[pkix] Upgradable/Replaceable IoT systems. Re: Managing Long-Lived CA certs

Anders Rundgren <anders.rundgren.net@gmail.com> Fri, 21 July 2017 03:23 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10C08131D71 for <pkix@ietfa.amsl.com>; Thu, 20 Jul 2017 20:23:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wzb6fC4eovDp for <pkix@ietfa.amsl.com>; Thu, 20 Jul 2017 20:23:40 -0700 (PDT)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50C6B131D70 for <pkix@ietf.org>; Thu, 20 Jul 2017 20:23:40 -0700 (PDT)
Received: by mail-wm0-x22b.google.com with SMTP id w191so3062557wmw.1 for <pkix@ietf.org>; Thu, 20 Jul 2017 20:23:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=QVmY4RI2e3uLVKp6lxlKbUoBPpSLtDxAb+p9+Keag1E=; b=V6XLMae3E7w2Ndhk4i3RgOSR6UK/94kiUwBX2+AEqP4u5uWcgINdoPRQKVBlLIhjw0 VsdT9HJx4hCxmxLDCBdnnaOPKzII8aQ3tGxLgWDXEMcv+AOFMp6cNYYJyo56/i0msdlE 9FFfJKntl0J2Bqd/arxH5hBLzyl8GEA9XRp+E7VhYyNBasuDd0Irh6o7+8fsHYGgdeZU a/Q9d14annbje2mgpvHtmSLLXdFkpX2v9/Htr3UEApCf8AwTO6/t5MZYMVf5EJB8flgA GiDeTlQqLya6q8x00VLf0KlsVbzSInI+pKW4o1OUl+BLqbxw5CeXgYPx/DQMAUN0JCxM q4eQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=QVmY4RI2e3uLVKp6lxlKbUoBPpSLtDxAb+p9+Keag1E=; b=NIj7QuENkqwUKY/WpKXoWsAHpTUwU/3a3I27VrLTAj/zOmpBzrsX+pOtSL3c/5vw7V kBLUrcMLZwuNbj8q/nN9vva1l1By4vvWaDprhvIweZ7potNjvvR2iDGeW261w7wTrplN B+ohpWqf5fAJsFhMHhBColVZ+GVApZ2mBuE7tqIwFMN0z+Z+Oz45mznzo1tE97Ps9U7o ssdXVbJ1CpHQkxRyf0NcLSqHjiVsKmgk8DAoXtOpn8DcZCOKF5wU4CEN5JfSOpwgyldZ aCQIwhCKwNuBadusDGrPg5JzcMvn1ZHumIzlFWiqX5HVxGYblu+M3dRUJ/ytWc+TvUlY jShQ==
X-Gm-Message-State: AIVw113zHJNWTNxn6+Z3CVTQN84C1nxlYRwKJkPs5PRkamAQxAcbPiG0 FBXO6X9xg3N1l4NP
X-Received: by 10.28.22.207 with SMTP id 198mr768098wmw.119.1500607418607; Thu, 20 Jul 2017 20:23:38 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id 82sm346750wmt.17.2017.07.20.20.23.37 for <pkix@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Jul 2017 20:23:38 -0700 (PDT)
To: pkix@ietf.org
References: <467c8936-f6aa-0853-878c-24fc8803c599@openca.org> <001501d2ff0e$00eddfa0$02c99ee0$@x500.eu> <1500348690922.69356@cs.auckland.ac.nz> <27d212b4-c5a6-19d1-2afd-f18adaf21031@nist.gov> <003d01d2ffdd$35d67c70$a1837550$@x500.eu> <d032d03f-6ece-44e1-58b7-e3141f3b8e3d@openca.org> <c66ebeda-21be-93fe-f315-7d1e7f069505@gmail.com> <b474e62e-64d3-5c9f-6dc3-4f96749f5440@free.fr>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <f59e8121-7b66-a6bb-2b31-16a1aeaeaf37@gmail.com>
Date: Fri, 21 Jul 2017 05:23:37 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <b474e62e-64d3-5c9f-6dc3-4f96749f5440@free.fr>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/plsZwMP6ktcszmtSQYPLkPb3Tn4>
Subject: [pkix] Upgradable/Replaceable IoT systems. Re: Managing Long-Lived CA certs
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jul 2017 03:23:42 -0000

Hi,

It is not uncommon that there are more than one imaginable solution to a problem.

In this case there is an obvious alternative to what is proposed.
Assume that a system * in some way becomes obsolete.

If such a system represents a considerable investment AND needs to live for decades, it should be upgradable.

If OTOH the system is not upgradable, it should be replaced.

If an IoT device only supports outdated algorithms it is anyway vulnerable to attacks making workarounds on the CA side fairly useless.

BTW, who in their right mind would run a CA with compromised keys or a CA for obsolete devices?

Anders
* System in this context involves the entire infrastructure, including possible CAs.

> Hi PKIX,
> 
> I have a small question for the list regarding long-lived CA 
> certificates. Especially in the context of device certificates, we often 
> see the use of extra long-lived certificates for Root and Sub CAs (e.g., 
> 35+ years) combined with limited key sizes (e.g., p256).
> 
> Until we have a supported mechanism for reprovisioning devices (...), 
> one possible solution for limiting the exposure of the private key would 
> be to have a scoped certificate issuance period.
> 
> What I am thinking about would be adding an extension that says: "This 
> CA can issue certificates from up to 5 years from the validFrom, after 
> this, just use it to provide revocation information". This might provide 
> some protection in case the CA key is compromised after the initial 5 
> years of validity (e.g., certificates issued after that date shall be 
> rejected).
> 
> Does such extension exists today ? If not, could this be some work for 
> LAMPS/SPASM WG ?