IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: I-D Action: draft-ietf-lamps-im-keyusage-00.txt

Michael StJohns <msj@nthpermutation.com> Wed, 17 April 2024 16:25 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52B70C14F602 for <spasm@ietfa.amsl.com>; Wed, 17 Apr 2024 09:25:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.792
X-Spam-Level:
X-Spam-Status: No, score=-1.792 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uszpOzPE141r for <spasm@ietfa.amsl.com>; Wed, 17 Apr 2024 09:25:47 -0700 (PDT)
Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com [IPv6:2607:f8b0:4864:20::f2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 355FFC14F69C for <spasm@ietf.org>; Wed, 17 Apr 2024 09:25:47 -0700 (PDT)
Received: by mail-qv1-xf2b.google.com with SMTP id 6a1803df08f44-69629b4ae2bso49728956d6.3 for <spasm@ietf.org>; Wed, 17 Apr 2024 09:25:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20230601.gappssmtp.com; s=20230601; t=1713371145; x=1713975945; darn=ietf.org; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=OTVEI13kfjP2bNtMD8h2WUtKZyrjymAK5hEXl/+zgmU=; b=VlD+CGfL9lFqR9AIZip5M1a3QuqPiQdNLFro45sPOZ586UcBCzocppOPJNfykKByS0 DkcTmBv57xPMRvbRWgS7kazkf0+fXKLTRVGfQaB/r1oS5WwxrtRnm15tzldEJ+nJASor nPvmmI6N6Obnz8S6HnxO66CdqJjVGaW7SekyvrFBRwFqQNE72LndoLGLtrDDTgF51t2x /NSyAqvMF+JuPAtZC9IxiYyHxDz+GNJ70oXwL0C6KvFMQBAMC8tdsmA8jRBIt7ZpFR2R FuPNxC18cwZlYmJ2HUxZQmKmj/hFJqVY2oCLCB/oyvespB+aDQvEPFIW+EDpzAvZAhji Ju5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713371145; x=1713975945; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=OTVEI13kfjP2bNtMD8h2WUtKZyrjymAK5hEXl/+zgmU=; b=StQ1Su62UUGq5WH8RWqMiMJKTTLD9oyCZ8NCDyLYFtYKWGIN/Awvo436u3WdE6gzkX jD50LzzCjznEXNSgJ88WfYLwyjwZaCTvjG10e8qrtt2U3dvaR3cEL6pdQeSDL4Pi8AL7 kfvhNShBAzStUQomduU88vRW1YpG0XcUT2UdFa6Q2IOAQUdZQ1eBWjbKivzc8p58hRWO qezd486LVcSlC/OvgPFWhgOXen25Iyp+gf4hXm1MiZYd2bfdvacWsJo/l+735xxWUWiF 9h0GQGVK3mjSJ6Kz/wK5HzdbdhGDXk0o5vLlXs8/Ur9yJXiaSrSdtinZhC7P2arNJvaI pj+g==
X-Gm-Message-State: AOJu0Yzy0j0RfNhfR7ANlRFP/lJYB6rskOi7hxrEpJj2uS6A+FhKw73v aqva3enxCyiy/iAElh7suH4EJWk/KzbAQp5gJqo+XRjRQa0N6dRvfk/dHKlYl2n1MOuYea0WWgb F
X-Google-Smtp-Source: AGHT+IFxiy2qY4fn6xCg/dCZ6UULWjEcOKlxpdBlcg9ucVfip5PqvXHSLtRsOHxN1gMFGgyo9RFIZw==
X-Received: by 2002:a0c:e852:0:b0:696:8026:7dc6 with SMTP id l18-20020a0ce852000000b0069680267dc6mr16366213qvo.50.1713371145169; Wed, 17 Apr 2024 09:25:45 -0700 (PDT)
Received: from [192.168.1.23] (pool-108-31-156-76.washdc.fios.verizon.net. [108.31.156.76]) by smtp.gmail.com with ESMTPSA id q4-20020a056214018400b0069b32845235sm8429730qvr.85.2024.04.17.09.25.44 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 17 Apr 2024 09:25:44 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------c6bfagFMbPORBfIxYWlrBchw"
Message-ID: <0f7f609b-9283-4f59-bb32-375827d3e7a6@nthpermutation.com>
Date: Wed, 17 Apr 2024 12:25:41 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: spasm@ietf.org
References: <171320513468.22285.6899802433610546466@ietfa.amsl.com> <B508131E-0554-471F-94FD-4AA2A0A95346@vigilsec.com> <CAKoiRuYCSwdzwKwSXdyLCNm5Z3DzzzLZzSyDO7DGWHTSeUj-fA@mail.gmail.com> <2E8965D1-F0D8-4947-8A6B-19B822EEFA4C@vigilsec.com> <CH0PR11MB5739FF2B9A378DF7ADFF24E69F082@CH0PR11MB5739.namprd11.prod.outlook.com> <CAKoiRuY5Caq_61+99RQiaRkeKUAou=fiLj+HadajzhwhLKOdAA@mail.gmail.com> <CH0PR11MB5739A5999D59A046D056812C9F0F2@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5739690323861CECECA630AF9F0F2@CH0PR11MB5739.namprd11.prod.outlook.com>
From: Michael StJohns <msj@nthpermutation.com>
In-Reply-To: <CH0PR11MB5739690323861CECECA630AF9F0F2@CH0PR11MB5739.namprd11.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/tJliwcRHcTMbldPU8P_tVXGDPwI>
Subject: Re: [lamps] [EXTERNAL] Re: I-D Action: draft-ietf-lamps-im-keyusage-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 16:25:51 -0000

Hi Mike -

It's the responsibility (and the right) of the relying party to decide 
what's acceptable for a given interaction.  If you followed your 
argument below to its logical conclusion, you would want to have 
different EKUs for TLS1.2 clients vs TLS1.3  clients as they are - at 
least somewhat - different protocols.

If you want this document to do what you're suggesting, this document 
would need to issue an EKU for each and every well known IM service.  
Let's not do that.

Talking about this in the security considerations section does not save 
the argument.

Hi Rohan -

That said - section 3 of this document is - underwhelming in its 
explanations of how this might be used and what a relying party might do 
with it.

Something like: "An IM service operator MAY specify that client 
certificates used to connect to it MUST have this EKU, and that the IM 
service will reject connections negotiated with certificates missing 
this EKU.  This document does not impose any operational requirements on 
an IM service, it only suggests an appropriate use of this EKU."  and 
"Other IM protocol documents  MAY impose more stringent requirements on 
the acceptance of certificates without this specific EKU value than is 
implied by the previous paragraph." and "It is RECOMMENDED that a 
certificate containing this EKU SHOULD NOT also contain either an 
id-kp-serverAuth or id-kp-clientAuth EKU unless this certificate is 
specifically intended to also certify connections to non-IM services."

And lastly, "This EKU is optionally critical" is just wrong.  Extensions 
are critical, not the tags within them.  An EKU extension may already 
optionally be marked critical so the line is not needed.  Excess EKUs 
are ignored within the extension by the relying party - so there's no 
semantic meaning for this EKU by having the extension marked critical. 
(And please don't try and change this interpretation - you'll break things).

Later, Mike

On 4/17/2024 11:57 AM, Mike Ounsworth wrote:
> (and IMO, that convincing argument should be in the Security 
> Considerations)
>
> - Mike Ounsworth
>
> ------------------------------------------------------------------------
> *From:* Mike Ounsworth <Mike.Ounsworth@entrust.com>
> *Sent:* Wednesday, April 17, 2024 10:42:00 AM
> *To:* Rohan Mahy <rohan.mahy@gmail.com>
> *Cc:* Russ Housley <housley@vigilsec.com>; Rohan Mahy 
> <rohan.ietf@gmail.com>; LAMPS <spasm@ietf.org>
> *Subject:* RE: [EXTERNAL] Re: [lamps] I-D Action: 
> draft-ietf-lamps-im-keyusage-00.txt
>
> Hey Rohan,
>
> > “It should be perfectly fine to use this with XMPP, MIMI, or a 
> proprietary messaging system.”
>
> I don’t know the IM space very well, but we hear a lot about 
> cross-protocol attacks if you, for example, use the same key with 
> S/MIME and PGP. Probably that applies to encryption keys more than 
> signature keys, but regardless, I think it’s gonna need more than the 
> words “it should be fine” to make a convincing argument that it’s ok 
> to use a single certificate across multiple IM protocols :P
>
> ---
>
> *Mike*Ounsworth
>
> *From:* Rohan Mahy <rohan.mahy@gmail.com>
> *Sent:* Wednesday, April 17, 2024 9:10 AM
> *To:* Mike Ounsworth <Mike.Ounsworth@entrust.com>
> *Cc:* Russ Housley <housley@vigilsec.com>; Rohan Mahy 
> <rohan.ietf@gmail.com>; LAMPS <spasm@ietf.org>
> *Subject:* Re: [EXTERNAL] Re: [lamps] I-D Action: 
> draft-ietf-lamps-im-keyusage-00.txt
>
> Thanks Mike, The semantics of the EKU is an Instant Messaging 
> identity. It should be perfectly fine to use this with XMPP, MIMI, or 
> a proprietary messaging system. Unless you have some reason to do 
> otherwise, a very natural way to express this
>
> Thanks Mike,
>
> The semantics of the EKU is an Instant Messaging identity. It should 
> be perfectly fine to use this with XMPP, MIMI, or a proprietary 
> messaging system.
>
> Unless you have some reason to do otherwise, a very natural way to 
> express this identity would be to use a URI identifier of any relevant 
> scheme in the subjectAltName. (XMPP already has a custom SAN 
> identifier type but that was not strictly necessary.)
>
> I'll take a stab at some more generic text for the Intro and Security 
> Considerations.
>
> Thanks again for the review. I will fix the other small errors as well.
>
> -rohan
>
> On Tue, Apr 16, 2024, 12:14 Mike Ounsworth 
> <Mike.Ounsworth@entrust.com> wrote:
>
>     Hey Rohan,
>
>     I’m a novice on the IM topic, but I’ll provide a review of your
>     document anyway (feel free to ignore).
>
>     The introduction mentions that the driving motivation is IM apps
>     built on top of MLS, and then says “or others see: MIMI”. Are all
>     IMs considered equal, or is it important to be able to say “This
>     cert is for MikeGram, and that cert is for RohanChat?”. IE would
>     it be better if this draft created the specific EKUs that MIMI
>     needs for the specific IM protocols that you’re designing now?
>
>     It would be good to expand the Security Considerations section to
>     be clear about what security is gained by using the mechanism,
>     including what the expectation is of verifiers who are looking for
>     this EKU. Again, I think some discussion of using the same cert
>     across different IM protocols would be good.
>
>     Why is it called id-kp-imUri? Why “Uri”? Perhaps this is clear in
>     the mimi arch docs, but could use repeating here.
>
>     Typo? The IANA Considerations section asks for “id-kp-im-eku”, but
>     the ASN.1 Module defines “id-mod-im-eku”. I think the latter is
>     the better name, to indicate that this is the identifier of an
>     ASN.1 module.
>
>     To Russ’ question about whether this draft should also cover SANs:
>     the intro already says
>
>     “The subjectAltName of these certificates can be an IM URI, for
>     example.”
>
>     Out of curiosity, which SAN type would be used for that?
>
>     ---
>
>     *Mike*Ounsworth
>
>     *From:* Spasm <spasm-bounces@ietf.org> *On Behalf Of *Russ Housley
>     *Sent:* Monday, April 15, 2024 4:22 PM
>     *To:* Rohan Mahy <rohan.ietf@gmail.com>
>     *Cc:* LAMPS <spasm@ietf.org>
>     *Subject:* [EXTERNAL] Re: [lamps] I-D Action:
>     draft-ietf-lamps-im-keyusage-00.txt
>
>     I thought it was worth asking. I think the xmpp: URI in the SAN
>     would be a very reasonable solution. Russ On Apr 15, 2024, at
>     4: 49 PM, Rohan Mahy <rohan. mahy@ gmail. com> wrote: Hi Russ, I
>     don't understand why an XmppAddr identifier type
>
>     I thought it was worth asking.  I think the xmpp: URI in the SAN
>     would be a very reasonable solution.
>
>     Russ
>
>         On Apr 15, 2024, at 4:49 PM, Rohan Mahy <rohan.mahy@gmail.com>
>         wrote:
>
>         Hi Russ,
>
>         I don't understand why an XmppAddr identifier type would have
>         been strictly needed, since anyone could have put either an
>         xmpp: URI or an im: URI into a SAN without any extensions (as
>         a URI type).
>
>         I'm happy to go look at some old discussions, but I don't know
>         the history.
>
>         Thanks,
>
>         -rohan
>
>         On Mon, Apr 15, 2024 at 11:28 AM Russ Housley
>         <housley@vigilsec.com> wrote:
>
>             Rohan:
>
>             RFC 6120 defines the way to carry a client name (Jabber
>             ID) in the subjectAltName extension.  Should this document
>             be expanded to address subjectAltName as well as extended
>             key usage?
>
>             Russ
>
>
>             > On Apr 15, 2024, at 2:18 PM, internet-drafts@ietf.org wrote:
>             >
>             > Internet-Draft draft-ietf-lamps-im-keyusage-00.txt is
>             now available. It is a
>             > work item of the Limited Additional Mechanisms for PKIX
>             and SMIME (LAMPS) WG
>             > of the IETF.
>             >
>             >   Title:   X.509 Certificate Extended Key Usage (EKU)
>             for Instant Messaging URIs
>             >   Author:  Rohan Mahy
>             >   Name: draft-ietf-lamps-im-keyusage-00.txt
>             >   Pages:   5
>             >   Dates:   2024-04-15
>             >
>             > Abstract:
>             >
>             >   RFC 5280 specifies several extended key purpose
>             identifiers
>             >   (KeyPurposeIds) for X.509 certificates.  This document
>             defines
>             >   Instant Messaging (IM) identity KeyPurposeId for
>             inclusion in the
>             >   Extended Key Usage (EKU) extension of X.509 v3 public key
>             >   certificates
>             >
>             > The IETF datatracker status page for this Internet-Draft is:
>             >
>             https://datatracker.ietf.org/doc/draft-ietf-lamps-im-keyusage/
>             <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-lamps-im-keyusage/__;!!FJ-Y8qCqXTj2!eOQUtDAA8uwHi6mlSlRXJVJrnm_r5CwAKy09oCl_Q3itf786AeEtm2xwcGhxxxWefFHr1_P4naZzm9xvxEoUKqOy538S$>
>             >
>             > There is also an HTML version available at:
>             >
>             https://www.ietf.org/archive/id/draft-ietf-lamps-im-keyusage-00.html
>             <https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-ietf-lamps-im-keyusage-00.html__;!!FJ-Y8qCqXTj2!eOQUtDAA8uwHi6mlSlRXJVJrnm_r5CwAKy09oCl_Q3itf786AeEtm2xwcGhxxxWefFHr1_P4naZzm9xvxEoUKn1iEEOp$>
>             >
>             > Internet-Drafts are also available by rsync at:
>             > rsync.ietf.org::internet-drafts
>             >
>             >
>             > _______________________________________________
>             > Spasm mailing list
>             > Spasm@ietf.org
>             > https://www.ietf.org/mailman/listinfo/spasm
>             <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!eOQUtDAA8uwHi6mlSlRXJVJrnm_r5CwAKy09oCl_Q3itf786AeEtm2xwcGhxxxWefFHr1_P4naZzm9xvxEoUKhkjFbRj$>
>
>         _______________________________________________
>         Spasm mailing list
>         Spasm@ietf.org
>         https://www.ietf.org/mailman/listinfo/spasm
>         <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!eOQUtDAA8uwHi6mlSlRXJVJrnm_r5CwAKy09oCl_Q3itf786AeEtm2xwcGhxxxWefFHr1_P4naZzm9xvxEoUKhkjFbRj$>
>
>
> /Any email and files/attachments transmitted with it are intended 
> solely for the use of the individual or entity to whom they are 
> addressed. If this message has been sent to you in error, you must not 
> copy, distribute or disclose of the information it contains. _Please 
> notify Entrust immediately and delete the message from your system._/
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email