[Sidrops] Benjamin Kaduk's No Objection on draft-ietf-sidrops-https-tal-07: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Wed, 10 April 2019 03:27 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: sidrops@ietf.org
Delivered-To: sidrops@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 902F012009C; Tue, 9 Apr 2019 20:27:05 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow <morrowc@ops-netman.net>, sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.95.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <155486682558.19696.15312172563014424742.idtracker@ietfa.amsl.com>
Date: Tue, 09 Apr 2019 20:27:05 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/t7jyEi8Rn3QKD1KKKmpqQ3IcIS8>
Subject: [Sidrops] Benjamin Kaduk's No Objection on draft-ietf-sidrops-https-tal-07: (with COMMENT)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 03:27:06 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-sidrops-https-tal-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for keeping the diff from RFC 7730 tidy! Abstract their CA certificate. In particular it allows TAs to change the set of Internet Number Resources included in the RFC3779 extension of their certificate. Neither "Internet Number" nor "Number Resources" appears in RFC 3779 that I can see. (On a quick skim, I'm still not sure if we mean AS number or IP address/prefix.) Section 2.1 the trust anchor per se. In the RPKI, certificates contain extensions that represent Internet Number Resources (INRs) [RFC3779]. (As above, I don't see INRs mentioned in RFC 3779.) Since comments are new in this rev of TAL, do we want to caution consumers that implementations may not necessarily support comments yet? Section 2.3 The trust anchor MUST contain a stable key. This key MUST NOT change when the certificate is reissued due to changes in the INR extension(s), when the certificate is renewed prior to expiration, or for any reason other than a key change. (This seems a bit tautological...) If an entity wishes to withdraw a self-signed CA certificate as a putative trust anchor, for any reason, including key rollover, the entity MUST remove the object from the location referenced in the TAL. Certain classes of attacker could continue to publish the last-known certificate as a trust anchor and prevent this withdrawl from taking effect; we should probably cover that in the security considerations. Section 2.4 We say that it's RECOMMENDED to have different domains (so as to get different IP addresses) but this example shows only a single domain. Section 4 Note that a Man in the Middle (MITM) cannot produce a CA certificate that would be considered valid according to the process described in Section 3. [...] I think the key part is that the attacker cannot produce a *new* CA certificate that differs from a legitimate one, but they can MITM the HTTPS connection and present a legitimate (but potentially stale) CA certificate. o DNS names in Repository Server certificates SHOULD NOT contain the wildcard character "*". Would a Relying Party ever reject the HTTPS connection (and thus, the delivered TA) if a wildcard certificate is presented for the HTTPS connection? Section 5 This TAL does not directly provide a list of resources covered by the referenced self-signed CA certificate. Instead, the RP is referred to the trust anchor itself and the INR extension(s) within this certificate. This provides necessary operational flexibility, but it also allows the certificate issuer to claim to be authoritative for any resource. Relying parties should either have great confidence in the issuers of such certificates that they are configuring as trust anchors, or they should issue their own self-signed certificate as a trust anchor and, in doing so, impose constraints on the subordinate certificates. Are there any external databases that a RP could consult to affect the decision of whether to believe that a TA should actually be claiming the indicated resource(s)? (It would be a bit silly, given that this is the RPKI already, but still...)
- [Sidrops] Benjamin Kaduk's No Objection on draft-… Benjamin Kaduk via Datatracker
- Re: [Sidrops] Benjamin Kaduk's No Objection on dr… Tim Bruijnzeels
- Re: [Sidrops] Benjamin Kaduk's No Objection on dr… Benjamin Kaduk
- Re: [Sidrops] Benjamin Kaduk's No Objection on dr… Tim Bruijnzeels