IETF Logo Mail Archive

Re: [Sidrops] require signing-time in draft-ietf-sidrops-signed-tal objects?

Job Snijders <job@fastly.com> Thu, 09 March 2023 10:34 UTC

Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD568C14CE38 for <sidrops@ietfa.amsl.com>; Thu, 9 Mar 2023 02:34:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kp8hldVyhMcf for <sidrops@ietfa.amsl.com>; Thu, 9 Mar 2023 02:34:50 -0800 (PST)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B65C0C14CE33 for <sidrops@ietf.org>; Thu, 9 Mar 2023 02:34:50 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id da10so5095083edb.3 for <sidrops@ietf.org>; Thu, 09 Mar 2023 02:34:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1678358088; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=88qLUyBEeXXTgoRElqfegp0r9a630vTvhcUHxl2fK1Q=; b=dlgprsCa9Z41CoTpljbPmtwK59fspwwVifEApJ0W0ZfP0xn0GW/VSjxaFj6GGR7XUH arBmUmuk1QvbJ6F4aTibx0qyMYlKOC7EvXuVl74kh4j9yLyt7miEfByG6yV8GRYJe2cE GjEBcK6QXBbWAL9JR7j0cs3QYsU2Uyg5WDn9w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678358088; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=88qLUyBEeXXTgoRElqfegp0r9a630vTvhcUHxl2fK1Q=; b=jm+RDieUi3BFF/p+zoF9nAuyMXUXzzyhU9uJTjE8KCFFcV/2gmPsXJ3sWx7qSDsUbq 8jPfU9H/Tx3Q+bf1Sh5iw6f3xpvOfaG5Nbb8Zy/LeeCJ71VrTRDvGBMPmucWKM1CeutN /DD8Jvu0ZNnEz9Rq9NOdblE5QWiNk4zy5ZyI4lAN6qWMqw+vMTBxLPYE6XqJ+VVCQW6L fmgKd44HtdvDLGYWsWhOj+MnaGYzRa01bkIGmdMwp29u4otWgLNy8btdJYh8yF0xJQK/ nPZlhVL1JzlIUXA9O6x1ClUrnW2hKAljC7/scuSeO0ef6hB3TytOwJNPvjkmAQJ90/8k ohIg==
X-Gm-Message-State: AO0yUKVkGq0zR1F+O0xoxgV7yKa/Q5blakkIOrAtu54RWlZeoqpCZqth PgxgNNb5YFjFy8wAKLPqbpbBmA==
X-Google-Smtp-Source: AK7set9AdpCUjkeGd0irQzwVKc2f1+exRdnri9MijcVsZeSooZ25LVzaR+H8S5BdCV0RrbIMGz/tpw==
X-Received: by 2002:a17:907:9c04:b0:8a5:8620:575 with SMTP id ld4-20020a1709079c0400b008a586200575mr22013027ejc.3.1678358088523; Thu, 09 Mar 2023 02:34:48 -0800 (PST)
Received: from snel ([2a10:3781:276:1:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id rl10-20020a170907216a00b008baeb5c9bdbsm8751323ejb.141.2023.03.09.02.34.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Mar 2023 02:34:47 -0800 (PST)
Date: Thu, 09 Mar 2023 11:34:46 +0100
From: Job Snijders <job@fastly.com>
To: Ties de Kock <tdekock@ripe.net>
Cc: sidrops@ietf.org
Message-ID: <ZAm2RhMQlly1e5J4@snel>
References: <ZAh8V8ilxAzy+TfV@snel> <5E34D9AD-89B3-411B-8B41-DBBB7578A076@ripe.net> <ZAiAGHAYzmQHruRk@snel> <ECBADD17-31AB-44FC-9EA6-3B8C9B2F9A56@ripe.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <ECBADD17-31AB-44FC-9EA6-3B8C9B2F9A56@ripe.net>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/km8HouRDrelFOYyEK7XKW_GTXEc>
Subject: Re: [Sidrops] require signing-time in draft-ietf-sidrops-signed-tal objects?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2023 10:34:54 -0000

Hello Ties,

On Wed, Mar 08, 2023 at 01:56:39PM +0100, Ties de Kock wrote:
> >>> In Section 4 add something along the lines of:
> >>> 
> >>>  * The CMS Signing-Time Attribute MUST be present in the
> >>>    signedAttrs in the signerInfos.
> >> 
> >> Could you use NotBefore and serial number of the EE certificate -
> >> since those are always present?
> > 
> > The presence of the signing-time attribute would not affect the
> > validity of the signed object, in contrast to the X.509 NotBefore.
> > Using signing-time adds more resolution to the TAK generation &
> > publication process.
> 
> I am do not think it adds additional information over notBefore (which
> ought to be present).

But it does, it is additional metadata offering insight into the signing
process. Take for example this object:
https://sola.sobornost.net/repository.lacnic.net/rpki/lacnic/003bf825-b144-476d-89c7-4987bdc328da/b99c2d0aaf83f09f48e194657d6d608a8273fa7d.roa.html

X.509 Validity, Not Before: Fri 24 Apr 2022 03:00:00 +0000
CMS Signing time:           Fri 13 Jan 2023 23:31:02 +0000

The object was first observed in the rpkiviews archives in this snapshot: 
http://josephine.sobornost.net/josephine.sobornost.net/rpkidata/2023/01/14/rpki-20230114T000632Z.tgz
(the previous snapshot, rpki-20230113T233631Z.tgz did not contain this ROA)

> But both notBefore and signing-time would contain a very similar time?

Perhaps, perhaps not. The above example shows notBefore and signing-time
differ significantly. The rpkiviews data suggests the CMS signing time
indeed very likely was the time the object was signed.

> > RFC 6488 2.1.6.4.3 / 2.1.6.4.4 already specifies the CMS attribute
> > is optional, so all draft-ietf-sidrops-signed-tal has to do is make
> > it non-optional for TAK objects.
> 
> My experience when I was working with the BBN conformance objects was
> that the implementation of signed attribute validation in RPs is weak.

Can you elaborate on what exactly the weaknesses were?

> An implementor explained that that in some cases this had to do with
> APIs not being available in libraries; 6488 has very specific
> requirements, and especially binary signing time has extremely limited
> support.

Yeah, not a single CA in the RPKI ecosystem is using binary signing
time. However *all* Signed Objects contain a CMS signed signing-time
attribute. I would not recommend to mandate binary signing-time.

> I would not rely on signing time if possible.

RFC 6488 states in Section 3 requirement g: "the signing-time
attribute MAY be present, but they are not required"

If the TAK specification indicates the signing-time attribute is
non-optional, I can rely on the data field's existence.

Ofcourse, I can't rely on the contents of the field being 'true' (it is
not a trusted timestamp) - but the contents can aid in debugging and
monitoring efforts.

All (~189,000) Signed Objects under the 5 RIRs contain a CMS
signing-time attribute. My suggestion merely is to make the CMS
signing-time attribute non-optional in the case of TAKs.

Kind regards,

Job

v2.23.0 | Report a Bug | By Email