Re: [Spasm] certspec work (draft-seantek-certspec-06.txt)
Sean Leonard <dev+ietf@seantek.com> Tue, 14 June 2016 09:03 UTC
Return-Path: <dev+ietf@seantek.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A91212D122 for <spasm@ietfa.amsl.com>; Tue, 14 Jun 2016 02:03:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RYE_h6xoSY1E for <spasm@ietfa.amsl.com>; Tue, 14 Jun 2016 02:03:22 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D2C8127058 for <spasm@ietf.org>; Tue, 14 Jun 2016 02:03:21 -0700 (PDT)
Received: from [192.168.123.7] (unknown [75.83.2.34]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 52CA550A73; Tue, 14 Jun 2016 05:03:20 -0400 (EDT)
To: Wei Chuang <weihaw@google.com>
References: <20160608161629.19935.86198.idtracker@ietfa.amsl.com> <f7c50b01-9d68-11ac-c343-9ffff7dbf143@seantek.com> <CAAFsWK1C4n-9rx+zCr+ig6of3XA=shE1HnvkTyJ6wfVp=BOJPw@mail.gmail.com>
From: Sean Leonard <dev+ietf@seantek.com>
Message-ID: <ad9589bf-1e63-cb93-4ed9-613e7299a53c@seantek.com>
Date: Tue, 14 Jun 2016 02:03:50 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <CAAFsWK1C4n-9rx+zCr+ig6of3XA=shE1HnvkTyJ6wfVp=BOJPw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------30C29AD50E50425E0CB0EDB6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/1BLWbKCiFCsk1tUGTmAHR7XuNSU>
Cc: spasm@ietf.org
Subject: Re: [Spasm] certspec work (draft-seantek-certspec-06.txt)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2016 09:03:24 -0000
Thank you for the feedback. Based on time, I will respond in multiple
e-mails, and out of order...
On 6/9/2016 10:49 AM, Wei Chuang wrote:
> Just some thoughts about this draft:
> 5. Can more motivation be provided for attribute section 8?
Okay. Well I am not sure if more motivation needs to be provided than
the first paragraph:
A certificate can have additional attributes (i.e., metadata)
operatively associated with--but not intrinsic to--it. For example,
the additional attributes may represent preferences. The syntax is
intended primarily to convey certificate metadata such as attributes
found in PKCS #9 [RFC2985], PKCS #11 [PKCS11], PKCS #12 [RFC7292],
and particular implementations of cryptographic libraries.
However, I suppose that I can provide some backstory.
Many certificate owners (taken broadly, I mean users and systems that
actually use certificates on a semi-regular basis, and that hold the
corresponding private keys) have preferences attached to those
certificates, much like SSH key owners attach metadata to their keys.
"friendlyName" is the obvious example. I'm pretty sure all of us around
here name our SSH keys certain things, like "use this with foo server"
or "generated on my Mac Mini in June". An SSH key's filename also
constitutes metadata; ditto for certificates, although certificates with
private keys tend to get serialized as PKCS #12. I needed a way to store
the friendly name of a certificate, which is a piece of information that
people care about but can change more-or-less at will. It has security
implications to the extent that it's shown to users, or used as a basis
for certificate selection. Some Mozilla NSS-based workflows identify
certificates based on the friendly name (NSS calls it "nickname", but
uses the same construct).
For S/MIME purposes, there's also smimeCapabilities. Smart clients are
supposed to cache smimeCapabilities and track them over time: see RFC
5751 for discussion. Of course, not many actually do this. But for
tracking purposes, associating smimeCapabilities with the corresponding
signing and encryption certificates of messages makes sense.
Manipulating X.690 (BER, CER, DER) is not practical, so we need a
textual format for these attributes that does not reinvent the wheel.
friendlyName is straightforward: it's just a string, suitably escaped.
LDAP string encoding provides some escapes so why not use that.
smimeCapabilities is more complicated, so in order not to reinvent the
wheel, one can just use ASN.1 value notation directly to get the job
done. I threw in the other two from PKCS #9 (localKeyId and
signingDescription) for completeness and because they have trivial LDAP
string representations. Other attributes are in use, particularly in
PKCS #12 blobs, but those attributes tend to be vendor-specific.
What draft-06 calls "certattrs" could easily just be "pkixattrs" or
"cmsattrs", since they all are drawing from the same attribute space. I
suppose one could go even further and specify an LDAP string format that
applies to any SET SIZE (1..MAX) OF Attribute. I thought about doing it
but didn't go that far in certspec-06.
> 4. Another naming method I'm aware of is CRLSets used in Chromium:
> https://dev.chromium.org/Home/chromium-security/crlsets
> This might be something to consider and possibly mention in section 6
> "Other Certificate Specifications".
Wei, can you provide more specifics on what you mean when you say
"another naming method": do you want a way to identify CRLSets, or are
you asking for documentation on how CRLSets identify certificates?
I am only somewhat familiar with CRLSets, but I was under the impression
that an entry in a (the) CRLSet identifies a certificate by one of:
SHA-256 fingerprint, SHA-256 hash of the public key (SPKI), or SHA-256
hashes of one of the former two split up into a Merkle tree. I also was
under the impression that CRLSets are encoded in JSON and do not have a
canonical encoding form: because of this, it's difficult to say that a
CRLSet can be identified by a cryptographic fingerprint in any reliable way.
Best regards,
Sean
- Re: [Spasm] certspec work (draft-seantek-certspec… Wei Chuang
- Re: [Spasm] certspec work (draft-seantek-certspec… Sean Leonard
- Re: [Spasm] certspec work (draft-seantek-certspec… Sean Leonard
- Re: [Spasm] certspec work (draft-seantek-certspec… Wei Chuang
- Re: [Spasm] certspec work (draft-seantek-certspec… Wei Chuang
- Re: [Spasm] certspec work (draft-seantek-certspec… Sean Leonard
- Re: [Spasm] certspec work (draft-seantek-certspec… Sean Leonard
- [Spasm] certspec work (draft-seantek-certspec-06.… Sean Leonard
- Re: [Spasm] certspec work (draft-seantek-certspec… Stephen Farrell
- Re: [Spasm] certspec work (draft-seantek-certspec… Wei Chuang