[secdir] dir review of draft-laurie-pki-sunlight-05

Jeffrey Hutzelman <jhutz@cmu.edu> Thu, 24 January 2013 19:06 UTC

Return-Path: <jhutz@cmu.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 967C921F84F3; Thu, 24 Jan 2013 11:06:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id fzeNSoYeIP0w; Thu, 24 Jan 2013 11:06:39 -0800 (PST)
Received: from smtp02.srv.cs.cmu.edu (SMTP02.SRV.CS.CMU.EDU []) by ietfa.amsl.com (Postfix) with ESMTP id B999B21F84DE; Thu, 24 Jan 2013 11:06:35 -0800 (PST)
Received: from [] (minbar.fac.cs.cmu.edu []) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id r0OJ6XX9005266 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 24 Jan 2013 14:06:33 -0500 (EST)
Message-ID: <1359054393.10945.15.camel@minbar.fac.cs.cmu.edu>
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-laurie-pki-sunlight.all@tools.ietf.org
Date: Thu, 24 Jan 2013 14:06:33 -0500
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.2.3-0ubuntu6
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
X-Scanned-By: mimedefang-cmuscs on
Cc: jhutz@cmu.edu
Subject: [secdir] dir review of draft-laurie-pki-sunlight-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2013 19:06:44 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes an experimental protocol for publicly logging
the existence of certificates as they are issued or observed, in a manner
that allows anyone to audit certificate authority activity and notice the
issuance of suspect certificates, as well as to audit the logs themselves.
The intent is that eventually clients would refuse to honor certificates
which do not appear in a log, effectively forcing CAs to add all issued
certificates to the logs.

Overall, the approach used here looks reasonable.  However, I have a few
specific comments, and also recommend that the security area directors pay
special attention to this document, as it has the potential to have
far-reaching effects if the experiment is successful.

The abstract for this document is four paragraphs and takes up an entire
page.  It could be a lot shorter.  For example, I think my one-paragraph
summary above is sufficient to fill the role of an abstract, which is to
allow the reader to find out what a document is about and decide whether
he wants to read it.

This document makes extensive use of RFC2119 requirements language, but
the body of the document does not contain text incorporating the meanings
of these terms.  Instead, the usual text is hidden in a "Requirements
Language" section which appears just below the abstract, outside the main
body of the document.  This should be moved into the document proper.

For describing its messages and data structures, this document makes
extensive use of a language which is unfamiliar to me and for which no
reference is given.  I can make some guesses as to what it means, but
guesswork does not make for interoperable implementations.

I'm concerned that this document attempts to specify operational policy,
particularly for operators of logs.  As the saying goes, "MUST is for
implementors"; statements like "Anyone can submit a certificate to any 
log" are inappropriate for protocol specifications.  In practice, it
seems likely that log operators will establish policies regarding both
who may submit certificates and which certificates they will accept, and
no amount of MUST in a protocol spec is going to change that.

Similarly, as an anti-spam measure, this document proposes that logs accept
only certificates which chain back to a known CA, and requires that logs
validate each submitted certificate before appending it to the log.  This
sounds good, but it's not the only possible mechanism, and so I think MUST
is too strong here.  Additionally, there is no discussion of the security
implications if a client depends on a log to do this and the log does not
actually do so.  Rather than requiring that logs validate every submitted
certificate, the document should only RECOMMEND that they do so, and make
clear that clients MUST NOT depend on such validation having been done.