[Sidrops] proposed, revised text for Section 6
Stephen Kent <stkent@verizon.net> Mon, 04 May 2020 20:09 UTC
Return-Path: <stkent@verizon.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A4903A0FD3 for <sidrops@ietfa.amsl.com>; Mon, 4 May 2020 13:09:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verizon.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nx1lCdVCADaw for <sidrops@ietfa.amsl.com>; Mon, 4 May 2020 13:09:46 -0700 (PDT)
Received: from sonic316-12.consmr.mail.bf2.yahoo.com (sonic316-12.consmr.mail.bf2.yahoo.com [74.6.130.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B5043A0FDC for <sidrops@ietf.org>; Mon, 4 May 2020 13:08:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.net; s=a2048; t=1588622929; bh=L+G5Uasg94MjYj0+SauPPQtdGZf15NLG2xVOWr25NhU=; h=To:From:Subject:Date:References:From:Subject; b=BHkyNvYP4sbGfjTUpilDKSNSpfbxQuP+c6l8KOSBRegeNudpXghV5zYetHwrII7gSXSgKFcG7Ssa+bk4Sm0RUc3qZCQm5DWE+I5ZXC83MNP0uE9sLBzgFNJ8RV6G8q+7DwzZBVfJj+Ba1eIT1/XEAsS6X4rzlgUGQXfL+BiA+pajBSNCiSF50YcDnEeHV2iZRzZ22BTp5fBIqmIlQRd5nkxC+pwvNtDakhVCPcQ5R2igHNppIDvXtTUOZ/r2V31+F8mtujXjroDbjK3MWVYhSt7y0x9e8yEgo71Jx0G6V76WMF0Qm7dN480XfE+mw9f5OpRKD+NlZYWDHU87iP8fuQ==
X-YMail-OSG: 8w3gElYVM1kGUvD3vOOHMgvs4nh79aoXUwPkwqcQdZVH1TXQOPxLj3bQWSAvhIj IQPHPJfmWzeN9UyO6yExI4DEENPw1ncDVhXgTDXAthDz9Z6XKc3K2jfRQktTAbhnf0e40ZEUgKg. nIkOVFh59mgGhJf5iZkQlMwM0nEHKWCJ4_Xo2XJrTLPb2FglxkICK4hrr5fbzWanK2ttwIDDmLOy fyqabh1M4XN_UXzL16eeTICVyoJBZjz1b2Mm75C6E2ZYuUA8oPb4ENvCR7bQL4ay6onViU8gPcPV D0esEMWNpXpcAOcX5KTlSyPBIk5Krhxh_mhk71GBPsBUU0H0rTb6xGBLgR48x.TAOnm3uv7niP9t 6hKiOj2Mi1wmnF_OxTCl_d0mytACnWosVca_ZlL.XgR0OdTf_HXI_QENP3z71fuamsptegbVPWwD GfCZukqk6UTEGfol3OGFs6byTyuTYSO35k9XhNhAzZ2l3X1YKdIKTd3rwEJ9HAmiB1nim.7vYZ4r tF.pRXOrbciodWGdMDUq1wGIjjtvRzF6TxOfpuxk7Zx8RIYAcp46teG1F20JBo.kv21Sw2vNQwlz g6fJn.pMCsJbK_0VtsXjmPbLRkf2PBRHa8Ynw0Td1Bzb4ZYK_0dDK0.5m4ZPjyYRrr_R0WsOli8_ qsoJrQkdj1NHAQX_cXMXgs2wAT6uGaV71vF0GwYUdoGFbrcvQ1KZ_hef0Jqolgapvm6jDboPLC8J KdVOaoLzq.hiEjlYnIp.sMb8o.4hlA3wsKdOO204pf2JFTC6_ijqvCXA1v_SAxUmqaSfLLh2Lvm7 rnItnHg1c5E96Gx7AsFf1RQ1iC4440XynQ61_cJlsAocblUd4a.8kc6W7iDllc0VKDOB1CjJRKVb Zy4MECTAkCcIS0xe148bBFzG84pwdEicYAA2atd4tR5xKsecw9JzUBc95q1CVOIBQ3nZMfdI8SqB nLGfGvzfE_PgYBIsTvIy99hTQeaf4jUmnUgmzWB2btT_dqhhDes825QBA14x0_1wKMvWpkiThhpa QVP7NMWSnQuM9o9XWIyS9LIwDue_OcSUlUqoihpqvgLt3FZMr6UrMDHL9Gp2Q.gmlZ3MTnGldYb. Z4sVR_o8smjlqwKHCIzQQHVEChDV6Mfm7J0VyYHWtY_rVBE8n6BfOiN3F5f5gdchUrI7OBFtYJL4 zFh2OnA2x3NhLI8WIcSuJSBywqTy43vdm58KkcZIJifw8t_d3.ceqP00sCgssq86MMcfJTbRV8fB ACNLqn2Sdigo229fyDWurpePmmx2LSTH7L5UtM8knP2sEK_TJB9pl0d9Mvn.tYZ4AZFH9bKjpTdF vXbf0cfkRJZ6zTMdOE9U9EvBBrb7HamVvKF7Gb7pyS87B.OdFBlRvq64IGHExML3Klpp6S3a41SH W0LkIi.55uD6tV4MBLNkfPbDljE805mqcTts5ZdxlaBCKW2odE6P6nGwv0XE-
Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.bf2.yahoo.com with HTTP; Mon, 4 May 2020 20:08:49 +0000
Received: by smtp402.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 206a63d32eeede4cfd229ae50b27af5d; Mon, 04 May 2020 20:08:44 +0000 (UTC)
To: "sidrops@ietf.org" <sidrops@ietf.org>
From: Stephen Kent <stkent@verizon.net>
Message-ID: <557f0928-c7b1-4b8d-b3b6-078733f7ef8a@verizon.net>
Date: Mon, 04 May 2020 16:08:43 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------9F93DCCA5CD5453651086D8A"
Content-Language: en-US
References: <557f0928-c7b1-4b8d-b3b6-078733f7ef8a.ref@verizon.net>
X-Mailer: WebService/1.1.15756 hermes Apache-HttpAsyncClient/4.1.4 (Java/11.0.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/Qy7YAVOUYrDVZxUPFPNZfekoJKI>
Subject: [Sidrops] proposed, revised text for Section 6
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 May 2020 20:09:50 -0000
To get the discussion going, I generated the following text for Section 6. I deleted anything that was not definitive (e.g., deferred to local policy) and removed the warning message suggested text (I assume RP software developers can write their own messages, but we can add this back if folks feel it's useful. I also added a paragraph about the manifest/CRL circular relationship. In all cases I adopted the approach George suggested, i.e., if there's an error indicating that one or more signed objects may be missing (or not current), ignore ALL data associated with the CA instance at the pub point and DO NOT rely on cached data. Comments welcome, as usual. All new text is in red. Steve ----- 6.1. Determining Manifest State & Object Acceptance For a given publication point, and given CA instance, an RP MUST perform the following tests to determine the manifest state of the publication point. (Note that, during CA key rollover [RFC6489], signed objects for two or more different CA instances will appear at the same publication point. The tests described below are to be performed for a specified CA instance, i.e., a the manifest’s EE certificate was issued by that CA.) 1. Select the CA's current manifest (the "current" manifest is the manifest issued by this CA having the highest manifestNumber among all valid manifests (as defined in Section 4.4). If the publication point does not contain a valid manifest, proceed as described in Section 6.2. (Lacking a valid manifest, the following tests cannot be performed.) 2. Check that the current time (translated to UTC) is between thisUpdate and nextUpdate. If the current time does not lie within this interval,proceed as described in Section 6.4. 3. Acquire all objects at the publication point associated with this CA instance, i.e., the CRL and each object containing an EE certificate issued by the CA. If there are files listed in a manifest that do not appear at the publication point, then proceed as described Section 6.5. 4. Verify that the listed hash value of every file listed in the manifest matches the value obtained by hashing the file at the publication point. If the computed hash value of a file listed on the manifest does not match the hash value contained in the manifest, then proceed as described in Section 6.6. 5. If a current manifest contains entries for objects that are not within the scope of the manifest, then the out-of-scope entries MUST be disregarded in the context of this manifest.If there is no other current manifest that describes these objects within that other manifest's scope, then see Section 6.2. Note that there is a “chicken and egg” relationship between the manifest and the CRL for a given CA instance. If the EE certificate for the manifest is revoked, the CA or publication point manager has made an error. In this case all signed objects associated with the CA instance MUST be ignored. Similarly, if the CRL for the CA instance is not listed on a valid, current manifest, all signed objects associated with the CA instance MUST be ignored, because the CRL is missing. 6.2.Missing Manifests The absence of a current manifest at a publication point could occur due to an error by the publisher or due to (malicious or accidental) deletion or corruption of all valid manifests. When no valid manifest is available, there is no protection against attacks that delete signed objects or replay old versions of signed objects. To guard against the adverse impact of processing an incomplete set of signed objects, an RP MUST treat all signed objects associated with the missing manifest as invalid. (These objects are all issued by the same instance of a CA.) RP software MUST issue a warning when there is no current manifest for a CA instance. An RP may have access to a local cache containing a previously issued manifest that is still valid. It is RECOMMENDED that the RP not make use of this data, to ensure consistent a consistent outcome in when a manifest is missing. 6.3.Invalid Manifests The presence of an invalid manifest at a publication point could occur due to an error by the publisher or due to (malicious or accidental) corruption of a valid manifest.An invalid manifest MUST never be used, even if the manifestNumber of the invalid manifest is greater than that of other (valid) manifests. If there is no valid, current manifest available at the publication point for the CA instance, an RP MUST treat the signed objects at the publication point as indicated above in Section 6.2. A warning MUST be issued when an invalid manifest is encountered. 6.4.Stale Manifests A manifest is considered stale if the current time is after the nextUpdate time for the manifest.This could be due to publisher failure to promptly publish a new manifest, or due to (malicious or accidental) corruption or suppression of a more recent manifest. All signed objects at the publication point issued by the entity that has published the stale manifest, and all descendant signed objects that are validated using a certificate issued by the entity that has published the stale manifest at this publication point, MUST be treated at invalid and a warning MUST be issued. The primary risk in using such signed objects is that a newer manifest exists that, if present, would indicate that certain objects have been removed or replaced.(For example, the new manifest might show the existence of a newer CRL and the removal of one or more revoked certificates).Thus, the use of objects from a stale manifest may cause an RP to incorrectly treat invalid objects as valid.The risk is that the CRL covered by the stale manifest has been superseded, and thus an RP will improperly treat a revoked certificate as valid. 6.5.Mismatch between Manifest and Publication Point If there exist valid signed objects associated with a CA instance and they do not appear in any current, valid manifest for this CA instance, these objects MUST be ignored by an RP, and a warning MUST be issued. If there are files listed on the manifest that do not appear in the repository, then these objects have been improperly deleted from repository (via malice or accident).A primary purpose of manifests is to detect such deletions.Therefore, in this case, an RP MUST ignore all signed objects associated with this CA instance. 6.6.Hash Values Not Matching Manifests A file appearing on a manifest with an incorrect hash value could occur because of publisher error, but it also may indicate that an attack has occurred, e.g., one in which an older version of an object has been substituted for a newer version of the object. In this case an RP cannot know the content of the missing object, and thus all signed objects associated with this instance of the CA MUST be ignored by the RP, and a warning MUST be issued.
- [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 George Michaelson
- Re: [Sidrops] proposed, revised text for Section 6 Randy Bush
- Re: [Sidrops] proposed, revised text for Section 6 Job Snijders
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Job Snijders
- Re: [Sidrops] proposed, revised text for Section 6 Randy Bush
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Oleg Muravskiy
- Re: [Sidrops] proposed, revised text for Section 6 Jay Borkenhagen
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Randy Bush
- Re: [Sidrops] proposed, revised text for Section 6 Tim Bruijnzeels
- Re: [Sidrops] proposed, revised text for Section 6 Tim Bruijnzeels
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Job Snijders
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Oleg Muravskiy