Re: [Sidrops] [internet-drafts@ietf.org: New Version Notification for draft-spaghetti-sidrops-cms-signing-time-00.txt]
Ties de Kock <tdekock@ripe.net> Thu, 08 June 2023 10:15 UTC
Return-Path: <tdekock@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BA13C151B20; Thu, 8 Jun 2023 03:15:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GxEh9Mc6F6ZW; Thu, 8 Jun 2023 03:15:35 -0700 (PDT)
Received: from mail-mx-2.ripe.net (mail-mx-2.ripe.net [IPv6:2001:67c:2e8:11::c100:1312]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C626AC14CF0D; Thu, 8 Jun 2023 03:15:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Message-Id:Cc:Date:From:Subject:Mime-Version:Content-Type ; bh=fcphCXH1SFkuivir6nj+GcuaIp5IfM3HcKBKRmrIwIk=; b=swnuoC5raVcGPPafH+iLDb5z 8CWgKYHFUCI2eKW6zV2F2zw8OutVS4xuJA33A8M+XEtCQDbFSSXoZn3wDFGZrUZGlEvIFkaQ3EdYW nC6WEwpU0D/kJ9KNeCuILxYEtUyfyqZK6GVP7yrJjOia/scaBfgAd2VauvYNHGuTPxD2EI9O6N39F kVoqC2M/uQgbufF47wAXb3wzii7jdG/qChGqclj+bfDEzMtbnBZXw4Sft/m9GSK5v7gLMhcHV1Gau QQwuGmJfDk9kXkJHfzfFIonq5Nss1r+/D3YfNfoKXf1aC2Y8Xkqx/dtI4LO+ClYZyN6euFOjvF2ku 0M4YeOQrUQ==;
Received: from allealle.ripe.net ([2001:67c:2e8:23::c100:170c]:46662) by mail-mx-2.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1q7Cg2-0089ne-1X; Thu, 08 Jun 2023 10:15:34 +0000
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by allealle.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1q7Cg2-0004Y4-1L; Thu, 08 Jun 2023 10:15:34 +0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Ties de Kock <tdekock@ripe.net>
In-Reply-To: <ZICfBbaLU7u5vzC4@snel>
Date: Thu, 08 Jun 2023 12:15:24 +0200
Cc: sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <8036B286-155B-498C-AFDA-5E718082A7B9@ripe.net>
References: <ZH/Q+ea0HO542GV3@snel> <710534A0-B529-4609-9845-96BCB9139381@ripe.net> <ZICfBbaLU7u5vzC4@snel>
To: Job Snijders <job=40fastly.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.600.7)
X-RIPE-Signature: 059faafd1cc22ebb05e1592c815fe1e1255c17584bd38be6a73a27a729cb287c
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/BnOh-qBh39F4Jxlkega6YVQnoU0>
Subject: Re: [Sidrops] [internet-drafts@ietf.org: New Version Notification for draft-spaghetti-sidrops-cms-signing-time-00.txt]
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 10:15:40 -0000
Hi Job, > On 7 Jun 2023, at 17:15, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote: > > On Wed, Jun 07, 2023 at 04:07:22PM +0200, Ties de Kock wrote: >>> On 7 Jun 2023, at 02:36, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote: >>> The below internet-draft provides a reference for the concept outlined >>> in https://mailarchive.ietf.org/arch/msg/sidrops/I4-3BPR-r0vd6CguWxV-cLs3fyY/ >>> >>> This internet-draft describes a use-case for the CMS signing-time >>> attribute. From my perspective this internet-draft is complementary to >>> Tim & Ties' draft-timbru-sidrops-publication-server-bcp-00 document. >>> >>> The main takeaways are: >>> >>> - set the file's mod-time to the CMS signing-time on publisher and RP side >>> - CMS signing-time becomes mandatory for Signed Objects >>> - CMS binary-signing-time no longer is allowed >>> - 100% backwards compatibility with all CA operations in the field >> >> I assume that you also want to change this MUST in RFC6488 2.1.6.4.3 (and >> the similar statement in 2.1.6.4.4): >> >> The signing-time attribute MAY be present. Note that the presence or >> absence of the signing-time attribute MUST NOT affect the validity of >> the signed object (as specified in Section 3). The attrType OID for >> the signing-time attribute is 1.2.840.113549.1.9.5. > > Thanks for catching that. We've updated the internet-draft accordingly. > >> To me this process feels like a search for a use case for signing >> time. > > It was suggested that the CMS signing-time attribute couldn't be used > for any purpose because it isn't mandatory. This internet-draft > addresses that, based on the observation that in practise the CMS > signing-time attribute is included by all CA operations anyway. > >> In the intermediate period, tools writing consistent time need to >> fallback to not before. This makes not before a more elegant (as in, >> simple & neat) solution. > > There are many ways to produce a 'consistent time', but more importantly: > (as far as I know) there never was a documented requirement in any RFC > for 'consistent time' on the RSYNC service. I suspect that in the past > people might have relied on implicit behavior, unaware of a future in > which RRDP came into existence which challenged some assumptinons. > > The lack of specification in this regards seems to have resulted in: > > * Some Publishers simply don't touch the files after signing as long as > they aren't changed (another fine approach, rpki.net is an example) > > * Some Publishers use notBefore (a valid option, as that indeed helps > produce a consistent mod-time) > > * and some Publishers appear to reset the mod-time of all objects every > time an object is added/removed from their repository (not fine, as > this produces the least seamless RRDP -> RSYNC failover) > >> If you propose alternate behaviour for the transition, could you >> elaborate on it? > > As far as I'm concerned there is no concept of a 'transition', other > than going from unspecified to specified behaviour. > > CAs & Publishers might choose to wait until this internet-draft is > published as RFC before making any changes to how they do things, that's > up to them. > > On the other hand, knowing that there now is at least one RP > implementation that actively attempts to do seamless RRDP -> RSYNC > failovers using the CMS signing-time attribute, Publishers could already > today take advantage of that by setting the mod-time to the CMS > signing-time, if it is present, and if absent - which seems unlikely - > do something else (like today). > There is one edge case in this behaviour that a mail from Tom made me think off. It is far-fetched, but given that rsync not fetching a file likely breaks a repository (and at a publication point that is likely to have many updates, so high in the tree), I think it is worth considering. It is similar to [0]: Multiple updates for an object per second (most likely due to automation) can occur. They can occur in any timestamp in the object. The only value almost guaranteed to be different between two objects is the hash (p=1^(2^length)). We have serial numbers in objects, but in practice, these may have a construction of `[serial][random-trailing-bits]`, which means using part of them as-is is also fragile. And, of course, we can mix approaches (e.g. [1], possibly leading to an acceptable chance of a collision with semi-readable modification times. Do we want to consider the time-collision case? Do we want to aim to have a deterministic modification time resistant to collisions? Kind regards, Ties [0] https://mailarchive.ietf.org/arch/msg/sidrops/nFbjWawZ8R8uulSNCRLBVARtd_s/ [1] ((int(time.time()) >> 16) << 16) | (int.from_bytes(hashlib.sha256(b"object_payload").digest(), byteorder='big') % 2**16)
- [Sidrops] [internet-drafts@ietf.org: New Version … Job Snijders
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Ties de Kock
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Job Snijders
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Ties de Kock
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Job Snijders
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Ties de Kock
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Job Snijders
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Ties de Kock