IETF Logo Mail Archive

Re: [lamps] Proposal for errata to RFC 2634 and 5035 - Re: Need clarification on ESS

Russ Housley <housley@vigilsec.com> Thu, 15 April 2021 14:52 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFCAC3A22D7 for <spasm@ietfa.amsl.com>; Thu, 15 Apr 2021 07:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hefgmd_WJuf5 for <spasm@ietfa.amsl.com>; Thu, 15 Apr 2021 07:52:46 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D182F3A22CB for <spasm@ietf.org>; Thu, 15 Apr 2021 07:52:45 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 4F121300B90 for <spasm@ietf.org>; Thu, 15 Apr 2021 10:52:42 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id v6hffLJfig_e for <spasm@ietf.org>; Thu, 15 Apr 2021 10:52:39 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 784C4300AA6; Thu, 15 Apr 2021 10:52:39 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <AD91D46F-07D0-4C60-B528-F585DFD3DF1D@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9656F56F-E17E-4FEA-B603-D93EC3CB828A"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Thu, 15 Apr 2021 10:52:40 -0400
In-Reply-To: <ec8e11df-a014-669a-10ae-60a2b24dfd6e@von-Oheimb.de>
Cc: LAMPS <spasm@ietf.org>
To: David von Oheimb <nl0@von-Oheimb.de>
References: <23AF3BD2-A969-4BE9-9DCF-89B0715D847E@vigilsec.com> <46324713-28bf-f215-0cc8-ce024b99f447@von-Oheimb.de> <49300CF2-2488-4C29-9AC5-4809F593C157@vigilsec.com> <CAHm+eR8fR-Xvd=hAGpZEiq6hB4RWnnQN0ZY8OYQzXT0-zrR6MA@mail.gmail.com> <0B1526E4-4E20-4C70-8577-ED6C1DC46CE4@vigilsec.com> <8c5af39c-6a5b-5314-c82c-85c150a20d56@von-Oheimb.de> <FA796830-C530-4A51-BD94-DB786365AEE5@vigilsec.com> <80ab3f1b-b733-abb8-133e-288f856e20df@von-Oheimb.de> <F1939EE0-C3DD-4FAA-A887-90760362BC75@vigilsec.com> <c62414ba-8132-3313-c349-146a97d301c0@von-Oheimb.de> <20210318055717.GA79563@kduck.mit.edu> <6dfd3e87-bc46-ce7b-27b7-bae26fe7dc95@von-Oheimb.de> <ec8e11df-a014-669a-10ae-60a2b24dfd6e@von-Oheimb.de>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/N-YvsOydlg9XZ6ryYzbV2pzqke8>
Subject: Re: [lamps] Proposal for errata to RFC 2634 and 5035 - Re: Need clarification on ESS
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 14:52:51 -0000

David:

I think you should submit the errata at https://www.rfc-editor.org/errata.php

I encourage you to put the whole text in the original and new so that the inline errata tool has a hope of doing the right thing.

Russ


> On Apr 15, 2021, at 10:28 AM, David von Oheimb <nl0@von-Oheimb.de> wrote:
> 
> Some 3+ weeks ago I provided as requested the below text for discussion.
> So far I did not see any reaction on it. How best to proceed?
> 
>     David
> 
> On 23.03.21 08:57, David von Oheimb wrote:
>> Hi Ben et al.,
>> 
>> according to your feedback on how to (re-)structure the errata texts to be discussed here before they get submitted,
>> here is an update of my proposal, which essentially is the same as before but in the required format.
>> 
>>     David
>> 
>> 
>> Proposal for erratum to RFC 2634
>> 
>> Section: 
>> 
>> 5.4
>> 
>> Original text:
>> 
>>     The first certificate identified in the sequence of certificate
>>     identifiers MUST be the certificate used to verify the signature.
>>     [....]
>>     If more than one certificate is present in the sequence of
>>     ESSCertIDs, the certificates after the first one limit the set of
>>     authorization certificates that are used during signature validation.
>> 
>> Corrected text:
>> 
>>     The sequence of certificate identifiers MUST contain at least one element.
>>     The first certificate identified MUST be the certificate used to verify the signature.
>>     [... (unchanged)]
>>     If more than one certificate identifier is present in the sequence of ESSCertIDs,
>>     all certificates referenced there MUST be part of the signature validation chain.
>> 
>> Notes:
>> 
>> Some aspects of the 'certs' field of a SigningCertificate attribute:
>> 
>>    SigningCertificate ::=  SEQUENCE {
>>        certs        SEQUENCE OF ESSCertID,
>>        policies     SEQUENCE OF PolicyInformation OPTIONAL
>>    }
>> described in the sentences quoted above are very vague. 
>> This lead to major confusion and wrong implementations.
>> As meanwhile has been clarified, they should be re-phrased;
>> see suggested new version above.
>> (One may further mandate/clarify that the certificate identifiers must be given in the same order 
>> as they are expected in the validation chain, but I think this is not important because 
>> the order should not play a critical role and will be determined by the validation chain anyway.)
>> 
>> Proposal for erratum to RFC 5035
>> 
>> Section: 
>> 
>> 3, which inserts new section 5.4.1
>> 
>> Original text:
>> 
>>  certs
>>       contains the list of certificates that are to be used in
>>       validating the message. 
>>       [...]
>>       If more than one certificate is present, subsequent certificates
>>       limit the set of certificates that are used during validation.
>> 
>> Corrected text:
>> 
>>  certs
>>     contains the list of certificates that are to be used in
>>     validating the message. It MUST contain at least one element.
>>     [... (unchanged)]
>>     If more than one certificate identifier is present in the sequence of ESSCertIDv2s,
>>     all certificates referenced there MUST be part of the signature validation chain.
>> 
>> Notes:
>> 
>> Some aspects of the 'certs' field of a SigningCertificateV2 attribute:
>> 
>>    SigningCertificateV2 ::=  SEQUENCE {
>>        certs        SEQUENCE OF ESSCertIDv2,
>>        policies     SEQUENCE OF PolicyInformation OPTIONAL
>>    }
>> described in the sentences quoted above are rather vague. 
>> This lead to major confusion and wrong implementations.
>> As meanwhile has been clarified, they should be re-phrased;
>> see suggested new version above.
>> (One may further mandate/clarify that the certificate identifiers must be given in the same order 
>> as they are expected in the validation chain, but I think this is not important because 
>> the order should not play a critical role and will be determined by the validation chain anyway.)
>> 
>> 
>> 
>> 
>> On 18.03.21 06:57, Benjamin Kaduk wrote:
>>> Hi David,
>>> 
>>> On Wed, Mar 17, 2021 at 09:09:08AM +0100, David von Oheimb wrote:
>>>> On 14.03.21 23:17, Russ Housley wrote:
>>>> 
>>>>> I do not find the existing text as confusing as you do.  
>>>> I agree in the sense that I see the topic of the 2nd clarification less
>>>> confusing and critical than the 1st one
>>>> because the question whether a ESSCertID{,v2} list shall contain at
>>>> least one entry only influences
>>>> the corner case whether signingCertificate{,V2} attributes can be used
>>>> to express policy constraints only.
>>>> 
>>>> Yet the 1st vagueness, whether the ESSCertID{,v2} list is supposed to
>>>> mean a lower or upper bound of the allowed certs in the validation
>>>> chain, is major.
>>>> As mentioned, several implementations including Bouncy Castle simply
>>>> ignore the case that that ESSCertID{,v2} contains more than one element, and
>>>> the only implementation that is known to take care of them, in OpenSSL,
>>>> has been confused and thus wrong from its beginning nearly two decades ago!
>>>> 
>>>>> That said, I would suggest getting review of proposed replacement text
>>>>> on the mail list before posting an errata.
>>>> 1. Here is my proposal for an erratum to RFC 2634:
>>>> [
>>> [...]
>>> 
>>> While your formulations are useful for the mailing-list discussion, when it
>>> comes time to actually submit errata reports they will need to be
>>> formulated a little differently.
>>> 
>>> The form just has (in addition to some other metadata) the section of the
>>> document, "original text", "corrected text", and "notes".  So all the
>>> commentary will need to be in one place, and after the OLD/NEW text.  So,
>>> with this digression over, we should continue to review the OLD/NEW text
>>> and get support for the specific NEW texts. :)
>>> 
>>> Thanks,
>>> 
>>> Ben
>> 
>> 
>> _______________________________________________
>> Spasm mailing list
>> Spasm@ietf.org <mailto:Spasm@ietf.org>
>> https://www.ietf.org/mailman/listinfo/spasm <https://www.ietf.org/mailman/listinfo/spasm>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email