Re: [lamps] draft-ietf-lamps-rfc3709bis-01 security, reliability, and privacy considerations
Russ Housley <housley@vigilsec.com> Tue, 17 May 2022 20:58 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 995BCC15E6D3 for <spasm@ietfa.amsl.com>; Tue, 17 May 2022 13:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h4BN0jh7DflL for <spasm@ietfa.amsl.com>; Tue, 17 May 2022 13:58:27 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C586C15E6D2 for <spasm@ietf.org>; Tue, 17 May 2022 13:58:27 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 72A5616D29B; Tue, 17 May 2022 16:58:26 -0400 (EDT)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 5D46116D0B3; Tue, 17 May 2022 16:58:26 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <877d8hx019.fsf@fifthhorseman.net>
Date: Tue, 17 May 2022 16:58:25 -0400
Cc: LAMPS <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7BA047D3-B499-4395-A8BB-99D5C816ADC6@vigilsec.com>
References: <877d8hx019.fsf@fifthhorseman.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/nBwoClHxnvg7JCiEp5BskwMe2rc>
Subject: Re: [lamps] draft-ietf-lamps-rfc3709bis-01 security, reliability, and privacy considerations
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2022 20:58:28 -0000
DKG: Sorry it has taken so long to get through you comments. They were extensive, and some were quite thought provoking. Some of you comments were resolved in the earlier discussion with Stefan. I am only addressing the privacy-related comments in this response. > I did a quick skim of > https://www.ietf.org/archive/id/draft-ietf-lamps-rfc3709bis-01.html and > observed that while the Security Considerations section describes some > of the "phone home" or "web bug" concerns about logotypes-by-reference, > they aren't particularly well fleshed out. > > The current text is: > >> Logotype data is fetched from a server when it is needed. By >> watching activity on the network, an observer can determine which >> clients are making use of certificates that contain particular >> logotype data. This observation can potentially introduce privacy >> issues. Since clients are expected to locally cache logotype data, >> network traffic to the server containing the logotype data will not >> be generated every time the certificate is used. In cases where >> logotype data is not cashed, monitoring would reveal usage >> frequency. In cases where logotype data is cached, monitoring would >> reveal when a certain logotype image or audio sequence is used for >> the first time. > > This and at least one other paragraph in the Security Considerations > section might belong better in a separate Privacy Considerations > section. A separate Privacy Considerations section has been added. The two paragraphs have been moved to that section. > Below i unpack a bit why these "web bugs" features are not well-fleshed > out in the draft as it stands. This spec is surprisingly twisty and > complex, so i'm not sure that this covers everything: > > a) there are at least two different things that a relying party might > need to make a network call when trying to render a certificate: > > - an indirect LogotypeData object > - the image or audio file referenced from a LogotypeData object > > If the client is going to cache these things to avoid leaking > information on the network, it presumably needs to cache both types > of object. There are two alternatives, direct and indirect, With direct, the LogotypeData is in the certificate itself. Withe indirect, the LogotypeData is fetched from a URI. I think the paragraph, by using the term "logotype data" is covering the LogotypeData data structure as well as image and audio files. This is muddled in the last sentence. I'll explicitly add "remote LogotypeData" to make sure it is covered. I suggest: In cases where logotype data is cached, monitoring would reveal when a remote LogotypeData, image, or audio sequence is fetched for the first time. > b) to minimize the number of network requests the relying party's cache > should be indexed by cryptographic digest of the objects it > holds. Since a single object might be referenced by multiple > cryptographic digests, a maximally privacy-protective local cache > should probably contain one index per supported digest algorithm. > > c) If any one of the elements in logotypeHash is already in the relying > party's local cache, the privacy-preservng thing for the client to > do is to ignore all logotypeURI elements, even if some of the > logotypeHash objects are not found in the cache. > > d) note that the *lack* of a network request for a given URI can also > be used for fingerprinting (depending on how the client deals with > newly-encountered certs, this could be analogous to HSTS > fingerprinting, for example: > https://datatracker.ietf.org/doc/html/rfc6797#section-14.9) > > e) If a subscriber asks the issuer to include an image or audio via > URL, or if they ask the issuer for an indirect logotype, the issuer > can't be sure that any logo data suggested by the subscriber is > going to be available for the lifetime of the certificate at the URL > proposed. Furthermore, the issuer has no control over privacy > policies that govern metadata collection by the host of any remote > resource. This draft should encourage an issuer who cares about > potential privacy risks for its relying parties to copy any > referenced data to a server that it already controls and can make > reasonable guarantees about privacy, reliability, etc. Note also > that if the subscriber asks the issuer to refer to an indirect > LogotypeData object, and the issuer decides to host that data itself > in addition to hosting the underlying image or audio resource, the > logotypeData object will need to be rewritten to change the > underlying URLs (and will therefore have a different digest than the > requested object). This at least makes the privacy situation > comparable to CA-controlled OCSP, rather than subscriber-controlled > resources. > > f) i didn't see any guidance to relying parties about how to handle a > mismatch between the MIME type referenced in the mediaType field of > the logotypeData and the Content-Type HTTP header of the retrieved > resource. Consider a polymorphic bytestream that could be > interpreted by either a png renderer or a pdf renderer. As the spec > is currently written, it looks like a client could accept a > Content-Type from the https server that doesn't match the mediaType > field, and it might accept the HTTP header as ground truth. > > g) the draft should offer additional guidance for a CA that wants to > demonstrate a commitment to not planting web bugs in its > certificates. here are several approaches, including: > > - Always using direct LogotypeInfo objects (no network access) > > - Self-host referenced objects (as in (e)) > > - Consolidate hosted objects (all objects with the same hash are > always at the same URI, to avoid path-based fingerprinting) > > - ensure that encoded non-data URIs are as low-entropy as > possible, to limit the amount of individualized tracking that > could be done (a distinct URL per cert would be the most > dangerous) > > h) advise relying parties on how to constrain their HTTP resource > fetches to minimize fingerprinting (e.g., no cookies, no e-tags, > anonymized user-agent, no client certificates, and so on) -- is > there some sort of anonymous HTTP client profile we could point to? > (note that this might contradict the guidance about performing > "appropriate security controls" for privacy-sensitive logos) I think the best way to respond if to offer the revised Security Considerations and the new Privacy Considerations. 9. Security Considerations Implementations that simultaneously display multiple logotype types (subject organization, issuer, community, or other), MUST ensure that there is no ambiguity as to the binding between the image and the type of logotype that the image represents. "Logotype type" is defined in Section 1.1, and it refers to the type of entity or affiliation represented by the logotype, not the of binary format if the image or audio. Logotypes are very difficult to securely and accurately define. Names are also difficult in this regard, but logotypes are even worse. It is quite difficult to specify what is, and what is not, a legitimate logotype of an organization. There is an entire legal structure around this issue, and it will not be repeated here. However, issuers should be aware of the implications of including images associated with a trademark or servicemark before doing so. As logotypes can be difficult (and sometimes expensive) to verify, the possibility of errors related to assigning wrong logotypes to organizations is increased. This is not a new issue for electronic identification instruments. It is already dealt with in a number of similar situations in the physical world, including physical employee identification cards. In addition, there are situations where identification of logotypes is rather simple and straightforward, such as logotypes for well-known industries and institutes. These issues should not stop those service providers who want to issue logotypes from doing so, where relevant. It is impossible to prevent fraudulent creation of certificates by dishonest or badly performing issuers, containing names and logotypes that the issuer has no claim to or has failed to check correctly. Such certificates could be created in an attempt to socially engineer a user into accepting a certificate. The premise used for the logotype work is thus that logotype graphics in a certificate are trusted only if the certificate is successfully validated within a valid path. It is thus imperative that the representation of any certificate that fails to validate is not enhanced in any way by using the logotype data. This underlines the necessity for CAs to provide reliable services, and the relying party's responsibility and need to carefully select which CAs are trusted to provide public key certificates. This also underlines the general necessity for relying parties to use up-to-date software libraries to render or dereference data from external sources, including logotype data in certificates, to minimize risks related to processing potentially malicious data before it has been adequately verified and validated. Referenced image objects are hashed in order to bind the image to the signature of the certificate. Some image types, such as SVG, allow part of the image to be collected from an external source by incorporating a reference to an external file that contains the image. If this feature were used within a logotype image, the hash of the image would only cover the URI reference to the external image file, but not the referenced image data. Clients SHOULD verify that SVG images meet all requirements listed in Section 7 and reject images that contain references to external data. CAs issuing certificates with embedded logotype images should be cautious when accepting graphics from the certificate requestor for inclusion in the certificate if the hash algorithm used to sign the certificate is vulnerable to collision attacks. In such a case, the accepted image may contain data that could help an attacker to obtain colliding certificates with identical certificate signatures. Certification paths may also impose name constraints that are systematically checked during certification path processing, which, in theory, may be circumvented by logotypes. Certificate path processing as defined in [RFC5280] does not constrain the inclusion of logotype data in certificates. A parent CA can constrain certification path validation such that subordinate CAs cannot issue valid certificates to end-entities outside a limited name space or outside specific certificate polices. A malicious CA can comply with these name and policy requirements and still include inappropriate logotypes in the certificates that it issues. These certificates will pass the certification path validation algorithm, which means the client will trust the logotypes in the certificates. Since there is no technical mechanism to prevent or control subordinate CAs from including the logotype extension or its contents, where appropriate, a parent CA could employ a legal agreement to impose a suitable restriction on the subordinate CA. This situation is not unique to the logotype extension. When a relying party fetches remote logotype data, a mismatch between the media type provided in the mediaType field of the LogotypeDetails and the Content-Type HTTP header of the retrieved object should be treated as a failure and the fetched logotype data should not be presented to the user. When a subscriber requests the inclusion of remote logotype data in a certificate, the CA cannot be sure that any logotype data will be available at the provided URI for the entire validity period of the certificate. To mitigate this concern, the CA may provide the logotype data from a server under its control, rather than a subscriber-controlled server. The controls available to a parent CA to protect itself from rogue subordinate CAs are non-technical. They include: * Contractual agreements of suitable behavior, including terms of liability in case of material breach. * Control mechanisms and procedures to monitor and follow-up behavior of subordinate CAs. * Use of certificate policies to declare an assurance level of logotype data, as well as to guide applications on how to treat and display logotypes. * Use of revocation functions to revoke any misbehaving CA. There is not a simple, straightforward, and absolute technical solution. Rather, involved parties must settle some aspects of PKI outside the scope of technical controls. As such, issuers need to clearly identify and communicate the associated risks. 10. Privacy Considerations Certificates, and hence their logotype images, are commonly public objects and as such usually will not contain privacy-sensitive information. However, when a logotype image that is referenced from a certificate contains privacy-sensitive information, appropriate security controls should be in place to protect the privacy of that information. Details of such controls are outside the scope of this document. Logotype data might be fetched from a server when it is needed. By watching activity on the network, an observer can determine which clients are making use of certificates that contain particular logotype data. This observation can potentially introduce privacy issues. Since clients are expected to locally cache logotype data, network traffic to the server containing the logotype data will not be generated every time the certificate is used. In cases where logotype data is not cashed, monitoring would reveal usage frequency. In cases where logotype data is cached, monitoring would reveal when a remote LogotypeData, image, or audio sequence is fetched for the first time. When the the "data" URI scheme is used, there is no network traffic to fetch logotype data, which avoids the concerns described above, but the certificate will likely be larger than one that contains a URL. For this reason, the "data" URI scheme will be the only one that is supported by some CAs. In cases where logotype data is cached, the cache index should include the hash values of the associated object with the goal of fetching the object only once, even when it is referenced by multiple URIs. The index should include hash values for all supported hash algorithms. Give preference to logotype data that is already in the cache when multiple alternative are offered in the LogotypeExtn certificate extension. When fetching remote logotype data, relying parties should used the most privacy-preserving options that are available to minimize the opportunities for servers to "fingerprint" clients. For example, avoid cookies, e-tags, and client certificates. When a relying party encounters a new certificate, the lack of network traffic to fetch logotype data might indicate that a certificate with references to the same logotype data has been previously processed and cached. Thanks again for you very thoughtful comments, Russ
- [lamps] draft-ietf-lamps-rfc3709bis-01 security, … Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Stefan Santesson
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Stefan Santesson
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Russ Housley
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Russ Housley
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Russ Housley
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Russ Housley
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Russ Housley
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Stefan Santesson
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Stefan Santesson
- Re: [lamps] draft-ietf-lamps-rfc3709bis-01 securi… Russ Housley