IETF Logo Mail Archive

Re: [pkix] [Technical Errata Reported] RFC5280 (6414)

Rob Stradling <rob@sectigo.com> Thu, 28 January 2021 16:27 UTC

Return-Path: <rob@sectigo.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A7E83A1614 for <pkix@ietfa.amsl.com>; Thu, 28 Jan 2021 08:27:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.089
X-Spam-Level:
X-Spam-Status: No, score=-2.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sectigo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xo4ZDq0aa-ql for <pkix@ietfa.amsl.com>; Thu, 28 Jan 2021 08:27:24 -0800 (PST)
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam08on2075.outbound.protection.outlook.com [40.107.102.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23F543A1613 for <pkix@ietf.org>; Thu, 28 Jan 2021 08:27:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lm1Izo0pJT7Mf3SkKGLM14cpmW0aY5qrOr8LLAlZTPL5CDd0kdlCeuM2ljT1eAY4ef0rcuFQl0NYHcp7g5uGc0xbcg6tIk+mfOB44YVaFOKzbePpd2hXbQvv9OrMzqkH+LS+Bd5QARu5PpP/7Q6SExIxuSXwxja4a51DnViBjI1hq6Ncj0TGnWvukTMUgdtGa6HdKU5oVYSgnlGHINIH2hqwLt4E2dKTsivzvwYZK7aigWjdDvabkp73LKbLXJz1NARGd6Ue2NBRg7IHTrmnMfW/4eWRdQZjDgfBKopFpCGEx2eehbRcUPIQTtDbRHVxwgpNdLexyNWR8/8zDoBWVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J8F+1hQwdPtiEugBBQqVhscfccLxjp7O1jTBJBhYBQ8=; b=OQg6GXCvQEyTUL2W+qbV8hGiNH2L0hkpbCCvEqsdva2Wub1EzUFyZR5Qp3hTan6yrhSVF08Gn1Ado9+/LS07PKSYmLK/VZRu3nxqI1D7HjkyCy6i4PlDwKX4cpbs+5MDcF7FwxReq//i32hdL9gDQqvUkAwJlIOlSO3OPrJ9Vz+3QEQsXh3Rq27V27n1KXSxwwDevKS6fJAnYqS0/JXWS1EUB+Dc3RFxcgZLxjJuH2+8ykSyGwzNKdnxQQnE3rxN/0AKPutDVteYtLV2+N1KUCVqtf3t3hklpxJhZ/clHZpWv2IOw53IuG/JomQV/PLCvCYcqNglXHuH/NIYyQ5JDQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sectigo.com; dmarc=pass action=none header.from=sectigo.com; dkim=pass header.d=sectigo.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sectigo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J8F+1hQwdPtiEugBBQqVhscfccLxjp7O1jTBJBhYBQ8=; b=NFw3Rd1D2cXEh0d611GloTUCM/BCqWvgzJidyEm3+zyDFrsxd8BxYF+V1VycGNO6gmFp8sf6/Pr2oirZu3386VNbwHlqFWu+PFk/mkEDCPwMVq1lqUB8PPtLxu66BC1IXSdD4TfgbZasZoxumRmvJHk4QTwVt0qD8e+34ZahXwE=
Received: from MW3PR17MB4122.namprd17.prod.outlook.com (2603:10b6:303:44::15) by MWHPR17MB1648.namprd17.prod.outlook.com (2603:10b6:300:d3::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.17; Thu, 28 Jan 2021 16:27:21 +0000
Received: from MW3PR17MB4122.namprd17.prod.outlook.com ([fe80::b57c:efe8:a784:534c]) by MW3PR17MB4122.namprd17.prod.outlook.com ([fe80::b57c:efe8:a784:534c%7]) with mapi id 15.20.3805.019; Thu, 28 Jan 2021 16:27:21 +0000
From: Rob Stradling <rob@sectigo.com>
To: Russ Housley <housley@vigilsec.com>
CC: "Roman D. Danyliw" <rdd@cert.org>, Ben Kaduk <kaduk@mit.edu>, Stephen Kent <kent@bbn.com>, IETF PKIX <pkix@ietf.org>, Stefan Santesson <stefan@aaa-sec.com>, David Cooper <david.cooper@nist.gov>, "wpolk@nist.gov" <wpolk@nist.gov>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [Technical Errata Reported] RFC5280 (6414)
Thread-Index: AQHW9Yx3wI8XQ5en1Ue9Uza14jKQg6o9NDYAgAAAQK+AAALggIAAAHb+
Date: Thu, 28 Jan 2021 16:27:21 +0000
Message-ID: <MW3PR17MB412259BEBBCC54B30D86DFC5AABA9@MW3PR17MB4122.namprd17.prod.outlook.com>
References: <20210128154420.4B40EF40715@rfc-editor.org> <B9FCFEBF-78B0-4C82-9902-67D4E832C0C7@vigilsec.com> <MW3PR17MB41222702CF6B9D8440B468D3AABA9@MW3PR17MB4122.namprd17.prod.outlook.com>, <A077CE9B-35E3-4FF2-BA3A-213122D59843@vigilsec.com>
In-Reply-To: <A077CE9B-35E3-4FF2-BA3A-213122D59843@vigilsec.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=sectigo.com;
x-originating-ip: [146.198.249.196]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 82e9ca1b-34f5-4333-a8c9-08d8c3a9966d
x-ms-traffictypediagnostic: MWHPR17MB1648:
x-microsoft-antispam-prvs: <MWHPR17MB164837DF9FD06325BD8CF3ADAABA9@MWHPR17MB1648.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6108;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: q6VbsNrD1lzHD5/dE/09sDqoZkAcYm1ueI2IcLR0+NRHwvoYb3nT/wrywwJhIcs00vqW9IOpjI72tSv0okxrObS3O7+U4xsZ6k76QkM1e6lME4mrGaMxfnvYAvnkRs6kKP+SzyTABILvkBijaslh/jdomCvF9J94vutp11NY++o2+rKEJTrNn30rDCr1XfVNGM+r2+J3UvbTdJv1jiXR43ZI1lWqVMEpkPpiu2eQ36cqrArtTeZXPOE/Z3ksRSRqE9a56275R+lsJHQIu5Q1ALpDEbedZ4/C0Lg80sJ1Vp04L8dLBqgfcwWhx1j9/8nvFfIjKBch+7TdZM9XI/LBeQ3K4Ony1cDweBW0emQ31ReNJ1bRtA2WWb6FZ2U/+82pIlZgTieqgh40H+pCF/CdcbBzIImHp+pK0tMKbLOJD0QTSuxMeQa4pfbCNFhHrIie09YS3C6OMgRxisPZ/hdPohJuBHet0yFhBixihIsaKnIGIbMSVf1mXqj8esY0swER2jnMTKc/cZ1figpshUg6P8ncOLDp48gqjLIDl0dRIM44m6G/bo30CMtxBpJHM8xPHpmgljHk3x0TidZWjSmwdpBc1tJ2nj1/omFdFa4VzOY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW3PR17MB4122.namprd17.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(376002)(346002)(39860400002)(366004)(6506007)(26005)(55236004)(5660300002)(7696005)(316002)(966005)(52536014)(186003)(2906002)(4326008)(55016002)(19627405001)(9686003)(33656002)(45080400002)(166002)(83380400001)(76116006)(64756008)(66476007)(54906003)(8936002)(53546011)(71200400001)(6916009)(478600001)(86362001)(66556008)(8676002)(66946007)(66574015)(91956017)(66446008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: nt0h2PdgYBtHQTVcWlbuGtrexLEoW4BX9lGiD0FCVWPqRgEQnmCwtn4vJqQi23rFGxJEJoTUxOnT3GkVuzsRk8NIywz36m1F8SfqrSI6FfLDRmwohBGi9y4CmfazRUsx0ZYmvFycJPfc0vHCGoFY0WowrhFNMmvDuH2Wq5c4mcEfhFLG4LhJq2/bjH+wIlKudTT5xzpdpJAdtw4Zm40/6o870pLPlnd6qszEA5wXLQo4K+hyyz5/6rt0UTIAJcWfcT6ic9WZcZuWpfaoC4oJRKYbknFwyEpZ8IFgq0Yzfy6kuL4yq06f547zDpPgCfQe6H0KTMrUb/5XEThvxQoZvvDrozpA/pmpeRZ5xf7rFMemPQB/kubz5O3MnLZg9SGboidUvWNQiwiXs8L/dyr7IK3og3AJ65AY1jRHTz+bI3SkPgkFKu51wtU+7670+0EI5YDCIMmNMf+Ei6w/X6FPmef2LG2qZBhp0tFLoCvR0DuoZmTgov40Kb6kRShDMdBr6WyTnxxhL/mo2xLmo5xh4iIQBG/t7rNEiSjEYa98SbihEvqjdNfXMvhTEsPYe3qrqy6r8XvpNY/v+BC4Z8OgC9vpTzHGENT6f05OnU70iGYpBr3kczRcywroWh2mQD1R6EP1H+Ojxfwph8wARhUswSJd7YPHqJJ9H30icjIYbIguhrY3T0ppiBnojAn6PJSkxhgXMvUV7hOvoX8w3gPWWyTn5W/cOQqZP8jfKqsnewBU2AarYg9SX0oYTpGCAtC1ynegcEvNsSIFmyt7P7BfVe7KebziltrBPx8SL6Y6BSjqfgZOCcatfhH8SFq+RRu3UWbC97ewejSdsM5ZYpZ54+5BB2oitgsvDvIg+q9KZbyUimOwjWQOvbuPch2FxJ9dNM+xBWv3RKIBwpn4hz/rnQ2hwC0Kf34ANiB24TO2JHK9H4S1MA3ClBI4D7rG5BH+t+dJ6D5jOsPr38K+j1RFfurT1sDs1Sl//M/LSsH3qh8bJ3StHR2z4rjP4DZZ+JtiY/ECOtABdU4M0UV/YEb2KO0mUupPBv4BDeIrN+lt8uKyrspHpLceSXK+JdaDuzvs
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MW3PR17MB412259BEBBCC54B30D86DFC5AABA9MW3PR17MB4122namp_"
MIME-Version: 1.0
X-OriginatorOrg: sectigo.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW3PR17MB4122.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 82e9ca1b-34f5-4333-a8c9-08d8c3a9966d
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jan 2021 16:27:21.2149 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0e9c4894-6caa-465d-9660-4b6968b49fb7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: T5to/INbMYYyRFQLerBqLW1BBFbJM2PSK5QX8yzmYTdpCFDGAgpYPznMiwwDnKXPHYZvzI9sNOA115Ilp1oJPQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR17MB1648
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/y_OUyBbZix-GtDw5xpk1XpA0CYA>
Subject: Re: [pkix] [Technical Errata Reported] RFC5280 (6414)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2021 16:27:27 -0000

> In my example, neither the keyEncipherment nor the keyAgreement bit is set.

Hi Russ.  I realize that, and I still say that my Proposed Text is compatible with your example.

My Proposed Text is:
>   -- Key usage bits that may be consistent: digitalSignature
>   -- and/or (keyEncipherment or keyAgreement)

The "and/or" part means that you can choose between these two options:

Option 1: digitalSignature and (keyEncipherment or keyAgreement)
Option 2: digitalSignature or (keyEncipherment or keyAgreement)

Setting just the digitalSignature bit, without keyEncipherment and without keyAgreement, is consistent with Option 2.

________________________________
From: Russ Housley <housley@vigilsec.com>
Sent: 28 January 2021 16:18
To: Rob Stradling <rob@sectigo.com>
Cc: Roman D. Danyliw <rdd@cert.org>; Ben Kaduk <kaduk@mit.edu>; Stephen Kent <kent@bbn.com>; IETF PKIX <pkix@ietf.org>; Stefan Santesson <stefan@aaa-sec.com>; David Cooper <david.cooper@nist.gov>; wpolk@nist.gov <wpolk@nist.gov>; Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Technical Errata Reported] RFC5280 (6414)


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.


Rob:

In my example, neither the keyEncipherment nor the keyAgreement bit is set.

Russ

On Jan 28, 2021, at 11:17 AM, Rob Stradling <rob@sectigo.com<mailto:rob@sectigo.com>> wrote:

Hi Russ.

I'm afraid I don't understand your objection.  Your use case of setting only the digitalSignature bit is permitted both by the Original Text and by my Proposed Text.  (With my Proposed Text, you would choose the "or" option of the "and/or" instead of the "and" option).

The reason for the erratum is that neither digitalSignature+keyEncipherment nor digitalSignature+keyAgreement seem to be permitted by the Original Text.

________________________________
From: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>
Sent: 28 January 2021 16:07
To: Rob Stradling <rob@sectigo.com<mailto:rob@sectigo.com>>
Cc: Roman D. Danyliw <rdd@cert.org<mailto:rdd@cert.org>>; Ben Kaduk <kaduk@mit.edu<mailto:kaduk@mit.edu>>; Stephen Kent <kent@bbn.com<mailto:kent@bbn.com>>; IETF PKIX <pkix@ietf.org<mailto:pkix@ietf.org>>; Stefan Santesson <stefan@aaa-sec.com<mailto:stefan@aaa-sec.com>>; David Cooper <david.cooper@nist.gov<mailto:david.cooper@nist.gov>>; wpolk@nist.gov<mailto:wpolk@nist.gov><wpolk@nist.gov<mailto:wpolk@nist.gov>>; Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>>
Subject: Re: [Technical Errata Reported] RFC5280 (6414)

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.


Rob:

The proposed rewording of the comment is not correct.  Consider an ECDSA key that will be used with TLS 1.3.  In that case, only the digitalSignature key usage would be set.

I think the original OR is correct.

Russ


> On Jan 28, 2021, at 10:44 AM, RFC Errata System <rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org>> wrote:
>
> The following errata report has been submitted for RFC5280,
> "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile".
>
> --------------------------------------
> You may review the report below and at:
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid6414&amp;data=04%7C01%7Crob%40sectigo.com%7Cdce250f148ea4d995db108d8c3a6ce56%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637474468512413977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=8hy5qssHrRM%2BEOM2NX8rEJSJqGV%2FWhu7top4hdmsXgU%3D&amp;reserved=0<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid6414&data=04%7C01%7Crob%40sectigo.com%7Ccbc3b1b2afb94a84540d08d8c3a86002%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637474475235070735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=CzxiKY%2FEqSGRdy9AlPZzJb68MFfkiIbQmR2tL24VCUA%3D&reserved=0>
>
> --------------------------------------
> Type: Technical
> Reported by: Rob Stradling <rob@sectigo.com<mailto:rob@sectigo.com>>
>
> Section: 4.2.1.12
>
> Original Text
> -------------
>   id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
>   -- TLS WWW server authentication
>   -- Key usage bits that may be consistent: digitalSignature,
>   -- keyEncipherment or keyAgreement
>
> Corrected Text
> --------------
>   id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
>   -- TLS WWW server authentication
>   -- Key usage bits that may be consistent: digitalSignature
>   -- and/or (keyEncipherment or keyAgreement)
>
> Notes
> -----
> In https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fzmap%2Fzlint%2Fissues%2F553&amp;data=04%7C01%7Crob%40sectigo.com%7Cdce250f148ea4d995db108d8c3a6ce56%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637474468512413977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Kf06%2FZ9o9VIMBcNRiCOk2L%2FUNA7dlgCP6ywIYJZH37I%3D&amp;reserved=0<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fzmap%2Fzlint%2Fissues%2F553&data=04%7C01%7Crob%40sectigo.com%7Ccbc3b1b2afb94a84540d08d8c3a86002%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637474475235080682%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5et7x5%2F7VXWEh6OwZLlWFkpMPScvHFC4tkPPOf3E%2FDM%3D&reserved=0> there's been some disagreement and confusion about how to correctly interpret the "or" in the Original Text.  "You can only set one of these three bits" is one interpretation, and it's hard to argue that this interpretation is inconsistent with the Original Text.
>
> However, digitalSignature+keyEncipherment makes sense for an RSA leaf certificate, and digitalSignature+keyAgreement makes sense for an ECC leaf certificate.  Both are widely used, to enable ephemeral and non-ephemeral TLS ciphersuites in conjunction with a single server certificate.
>
> Given that RFC5480 section 3 explicitly permits digitalSignature+keyAgreement in an ECC leaf certificate, I think it's likely that my proposed Corrected Text conveys the RFC5280 authors' intended meaning.
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC5280 (draft-ietf-pkix-rfc3280bis-11)
> --------------------------------------
> Title               : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
> Publication Date    : May 2008
> Author(s)           : D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk
> Category            : PROPOSED STANDARD
> Source              : Public-Key Infrastructure (X.509)
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG

v2.23.0 | Report a Bug | By Email