Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01

"Kampanakis, Panos" <kpanos@amazon.com> Sun, 23 October 2022 17:43 UTC

Return-Path: <prvs=28810b9a9=kpanos@amazon.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A148BC14F748 for <spasm@ietfa.amsl.com>; Sun, 23 Oct 2022 10:43:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.478
X-Spam-Level:
X-Spam-Status: No, score=-12.478 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bYzEBikaaKfP for <spasm@ietfa.amsl.com>; Sun, 23 Oct 2022 10:43:46 -0700 (PDT)
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7CA0C14F743 for <spasm@ietf.org>; Sun, 23 Oct 2022 10:43:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1666547026; x=1698083026; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=23e3T0HcWdouzxdc9aJYoKXPsRpbZXsIJDcqq5GZ7ZM=; b=nPa1UH8wxNw7Nw0FYeYPzUZkQaPiVSQIaFav7iUOBiIzczPbnr+rlMxb xw0CDFDHhpj87qeyHWjICUdliY/5d9HkB0LA9dsU1cREGXw4eY3B34MAb 6aEXR2KTjpK4K/oZGoZMfvIzvKzcMwlkGWHrzsVHmc6XtK+BuJfdp49iP I=;
X-IronPort-AV: E=Sophos;i="5.95,207,1661817600"; d="scan'208,217";a="258862709"
Thread-Topic: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-pdx-2b-m6i4x-0ec33b60.us-west-2.amazon.com) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Oct 2022 17:43:41 +0000
Received: from EX13MTAUWB001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]) by email-inbound-relay-pdx-2b-m6i4x-0ec33b60.us-west-2.amazon.com (Postfix) with ESMTPS id 87D42A2A04; Sun, 23 Oct 2022 17:43:40 +0000 (UTC)
Received: from EX19D001ANA003.ant.amazon.com (10.37.240.188) by EX13MTAUWB001.ant.amazon.com (10.43.161.249) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Sun, 23 Oct 2022 17:43:35 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D001ANA003.ant.amazon.com (10.37.240.188) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.15; Sun, 23 Oct 2022 17:43:34 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::6054:a5f0:5f79:c120]) by EX19D001ANA001.ant.amazon.com ([fe80::6054:a5f0:5f79:c120%5]) with mapi id 15.02.1118.015; Sun, 23 Oct 2022 17:43:34 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Michael Jenkins <m.jenkins.364706@gmail.com>
CC: Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
Thread-Index: AQHY4/PIqEXPGT7sMUmuD7UfIiKpSq4WmD7wgAP3DoCAALI5YIAADewAgAD1FmA=
Date: Sun, 23 Oct 2022 17:43:34 +0000
Message-ID: <8945d0dd4bec478c82f10742a544b765@amazon.com>
References: <PH0PR00MB10003EC6A096FE0A363BBFB9F5459@PH0PR00MB1000.namprd00.prod.outlook.com> <PH0PR00MB10002A7A2850A1333B4F6C00F54A9@PH0PR00MB1000.namprd00.prod.outlook.com> <35BEB1D9-7EA5-4CD4-BADA-88CCB0E9E8F9@vigilsec.com> <25D23241-1390-4F21-B84F-29D3629A3368@vigilsec.com> <4835bc312c5540a99a9f4b51665e2f75@amazon.com> <CAC2=hnf9k9cHXrFFXXApPRvF8hNUmwFsX5onYneo8eBVoDWV0Q@mail.gmail.com> <4027a47b3b05438b8c02069bac280555@amazon.com> <A9F70D16-145B-4D3E-92DF-9019A3D97803@ll.mit.edu>
In-Reply-To: <A9F70D16-145B-4D3E-92DF-9019A3D97803@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.37.240.200]
Content-Type: multipart/alternative; boundary="_000_8945d0dd4bec478c82f10742a544b765amazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/imUciN-FaaSYeGYscimqgU8gXow>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Oct 2022 17:43:50 -0000

> More importantly, people/organizations/CAs that don’t plan or want to support it, don’t need to (you see it – ignore it). So, no skin off anybody’s back to adopt it.

If only that was the case every time I needed an update in an IETF standard for my usecase and brought it up for standardization… I would be a happier man. 😉

Still, if the extension does not mean the issuer does some extra checks before issuing the related cert, it is not clear what value the extension adds. A simple relation between certs already exists. It is the identity in them.



From: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>
Sent: Saturday, October 22, 2022 11:01 PM
To: Kampanakis, Panos <kpanos@amazon.com>; Michael Jenkins <m.jenkins.364706@gmail.com>
Cc: Russ Housley <housley@vigilsec.com>; LAMPS <spasm@ietf.org>
Subject: RE: [EXTERNAL][lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01

It looks like there’s a legitimate use case for this extension, and a “Community Of Interest” that wants it. More importantly, people/organizations/CAs that don’t plan or want to support it, don’t need to (you see it – ignore it). So, no skin off anybody’s back to adopt it.

So far, I haven’t heard any technical reasons why this extension would be “universally bad”. Just stuff like “it does not make sense for my organization/business”, or “if I support it – it would interfere with my <whatever>”. To all of which a simple answer is “then don’t”. Let those who care, support it and use it.

The way I read this draft, it says “if you need to do explicit certificate binding, do it this way to be interoperable”. Which is fine with me – nobody would be forced to implement or support this extension.

So, I vote to adopt it for the above reasons.

> Mike said:
> So, I think Panos' question to Rebecca / Allie / Michael is: what is the advantage of relating two certs by an
> extension if they are already "related" by virtue of having the same issuer and DN or the same SAN?

I doubt they’d be related by the same issuer – but IMHO it’s reasonable in general to expect the same DN and/or SAN. But I can imagine situations when this would not be the case, and the only way to ascertain the binding would be this extension.

> Is there a case where some mischief would be caught by the Related Certs Extension that would otherwise be un-caught?

See above – you assume DN and SAN (and/or SAN?) would have to be the same, I think this assumption won’t always hold.

TNX
--
V/R,
Uri

There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare


From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> on behalf of "Kampanakis, Panos" <kpanos=40amazon.com@dmarc.ietf.org<mailto:kpanos=40amazon.com@dmarc.ietf.org>>
Date: Saturday, October 22, 2022 at 22:22
To: Michael Jenkins <m.jenkins.364706@gmail.com<mailto:m.jenkins.364706@gmail.com>>
Cc: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>, LAMPS <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01

I understand the draft. I had shared some technical concerns for issuers that would need to add the Related Cert Extension which had not been addressed.

But let’s say that the extension does not mean that the issuer has to do any additional checks which some are suggesting has pitfalls. Let’s say that as you are suggesting, the issuer just needs to check two signatures to confirm the requester has the private keys for both related public keys. Why do we need the extension anyway? The relation of the two certificates comes from the identity (CommonName or maybe some SANs) which should be the same.

Why not avoid the hassle of standardizing the extension in LAMPS? Entity X can get two certs issued independently. Then it sends them both along with two chains and two signatures in the TLS handshake. The verifier needs to verify both signatures and chains independentlyand confirm the identity in both certs (e.g. CN, SAN) match. In that case you only need to update TLS  in the TLS WG and IKEv2 in the IPSECME WG and you don’t need to update X.509.


From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Michael Jenkins
Sent: Saturday, October 22, 2022 11:33 AM
To: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org<mailto:kpanos=40amazon.com@dmarc.ietf.org>>
Cc: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>; LAMPS <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: RE: [EXTERNAL][lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


If there are no technical showstoppers, I don't understand the objection.

Mike and John have a well defined scheme, for which they have prototypes and apparent customers. So that will exist.

On the other hand, singleton certificates will also exist. The US DoD will have oceans of them. So will companies with limited resources that will balk at the idea of being sold something they already have bolted to something there's apparently lack of confidence in. Singleton certificates will exist irrespective of our draft; we are not creating a necessary precondition.

All our draft does is provide an indication of assurance that one certificate is related to another. The specific relation is that the entity controlling the private key in one certificate also controls the private key in another. Those certificates exist separately. The relative context of those certificates (validity period, etc) would have to be part of a transition plan.

If you don't like the mechanism, if you don't understand it, if it doesn't fit with your transition scheme, you don't have to implement it, or buy it. If you encounter it, you can ignore it. On the other hand, if it fits with your transition scheme, it can add some assurance. This is explained in the overview of the draft.

Mike Jenkins
NSA-CCSS

On Wed, Oct 19, 2022 at 11:03 PM Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org<mailto:40amazon.com@dmarc.ietf.org>> wrote:
Hey Russ,
I have not been convinced either. My details for the operational challenges this draft would bring still remain. Willing to hear more counter-arguments from Rebecca and Mike to address the concerns or discuss it further.


-----Original Message-----
From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Russ Housley
Sent: Wednesday, October 19, 2022 3:47 PM
To: LAMPS <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: RE: [EXTERNAL][lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



Several people spoke for adoption, and several people spoke against adoption.  The I-D authors responded with a response to the concerns that were raise, and no one has responded to the authors.  I would like to hear from the people that spoke against adoption.  Are you swayed by the discussion that has taken place?

Russ


> On Sep 15, 2022, at 11:44 AM, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote:
>
> There has been some discussion of https://datatracker.ietf.org/doc/draft-becker-guthrie-cert-binding-for-multi-auth/.  During the discussion at IETF 114, we agree to have a call for adoption of this document.
>
> Should the LAMPS WG adopt “Related Certificates for Use in Multiple Authentications within a Protocol” indraft-becker-guthrie-cert-binding-for-multi-auth-01?
>
> Please reply to this message by Friday, 30 September 2022 to voice your support or opposition to adoption.
>
> On behalf of the LAMPS WG Chairs,
> Russ
>

_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm
_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm


--
Mike Jenkins
mjjenki@cyber.nsa.gov<mailto:mjjenki@tycho.ncsc.mil>
443-598-7837