Re: [lamps] AD review of draft-ietf-lamps-documentsigning-eku-03

Sean Turner <sean@sn3rd.com> Tue, 26 July 2022 17:15 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72243C13CCCA for <spasm@ietfa.amsl.com>; Tue, 26 Jul 2022 10:15:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hjlUQmsXfgX6 for <spasm@ietfa.amsl.com>; Tue, 26 Jul 2022 10:15:47 -0700 (PDT)
Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE17AC13CCCB for <spasm@ietf.org>; Tue, 26 Jul 2022 10:15:47 -0700 (PDT)
Received: by mail-qt1-x833.google.com with SMTP id w29so10897025qtv.9 for <spasm@ietf.org>; Tue, 26 Jul 2022 10:15:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+VjsVlKMxdPfy/CtD9BFbnAAHaKYuWIwMb0GbWohbis=; b=lLBGee3fh7Lctnx/+nw4A4T6AULfYrEmBcsIlfadB9w94zv2yhQGQTICmnZJ4M4tWl JnyBjqUN9EhSKXjw5ljE8jgVGByO5mtN8M8J/JFKRhq8d36P+rLeBvfGWe6FpTJb0+iG 4Id6Gkr1pNFElsHM6mAjt6CnGbPQFUiTY7gr8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+VjsVlKMxdPfy/CtD9BFbnAAHaKYuWIwMb0GbWohbis=; b=dWMB4i1OQQr9h5EDbf83iZzTw0Jfp7bOUVEKELCIhHD6Mbd+7I7GMyd24NaAZp71Fx 42bqRzEn3uJu7KENVfA0oLqz5M+S2DB+uPAdKDcO04vN2XAk59fSUJ5wFP/0xUhlmcBY X55SSKkjK3UN26CKCdVl1t/nKcUAdf1FSLFrqVgBR7YWfxTuaJiwF66tO3LuBYSiapIZ A37pJXSDhUe4cZn/F5wAa+QYRwYmkt8OjrcA02pzgMV/xKbQm8PRE9IjJQ0kSNFnhNTw iPBghnJpSxHl0NGWq0fV76W8ThZmNMMMg84QujvZTjTO2r8VZABTNzSG5U687sZvo6LL nL5g==
X-Gm-Message-State: AJIora8sPm/dxW1f6FwL8UnRIVZlQNFJmVOdtRonyuOnIOud4j2mB/+Y CWO4sDk2X3gDh7MSjQQgRQKLbg==
X-Google-Smtp-Source: AGRyM1u03RFjy17rjCShyY7OOkE7T68Cvsz7bbnzZSZN/AIbit5gQ4KiqOVIyB4bTKId+/mrmgvi2Q==
X-Received: by 2002:a05:622a:649:b0:31f:4207:ac1b with SMTP id a9-20020a05622a064900b0031f4207ac1bmr2725248qtb.615.1658855745943; Tue, 26 Jul 2022 10:15:45 -0700 (PDT)
Received: from smtpclient.apple ([2001:67c:1232:144:4cfa:dc73:175f:163d]) by smtp.gmail.com with ESMTPSA id n14-20020a05622a040e00b0031b18d29864sm9805967qtx.64.2022.07.26.10.15.44 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Jul 2022 10:15:45 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <BN2P110MB1107D01A0AD9C15A1FB6B46ADC899@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Date: Tue, 26 Jul 2022 13:15:43 -0400
Cc: "spasm@ietf.org" <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B1F5DB07-BBD4-486D-8C58-926A751EFDF0@sn3rd.com>
References: <BN2P110MB1107D01A0AD9C15A1FB6B46ADC899@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
To: Roman Danyliw <rdd@cert.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/jqFBmCEurL3tZmmxBXVgkzU2LYg>
Subject: Re: [lamps] AD review of draft-ietf-lamps-documentsigning-eku-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2022 17:15:53 -0000

> On Jul 13, 2022, at 16:42, Roman Danyliw <rdd@cert.org> wrote:
> 
> Hi!

Finally getting around to this. I believe we made changes that address all of these. New version should be posted tonight.

> I conducted an AD review of draft-ietf-lamps-documentsigning-eku-03.  Thanks for the work on this document.  My feedback is below:
> 
> ** Section 1. Editorial.
>   In addition, several
>   KeyPurposeIds have been added [RFC7299] under the IANA repository
>   "SMI Security for PKIX Extended Key Purpose".  
> 
> The reference to [RFC7299] seems like an odd place.  Why not: 
> 
> NEW
> In addition, several KeyPurposeIds have been added under the IANA repository "SMI Security for PKIX Extended Key Purpose" [RFC7299].  

adpoted

> ** Section 1.  Editorial.
> 
> As were talking about hypothetical changes, recommend the following:
> 
> OLD
> In circumstances where code signing and S/MIME certificates are also
>   widely used for document signing, the technical or policy changes
>   that are made to code signing and S/MIME certificates may cause
>   unexpected behaviors
> 
> NEW
> In circumstances where code signing and S/MIME certificates are also    used for document signing, technical or policy changes made to the code signing and S/MIME ecosystem may cause unexpected behaviors ...

adpoted

> ** Section 1.  What is a "trust program"?

We dropped the reference - it was a reference to the trust list programs.

> ** Section 1.
> 
> Recommend removing the colloquial "become out of control" as this isn't specific.  Below is alternative text.  Please review if it captures the intent.
> 
> OLD
>   There is no issue if the vendor-defined KeyPurposeIds are used in a
>   PKI (or a trust program) governed by the vendor.  However, if the
>   KeyPurposeId is used outside of vendor governance, the usage can
>   easily become out of control 
> 
> NEW
> There is no issue if vendor-defined KeyPurposeIds are used in a PKI (or a trust program) governed by a given vendor.  However, if the   KeyPurposeId is used outside of this vendor's governance, the usage can cause interoperability issues.  

adopted

> ** Section 1.
> 
> (e.g. - When the end user encounters
>   vendor-defined KeyPurposeIds, they might want to ask that vendor
>   about use of the certificate, however, the vendor may not know about
>   the particular use. - If the issuance of the cert is not under the
>   control of the KeyPurposeId owner, there is no way for the
>   KeyPurposeId owner to know what the impact will be if any change is
>   made to the KeyPurposeId in question, and it would restrict vendor's
>   choice of OID management. etc.).
> 
> Editorially, please split this large "(e.g.," text block into distinct sentences.

done

> I had difficulty understanding these use cases.
> 
> -- The setup on the first example seems to be that a user has acquired credentials with a vendor-define KeyPurposeId, then checks this credential to find a vendor-defined KeyPurposeId, and then confirms back with the vendor (who is not the issuer) that it's acceptable to use for an alternative use case.  If the validation stack will accept the vendor's KeyPurposeId, why does the vendors input matter?  Per the direction of the text in Section 4, I thought the implementation's parsing logic was set by local policy.
> 
> -- To the second example, can these potential breaking "changes ... made to the KeyPurposeId" be explained a bit more?
> 
> ** Section 1.  Editorial. s/a extended key purpose/an extended key purpose/

fixed

> ** Section 3. Editorial.
>   As described in [RFC5280], If the Extended Key Usage extension is
>   present, then the certificate MUST only be used for one of the
>   purposes indicated.  [RFC5280] also describes that If multiple key
>   purposes are indicated the application need not recognize all
>   purposes indicated, as long as the intended purpose is present.
> 
> Words are being added to the direct quotes from RFC5280.  Please make that clearer.
> 
> NEW
> As described in [RFC5280], "[i]f the [Extended Key Usage] extension is    present, then the certificate MUST only be used for one of the    purposes indicated.  [RFC5280] also describes that "[i]f multiple [key] purposes are indicated the application need not recognize all    purposes indicated, as long as the intended purpose is present."

adopted

> ** Section 4.  I don't follow why there are references to RFC8358 in this section.  It seems like a very detailed example but by my read the take away from the text is that there is no change in the prescribed behavior for RFC8358.

We added this text to provide a concrete example where this EKU would be used. You’re right that there was no changes proposed for RFC 8358. We decided to drop this paragraph.

> ** Section 4.   I'm confused by the complexity of the validation guidance being provided.  I was interpreting the text from the previous sections as (a) the community currently uses a variety of EKUs, both public and vendor specific, to sign human-read content/documents; (b) this document is defining a public EKU for this specific human-read content use case; (c) it's hoped that by defining this EKU there will be adoption; and (d) specific document signing workflows/applications will need to decide how to incorporate new EKU (if at all) but that is out of scope.  Put in another way, there is a new EKU and document-signing ecosystems/workflow will need to decide, in an out-of-scope way, how to use it in their workflows, likely captured by some policy. 
> 
> To be more specific about the text:
> 
> -- Given that the setup for the validation steps is two "MAY statements", how are interoperable solutions expected?
> 
> -- The second MAY statement indicate that it is optional.  The numbered steps below it seem conditional on this check though.
> 
> -- What is the derivation being noted and where is this policy coming from in the second sentence?
> 
> -- Editorially, why is there both a numbered list and the text after "... as follows:"?

I think we made changes to address all of these.

> ** Section 6.
>   This extended key purpose does not introduce new
>   security risks but instead reduces existing security risks by
>   providing means to separate other extended key purposes used for
>   communication protocols namely, TLS or S/MIME etc. in order to
>   minimize the risk of cross-protocol attacks
> 
> I'm following the link to S/MIME (id-kp-emailProtection), but not the link to TLS (id-kp-serverAuth and id-kp-clientAuth)?

We made some minor wording tweaks to hopefully address this.

spt