Re: [pkix] Next edition of X.509
Peter Bowen <pzbowen@gmail.com> Sat, 23 January 2016 23:58 UTC
Return-Path: <pzbowen@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E88A1B2C1A for <pkix@ietfa.amsl.com>; Sat, 23 Jan 2016 15:58:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GpXuvJ4X0rsq for <pkix@ietfa.amsl.com>; Sat, 23 Jan 2016 15:58:39 -0800 (PST)
Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE3461B2C18 for <pkix@ietf.org>; Sat, 23 Jan 2016 15:58:38 -0800 (PST)
Received: by mail-pf0-x230.google.com with SMTP id e65so62054186pfe.0 for <pkix@ietf.org>; Sat, 23 Jan 2016 15:58:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Ld4exxsvAmwAxaqeiDEFRGedtRW1TVeodhdV8YY0FpI=; b=q5KXy+2/7G/7je8Boe7vFXdLYVUyNQ/LZUUOdOysDqGY0JN1zrccWWUmxxzvlbWCEn 2GsXSUpHBa5JyT1kGkv0LhP9i1oF5e1qvjJulU+F2ivQjmvJ0stI7ExF/3eRBQqHmpy4 OyluWW0zzlagMIxw4xqm2yc4f+CHcmWowi1Pt5rrw/Sb+Kcldc7SrFnW/LIK1/Zd4x1k Q27fSclWnZqA6gNQ6hePatrM5D0bEjZXIsXisc90g6FWOay468cYBIJi5LfTS69fPp5s QlzoVmca64/CWaEYSgOQt6/cVUC/cmO5QoDNGTlWhtCr+Q6Iq9G+YHml9Nmb+S6o2R2b ciVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Ld4exxsvAmwAxaqeiDEFRGedtRW1TVeodhdV8YY0FpI=; b=T8eN6fM71uSafhH/Q/20CdzRCvn9I9IwtrLQKAxE1DJ772VXdE8zlq2H+uC/XpcnU4 mHen+3iihHWUblC350IkcQ47F9MZg2ukdrAn4SXeGJIctKXFPNETTCi6BOQniBR9X9Gz GNeHu5i20mXfwBFmE6w9cxCoDk5H6s6DJVQaMG81lKsr8FYfMqxXnKtsBygVOE1XOQFJ WAdOEoByIXoncdQZbzHbsMHZw7FEY1aDrIFqnX/xV1OFPiSfcfrcx5xFegafZT87Jv/6 j64+qCnwpfoM6XLoBzyQWgPih+NwA2ISNsrjAC9JwAJNrrrDr9fkimxf3VjsZX33JtjI iIGw==
X-Gm-Message-State: AG10YOSBoj4o9yBfdW97HXjf3vD2o+skv/JvK7AdKaPMk493py3UrJTf8phXCXDFn4Io4zG9Adip0Opt/zfCjw==
MIME-Version: 1.0
X-Received: by 10.98.80.135 with SMTP id g7mr15149914pfj.132.1453593518646; Sat, 23 Jan 2016 15:58:38 -0800 (PST)
Received: by 10.66.142.193 with HTTP; Sat, 23 Jan 2016 15:58:38 -0800 (PST)
In-Reply-To: <052101d15636$aecdca40$0c695ec0$@gmail.com>
References: <000001d130da$b05884d0$11098e70$@x500.eu> <5665633F.7070906@cs.tcd.ie> <000401d130e3$bdf08120$39d18360$@x500.eu> <CAK6vND_=4it-HdN=igWeSsb9Qx2LjastBaJCa-TpObaBuYjNXQ@mail.gmail.com> <000001d155c7$98b64530$ca22cf90$@x500.eu> <CAK6vND8AEeW0iF85guerFa-oj==MMMSLdU7fArBihQkGWmxhTw@mail.gmail.com> <56A3B913.3030506@comcast.net> <CAK6vND-Fs=SiFTUJmtXsKPNgenwBFCEb=4oVxQ8zxdG4kttOjA@mail.gmail.com> <052101d15636$aecdca40$0c695ec0$@gmail.com>
Date: Sat, 23 Jan 2016 15:58:38 -0800
Message-ID: <CAK6vND_Yr8+cVF-Y_L203XAAn0DeVn7ww18Np-K++4njqEeUTg@mail.gmail.com>
From: Peter Bowen <pzbowen@gmail.com>
To: Santosh Chokhani <santosh.chokhani@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/mPMaOuvqPZBsV6fiyuaS_JKDmcA>
Cc: "<pkix@ietf.org>" <pkix@ietf.org>
Subject: Re: [pkix] Next edition of X.509
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jan 2016 23:58:43 -0000
On Sat, Jan 23, 2016 at 3:34 PM, Santosh Chokhani <santosh.chokhani@gmail.com> wrote: > From security viewpoint I am sympathetic to what Peter says. If we roll > back the clock constraining the path for EKU is a superior approach and COTS > use it. > > But, rather putting this onus on X.509, should this not be done in RFC 5280 > prior to or in conjunction with X.509 revisions? RFC 5280 states that it profiles X.509. Until it is clear that using EKU in the way I described in covered by X.509, it is not possible to have a strict profile (e.g. PKIX) include it in the profile. The topic of using EKU for constraints has been raised previously on PKIX, and during that discussion it was said: "If there is such a strong belief that the extension should be interpreted in a manner similar to the way that certificatePolicies are processed, why hasn't a proposal been made to change X.509 to specify these semantics?" Since Erik was so kind as to make the offer to take comments on X.509 in preparation for a new revision, I figured I would take the opportunity to make the proposal as suggested. > -----Original Message----- > From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of Peter Bowen > Sent: Saturday, January 23, 2016 12:40 PM > To: Michael StJohns <mstjohns@comcast.net> > Cc: <pkix@ietf.org> <pkix@ietf.org> > Subject: Re: [pkix] Next edition of X.509 > > On Sat, Jan 23, 2016 at 9:32 AM, Michael StJohns <mstjohns@comcast.net> > wrote: >> On 1/23/2016 7:44 AM, Peter Bowen wrote: >>> >>> In 8.2.2.4, replace the first sentence with: >>> >>> The presence of this extension in an end-entity certificate indicates >>> one or more purposes for which the certified public key may be used, >>> in addition to, or in place of the basic purposes indicated in the >>> key usage extension field. The presence of this extension in a >>> certificate issued by one CA to another CA constrains the key >>> purposes in subsequent certificates in a certification path. >>> >>> If there is support for this addition, then additions will also be >>> needed in section 10 to include key purposes in the input, output, >>> and processing. >>> >>> Thanks, >>> Peter >> >> >> As a general concept, backwards compatibility is a good idea. As is > having >> end systems all get the same results when presented with the same data. > I >> don't think the above approach accomplishes this. > > I probably should have pointed out that I'm not trying to dream up something > new here. Microsoft, OpenSSL, and Mozilla all have implemented this and are > compatible with each other's certificate path processing libraries, at least > in this respect. As I understand it, this use of the EKU extension has been > widely deployed for more than a decade. However it is not clear that anyone > has ever proposed it to be included as part of the X.509 standard. > > The lack of standardization or recognition in X.509 and PKIX has led to many > disagreements over whether it is valid. My hope is that this revision of > X.509 might be able to at least clarify that it is not invalid to use EKU in > the manner that it is currently used by these systems. > >> Instead of overloading the current meaning of ExtendedKeyUsage, I >> would strongly recommend creating another extension, new OID with >> similar syntax, but the new semantics. This also gives you the >> opportunity to turn on the "critical" bit (maybe "bits" if you have >> some extended usages that you care about always and others that you > don't). >> >> Alternately (and possibly the best choice), place the OIDs in the >> CertificatePolicy extension as constraints on the key usage bits. You >> can use the same EKU oids, but their presence in the certificate >> policy then becomes a constraint on subordinate certificates and you >> can describe exactly how that works. (See my post script for a couple >> of ways of doing this). >> >> In your above comment I would avoid the language "in addition to, or in >> place of" and use one or the other. If you leave the language in, then > you >> need additional language which describes how to determine which rules >> in the situation where the ExtendedKeyUsage meanings are disjoint with >> the KeyUsage meanings. (E.g. "If there is an ExtendedKeyUsage purpose >> that would normally imply a required KeyUsage bit (for example a >> "SignSpecialValidationCACertificate" implies that the "keyCertSign" >> bit should be on), but that bit is not set, then the relying party >> shall consider the certificate signing of all but certificates with a >> profile consistent with the extended key usage OID invalid). >> >> If it takes a human (as opposed to a computer) to understand - >> consistently >> - what's meant by what's included in the certificate, then we're not >> doing it right. Figuring out whether the relying party needs to do an >> "OR" ("or in place of") or an "AND" ("in addition to") between >> KeyUsage bits and ExtendedKeyUsage OIDs meanings (or some combination >> thereof) is already painful. >> >> >> Mike >> >> >> ps - >> Possibility 1 (not exactly how Policies are supposed to work, but): Grab > a >> new oid and call it id-ce-extended-keyusage-policy. Stick the >> ExtendedKeyUsage values as "PolicyQualifierInfo.policyQualifierId"s. >> Have the PolicyQualifierInfo.qualifier be an ENUM of { allowed, >> required, prohibited }. Define a specific algorithm for determining > acceptance. >> >> Possibility 2: Each EKU OID becomes a new policy. Add a >> policyQualifierId of id-qt-acceptance-enum with a qualifier as above >> {allowed, required, prohibited}. Each EKU OID has one policy >> qualifier info of this type. This is probably cleaner as it requires >> each subordinate certificate to have a specific EKU expression for each > EKU policy in the parent. >> >> >> >> >> >> >>> >>> On Sat, Jan 23, 2016 at 2:19 AM, Erik Andersen <era@x500.eu> wrote: >>>> >>>> Hi Peter, >>>> >>>> I would like to explore whether there is support for such an >>>> addition to X.509. Could I have your comments please? >>>> >>>> Regards, >>>> >>>> Erik >>>> >>>> -----Oprindelig meddelelse----- >>>> Fra: Peter Bowen [mailto:pzbowen@gmail.com] >>>> Sendt: 23 January 2016 02:50 >>>> Til: Erik Andersen <era@x500.eu> >>>> Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>; Directory list >>>> <x500standard@freelists.org>; PKIX <pkix@ietf.org>; WG15@iectc57.org >>>> Emne: Re: [pkix] Next edition of X.509 >>>> >>>> Erik, >>>> >>>> While I'm sure this is a contentious proposal, I would proposal that >>>> X.509 add language allowing usage of Extended Key Usage for >>>> constraints, joining certificate policies, name constraints, basic > constraints, etc. >>>> Many widely deployed certificate path validation libraries already >>>> implement this even though it is unclear at best whether such is >>>> compliant with X.509 (10/2012). >>>> >>>> Thanks, >>>> Peter >>>> >>>> On Mon, Dec 7, 2015 at 3:38 AM, Erik Andersen <era@x500.eu> wrote: >>>>> >>>>> Hi Stephen, >>>>> >>>>> I will collect any comment on any list. The goal is to get the best >>>>> technical specification. >>>>> >>>>> Regards, >>>>> >>>>> Erik >>>>> >>>>> -----Oprindelig meddelelse----- >>>>> Fra: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] >>>>> Sendt: 07 December 2015 11:45 >>>>> Til: Erik Andersen <era@x500.eu>; Directory list >>>>> <x500standard@freelists.org>; PKIX <pkix@ietf.org> >>>>> Cc: WG15@iectc57.org >>>>> Emne: Re: [pkix] Next edition of X.509 >>>>> >>>>> >>>>> Thank you Erik! Do I understand correctly that comments from this >>>>> list that you get before February are useful and that sending >>>>> comments to the pkix list works well enough for you? >>>>> >>>>> If so, great, and I'd ask folks who care about RFC5280 or other >>>>> PKIX RFCs to please review this to check for any glitches that >>>>> might affect interop should new code be written based on the ISO >>>>> doc. I'm sure other comments are also welcome, >>>>> >>>>> Cheers, >>>>> S. >>>>> >>>>> On 07/12/15 10:33, Erik Andersen wrote: >>>>>> >>>>>> In preparation for the next edition of X.509 (the 2016 edition), I >>>>>> have forwarded to the ISO/IEC JTC1/SC6 two documents for three >>>>>> months >>>>>> ballots: >>>>>> >>>>>> >>>>>> >>>>>> These two documents may be found as: >>>>>> >>>>>> >>>>>> >>>>>> 1. >>>>>> http://www.x500standard.com/uploads/extensions/x509-pdam-amd2.pdf, >>>>>> which is the 3rd PDAM text for an amendment to X.509. >>>>>> >>>>>> 2. http://www.x500standard.com/uploads/dtc/X509-Ed7-Cor2.pdf, >>>>>> which a >>>>>> second draft technical corrigendum. This technical corrigendum is >>>>>> based on a set of defects reports, which include the justification >>>>>> for the changes. The Defect reports may be found on >>>>>> http://www.x500standard.com/index.php?n=Ig.DefectReports. >>>>>> >>>>>> >>>>>> >>>>>> An early corrigendum has been approved within ISO and ITU-T and >>>>>> may be found >>>>>> as: http://www.x500standard.com/uploads/dtc/X509-Ed7-Cor1.pdf. >>>>>> >>>>>> >>>>>> >>>>>> These three documents together with the seventh edition will >>>>>> provide the input to the next edition of X.509. The different >>>>>> X.recommendations, including X.509, may be found at >>>>>> http://www.itu.int/rec/T-REC-X/e. This edition of X.509 is freely >>>>>> available in the PDF version. >>>>>> >>>>>> >>>>>> >>>>>> Those involved in ISO/IEC JTC1/SC6 can, of course, submit ballot >>>>>> comments on the two documents out for ballot. Others, which may >>>>>> have comments on the these document, may post them on the lists >>>>>> and after consolidation and consensus, they may be issued as ITU-T > comments. >>>>>> >>>>>> >>>>>> >>>>>> It is important to check whether any of the suggested changes >>>>>> affects running codes. If that is a case, it is a mistake. >>>>>> >>>>>> >>>>>> >>>>>> The intension behind the changes has been: >>>>>> >>>>>> 1. A better separation between public-key certificates and >>>>>> attribute >>>>>> certificates. >>>>>> >>>>>> 2. Use of a consistent terminology. >>>>>> >>>>>> 3. Use of a consistent editing style in accordance with the > ITU-T >>>>>> editing guidelines.. >>>>>> >>>>>> 4. A new PKI component called trust broker assists a relying >>>>>> party >>>>>> validating a public-key certificate is included. >>>>>> >>>>>> 5. IEC TC57 WG15 has identified a requirement for a feature > first >>>>>> called whitelist but now the term is authorization and validation >>>>>> list is used. A proposal for such a feature is included in the >>>>>> amendment. >>>>>> >>>>>> The main goal has been to position X.509 for new challenges, such >>>>>> smart grid security and security for Internet of Things with >>>>>> battery driven devices, very short messages (can we put a 257 >>>>>> octets signature on a few octets message?) , short reaction time >>>>>> requirements, many millions of entities, etc. This is all very >>>>>> different from Web-based systems. >>>>>> >>>>>> Kind regards, >>>>>> >>>>>> Erik >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> pkix mailing list >>>>>> pkix@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/pkix >>>>>> >>>>> _______________________________________________ >>>>> pkix mailing list >>>>> pkix@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/pkix >>> >>> _______________________________________________ >>> pkix mailing list >>> pkix@ietf.org >>> https://www.ietf.org/mailman/listinfo/pkix >> >> >> _______________________________________________ >> pkix mailing list >> pkix@ietf.org >> https://www.ietf.org/mailman/listinfo/pkix > > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix >
- [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Michael StJohns
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Santosh Chokhani
- Re: [pkix] Next edition of X.509 Erwann Abalea
- Re: [pkix] Next edition of X.509 Santosh Chokhani
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Erwann Abalea
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Santosh Chokhani
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Martin Rex
- Re: [pkix] Next edition of X.509 Wei Chuang
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Jeffrey Walton
- Re: [pkix] Next edition of X.509 Erwann Abalea