IETF Logo Mail Archive

Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 26 November 2021 14:45 UTC

Return-Path: <prvs=796401c089=uri@ll.mit.edu>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 134843A0687 for <spasm@ietfa.amsl.com>; Fri, 26 Nov 2021 06:45:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wo9WBdNd2Pcu for <spasm@ietfa.amsl.com>; Fri, 26 Nov 2021 06:45:11 -0800 (PST)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D6D13A067B for <spasm@ietf.org>; Fri, 26 Nov 2021 06:45:10 -0800 (PST)
Received: from LLEX2019-3.mitll.ad.local (llex2019-3.llan.ll.mit.edu [172.25.4.125]) by MX3.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 1AQEj5qx171387 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 26 Nov 2021 09:45:05 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=hUSyUUW92lUh2Rt3fBuFNOgjMil8bmh7XlHv2keNLdKoeR6ysY0piVfLgmvBSDppMRbjPXGJhuGoBcAWH9cJTQtQeYyK442YEdVTBQwpUlPkXDu6wWPGwbVuf8RrcHDZxLe5l5et7wfJTOawMk0eaQUn5pQpTOQdAkXn4GAfhpjPDz7GwAVPmZRo6p3ghiCaz9rMxNrslbnIKfEf7XJIOus/HPO+ne0u+aw/vlTE7BeWmZMes2qitiexodikSROfQseb/1y5Kou9fVnwldV4+bmK4srRR7TM2kcyCIZL+ZLseEive90DVjXj9z5aVo5TwDDSgptWaY7x8kf1mXNYmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=JcLT8CleIZlVIGhtKeNg3v5zgjf6MbEvYHcJiQQp7Z0=; b=AFNG1X6G8t57iFP2FOAEJwRXKmdDmjXiAaP6tONwh7KjlFpLAqsNGqdrvGoYfMEvnQ9BBfZNVJv/3ymfc2v1tjHhApDs3B0o7mRNe7O+lwT10ggxp3fVMaDkI5MOrts1OYPy8rV/DFFK6hS6PTV4BT94tzCqzcnJ7q9sf0rwyppsRbwWVA7BJbLhW8mCMWvBcyp3zxH8m045KyESz/Szwu8ndU5ue0AEoXLMYzsiy7gRBFmA5teM29XZU0ls23G/dZzM4tL9fW8Ak1XfOpFUDi5Mu1YlwNfOnyRAPK2Nu4vrW3Qk80i+aLy8nUWKm/sRAeHqfagD3HO49YH/fD1sgg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Deb Cooley <debcooley1@gmail.com>, Stefan Santesson <stefan@aaa-sec.com>
CC: LAMPS WG <spasm@ietf.org>, "Cooley, Dorothy E" <decoole@nsa.gov>
Thread-Topic: [lamps] Call for adoption for draft-ito-documentsigning-eku
Thread-Index: AQHXgmuKk2sKcjNKq0GeFl8+0k2LC6v9+aiAgAENGgCAACI6AIAXSckA///c8gA=
Date: Fri, 26 Nov 2021 14:45:01 +0000
Message-ID: <E18DA038-E66C-4413-97D8-A0F49C740109@ll.mit.edu>
References: <CD589623-52EE-4958-80AB-73F0CFB3A36E@vigilsec.com> <1739DC01-D237-4080-99F2-1B82A4571C49@vigilsec.com> <SA1PR03MB66262B6CA20602F3417C0B7EEE949@SA1PR03MB6626.namprd03.prod.outlook.com> <df508f23-c7b4-a0ca-d552-51c2b1d9663a@aaa-sec.com> <CAGgd1OcfTU9JOhjZ6oKsDALpdbU2E_=PUvaSXQuWgdhgFVK=Cw@mail.gmail.com>
In-Reply-To: <CAGgd1OcfTU9JOhjZ6oKsDALpdbU2E_=PUvaSXQuWgdhgFVK=Cw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.54.21101001
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f6eb029a-4918-4771-e8ec-08d9b0eb537e
x-ms-traffictypediagnostic: CY1P110MB0455:
x-microsoft-antispam-prvs: <CY1P110MB0455E1BA355574A5CA98529A90639@CY1P110MB0455.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: q17wvJbIu4Xsp8BJZ3dpDJsUAAQzzw9j8Izr+lxTmCU/SLn5olQ4O6uC5P26Yjd+3XK9SedIhipALPJBkFcdnGDLPwYgKGfWWWjGW40qfS44yYXbJ8syhecaw5BkunkUxnzJgXPvU7JfLreV1S5Rjl/YBL5txF4LpjYMVEqRRn2o1plodm8fLJR9kCCQxycOVH3kDIWFWKRXLH2WcSqVCpveSZgQDtVXTfL6QX0CYAHIIPC4zZrQqbLtr4dVLOQr3ql16geEsUPrTfGcAEr6/HfGGnj33BRqP2lYy9Op0LiE8/w5n0MDNJLVYqAOccMv1p4PqstuOOoiu10S509lGotnxqRqqZewJrj3NnaR83V2Vlqy6xYWTodAGsHcd1tMb/uNPUnAwT0PVTOtPtwB0LB4fTEPy8ix7ZpUjVdYRX9HaazD3nu+HnaqdZ32KP1YUF3S57dM0HoolJbGPdGye/HCXQov7OLJ/q9HulM6HkuPJBgo0fC+2369TmgiQkrYCLTCBuMaKXpPjTIq02kPUGocM9nArmLLRbc5xN+kIOLYE36rs9p+V8VGoAqlCRKKQGoYLuep4X6Jgm9VksLoYB7BypsAxh6zrXtunLPvs/Rlg/SMbU3JAvKcEbHq7On//4d8lgmT+Hq34B18qQB25TfKVaJlJPE7QnDqJ8Dmo1/lR/Lc0auXIQRktj8cJjIfulT/wjRgxAUAZ896IE1D52ZVl71xPwgStSVzFGkIpSPoWJT6X7w8sNTKfIJYW+WoM0ufof2t3ndjg+hsARNzJAMfNbl4NBUdZOPn0Zx9+NLiUEIFOGXzOiosylduqNif
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY1P110MB0616.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(26005)(166002)(75432002)(6506007)(2616005)(33656002)(8676002)(5660300002)(66476007)(64756008)(71200400001)(186003)(6486002)(38100700002)(86362001)(508600001)(83380400001)(66556008)(66946007)(76116006)(66446008)(38070700005)(110136005)(316002)(99936003)(122000001)(8936002)(2906002)(4326008)(6512007)(53546011)(54906003)(966005)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: TE1KYsZeeSEJF8dR/HwHjZsCZVx7E58vRYuFv8DgIaACr+bLjZlue63YI/r3ye0fKU2AQzOgaB4wxxQV+kEERWJDPJdxYQAJjlm2Lss59bw9rLMhfMEa+RsxwnGHsu8+405r+EHTUmuQmESaVQcJi+3nDTSRJRQnNrWPaM2amoroQirQUedHabR1reSFASC1j5QTgi9wyh2/loYDFfLyWySl8Y+ZFui0ujjj8bhJZuY/G5U0oSOHbPnIhUx6J1codFJr8AERGg2LsK+izp39yDIxxCIromjR/Z+3CQ6PKs4rEby8uXBmwY7Ypf/mw96nWBjXxHXn/T46kwMZ4ss/u1Tmk4cpdgd7mlBJLBpGh9g8uSfPE5DHk0cUB6YD5Ebr15L0NuS1BQxCD8tcMfht8qYRd0441l3a/9DoYai0yQmi6zkUEVs5tQ4uAiE+sjdHh13NAZxGJYWffbuJYkvwY0+hfwjG6AxqUTmiH+Q+Hr4IvJonn6WE3/5B87txOHt0q83CemA8fhFQr7f/YKqNDeZP8pP0MMbPRHmLu6wMqiAgb/KvaWQssLOvQhessMANpCg0T0QVIqp7GXSd5TCBRJ9YGXMdDzf0iPhsLyeW1fn3eOkDUTDR4smjR7fzduTyUFeAQgjaJjX5p15oewAz5a7EuVsD9gYBqrlceAXa4cgVY1VJxmBgxsGxD7gPa5KHpik6TgNp/zEqT2jib/Hlx/Y2P58gCa77txFOMAF32T1ZUYlq0yZumB7/1sL2jwkKAHbLYN5aD2LwQFh+wMgjBGjTmg/SC7byDEzbBoIH7/yf0yITHh2tyKK81rW9tPLvoTjiSc3F6+D09uin1D7qI6HsgHH/NxEfhfv7BuVETVhtvvJTFTZAdSIdAnJmJ/COTtJAtRDd3lZ8WtpowuyyaZSpuAcsNP4bEJj36cDEvsRljuFrA8dVyDIaijMlYR0Xzvb0QEzKuppqwzjfUeQ/K6NJhQQGxPFrNLQaFh8HBcxNDT7w5FDHbBwJaxRLYPaZ993u14lJVGu7vWvjFN9adfNhaYlDNfDbTk/dhHBIAKpveddFCSR6hwEpObBHZVvCFRmVTgFsg8g1nQTkiY4o0qMwJQ+DZE6QX+Xwj2w5e0csEJdGt6sLnN7y4Ca89cn78Ih58dxRa2omHxoJn1yt0RsH+B2f4PNmWUZ8SfIE3Cagk0rdd+p0EcWFA5skY9ZoN2qK8t0/fsgeEn11xB8MoK8eoGiDk7k5cTSTxpJZPpac3nCmf+NKaB/AkbDzn4F7
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3720764700_2002911769"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY1P110MB0616.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f6eb029a-4918-4771-e8ec-08d9b0eb537e
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Nov 2021 14:45:01.2556 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1P110MB0455
X-Proofpoint-ORIG-GUID: LsmLZpDITlvihk9QC0BYYrj4-HyFxJBA
X-Proofpoint-GUID: LsmLZpDITlvihk9QC0BYYrj4-HyFxJBA
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-11-26_04:2021-11-25, 2021-11-26 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 spamscore=0 bulkscore=0 mlxscore=0 phishscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111260084
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/KIfLdwK4RYXprGCBNw9IGKEo1KM>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Nov 2021 14:45:16 -0000

> I’m not in favor for separate keys/certs for different purposes.  The PKI I support (US DOD) already has 3 keys/certs

> (ID, signing, encryption), adding a 'you can only use this cert for one purpose' is a deal breaker.

 

I concur. 

 

> I am in favor of distinguishing the difference between email signing, code signing, and document signing.

> In particular, I don't want to see code signing overloaded.  I’m happy for that to make sense. 

 

If I understood correctly what you mean – I disagree.

 

In my practice, signing documents and (especially!) forms is as routine as signing emails (maybe, a LITTLE less frequent).

So, documents/forms get signed by the same key on the same hardware token as emails (Digital Signature key).

 

In practice it’s accomplished by having both (email protection and doc signing) EKUs included in the cert.

 

Your first point re. 3 keys present on a PIV token applies here.

 

> As for the nonrepudiation issues, that is a KU, correct? 

 

Yes.

 

> And the KU extension is classically marked as 'critical', whereas EKU is marked as 'not critical'.

 

Traditionally – yes, but I’ve seen EKU marked critical too (wrongly, IMHO).

 

> I would not be in favor of marking an EKU as critical, which theoretically makes it easier?  But maybe not in Europe?

 

I concur. EKU should NOT be marked Critical.

 

Thanks!

 

On Thu, Nov 11, 2021 at 11:12 AM Stefan Santesson <stefan@aaa-sec.com> wrote:

Hi,

I just went through large part of this mail thread, the draft itself and
the presentation at IETF112.

I would at least like to raise some concerns about this EKU.


My absolute biggest worry is that we will initiate the old
non-repudiation debate in key usage where we desperately attempted to
distinguish between usage of keys for something similar to "document
signing" as apposed to using the key for signing to support
authentication or just data integrity.

In the wake of that discussion, many people started to debate how the
setting of this or that bit would affect the legal effect of such signature.

I think that the only thing we could agree on in the end was that it
probably was a huge mistake to try to bind a key to a purpose, as
opposed to binding the key to a particular protocol.


The main difference is that if a certificate is declared as suitable for
a protocol, then it is easy to just deny that protocol action if the
identifier is not there. That has no implications rather than the
end-points fixing their certs to make the protocol work.

But if you receive a signed document, the harm is done and you can't go
back and ask the signer to sign with another cert. And the commitment is
done, and legally binding, whether there is a declaration of this type
or not.


So my question is basically. What are the signer and the verifier
supposed to do based on seeing or not seeing this EKU in a cert. That is
not at all clear to me.

My biggest fear is that other standards groups in this area, like ETSI
ESI will start to update their signature validation procedures to check
for the presence of this EKU. I can hear the debate already.




To comments on the actual draft. The following text is problematic:

"Inclusion of this KeyPurposeId in a certificate indicates that the use
of any Subject names in the certificate is restricted to use by a
document signing."

This is not compatible with the function of the EKU extension. If you
for example add a second EKU to the certificate, the certificate is
equally valid to be used with the other EKU. An EKU can therefore not
limit or restrict the use of the certificate for just this purpose.


Also, the definition of document signing is problematic:

In modern electronic services you cant isolate the signed document from
the process of creating, approving and signing content. This is because
what you see is what you sign is just a fairy tale. In practice you see
something, but you often sign some machine processable data that binds
the transaction/agreement to you, but it is not the visible content. It
is not even a document that you can make visible directly. This is the
case often when for example signing tax declarations. What you sign can
be an XML construct of codes and data that is key to the declaration,
but the XML data is only for machine processing. The data itself can be
visually presented, but it is a stretch to call that the signed
document. The world is simply not that neat and contained that we would
like it to be.


In the end. This EKU worries me. A lot.


/Stefan

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email