IETF Logo Mail Archive

Re: [pkix] fyi: Sovereign Keys: an EFF proposal for more secure TLS authentication

Ben Laurie <ben@links.org> Wed, 14 December 2011 23:04 UTC

Return-Path: <benlaurie@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44C3F21F8BBE for <pkix@ietfa.amsl.com>; Wed, 14 Dec 2011 15:04:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wR2CWwWctj6m for <pkix@ietfa.amsl.com>; Wed, 14 Dec 2011 15:04:09 -0800 (PST)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 4A91C21F8BBD for <pkix@ietf.org>; Wed, 14 Dec 2011 15:04:09 -0800 (PST)
Received: by vbbfo1 with SMTP id fo1so38105vbb.31 for <pkix@ietf.org>; Wed, 14 Dec 2011 15:04:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=RT2uGLy0fgU/wyONpNZSP4Gg0TvBDjOXQrgRONnKF3Q=; b=ACyPwW9SoyWvnL07L0sl4SIHRaNOftJXvN+d1LGl9hdr9w5a1ALnYCIu7H+Y9QSS+R QR9NPy/yvE588bTtqDJk11p4R/BulIa1VK1QBCsG5/OTG2u0QeOaEGD15R3Mk4dl2Bwt MclmDThMAyJ1C9o5fdAhztQSszskEouqdBNOc=
MIME-Version: 1.0
Received: by 10.52.33.239 with SMTP id u15mr794786vdi.49.1323903848714; Wed, 14 Dec 2011 15:04:08 -0800 (PST)
Sender: benlaurie@gmail.com
Received: by 10.52.167.227 with HTTP; Wed, 14 Dec 2011 15:04:08 -0800 (PST)
In-Reply-To: <201112142223.25219.rob.stradling@comodo.com>
References: <CAL9PXLzvhCwDcwtR-UT2sf9WXG8g6cBD0P8teHDFhQaPdptX-w@mail.gmail.com> <201112141021.12649.rob.stradling@comodo.com> <CAL9PXLxYKKdOphHUu0bq6Wq86HxQu7g2oqSrgSyz2zbMP6YLxQ@mail.gmail.com> <201112142223.25219.rob.stradling@comodo.com>
Date: Wed, 14 Dec 2011 23:04:08 +0000
X-Google-Sender-Auth: -3I4sSCtUzRV4Zv0sFmcz3RYGPE
Message-ID: <CAG5KPzxxTJ=dKGCyO6Gz9VvNtrZNrPCGnED8CsnvepJQxjtw6w@mail.gmail.com>
From: Ben Laurie <ben@links.org>
To: Rob Stradling <rob.stradling@comodo.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: pkix@ietf.org
Subject: Re: [pkix] fyi: Sovereign Keys: an EFF proposal for more secure TLS authentication
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2011 23:04:10 -0000

On Wed, Dec 14, 2011 at 10:23 PM, Rob Stradling
<rob.stradling@comodo.com> wrote:
> On Wednesday 14 Dec 2011 17:04:06 Adam Langley wrote:
>> On Wed, Dec 14, 2011 at 5:21 AM, Rob Stradling <rob.stradling@comodo.com>
> wrote:
>> > I've thought of a couple of other ways of wedging the data into the TLS
>> > handshake, although these methods would require more collaboration from
>> > the CAs than you've thus far intended to require (or perhaps expected).
>>
>> Absolutely, putting the audit proof inside the TBSCertificate would be
>> nice and clean. But, while I've no doubt that a CA, such as
>> yourselves, would have no problem handling that, I do fear that
>> getting every CA to implement might be a struggle. Not to mention
>> dealing with folks who have an intermediate CA.
>>
>> Because of this, wedging the data in afterward, while technically
>> obnoxious, is much easier to deploy, assuming that we can get the
>> client compatibility.
>
> How about getting CT to support both approaches (TBSCertificate and "wedging
> the data in afterward") ?
>
> If the TBSCertificate method has better client compatibility, CAs will want to
> support it.  But for those CAs that struggle to support it, "wedging the data
> in afterward" would work well enough for many customers.
>
>> (I also promise to leave extension space for others if we end up using some
>> trick!)
>
> Sounds useful, but I'm not sure what you mean.  (Are you saying what I just
> wrote above, perhaps?)
>
>> Thanks to your hint, I've confirmed that Android < 2.2 rejects
>> certificate chains with superfluous certificates.
>
> Glad to help.
>
>> Thankfully, we can typically wait a while in order to get rid of phones
>
> Huh?  Not sure I follow you.  (Are you saying that people tend to replace
> their phones more often than their desktops/laptops/netbooks, so we don't need
> to support legacy phone OSes/browsers for as long as legacy
> desktop/laptop/netbook browsers?)
>
>> but I'm also taking a look at other ways in which to squeeze the data. My
>> current attempt is running at https://fenton.imperialviolet.org which works
>> on everything that I've tried so far.
>
> I can't see any squeezed data using "openssl s_client -connect
> fenton.imperialviolet.org:443".  Where should I be looking?

Parameters on the signature algorithm :-)

>
>> Of course, none of this is a replacement for a wide scale test on
>> google.com, but that'll have to wait until next year.
>>
>>
>> Cheers
>>
>> AGL
>
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix

v2.46.0 | Report a Bug | By Email | System Status