IETF Logo Mail Archive

Re: [lamps] New Liaison Statement, "Liaison statement to IETF on RFC 5280 attribute length limitations"

Russ Housley <housley@vigilsec.com> Wed, 12 January 2022 21:47 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 897F43A1EE6 for <spasm@ietfa.amsl.com>; Wed, 12 Jan 2022 13:47:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iU62hbrQLQVK for <spasm@ietfa.amsl.com>; Wed, 12 Jan 2022 13:47:02 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB3843A1EE3 for <spasm@ietf.org>; Wed, 12 Jan 2022 13:47:02 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 350AFEE5B3; Wed, 12 Jan 2022 16:47:02 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 0DD0FEF006; Wed, 12 Jan 2022 16:47:02 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <54F4EB6B-BE00-4817-ACCD-DCAA0CC4FCF7@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F63F030D-A1EC-4D6C-A635-580AFDA9B94A"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Wed, 12 Jan 2022 16:47:01 -0500
In-Reply-To: <MW4PR17MB4729558CC0302F4D9D917343AA529@MW4PR17MB4729.namprd17.prod.outlook.com>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>, Stefan Santesson <stefan@aaa-sec.com>, "Roman D. Danyliw" <rdd@cert.org>, Ben Kaduk <kaduk@mit.edu>, Tim Hollebeek <tim.hollebeek@digicert.com>, LAMPS <spasm@ietf.org>
To: Rob Stradling <rob@sectigo.com>
References: <164194125924.20287.2467064234655000140@ietfa.amsl.com> <3c2fe3af-6b13-d841-0922-ac5657776cd6@aaa-sec.com> <CAErg=HFgi6mU7GKZ7JdK=fgCiLXSD4gG+omG1eWuUSrHNHWGew@mail.gmail.com> <816dd057-d3cc-f3a2-c523-a5f96b1a9474@aaa-sec.com> <CAErg=HHxfE_FWC8pjUWZCMEynbkf6AJhPTjrcJDm1fRDQYxmQQ@mail.gmail.com> <5e99182e-fa72-ff5b-0a81-c91b8add588e@aaa-sec.com> <CAErg=HFo2TgVxD=i3ONJXYCnuZzJwsLkqmW8RjkRrtKZMCH3SQ@mail.gmail.com> <MW4PR17MB4729558CC0302F4D9D917343AA529@MW4PR17MB4729.namprd17.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Sfdxszvk__b45UC0Ln9UmSM_LpA>
Subject: Re: [lamps] New Liaison Statement, "Liaison statement to IETF on RFC 5280 attribute length limitations"
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2022 21:47:08 -0000

Historical note:  the change in the structure was before RFC 2459 was published.  The basic constraints and the name constraints were put in two different extensions in order to keep basic constraints very simple (one might say, to keep them basic).  At the time, the PKIX WG was developing the initial profile based on draft versions of X.509v3.  Both X.509v3 and the I-D were moving, and there was feedback flowing in both directions.  I think it was a success.

Russ


> On Jan 12, 2022, at 12:42 PM, Rob Stradling <rob@sectigo.com> wrote:
> 
> Ryan wrote:
> > RFC 5280 should be seen as exactly what it specifies it is: a narrower profile of X.509 suitable for Internet applications.
> 
> +1, and retaining the traditional "upper bounds" in RFC5280 can legitimately be seen as part of that narrower profiling.
> 
> ISTM that if ETSI don't want to be restricted by RFC5280's narrower profile, then ETSI should consider profiling X.509 directly and not referencing RFC5280 at all.
> 
> IETF believes in Rough Consensus and Running Code.  Breaking backwards compatibility would be likely to break Running Code, and I dare say it would do serious damage to Rough Consensus too.
> 
> > This would be no different than if the BasicConstraints PDU was redefined from being SEQUENCE { BOOLEAN, INTEGER } to being SEQUENCE { SEQUENCE, BOOLEAN, INTEGER }. We would, undoubtedly, agree that is a backwards-incompatible change, and the solution for such a need would be simply a BasicConstraintsV2 structure with that syntax, and, corresponding, a new id-ce-basicConstraintsV2 object identifier to identify that extension.
> 
> Funnily enough, this already happened.  šŸ™‚
> 
> https://datatracker.ietf.org/doc/html/draft-ietf-pkix-ipki-part1-01#section-4.2.6 <https://datatracker.ietf.org/doc/html/draft-ietf-pkix-ipki-part1-01#section-4.2.6> defined a draft version of Basic Constraints that was altered before RFC2459 defined what we use today.
> 
> I'm not sure if there's an official repository of PKIX certificate extension OIDs that have been deprecated due to backwards-incompatible changes, so in the absence of that I give you this...
> 
> > curl -s https://lapo.it/asn1js/oids.js <https://lapo.it/asn1js/oids.js> | grep basicConstraints
> "2.5.29.10": { "d": "basicConstraints", "c": "X.509 extension.  Deprecated, use 2 5 29 19 instead", "w": true },
> "2.5.29.13": { "d": "basicConstraints", "c": "X.509 extension.  Deprecated, use 2 5 29 19 instead", "w": true },
> "2.5.29.19": { "d": "basicConstraints", "c": "X.509 extension" },
> 
> From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org>> on behalf of Ryan Sleevi <ryan-ietf@sleevi.com <mailto:ryan-ietf@sleevi.com>>
> Sent: 12 January 2022 17:00
> To: Stefan Santesson <stefan@aaa-sec.com <mailto:stefan@aaa-sec.com>>
> Cc: Roman Danyliw <rdd@cert.org <mailto:rdd@cert.org>>; Ryan Sleevi <ryan-ietf@sleevi.com <mailto:ryan-ietf@sleevi.com>>; Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>>; Limited Additional Mechanisms for PKIX and SMIME Discussion List <spasm@ietf.org <mailto:spasm@ietf.org>>; Benjamin Kaduk <kaduk@mit.edu <mailto:kaduk@mit.edu>>; Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com>>
> Subject: Re: [lamps] New Liaison Statement, "Liaison statement to IETF on RFC 5280 attribute length limitations"
>  
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
> 
> 
> 
> On Wed, Jan 12, 2022 at 10:56 AM Stefan Santesson <stefan@aaa-sec.com <mailto:stefan@aaa-sec.com>> wrote:
> Ryan,
> Very interesting discussion, but unfortunately off-topic.
> 
> Hi Stefan,
> 
> Could you clarify what's off-topic? I think this is very core to the discussion regarding compatibility, as highlighted by Russ and Peter, so perhaps I'm explaining these things poorly, since it sounds like there's still some resulting confusion or disagreement.
> The issue at hand is - Should RFC 5280 deviate from X.520 with regard to max size limits on X.520 defined attributes.
> If so, then please specify:
> 1) Why that is a good idea, and
> Yes. That ship has sailed, software has shipped, and we deal with it going forward. The issue is that X.509 made a backwards incompatible change, whether intentionally or ill-conceived.
> 2) How a certificate verifying application would know if the X.520 definition of the attribute or the RFC 5280 definition of the same attribute should be enforced?
> Simple. An application that uses the ASN.1 modules from RFC 5280, or, alternatively, RFC 5912, will not be able to decode such certificates. RFC 5280 should be seen as exactly what it specifies it is: a narrower profile of X.509 suitable for Internet applications.
> 
> Constraints are part of the type definition, as covered by X.682. They affect the encoder and decoder, and thus, are key to understanding interoperability. The issue is that X.520 redefined the types, without redefining the type identifier, and thus, compatibility problems are introduced for anything using the existing type specifier.
> 
> The request is for RFC 5280 to update the types to match X.520, thus introducing the same redefinition issue. This would be no different than if the BasicConstraints PDU was redefined from being SEQUENCE { BOOLEAN, INTEGER } to being SEQUENCE { SEQUENCE, BOOLEAN, INTEGER }. We would, undoubtedly, agree that is a backwards-incompatible change, and the solution for such a need would be simply a BasicConstraintsV2 structure with that syntax, and, corresponding, a new id-ce-basicConstraintsV2 object identifier to identify that extension.  My discussion of how ETSI can relieve any perceived incompatibilities is precisely to use what has been the recommendation of X.509 for quite some time: if you are defining a new type (as a different constraint inherently is), then identify it with a new type identifier. It's just that simple.
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org <mailto:Spasm@ietf.org>
> https://www.ietf.org/mailman/listinfo/spasm <https://www.ietf.org/mailman/listinfo/spasm>

v2.23.0 | Report a Bug | By Email