[secdir] sec-dir review of draft-ietf-pkix-est-07.txt
Derek Atkins <derek@ihtfp.com> Mon, 17 June 2013 20:16 UTC
Return-Path: <derek@ihtfp.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC1F921F938E; Mon, 17 Jun 2013 13:16:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.988
X-Spam-Level:
X-Spam-Status: No, score=-101.988 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tl6Zi88+stgA; Mon, 17 Jun 2013 13:16:04 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by ietfa.amsl.com (Postfix) with ESMTP id AFC6521F9962; Mon, 17 Jun 2013 13:16:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id C466F260248; Mon, 17 Jun 2013 16:16:02 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 28711-01; Mon, 17 Jun 2013 16:15:58 -0400 (EDT)
Received: from mocana.ihtfp.org (unknown [12.208.167.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id 1C9A226023C; Mon, 17 Jun 2013 16:15:57 -0400 (EDT)
Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.5/8.14.5/Submit) id r5HKFoKj031843; Mon, 17 Jun 2013 16:15:50 -0400
From: Derek Atkins <derek@ihtfp.com>
To: iesg@ietf.org, secdir@ietf.org
Date: Mon, 17 Jun 2013 16:15:50 -0400
Message-ID: <sjmzjuofq89.fsf@mocana.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Scanned: Maia Mailguard 1.0.2a
Cc: peter@akayla.com, pkix-chairs@tools.ietf.org, dharkins@arubanetworks.com, pritikin@cisco.com
Subject: [secdir] sec-dir review of draft-ietf-pkix-est-07.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2013 20:16:09 -0000
Hi,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This document profiles certificate enrollment for clients using
Certificate Management over CMS (CMC) messages over a secure
transport. This profile, called Enrollment over Secure Transport
(EST), describes a simple yet functional certificate management
protocol targeting Public Key Infrastructure (PKI) clients that need
to acquire client certificates and associated Certification Authority
(CA) certificate(s). It also supports client-generated public/
private key pairs as well as key pairs generated by the CA.
The document claims that trust anchor distribution is out of scope,
and continues on that authenticity cannot be inferred until an
out-of-band, non-specified mechinsm is used to verify. This just
seems like it's kicking the can down the road to the next protocol
that would need to define how to securely distribute the
authentication information. If you have to preconfigure then why not
just leverage that existing preconfiguration to distribute the
certificates?
Even section 2.2 continues with this; it assumes a pre-distributed
authentication credential (or leverages a user's existing credential).
For the user credential case there's still a missing trust link
between the user and the target of the new certificate. For example,
if you're trying to issue a machine (device?) certificate based on a
user credential then all the EST server can intuit is that the user is
requesting it but there is no authentication tying that user to the
target device; you're still taking a leap of faith which would need to
be audited after the fact.
Certificate renewal, (e.g. leveraging an existing certificate) has
already been solved by e.g. SCEP and other protocols.
In 2.6, the additional CSR attributes are non-verifiable data. E.g.,
if a client puts a MAC address into its CSR, there is no way for the
EST server or CA to validate that input. The client can easily insert
any data it wants into that request, which can lead to MAC stealing or
other impersonation attacks. The CA should never put any normative
information into the certificate that it cannot validate from a
trusted source.
In 3.3.2, if the EST client already has a certificate with which it
can athenticate then why would it need to enroll? It's already
enrolled; the only interesting problem (IMHO) at that point is
renewal.
In short, I'm not sure I would call this "Enrollment" as opposed to a
way to leverage an existing authentication mechanism and turn it into
a certificate. Perhaps that is your definition of enrollment? In
essense it just feels like SCEP, redone using REST.
-derek
--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
- [secdir] sec-dir review of draft-ietf-pkix-est-07… Derek Atkins