Re: [pkix] [saag] Considerations and Clarifications about draft-nir-saag-star-01

Benjamin Kaduk <kaduk@mit.edu> Wed, 21 March 2018 23:16 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D5CC12E856; Wed, 21 Mar 2018 16:16:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fLe79IHE4Xi; Wed, 21 Mar 2018 16:16:32 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A285D129C6E; Wed, 21 Mar 2018 16:16:31 -0700 (PDT)
X-AuditID: 1209190e-d51ff70000004ac5-01-5ab2e7ce83eb
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id E2.78.19141.EC7E2BA5; Wed, 21 Mar 2018 19:16:30 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w2LNGTqi001469; Wed, 21 Mar 2018 19:16:29 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w2LNGO5r011644 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 21 Mar 2018 19:16:27 -0400
Date: Wed, 21 Mar 2018 18:16:25 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Dr. Pala" <director@openca.org>
Cc: "saag@ietf.org" <saag@ietf.org>
Message-ID: <20180321231624.GK55745@kduck.kaduk.org>
References: <bec28481-d4ff-5e6f-48bc-59c55c385321@openca.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <bec28481-d4ff-5e6f-48bc-59c55c385321@openca.org>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprCKsWRmVeSWpSXmKPExsUixCmqrXvu+aYogyVnNSz2b/CxuHiwyGJK fyeTxbxryQ4sHkuW/GTymD7xPksAUxSXTUpqTmZZapG+XQJXxr6fD1kLJvFUPPo1nbmB8TNn FyMnh4SAicT1/1PZQGwhgcVMEktP+XcxcgHZGxklOk4tZ4JwrjJJfO5dxgRSxSKgKvH6bhsr iM0moCLR0H2ZGcQWAbIXtLxh72Lk4GAWUJY4ftUPJCwsECLx/cAldhCbF2jZ2lc/mSCW2Ups 23+UBSIuKHFy5hMwm1lAS+LGv5dMEGOkJZb/44AIa0ssW/gabBOngJ3Eg9NbGUFsUaBNe/sO sU9gFJyFZNIsJJNmIUyahWTSAkaWVYyyKblVurmJmTnFqcm6xcmJeXmpRbrGermZJXqpKaWb GMEBLsm3g3FSg/chRgEORiUe3oycTVFCrIllxZW5hxglOZiURHnXlQGF+JLyUyozEosz4otK c1KLDzFKcDArifBmPwbK8aYkVlalFuXDpKQ5WJTEed1NtKOEBNITS1KzU1MLUotgsjIcHEoS vKrASBYSLEpNT61Iy8wpQUgzcXCCDOcBGq4CUsNbXJCYW5yZDpE/xajLcePF6zZmIZa8/LxU KXFeTpAiAZCijNI8uDmgxCSRvb/mFaM40FvCvGnPgKp4gEkNbtIroCVMIB/M3ACypCQRISXV wFgz5fXf1kSJFLOMiy/KzrAduHElJOi+6K4Za+e3nqq+sbDEO83arPOULdfnV7Ojiu+unTNR mKPzIMfCkmve6TaTNtzYpv7Q6kT654R8Nnd+X/XHmVXyvZPcD53fvdfInevo8pW3F/R9+Lz0 c/CaKzGPG8XVtr24xu8Rd1PuvWvTPfbsmSIbwo8psRRnJBpqMRcVJwIA1JfBQScDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/v4erNAwAmr1cya6sOQFvceLBnCA>
Subject: Re: [pkix] [saag] Considerations and Clarifications about draft-nir-saag-star-01
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2018 23:16:33 -0000

[spasm and pkix to bcc; please continue discussion on one list only]

Hi Max,

On Wed, Mar 21, 2018 at 01:08:07PM +0000, Dr. Pala wrote:
> Hi all,
> 
> unfortunately I missed the sec-dispatch session, but I have some
> important considerations about the document. In general, short-lived
> certificates have been around for many years and for many different
> applications (nothing new here), however nobody who have been working
> with PKI long enough would actually made the case that the security
> levels of short-lived-no-revo and any-lived-plus-revo are the same
> (which seems the life-motif of the presentation and the document itself).
> 
> Other aspects that I think shall be revisited are the lack of
> considerations about the usability of deployed infrastructures (when no
> revocation is assumed) and some wrong considerations in the document
> about validity periods of OCSP Responses and CRLs (that clearly
> undermine the equivalence claim).

It would probably be helpful if you included a description of what
attacker capabilities are present in your mental model.  If the
attacker is modelled as being in control of the network (and
revocation status is carried over HTTP-not-S) then the claim of
equivalence between short-lived certs and "short-lived" OCSP holds
much more weight.  When you say that a second party can get the
valid revocation status information, that implies that the attacker
does *not* have full control over the network -- so what exactly can
and cannot the attacker do?

-Ben