Re: [lamps] draft-ietf-lamps-8410-ku-clarifications: EE/CRLIssuer Text
Sean Turner <sean@sn3rd.com> Wed, 22 June 2022 16:55 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7869BC15AAC5 for <spasm@ietfa.amsl.com>; Wed, 22 Jun 2022 09:55:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWV94bXxQHc7 for <spasm@ietfa.amsl.com>; Wed, 22 Jun 2022 09:55:22 -0700 (PDT)
Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFB52C1595E6 for <spasm@ietf.org>; Wed, 22 Jun 2022 09:55:22 -0700 (PDT)
Received: by mail-qv1-xf2e.google.com with SMTP id q4so13912033qvq.8 for <spasm@ietf.org>; Wed, 22 Jun 2022 09:55:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=WWgUjDnv9b3OlnkNNd2cfz8Z69X9kqdZmW//hD6Degc=; b=LJbyH3yISgGFs1GW+V9w8szPZboKj8aRgtXg0TZaCiRCvq6K8gj42TsSvHQWNLOUlg d2OFu/JhIyVKVVFqgy1LgS08hOHzUgR5uHKY7ZVOd4//0tD77422TofHK0mgJRHwB6Bi +dxo0NSeDpL8oNwpDHJZWezRF7/ZO/kohi828=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=WWgUjDnv9b3OlnkNNd2cfz8Z69X9kqdZmW//hD6Degc=; b=LJZR5gRh9ykl275ZJcvNmP2D3FxS7GWkd2Z1jVodTjJF+nwSA2inLv/DceLdRAkxYt jdrCQns8AbIFxc8aXzM80BpWeXqxd+vwg5IlMKzpwursUWs9R0blmrW3UEBNsCw9Z8JQ ZBBJP5uyt6WlLsqPhL/V1kRfNPrb3TCkScCcaNlCWgl2e0bm6O/qBRCWyIAsTVCIiIQ3 XkWbNMhvPYVqWDi1mFLKw8RwMh+OAi6Hy7jqta5vGIfLUIL7KiSIXmxUvknoOz6wSRiI eeombnTZalz5863RlLj6LmnUZakmA5khA0jXN2wr/0H07hTtKaZx3coA/xgDBC2hzljA Jaew==
X-Gm-Message-State: AJIora+wu9/psENAvceFED6xMTBYxq6INQicPcGGnTSLO4xJ6a7ZAOWz DIVj0JqitV5oqMLp/JAltdFSCZySBWewPg==
X-Google-Smtp-Source: AGRyM1uRFJ9bGHtqSHj4UVTrJOk1pP1LTklBAeV9kWEZADfY5BPW+0ZrSoXy9WGTvQwamEmMSom32Q==
X-Received: by 2002:a05:622a:1745:b0:305:15a6:f76 with SMTP id l5-20020a05622a174500b0030515a60f76mr3818265qtk.431.1655916921339; Wed, 22 Jun 2022 09:55:21 -0700 (PDT)
Received: from smtpclient.apple ([2600:4040:253b:7300:6170:f601:4906:eb67]) by smtp.gmail.com with ESMTPSA id j17-20020a05620a289100b0069fc13ce20asm17140930qkp.59.2022.06.22.09.55.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Jun 2022 09:55:20 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CAFTXyYB8BdGtn4ROnLUMBpz6J+1oj7JvCxY7K2fQ4pLUXhbjew@mail.gmail.com>
Date: Wed, 22 Jun 2022 12:55:18 -0400
Cc: LAMPS WG <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8BB99BF5-CAD5-484C-A93A-D1D2F7188128@sn3rd.com>
References: <1C2C3B94-DA30-4DA4-BBF3-F7F873587F30@sn3rd.com> <CALhKWgha0RY880soan=jhfTL4FG0mrGhTrpBPvqkuLEvmQfmqg@mail.gmail.com> <CAFTXyYB8BdGtn4ROnLUMBpz6J+1oj7JvCxY7K2fQ4pLUXhbjew@mail.gmail.com>
To: Tadahiko Ito <tadahiko.ito.public@gmail.com>, Jonathan Hammell <jfhamme.cccs@gmail.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/i9_QgWSitYVNITfaiER6YfuXP2w>
Subject: Re: [lamps] draft-ietf-lamps-8410-ku-clarifications: EE/CRLIssuer Text
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2022 16:55:26 -0000
I will run the options by the IESG. I also thought of another option that merges the two to be slightly more specific in the CRL issuer text to address where the CRL issuer is an EE or CA: If the keyUsage extension is present in a CRL issuer certificate that indicates id-Ed25519 or id-Ed448 in SubjectPublicKeyInfo, then the keyUsage extension MUST contain: cRLSign; and zero or more of the following: nonRepudiation; and digitalSignature; and the following MUST NOT be present: keyEncipherment; dataEncipherment; keyAgreement; encipherOnly; and decipherOnly; and if the CRL issuer is also a certification authority, then the keyUsage extension MUST also contain: keyCertSign. spt > On Jun 6, 2022, at 11:42, Tadahiko Ito <tadahiko.ito.public@gmail.com> wrote: > > Hi > > As far as I understand, CA certificate and EE certificate are exclusive, but CRL issuer certificate and EE certificate are not exclusive. > RFC5280 seems to allow CRL issuer certificate be EE certificate in same time. > > So, dividing EE cert, and CRL issuer cert may be confusing. > (well,, we can divide like non-CRLissuer-EE and CRLissuer-EE, but then people may confuse that if there has been any change on use of KU flags. Our only change is key encipherment and data encipherment. so for me, it is better to write simple, and let people find change easier) > > Instead, how about something like following change? > (Erasing description of CRL issuer certificate from first part, and write as note on the bottom) > > ----OLD--- > If the keyUsage extension is present in an end-entity or CRL issuer > certificate that indicates id-Ed25519 or id-Ed448 in > SubjectPublicKeyInfo, then the keyUsage extension MUST contain at > least one of the following: > nonRepudiation; > digitalSignature; and > cRLSign; > > and the following MUST NOT be present: > keyEncipherment; > dataEncipherment; > keyAgreement; > keyCertSign; > encipherOnly; and > decipherOnly. > > > > ----NEW--- > > > > If the keyUsage extension is present in an end-entity > certificate that indicates id-Ed25519 or id-Ed448 in > SubjectPublicKeyInfo, then the keyUsage extension MUST contain at > least one of the following: > > > nonRepudiation; > digitalSignature; and > cRLSign; > > and the following MUST NOT be present: > keyEncipherment; > dataEncipherment; > keyAgreement; > keyCertSign; > encipherOnly; and > decipherOnly. > > Note that EE certificate for CRL issuer can have cRLSign and possibly some other key usage bits (e.g., indirect CRL described in section 5 of RFC5280). > > -------------- > > Regards Tadahiko > > 2022年6月4日(土) 3:25 Jonathan Hammell <jfhamme.cccs@gmail.com>: > Hi Sean, > I agree with separating the cases of end-entity certificates and CRL > issuer certificates. However, the cRLSign bit should always be set in > the KeyUsage extension of a CRL issuer certificate. I believe this is > implied in the following text of RFC 5280: > > If the keyUsage extension is present, then the subject public key > MUST NOT be used to verify signatures on certificates or CRLs unless > the corresponding keyCertSign or cRLSign bit is set. > > Therefore, aligning with the text for certification authority > certificates, the following might be more clear for the CRL issuer > case: > > If the keyUsage extension is present in a CRL issuer certificate that > indicates id-Ed25519 or id-Ed448 in SubjectPublicKeyInfo, then the > keyUsage extension MUST contain: > > cRLSign; > > and zero or more of the following: > > nonRepudiation; > digitalSignature; and > keyCertSign; > > and the following MUST NOT be present: > > keyEncipherment; > dataEncipherment; > keyAgreement; > encipherOnly; and > decipherOnly. > > ... > > Note that this allows keyCertSign for CRL issuer certificates, which > seems to be implied by the certification authority certificate text in > the I-D allowing cRLSign. > > Best regards, > Jonathan > > On Thu, Jun 2, 2022 at 9:06 AM Sean Turner <sean@sn3rd.com> wrote: > > > > Hi! During IESG review we got comments from a couple of couple of ADs (3) about EE/CRL issue text (note this is NOT a DISCUSS but if we tripped up 3 then it’s probably worth having a look at): > > > > If the keyUsage extension is present in an end-entity or CRL issuer > > certificate that indicates id-Ed25519 or id-Ed448 in > > SubjectPublicKeyInfo, then the keyUsage extension MUST contain at > > least one of the following: > > > > nonRepudiation; > > digitalSignature; and > > cRLSign; > > > > and the following MUST NOT be present: > > > > keyEncipherment; > > dataEncipherment; > > keyAgreement; > > keyCertSign; > > encipherOnly; and > > decipherOnly. > > > > One way to fix this is to make the following changes to separate out the EE and CRL issuer: > > > > If the keyUsage extension is present in an end-entity > > certificate that indicates id-Ed25519 or id-Ed448 in > > SubjectPublicKeyInfo, then the keyUsage extension MUST contain at > > least one of the following: > > > > nonRepudiation; and > > digitalSignature; > > > > and the following MUST NOT be present: > > > > keyEncipherment; > > dataEncipherment; > > keyAgreement; > > keyCertSign; > > encipherOnly; and > > decipherOnly. > > …. > > > > Also ADD: > > > > If the keyUsage extension is present in an CRL issuer > > certificate that indicates id-Ed25519 or id-Ed448 in > > SubjectPublicKeyInfo, then the keyUsage extension MUST contain at > > least one of the following: > > > > nonRepudiation; > > digitalSignature; and > > cRLSign; > > > > and the following MUST NOT be present: > > > > keyEncipherment; > > dataEncipherment; > > keyAgreement; > > keyCertSign; > > encipherOnly; and > > decipherOnly. > > > > Open to other suggestions as well. > > > > Cheers, > > spt > > _______________________________________________ > > Spasm mailing list > > Spasm@ietf.org > > https://www.ietf.org/mailman/listinfo/spasm > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] draft-ietf-lamps-8410-ku-clarifications: … Sean Turner
- Re: [lamps] draft-ietf-lamps-8410-ku-clarificatio… Jonathan Hammell
- Re: [lamps] draft-ietf-lamps-8410-ku-clarificatio… Tadahiko Ito
- Re: [lamps] draft-ietf-lamps-8410-ku-clarificatio… Sean Turner