IETF Logo Mail Archive

Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

Ryan Sleevi <ryan-ietf@sleevi.com> Tue, 27 July 2021 16:18 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A09863A06E7 for <spasm@ietfa.amsl.com>; Tue, 27 Jul 2021 09:18:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.645
X-Spam-Level:
X-Spam-Status: No, score=-1.645 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OBeWvflmjNFu for <spasm@ietfa.amsl.com>; Tue, 27 Jul 2021 09:18:30 -0700 (PDT)
Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B67283A0691 for <spasm@ietf.org>; Tue, 27 Jul 2021 09:18:30 -0700 (PDT)
Received: by mail-pj1-f51.google.com with SMTP id g23-20020a17090a5797b02901765d605e14so5549034pji.5 for <spasm@ietf.org>; Tue, 27 Jul 2021 09:18:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BjjW7808dxlH6g0N7Vc75IbJ8Fy+c9vm8IXM2FWj3hM=; b=TxWJuKwI2aR798R0qdAkMbqECsYIrR8t+07x/VmWEAeHRadhB1+IT89KA+VFZd05pf omPo4ntRFL0JDwVr3424TicN0NFBGIAyPwv9wVrnOw424qMvYf/u5C19bFJt8mjWTscS oq2ERhO0kdZAVLYUsVvCLkAVekqFeajRqugVDRFf0zYOEI5qRnYQfcECxKwOyo7+NcO+ XdnjXyTCudyW5r632GCFcjzLVajU9QMrGC40VJzfVv4r3ckLOm01VEyWSc8wJT5c+OKH hqNZcRLs06R02OTChCVHAIF5t3shOSnBb4sKou/TCt6ml3XAmFR/WXZGm5E0PhiOSLvT OVDg==
X-Gm-Message-State: AOAM532+aabYDDf6dMTVhrt6nthIrxhMn7fUMG5x8OPafK3axFzXpusW 5S/uBoPswz8xiiqECcrtaVSj80Az/nM=
X-Google-Smtp-Source: ABdhPJwNMjtLkvdQ2SB3w2gqw88KHywDqW1kVFH6kKAr3TeXvrYxAkjP+EZnTq5g+LuUBpsPlxeIlw==
X-Received: by 2002:a17:902:c402:b029:12b:54cf:c2ab with SMTP id k2-20020a170902c402b029012b54cfc2abmr19276790plk.56.1627402709414; Tue, 27 Jul 2021 09:18:29 -0700 (PDT)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com. [209.85.216.41]) by smtp.gmail.com with ESMTPSA id t6sm3230578pjo.4.2021.07.27.09.18.28 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 27 Jul 2021 09:18:28 -0700 (PDT)
Received: by mail-pj1-f41.google.com with SMTP id m2-20020a17090a71c2b0290175cf22899cso5573902pjs.2 for <spasm@ietf.org>; Tue, 27 Jul 2021 09:18:28 -0700 (PDT)
X-Received: by 2002:a63:cd4d:: with SMTP id a13mr24191451pgj.364.1627402708525; Tue, 27 Jul 2021 09:18:28 -0700 (PDT)
MIME-Version: 1.0
References: <CD589623-52EE-4958-80AB-73F0CFB3A36E@vigilsec.com> <CAErg=HF_hcXO=9=KJh5EBEov4ybS_8g4xF=cANL9+83UvP0zvQ@mail.gmail.com> <adf86f46-093f-756f-8292-9b5e088f4344@lear.ch>
In-Reply-To: <adf86f46-093f-756f-8292-9b5e088f4344@lear.ch>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Tue, 27 Jul 2021 12:18:17 -0400
X-Gmail-Original-Message-ID: <CAErg=HEUFV2F8R8g8e6yCDKz_e6RebNyB5Zb2Lvgn4oc3BtE-w@mail.gmail.com>
Message-ID: <CAErg=HEUFV2F8R8g8e6yCDKz_e6RebNyB5Zb2Lvgn4oc3BtE-w@mail.gmail.com>
To: Eliot Lear <lear@lear.ch>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>, Russ Housley <housley@vigilsec.com>, LAMPS WG <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005927d705c81d3819"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/2XJF0cvfcOBwf_hWLfeIBHDdNPM>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 16:18:36 -0000

On Tue, Jul 27, 2021 at 11:44 AM Eliot Lear <lear@lear.ch> wrote:

> CAs can barely handle three.  Adding one more will be challenging enough,
> which is why I asked if there was an intent to deploy by CAs, and the
> answer was, “yes”.
>
I don't think it's appropriate at all to generically refer to CAs like
this, given that we have ample industry evidence to the contrary. It
equally seems to be mistaken of the concerns to think that it's a question
about what the CA deploys, since this is a question of and for relying
party applications.

> On (1), RFC 5280 was written prior to the requirement for explicit IANA
> policies, but there is no basis to believe that a protocol is required to
> establish an EKU.
>
This is a very broad statement, and it's unclear if you're requesting to
understand more of the historic basis for the {Extended, Enhanced} Key
{Usage, Purpose} and its historic evolution. As the brackets note - this is
a field that has had many names through its evolution, and while you're
entirely right that RFC 7299 post-dates RFC 5280 and the previous work
(e.g. ipki-part1-05 borrowing the field from ISO), and you can certainly
examine the contemporary discussions around the intersection with keyUsage.

> Finally, we do not want a requirement for more specific EKUs (or any other
> extension) to become a barrier to deployment.  In the end that just makes
> it less practical to use certificates.  If you're reading this as, “the CAs
> can't/won't keep up”, then you've understood my message.
>
Again, I believe it's misguided to speak of "the CAs" without speaking to
the trust framework; your "CAs" are not my "CAs", and that's perfectly fine
and working as intended. I understand and appreciate your sensitivities of
concern with manual certificate management and the use of legacy smart
cards; however, these concerns do not generically extend to all
certificates or all CAs, nor are they sufficient to justify IANA/IETF
action.

This document "could" be entirely reasonable as an Individual Submission;
while that does not at all redeem its flaws, it also reflects the reality
that what's being proposed here is explicitly not something that can or
should be used in an interoperable way. It certainly, in its present form,
explicitly conflicts with the objectives set forth in RFC 5280, Section 2.2:

   The goal of the Internet Public Key Infrastructure (PKI) is to meet
   the needs of deterministic, automated identification, authentication,
   access control, and authorization functions.  Support for these
   services determines the attributes contained in the certificate as
   well as the ancillary control information in the certificate such as
   policy data and certification path constraints.

Namely, that the objective of this EKU is, as stated, for
non-deterministic, manual identification of certificates. This further
contradicts Section 2.3's goal of ensuring the specification recognizes
"the limitations in sophistication and attentiveness of the users
themselves".

Concretely, our disagreement appears to be this: When faced with the
question of a hypothetical new EKU, do the specifications provide
sufficient guidance to relying party applications to make an automated
determination about whether or not the use is appropriate or not?
Explicitly, it does not: it does not provide a way, for example, to
distinguish whether this "XMLDSig" signed thing is permitted, no more than
it permits this "PDF-via-CMS" or "PDF-with-CMS" is permitted. It does not
provide any further insight into either the CA's intended capability for
the named subject, nor to the relying parties expectations of that
capability, and intentionally so. A relying party application instead is
expected to treat this as abstract, to be determined by each application
whether or not it's appropriate, creating a fundamental disconnect between
any CA that tries to issue such certificates and any relying party
attempting to use them.

The solution for this disconnect is simple: relying parties and CAs to
agree on semantics that are unambiguous as to what is acceptable or not.
This is true with or without IANA/IETF action, as reflected by deployed
reality.

>

v2.23.0 | Report a Bug | By Email