaier@sytrust.com) Received: from fwd05.aul.t-online.de by mailout09.sul.t-online.com with smtp id 1A4peg-0006wo-01; Thu, 02 Oct 2003 00:41:10 +0200 Received: from hagen (Gz8XoYZGge0sjG-RlpFCGvum9-FlcgMRfdqIsIcp3+T0Eu5kD1smZU@[217.80.248.249]) by fmrl05.sul.t-online.com with esmtp id 1A4pef-0ItyRU0; Thu, 2 Oct 2003 00:41:09 +0200 From: "Florian Oelmaier" <oelmaier@sytrust.com> To: "'Michael Myers'" <mmyers@fastq.com> Cc: <ietf-pkix@imc.org> Subject: RE: SUMMARY of nonces in OCSP Date: Thu, 2 Oct 2003 00:41:07 +0200 Organization: SyTrust Message-ID: <000001c3886d$1ae84bb0$4228a8c0@hagen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: <EOEGJNFMMIBDKGFONJJDGEDADFAA.mmyers@fastq.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Seen: false X-ID: Gz8XoYZGge0sjG-RlpFCGvum9-FlcgMRfdqIsIcp3+T0Eu5kD1smZU@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael, can you please explain to me why we need 3 and 4? Both requirements seem to be fulfilled rather fine in the current state of RfC2560: the responder simply sends back a response without nonce. What is the problem with the current solution to this problem? -- Florian Oelmaier SyTrust PS: While our software is not broken by the proposed language due to good configurability, I cannot guarantee for all installations. > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Michael Myers > Sent: Wednesday, October 01, 2003 7:20 PM > To: ietf-pkix@imc.org > Subject: SUMMARY of nonces in OCSP > > > > All, > > Towards consensus on a path forward, here's where we are with > the poll and recent discussions: > > 1. Nonces break caching. No news there. > > 2. Of the eleven responding implementors to the poll > regarding normative language in 2560 on the use of nonces, > nine are not broken by the proposed language while two rely > on a caching. > > 3. We need to define an error value specific to a > responder's inability to accept a nonce. > > 4. Closely related to #3, we need some means of signalling > between a requestor and a responder in order for the > requestor to determine if use of a nonce would be accepted. > > Anyone disagree? > > Below is the specific list of respondents to poll. Did I > miss anybody? > > > NOT BROKEN > ---------- > Marius Marian, Politenico di Torino > Ryan Hurst, Microsoft > Yasir Khan, Ascertia > Miguel Rodriguez, SeguriDATA > Peter Gutman, (doing what Peter does) > Eric Wertz, RSA > Florian Oelmaier, SyTrust > Terry Hayes, Netscape > Stephen Henson, OpenSSL > > > BROKEN DUE TO CACHING > --------------------- > Alex Deacon, VeriSign > David Engberg, CoreStreet > > > Mike > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91MBPKP004582 for <ietf-pkix-bks@above.proper.com>; Wed, 1 Oct 2003 15:11:25 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h91MBPAG004581 for ietf-pkix-bks; Wed, 1 Oct 2003 15:11:25 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from the-humungus.corestreet.com ([68.162.232.130]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91MBMKP004569 for <ietf-pkix@imc.org>; Wed, 1 Oct 2003 15:11:23 -0700 (PDT) (envelope-from dave@corestreet.com) Received: from corestreet.com (engberg.corestreet.com [192.168.2.87]) by the-humungus.corestreet.com (8.12.8/8.12.8) with ESMTP id h91MBIxh015703 for <ietf-pkix@imc.org>; Wed, 1 Oct 2003 18:11:19 -0400 Message-ID: <3F7B50D9.70107@corestreet.com> Date: Wed, 01 Oct 2003 18:10:33 -0400 From: David Engberg <dave@corestreet.com> Organization: CoreStreet, Ltd. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: RE: OCSP response pre-production Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I agree with the general idea of having an unambiguous way for a responder to indicate that it will not provide nonces in responses. I think it may be unnecessarily restrictive to say that every client must automatically reject a response without a nonce, but that would not directly impact our software either way. I would prefer a signalling mechanism that does not require two round-trip communications to establish nonce support, and that does not add any significant size to the body of pre-generated responses to indicate that they don't have nonces in them (which is evident). Michael's initial proposal (below) could work, but has the two issues of requiring two round-trips for negotiation and returning the "unsupported" message in the unsigned portion of the body rather than in the signed body. I also would prefer to remove the last sentence of the semantics or at least tone it down as unnecessarily focused on one hypothetical risk above all others (e.g. remote server key compromise). > SYNTAX: Expand v1 OCSPResponseStatus syntax to > include (7) noncesNotAccepted. > > > SEMANTICS: Responders SHOULD respond back with the > requestor's nonce but if can't then SHALL > respond with an error message of the value > noncesNotAccepted. > > Requestors SHALL reject signed responses > that fail to incorporate a supplied nonce. > > Upon receipt of noncesNotRequired, requestors > MAY retry the request without using a nonce. > Requestors are STRONGLY ADVISED that doing > so MAY subject them to additional risk. As an alternative, pre-generated responses could include a flag or extension in their signed body to indicate that not only are they not supplying a nonce with this response, but that they don't supply nonces with any response, and if you trust that responder (via its public key cert), then you may choose to accept the non-nonce-bearing response from that server with this explicit flag (if that is your policy). This avoids the risk of someone replaying a response to you in which the attacker chose not to supply a nonce, but you did. It allows a client to distinguish between a server saying "Here's a response without a nonce because you I think you didn't ask for one" and "Here's a response without a nonce because the responder for you or your CA does not use nonces." I believe the following is a valid security policy which some (most?) clients may choose to implement as an option: - Send a nonce with every request - Accept a response with a matching nonce from any trusted responder - Accept a response with a nonceUnsupported extension from any trusted responder - Reject a response with no nonce and no nonceUnsupported extension This would allow the client to be much more usable with random public certs (using AIA fields and delegated responder certs) in real-world settings like secure email, etc. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91LlDKP003771 for <ietf-pkix-bks@above.proper.com>; Wed, 1 Oct 2003 14:47:13 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h91LlDBw003770 for ietf-pkix-bks; Wed, 1 Oct 2003 14:47:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail2.microsoft.com (mail2.microsoft.com [131.107.3.124]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91LlCKP003764 for <ietf-pkix@imc.org>; Wed, 1 Oct 2003 14:47:12 -0700 (PDT) (envelope-from rmh@windows.microsoft.com) Received: from mail6.microsoft.com ([157.54.6.196]) by mail2.microsoft.com with Microsoft SMTPSVC(6.0.3790.1041); Wed, 1 Oct 2003 14:47:12 -0700 Received: from inet-vrs-06.redmond.corp.microsoft.com ([157.54.6.181]) by mail6.microsoft.com with Microsoft SMTPSVC(6.0.3790.1060); Wed, 1 Oct 2003 14:47:09 -0700 Received: from 157.54.8.109 by inet-vrs-06.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 01 Oct 2003 14:47:08 -0700 Received: from RED-IMC-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 1 Oct 2003 14:47:08 -0700 Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by RED-IMC-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 1 Oct 2003 14:47:08 -0700 Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Wed, 1 Oct 2003 14:47:08 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: SUMMARY of nonces in OCSP Date: Wed, 1 Oct 2003 14:47:00 -0700 Message-ID: <DDE1793D7266AD488BB4F5E8D38EACB8031F9EEB@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: SUMMARY of nonces in OCSP thread-index: AcOIUxd46xR/qml8RRKclvwrZDkDYAAEl5QA From: "Ryan M. Hurst" <rmh@windows.microsoft.com> To: "Michael Myers" <mmyers@fastq.com>, <ietf-pkix@imc.org> X-OriginalArrivalTime: 01 Oct 2003 21:47:08.0065 (UTC) FILETIME=[8FB60110:01C38865] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h91LlCKP003766 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> In-line -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Michael Myers Sent: Wednesday, October 01, 2003 10:20 AM To: ietf-pkix@imc.org Subject: SUMMARY of nonces in OCSP All, Towards consensus on a path forward, here's where we are with the poll and recent discussions: 1. Nonces break caching. No news there. [rmh] Yup. 2. Of the eleven responding implementors to the poll regarding normative language in 2560 on the use of nonces, nine are not broken by the proposed language while two rely on a caching. [rmh] Yup. 3. We need to define an error value specific to a responder's inability to accept a nonce. [rmh] not sure we need this, I am OK with internalError, notAuthorized or a new error but preferably I as a client want a response because I want to decide if I care; that's what our client will be doing. 4. Closely related to #3, we need some means of signalling between a requestor and a responder in order for the requestor to determine if use of a nonce would be accepted. [rmh] I don't care about this, this assumes a server controls the clients which doesn't seem to be realistic. Anyone disagree? Below is the specific list of respondents to poll. Did I miss anybody? NOT BROKEN ---------- Marius Marian, Politenico di Torino Ryan Hurst, Microsoft Yasir Khan, Ascertia Miguel Rodriguez, SeguriDATA Peter Gutman, (doing what Peter does) Eric Wertz, RSA Florian Oelmaier, SyTrust Terry Hayes, Netscape Stephen Henson, OpenSSL BROKEN DUE TO CACHING --------------------- Alex Deacon, VeriSign David Engberg, CoreStreet Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91JvnKP098932 for <ietf-pkix-bks@above.proper.com>; Wed, 1 Oct 2003 12:57:49 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h91Jvn0u098930 for ietf-pkix-bks; Wed, 1 Oct 2003 12:57:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from e6.ny.us.ibm.com (e6.ny.us.ibm.com [32.97.182.106]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91JvfKP098922 for <ietf-pkix@imc.org>; Wed, 1 Oct 2003 12:57:47 -0700 (PDT) (envelope-from tgindin@us.ibm.com) Received: from northrelay04.pok.ibm.com (northrelay04.pok.ibm.com [9.56.224.206]) by e6.ny.us.ibm.com (8.12.10/8.12.2) with ESMTP id h91JvVsb288654; Wed, 1 Oct 2003 15:57:31 -0400 Received: from d01ml062.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by northrelay04.pok.ibm.com (8.12.9/NCO/VER6.6) with ESMTP id h91JvUQX209880; Wed, 1 Oct 2003 15:57:30 -0400 To: "Michael Myers" <mmyers@fastq.com> Cc: ietf-pkix@imc.org MIME-Version: 1.0 Subject: Nonce encoding (was RE: OCSP response pre-production) X-Mailer: Lotus Notes Release 5.0.11 July 24, 2002 From: Tom Gindin <tgindin@us.ibm.com> Message-ID: <OFDE582967.29FE0D9A-ON85256DB2.006D4F36-85256DB2.006D92B7@us.ibm.com> Date: Wed, 1 Oct 2003 15:56:56 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 6.0.2CF2 JHEG5P4HSL JBONL5L8FGD MIAS5MHLYW|August 26, 2003) at 10/01/2003 15:57:30, Serialize complete at 10/01/2003 15:57:30 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> As far as I can tell, there is no explicit definition of the syntax of the nonce in RFC 2560. If the syntax is actually OCTET STRING, we might be able to extend it as follows: CHOICE { requiredInResp OCTET STRING, optionalInResp [1] EXPLICIT OCTET STRING } which might not break existing code. Or it could be CHOICE { original OCTET STRING, -- undefined as to mandatory vs. optional in response. requiredInResp [0] EXPLICIT OCTET STRING, optionalInResp [1] EXPLICIT OCTET STRING } Tom Gindin "Michael Myers" <mmyers@fastq.com> Sent by: owner-ietf-pkix@mail.imc.org 09/26/2003 06:25 PM To: "Deacon, Alex" <alex@verisign.com>, <ietf-pkix@imc.org> cc: Subject: RE: OCSP response pre-production Alex, I will, once I get them all integrated. Given the volume of today's discussions, that will likely be sometime early next week. Mike > -----Original Message----- > From: Deacon, Alex [mailto:alex@verisign.com] > Sent: Friday, September 26, 2003 3:13 PM > To: 'Michael Myers'; Deacon, Alex; ietf-pkix@imc.org > Subject: RE: OCSP response pre-production > > > > Mike, > > As there has been some suggested changes to the text, > can you post the most > recent wording to get everyone back on the same page? > > Thanks > Alex > > > > -----Original Message----- > > From: Michael Myers [mailto:mmyers@fastq.com] > > Sent: Friday, September 26, 2003 2:35 PM > > To: Deacon, Alex; ietf-pkix@imc.org > > Subject: RE: OCSP response pre-production > > > > > > Alex, > > > > I'm willing to discuss client-side "nonce > capability discovery" > > via this mechanism but it's clearly a v2 proposition. > > Meanwhile, we're working to clarify what we meant > in v1 when we > > defined nonces in the first place. The poll > clearly establishes > > a nearly unanimous consensus that the common > understanding in > > place at the time found its way into running code > in all but, to > > date, one case. I propose we proceed on this basis. > > > > Mike > > > > > > > > > > > -----Original Message----- > > > From: Deacon, Alex [mailto:alex@verisign.com] > > > Sent: Friday, September 26, 2003 2:09 PM > > > To: 'Ryan M. Hurst'; Paul Hoffman / IMC; Michael > > > Myers; David Engberg; > > > oelmaier@sytrust.com; Ambarish Malpani; ietf-pkix@imc.org > > > Cc: Russ Housley; Stephen Kent; Tim Polk > > > Subject: RE: OCSP response pre-production > > > > > > > > > > > > This summary assumes that the OCSP responder has > > > control of the OCSP clients. This may not be the > > > case, especially when responding to OCSP requests > > > for certs issued from SSL CA's (i.e. every flavor > > > of browser/ocsp client on earth). As I stated in > > > my response to Russ, the responder could reject a > > > request with a nonce, but why not reply with a > > > request without a nonce, and let the client decided > > > if it wants to accept or reject it. If a client > > > requires that the nonce in the result, the result > > > is the same, the response is rejected. > > > > > > Alex > > > > > > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91HSnKP093522 for <ietf-pkix-bks@above.proper.com>; Wed, 1 Oct 2003 10:28:49 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h91HSnO9093521 for ietf-pkix-bks; Wed, 1 Oct 2003 10:28:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91HSmKP093516 for <ietf-pkix@imc.org>; Wed, 1 Oct 2003 10:28:48 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h91HSnt21737; Wed, 1 Oct 2003 10:28:49 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: <ietf-pkix@imc.org> Cc: "Ambarish Malpani" <ambarish@malpani.biz> Subject: RE: SUMMARY of nonces in OCSP Date: Wed, 1 Oct 2003 10:32:14 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDMEDADFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <EOEGJNFMMIBDKGFONJJDGEDADFAA.mmyers@fastq.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Oops. I missed Ambarish and Valicert as NOT BROKEN. Sorry, Ambarish. > -----Original Message----- > From: Michael Myers [mailto:mmyers@fastq.com] > Sent: Wednesday, October 01, 2003 10:20 AM > To: ietf-pkix@imc.org > Subject: SUMMARY of nonces in OCSP > > > All, > > Towards consensus on a path forward, here's where we > are with the poll and recent discussions: > > 1. Nonces break caching. No news there. > > 2. Of the eleven responding implementors to the poll > regarding normative language in 2560 on the use of > nonces, nine are not broken by the proposed language > while two rely on a caching. > > 3. We need to define an error value specific to a > responder's inability to accept a nonce. > > 4. Closely related to #3, we need some means of > signalling between a requestor and a responder in > order for the requestor to determine if use of a > nonce would be accepted. > > Anyone disagree? > > Below is the specific list of respondents to poll. > Did I miss anybody? > > > NOT BROKEN > ---------- > Marius Marian, Politenico di Torino > Ryan Hurst, Microsoft > Yasir Khan, Ascertia > Miguel Rodriguez, SeguriDATA > Peter Gutman, (doing what Peter does) > Eric Wertz, RSA > Florian Oelmaier, SyTrust > Terry Hayes, Netscape > Stephen Henson, OpenSSL > > > BROKEN DUE TO CACHING > --------------------- > Alex Deacon, VeriSign > David Engberg, CoreStreet > > > Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91HGkKP092872 for <ietf-pkix-bks@above.proper.com>; Wed, 1 Oct 2003 10:16:46 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h91HGjd7092871 for ietf-pkix-bks; Wed, 1 Oct 2003 10:16:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h91HGiKP092864 for <ietf-pkix@imc.org>; Wed, 1 Oct 2003 10:16:44 -0700 (PDT) (envelope-from mmyers@fastq.com) Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id h91HGjt21168 for <ietf-pkix@imc.org>; Wed, 1 Oct 2003 10:16:45 -0700 (MST) (envelope-from mmyers@fastq.com) From: "Michael Myers" <mmyers@fastq.com> To: <ietf-pkix@imc.org> Subject: SUMMARY of nonces in OCSP Date: Wed, 1 Oct 2003 10:20:11 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDGEDADFAA.mmyers@fastq.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3F73E16C.5080602@polito.it> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All, Towards consensus on a path forward, here's where we are with the poll and recent discussions: 1. Nonces break caching. No news there. 2. Of the eleven responding implementors to the poll regarding normative language in 2560 on the use of nonces, nine are not broken by the proposed language while two rely on a caching. 3. We need to define an error value specific to a responder's inability to accept a nonce. 4. Closely related to #3, we need some means of signalling between a requestor and a responder in order for the requestor to determine if use of a nonce would be accepted. Anyone disagree? Below is the specific list of respondents to poll. Did I miss anybody? NOT BROKEN ---------- Marius Marian, Politenico di Torino Ryan Hurst, Microsoft Yasir Khan, Ascertia Miguel Rodriguez, SeguriDATA Peter Gutman, (doing what Peter does) Eric Wertz, RSA Florian Oelmaier, SyTrust Terry Hayes, Netscape Stephen Henson, OpenSSL BROKEN DUE TO CACHING --------------------- Alex Deacon, VeriSign David Engberg, CoreStreet Mike Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h918rxKP074405 for <ietf-pkix-bks@above.proper.com>; Wed, 1 Oct 2003 01:53:59 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h918rxPI074404 for ietf-pkix-bks; Wed, 1 Oct 2003 01:53:59 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from fw.chttl.com.tw (gate.chttl.com.tw [202.39.157.254]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h918roKP074380 for <ietf-pkix@imc.org>; Wed, 1 Oct 2003 01:53:56 -0700 (PDT) (envelope-from wcwang@cht.com.tw) Received: from ms7.chttl.com.tw (ms7 [10.144.2.117]) by fw.chttl.com.tw (8.12.9/8.12.9) with ESMTP id h918rWnJ009593; Wed, 1 Oct 2003 16:53:32 +0800 Received: (from root@localhost) by ms7.chttl.com.tw (8.12.3/8.12.1) id h918rV51000740; Wed, 1 Oct 2003 16:53:31 +0800 Received: from wcwang ([10.144.133.79]) by ms7.chttl.com.tw (8.12.3/8.12.1) with SMTP id h918rRPU000619; Wed, 1 Oct 2003 16:53:31 +0800 Message-ID: <00d301c387f9$547e36b0$4f85900a@wcwang> From: "Wen-Cheng Wang" <wcwang@cht.com.tw> To: "Faisal Maqsood" <faisal.maqsood@ascertia.com>, <ietf-pkix@imc.org> References: <001801c3875b$970ed050$9c00a8c0@ascertia.com.pk> Subject: Re: Self-Issued certificate requirements? Date: Wed, 1 Oct 2003 16:52:20 +0800 MIME-Version: 1.0 X-scanner: scanned by Inflex 1.0.10 - (http://pldaniels.com/inflex/) Content-Type: multipart/alternative; boundary="----=_NextPart_000_00D0_01C3883C.61144700" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_00D0_01C3883C.61144700 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Faisal, According to the X.509 standard 4th edition, there are three types of = self-issued certificate: a) self-signed certificate (a special case of self-issued = certificates) b) self-issued end certificate c) self-issued intermediate certificate (Please refer to section 8.1.5 of the X.509 standard 4th edition.) The definifion of self-issued certificate in RFC 3280 is not aligned = with its definition in the X.509 standard. The so-called self-issued certificates in RFC 3280 are = mostly of type c) in the X.509 standard. IMHO, currently both X.509 standard and PKIX have no = clear definition for the format and the handling of self-issued certificates = of type b). For self-issued certificates of type c), I believe that the requirement = is hidden in steps (k) and (n) of section 6.1.4 of RFC 3280 as: (k) Verify that the certificate is a CA certificate (as specified in a basicConstraints extension or as verified out-of-band). (n) If a key usage extension is present, verify that the keyCertSign bit is set. Note that rules (k) and (n) apply to all intermediate certificates even = if they are self-issued. My interpretations to these two rule are: For a v3 intermediate certificate (self-issued or not), it should = contain a basicConstraints extension with cA=3DTRUE. For a v1 intermediate certificate (self-issued or not), = the RP need an out-of-band method to make sure that it is a CA certificate. For a v3 intermediate certificate (self-issued or not), it should = contain a keyUsage extension with keyCertSign bit asserted. For a v1 intermediate certificate = (self-issued or not), there is no need to check the key usage but the RP must make sure that it is a CA = certificate. Regards, Wen-Cheng Wang ----- Original Message -----=20 From: Faisal Maqsood=20 To: ietf-pkix@imc.org=20 Sent: Tuesday, September 30, 2003 10:03 PM Subject: Self-Issued certificate requirements? Hi All, RFC-3280 defines Self Signed certificate as: "A certificate is self-issued if the DNs that appear in the subject = and issuer fields are identical and are not empty." There might be two condition for self-issued certificate: 1.. Version-1 certificate and has not any extension.=20 2.. Version-3 certificate with set of extension/s. For version-1 it is clear but are there any extra required things for = version-3 self-issued certificates? I mean for self-issued certificate is there any requirement that it = Must be a CA certificate? I mean BasicConstraints =3D ?, Path Length =3D ?, KeyUsage =3D ? etc. Regards, FAISAL MAQSOOD ------=_NextPart_000_00D0_01C3883C.61144700 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dwindows-1252"><BASE=20 href=3D"file://F:\___Faisal-Data-Priv\Email Signature\"> <META content=3D"MSHTML 6.00.2800.1170" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3D新細明體>Faisal,</FONT></DIV> <DIV><FONT face=3D新細明體></FONT> </DIV> <DIV><FONT face=3D新細明體>According to the = X.509 standard 4th edition, there are=20 three types of self-issued certificate:</FONT></DIV> <DIV><FONT face=3D新細明體> a) self-signed = certificate (a special case of=20 self-issued certificates)</FONT></DIV> <DIV><FONT face=3D新細明體> b) self-issued = end certificate</FONT></DIV> <DIV><FONT face=3D新細明體> c) self-issued = intermediate certificate</FONT></DIV> <DIV><FONT face=3D新細明體></FONT> </DIV> <DIV><FONT face=3D新細明體>(Please refer to = section 8.1.5 of the X.509 standard 4th=20 edition.)</FONT></DIV> <DIV><FONT face=3D新細明體></FONT> </DIV> <DIV><FONT face=3D新細明體>The definifion of = self-issued certificate in RFC 3280 is=20 not aligned with its definition in the</FONT></DIV> <DIV><FONT face=3D新細明體>X.509 standard. The = so-called self-issued certificates in=20 RFC 3280 are mostly of type c) in</FONT></DIV> <DIV><FONT face=3D新細明體>the X.509 = standard.</FONT> <FONT = face=3D新細明體>IMHO,=20 currently both X.509 standard and PKIX have no clear</FONT></DIV> <DIV><FONT face=3D新細明體>definition for the = format and the handling of self-issued=20 certificates of type b).</FONT></DIV> <DIV><FONT face=3D新細明體></FONT> </DIV> <DIV><FONT face=3D新細明體>For self-issued = </FONT><FONT face=3D新細明體>certificates of = type=20 c), I believe that the requirement is hidden in steps</FONT></DIV> <DIV><FONT face=3D新細明體>(k) and (n) of = section </FONT><FONT face=3D新細明體>6.1.4 of = RFC=20 3280 as:</FONT></DIV> <DIV><FONT face=3D新細明體></FONT> </DIV> <DIV><FONT face=3D新細明體> = (k) Verify that the certificate is a CA=20 certificate (as = specified<BR> in=20 a basicConstraints extension or as verified out-of-band).</FONT></DIV> <DIV><FONT face=3D新細明體></FONT> </DIV> <DIV><FONT face=3D新細明體> (n) If a = key usage extension is present, verify=20 that the<BR> keyCertSign = bit is=20 set.</FONT></DIV> <DIV><FONT face=3D新細明體></FONT> </DIV> <DIV><FONT face=3D新細明體>Note that rules (k) = and (n) apply to all intermediate=20 certificates even if they are self-issued.</FONT></DIV> <DIV><FONT face=3D新細明體></FONT> </DIV> <DIV><FONT face=3D新細明體>My interpretations to = these two rule are:</FONT></DIV> <DIV><FONT face=3D新細明體></FONT> </DIV> <DIV><FONT face=3D新細明體>For a v3 intermediate = certificate (self-issued or not), it=20 should contain a basicConstraints extension</FONT></DIV> <DIV><FONT face=3D新細明體>with cA=3DTRUE. For a = v1 intermediate certificate=20 (self-issued or not), the RP need an out-of-band</FONT></DIV> <DIV><FONT face=3D新細明體>method to make sure = that it is a CA=20 certificate.</FONT></DIV> <DIV><FONT face=3D新細明體></FONT> </DIV> <DIV><FONT face=3D新細明體> <DIV><FONT face=3D新細明體>For a v3 intermediate = certificate (self-issued or not), it=20 should contain a keyUsage extension</FONT></DIV> <DIV><FONT face=3D新細明體>with keyCertSign bit = asserted. For a v1 intermediate=20 certificate (self-issued or not), there is no</FONT></DIV> <DIV><FONT face=3D新細明體>need to check the key = usage but the RP must make=20 </FONT><FONT face=3D新細明體>sure that it is a = CA certificate.</FONT></DIV> <DIV> </DIV> <DIV>Regards,</DIV> <DIV>Wen-Cheng Wang</DIV></FONT></DIV> <DIV><FONT face=3D新細明體 = size=3D2></FONT> </DIV> <BLOCKQUOTE dir=3Dltr=20 style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style=3D"FONT: 10pt 新細明體">----- = Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt = 新細明體; font-color: black"><B>From:</B>=20 <A title=3Dfaisal.maqsood@ascertia.com=20 href=3D"mailto:faisal.maqsood@ascertia.com">Faisal Maqsood</A> </DIV> <DIV style=3D"FONT: 10pt 新細明體"><B>To:</B> = <A title=3Dietf-pkix@imc.org=20 href=3D"mailto:ietf-pkix@imc.org">ietf-pkix@imc.org</A> </DIV> <DIV style=3D"FONT: 10pt = 新細明體"><B>Sent:</B> Tuesday, September 30, = 2003 10:03=20 PM</DIV> <DIV style=3D"FONT: 10pt = 新細明體"><B>Subject:</B> Self-Issued = certificate=20 requirements?</DIV> <DIV><BR></DIV> <DIV>Hi All,</DIV> <DIV> </DIV> <DIV>RFC-3280 defines Self Signed certificate as:</DIV> <DIV>"<EM>A certificate is self-issued if the DNs that appear in the = subject=20 and issuer fields are identical and are not empty.</EM>"</DIV> <DIV> </DIV> <DIV>There might be two condition for self-issued certificate:</DIV> <OL> <LI>Version-1 certificate and has not any extension.=20 <LI>Version-3 certificate with set of extension/s.</LI></OL> <DIV>For version-1 it is clear but are there any extra required things = for=20 version-3 self-issued certificates?</DIV> <DIV>I mean for self-issued certificate is there any requirement that=20 it Must be a CA certificate?</DIV> <DIV>I mean BasicConstraints =3D ?, Path Length =3D ?, KeyUsage =3D ? = etc.</DIV> <DIV> </DIV> <DIV>Regards,</DIV> <DIV>FAISAL MAQSOOD</DIV> <DIV> </DIV></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_00D0_01C3883C.61144700-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h918q5KP074340 for <ietf-pkix-bks@above.proper.com>; Wed, 1 Oct 2003 01:52:05 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h918q5qi074339 for ietf-pkix-bks; Wed, 1 Oct 2003 01:52:05 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from tessla.levonline.com (ns3.levonline.com [217.70.32.4]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h918q2KP074330 for <ietf-pkix@imc.org>; Wed, 1 Oct 2003 01:52:03 -0700 (PDT) (envelope-from lars.johansson@omegapoint.se) Received: from localhost (localhost [[UNIX: localhost]]) by tessla.levonline.com (8.11.6/8.11.6) id h918q4525945; Wed, 1 Oct 2003 10:52:04 +0200 Message-Id: <200310010852.h918q4525945@tessla.levonline.com> Content-Transfer-Encoding: 8bit Date: Wed, 01 Oct 2003 10:52:04 +0300 User-Agent: IMHO/0.98.3 (Webmail for Roxen) Subject: Re: Self-Issued certificate =?windows-1252?q?requirements=3F?= From: Lars Johansson <lars.johansson@omegapoint.se> Content-Type: text/plain; charset=windows-1252 X-Originating-IP: [137.61.234.225] MIME-Version: 1.0 To: Faisal Maqsood <faisal.maqsood@ascertia.com> In-Reply-To: <001801c3875b$970ed050$9c00a8c0@ascertia.com.pk> Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Faisal, According to RFC 2510, chapter 3.2.5, self-signed certificates should be constructed with the following requirements: " The fields within this certificate are restricted as follows: - The certificate MUST be self-signed (i.e., the signature must be verifiable using the SubjectPublicKeyInfo field); - The subject and issuer fields MUST be identical; - If the subject field is NULL then both subjectAltNames and issuerAltNames extensions MUST be present and have exactly the same value; - The values of all other extensions must be suitable for a self- signed certificate (e.g., key identifiers for subject and issuer must be the same). " That's all I've been able to find. Regards /Lars _________________________________________________ Lars Johansson | Consultant lars.johansson@omegapoint.se | www.omegapoint.se phone +46 70-915 88 40 | fax +46 8-517 008 29 Omegapoint AB, Stockholm, Sweden ------------------- > Hi All, > > RFC-3280 defines Self Signed certificate as: > "A certificate is self-issued if the DNs that appear in the subject and issuer fields are identical and are not empty." > > There might be two condition for self-issued certificate: > 1.. Version-1 certificate and has not any extension. > 2.. Version-3 certificate with set of extension/s. > For version-1 it is clear but are there any extra required things for version-3 self-issued certificates? > I mean for self-issued certificate is there any requirement that it Must be a CA certificate? > I mean BasicConstraints = ?, Path Length = ?, KeyUsage = ? etc. > > Regards, > FAISAL MAQSOOD > >
- Web-PKI Keygen/Certreq Questions Anders Rundgren
- Re: Web-PKI Keygen/Certreq Questions Stephen Kent
- Re: Web-PKI Keygen/Certreq Questions Jean-Marc Desperrier
- Re: Web-PKI Keygen/Certreq Questions Stephen Kent
- Re: Web-PKI Keygen/Certreq Questions Anders Rundgren
- RE: Web-PKI Keygen/Certreq Questions Pierre Heuze
- Re: Web-PKI Keygen/Certreq Questions Anders Rundgren
- Re: Web-PKI Keygen/Certreq Questions Anders Rundgren
- Re: Web-PKI Keygen/Certreq Questions David P. Kemp
- RE: Web-PKI Keygen/Certreq Questions James Jing
- RE: Web-PKI Keygen/Certreq Questions Peter Gutmann
- Re: Web-PKI Keygen/Certreq Questions Jean-Marc Desperrier
- Re: Web-PKI Keygen/Certreq Questions Peter Gutmann
- Re: Web-PKI Keygen/Certreq Questions Jean-Marc Desperrier