IETF Logo Mail Archive

Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

Deb Cooley <debcooley1@gmail.com> Fri, 26 November 2021 11:50 UTC

Return-Path: <debcooley1@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2D0E3A0D6A for <spasm@ietfa.amsl.com>; Fri, 26 Nov 2021 03:50:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Plj1_OoStsc for <spasm@ietfa.amsl.com>; Fri, 26 Nov 2021 03:50:41 -0800 (PST)
Received: from mail-oi1-x235.google.com (mail-oi1-x235.google.com [IPv6:2607:f8b0:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26C513A0D67 for <spasm@ietf.org>; Fri, 26 Nov 2021 03:50:41 -0800 (PST)
Received: by mail-oi1-x235.google.com with SMTP id u74so18361595oie.8 for <spasm@ietf.org>; Fri, 26 Nov 2021 03:50:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Cs0s5PI5eL3b6lWXBz+ilRrhgCdk6LV+rG40ZqKycpg=; b=UUKtWFynheM8akG8JXekA83+IZrHHSTyVcyT91U3P8VZzC3T0SmP6au8U33QvHHZNH EhFO6SdNA3qXtUc5IA5AwBNpjgjND2LbgVobBhO3uMuIhaZmA/ecILG3WFCPe/wAU3jH a7xBbcx2agf6NVepUI1LKnQkkh0AKae2oWt//lriJ+8I7/YEibQVzNQIVOg6s9AtPxJV QvE4iJFbCIpf9UaNEDfB5M74lsQDyRe+vTN0neaVokq7U3dVwG4rYW6oAAvJWlu75+p2 pEbi6GfJzGcv4T5oo03ZkiER9BSceV/VcgoVRhJgfi+sMgj/R1M4qB+MJO20AbFqthpJ 9iqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Cs0s5PI5eL3b6lWXBz+ilRrhgCdk6LV+rG40ZqKycpg=; b=InT6BGPwfOZdayay81o6PMVSDHwDQVwtnJDHh5xhMI0GAPfacQP0/DUfcW/CfnShpy KOeJWMH4GTFIG9PSkhyEnm5CqqNOKOBmVMl5LMNEesKgC0kJHkLJEfIn2jtddaP6KtBN hoNlhL32bmv2zWsKZBWf5UHomonRqSeFt2CZBreNleDsz+moGiFL+6dgg+a/CzbjVADu fbMbpyPn7zw4jY94wW4yRHjr6cBZPRAszoBB4QAb7Ew1Ji1IwmUSukCDOeurTYLmp+Nl dC93nSQ4oPPM8G8VGgLiaD6Zm2ETL1dei/NfJVguoP2lfS29GGLD7fYrzzKnzJw0MI/V gdkw==
X-Gm-Message-State: AOAM530+H2AcO6gpQpcVe+5e25G4BCIZqDyy5Ao2+3nxNRUdzjP3Pxlq ajO0Q97ue/2S2cPhsPcQw+mwEd/piMfqJetdhDJyDWI=
X-Google-Smtp-Source: ABdhPJymVUF89dKKVTLaQX8T8q6MDIfytblMCJytyKnxebO88YewVsLmUHnkxWpHQ17b+rb1dkU6NVlaaZZ+/fmwC+A=
X-Received: by 2002:a05:6808:1984:: with SMTP id bj4mr22639793oib.165.1637927439575; Fri, 26 Nov 2021 03:50:39 -0800 (PST)
MIME-Version: 1.0
References: <CD589623-52EE-4958-80AB-73F0CFB3A36E@vigilsec.com> <1739DC01-D237-4080-99F2-1B82A4571C49@vigilsec.com> <SA1PR03MB66262B6CA20602F3417C0B7EEE949@SA1PR03MB6626.namprd03.prod.outlook.com> <df508f23-c7b4-a0ca-d552-51c2b1d9663a@aaa-sec.com>
In-Reply-To: <df508f23-c7b4-a0ca-d552-51c2b1d9663a@aaa-sec.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Fri, 26 Nov 2021 06:50:28 -0500
Message-ID: <CAGgd1OcfTU9JOhjZ6oKsDALpdbU2E_=PUvaSXQuWgdhgFVK=Cw@mail.gmail.com>
To: Stefan Santesson <stefan@aaa-sec.com>
Cc: LAMPS WG <spasm@ietf.org>, "Cooley, Dorothy E" <decoole@nsa.gov>
Content-Type: multipart/alternative; boundary="000000000000342ba505d1afb3c1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/s47owlFL61lU-3F4q97QWxRTNHo>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Nov 2021 11:50:46 -0000

Apologies, it takes me a week or so to catch up w/ my normal work after an
IETF meeting.

I'm not in favor for separate keys/certs for different purposes.  The PKI I
support (US DOD) already has 3 keys/certs (ID, signing, encryption), adding
a 'you can only use this cert for one purpose' is a deal breaker.

I am in favor of distinguishing the difference between email signing, code
signing, and document signing.  In particular, I don't want to see code
signing overloaded.  I happy for that to make sense.  This mechanism?  or
another, I'm open to something that is simple and makes logical sense.

As for the nonrepudiation issues, that is a KU, correct?  And the KU
extension is classically marked as 'critical', whereas EKU is marked as
'not critical'.  One day, I hope and pray that the NR KU will no longer
exist in our (US DOD) certificates.

I would not be in favor of marking an EKU as critical, which theoretically
makes it easier?  But maybe not in Europe?

Deb Cooley
decoole@nsa.gov


On Thu, Nov 11, 2021 at 11:12 AM Stefan Santesson <stefan@aaa-sec.com>
wrote:

> Hi,
>
> I just went through large part of this mail thread, the draft itself and
> the presentation at IETF112.
>
> I would at least like to raise some concerns about this EKU.
>
>
> My absolute biggest worry is that we will initiate the old
> non-repudiation debate in key usage where we desperately attempted to
> distinguish between usage of keys for something similar to "document
> signing" as apposed to using the key for signing to support
> authentication or just data integrity.
>
> In the wake of that discussion, many people started to debate how the
> setting of this or that bit would affect the legal effect of such
> signature.
>
> I think that the only thing we could agree on in the end was that it
> probably was a huge mistake to try to bind a key to a purpose, as
> opposed to binding the key to a particular protocol.
>
>
> The main difference is that if a certificate is declared as suitable for
> a protocol, then it is easy to just deny that protocol action if the
> identifier is not there. That has no implications rather than the
> end-points fixing their certs to make the protocol work.
>
> But if you receive a signed document, the harm is done and you can't go
> back and ask the signer to sign with another cert. And the commitment is
> done, and legally binding, whether there is a declaration of this type
> or not.
>
>
> So my question is basically. What are the signer and the verifier
> supposed to do based on seeing or not seeing this EKU in a cert. That is
> not at all clear to me.
>
> My biggest fear is that other standards groups in this area, like ETSI
> ESI will start to update their signature validation procedures to check
> for the presence of this EKU. I can hear the debate already.
>
>
>
>
> To comments on the actual draft. The following text is problematic:
>
> "Inclusion of this KeyPurposeId in a certificate indicates that the use
> of any Subject names in the certificate is restricted to use by a
> document signing."
>
> This is not compatible with the function of the EKU extension. If you
> for example add a second EKU to the certificate, the certificate is
> equally valid to be used with the other EKU. An EKU can therefore not
> limit or restrict the use of the certificate for just this purpose.
>
>
> Also, the definition of document signing is problematic:
>
> In modern electronic services you cant isolate the signed document from
> the process of creating, approving and signing content. This is because
> what you see is what you sign is just a fairy tale. In practice you see
> something, but you often sign some machine processable data that binds
> the transaction/agreement to you, but it is not the visible content. It
> is not even a document that you can make visible directly. This is the
> case often when for example signing tax declarations. What you sign can
> be an XML construct of codes and data that is key to the declaration,
> but the XML data is only for machine processing. The data itself can be
> visually presented, but it is a stretch to call that the signed
> document. The world is simply not that neat and contained that we would
> like it to be.
>
>
> In the end. This EKU worries me. A lot.
>
>
> /Stefan
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
>

v2.23.0 | Report a Bug | By Email