IETF Logo Mail Archive

Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 27 July 2021 16:26 UTC

Return-Path: <prvs=6842e97f9c=uri@ll.mit.edu>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F29F3A07CB for <spasm@ietfa.amsl.com>; Tue, 27 Jul 2021 09:26:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFncian-53nk for <spasm@ietfa.amsl.com>; Tue, 27 Jul 2021 09:26:19 -0700 (PDT)
Received: from llmx3.ll.mit.edu (LLMX3.LL.MIT.EDU [129.55.12.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59D4D3A0874 for <spasm@ietf.org>; Tue, 27 Jul 2021 09:26:15 -0700 (PDT)
Received: from LLE2K16-HYBRD01.mitll.ad.local (LLE2K16-HYBRD01.mitll.ad.local) by llmx3.ll.mit.edu (unknown) with ESMTPS id 16RGQCqa018111 for <spasm@ietf.org>; Tue, 27 Jul 2021 12:26:12 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=Z1SeFmpQvMDiDcBINPMH9WRvPZ+8t3p/nO+HQ+i1JolbQx7159F35X3tA6gQWel0H22j8FCktsWuAFWODplCk0lDw6Oxc7SXc41624KFlxWYVgH2DP/cpKKBs+xpfTvjtZYaMhMjvnKiulncqcsTomac6o/Q+KRISyjsDlf3+AH2fQlOoQozsIh2ROAlc27zDRVj/K2LYU5FSrlenGIMobG8QvEABL9A790MGGClus1KLuBcsCK/uQhoyozUpAoqAEu6l97ouq098kIatjF8eQJK4fk8p2CpceuQrX8s4zKEZDz/9yQy+huuOBm59QRAVlpfi6k2MiOSBRzsqSs9Kw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n5b9SaUhWjTuEa5KIZqecU3UjAXWfKiugUDDReY60a0=; b=ZEEjUmT7kjYy7umyYVXdUFOgd5y7cRXkWF+J2NSGZ0GSFMakJkFInxZ/Ghz32D/wTHt8YGbokOcqcF3YWoTLVG5smjzbrFln8PJr7CtCYR7/XX+UqrcrrJj69vVckMoNylmDt++I1KQxNjPG7G+ENoBk4TE96wG/kjX2J9pLtCkd2+C7ilcD0JlBR6PTt0ecmF+2G3tv+Kkkz1AAiOAjLk1x1cmNoWlRcQakKkx3ilL3QwAQistwIGMQHG1RwYqzmdLyvWo4GGR0Lbzt8lvfZXLEeckEiItB3RiTSB+K7J1/ajmM66GodYXXAhRdEWdSPEhCmQy4HmgQiXLUlTjdzA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: LAMPS WG <spasm@ietf.org>
Thread-Topic: [lamps] Call for adoption for draft-ito-documentsigning-eku
Thread-Index: AQHXgmuKk2sKcjNKq0GeFl8+0k2LC6tWBn+AgADxCACAAAmlgP//vyWA
Date: Tue, 27 Jul 2021 16:26:10 +0000
Message-ID: <EAFBC19D-E7F2-4247-9A1A-792714D0D692@ll.mit.edu>
References: <CD589623-52EE-4958-80AB-73F0CFB3A36E@vigilsec.com> <CAErg=HF_hcXO=9=KJh5EBEov4ybS_8g4xF=cANL9+83UvP0zvQ@mail.gmail.com> <adf86f46-093f-756f-8292-9b5e088f4344@lear.ch> <CAErg=HEUFV2F8R8g8e6yCDKz_e6RebNyB5Zb2Lvgn4oc3BtE-w@mail.gmail.com>
In-Reply-To: <CAErg=HEUFV2F8R8g8e6yCDKz_e6RebNyB5Zb2Lvgn4oc3BtE-w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.50.21061301
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ll.mit.edu;
x-originating-ip: [129.55.200.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 38785a0a-5bb5-4660-8afc-08d9511b3f00
x-ms-traffictypediagnostic: SN5P110MB0383:
x-microsoft-antispam-prvs: <SN5P110MB0383154D0B501B2946C803B290E99@SN5P110MB0383.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Uewto9C5nxCOA1uzIp9URxX6QYs2klHgU4qbZfaueW+RsLXelZqBe6CbxMOhBBO59VdXgdsaUQ7XpcfuCyekd9m03Ngz+UugpluUalekvGkv7/QfLCiUG9gT2oXqidYeGNxjtG9AvKkwjtaiBebZIDpFuIqAOXCRPE0waOPKjH0ru1zJUzqZ6AO6UzTz9Y0QqlXh11q4kyj8NXwyyaGs4l75yMRdXoOKyuBjnPVs0PTNJAy4CZ9OP1xhQ5tuTpP/GW1DYhZfL938AwffyJxGk9PuG1KSS0yNc+Dz3vDsO3SEj+JQhitb+4XL9jgPfxV+CFipHvTMUyLuA5xuJlbLexnM+uSQ+A6BwIv+zhBiGv9XB23Z29zBBzBVoXEdDBTR03YqGaIl5J40UGhb5FBymqFUrscjK6mUGHD1wmkLZJ+dXfmoRi+K/4kykjAMUDAMwmj6sjp4ILe0fAzJe+WkLzpNHGTFR65PiO5o20midAefewt+nFlQn1JtOP3AgQqdJCI5miDZRWLLwOrTD5ccPUNHlsTwRcquKmO1DkYBziVXl2vvmrO6sr8bwIE3EOf9JKBanKtTBCG/fs6zy76LSXBQgfu6hbAnz5/SS0TwDMzAAtdkOQOpg6/S1f18xcigdoddVU6hR/MdJOdcMsICPJX4NpzAvdeR+zQSFxyVM14=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN5P110MB0560.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(66446008)(2616005)(6506007)(6512007)(5660300002)(66574015)(508600001)(8676002)(53546011)(8936002)(86362001)(316002)(83380400001)(66556008)(71200400001)(64756008)(75432002)(6486002)(122000001)(66946007)(2906002)(26005)(66616009)(6916009)(99936003)(66476007)(186003)(33656002)(38100700002)(76116006)(38070700004)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: w7N/1KefaKKCUAPLVnxUk/qBJvb+j2OwPKT8elQvgUgg4gMljgRZU/8Kgt2LMhNmIW0mB8u3bTZVtFpWfQMZ3I+ajq2lUFXMwBZ1jUHamqGdByuDQGlqzyHABKFbtIZefyucpvQ2J5R9UMlxXm4lbWXFCpvCR8p20WxfKrmUL+zxeFzYgTevI4RYWqUepdHIfr7iqomDipRmNx0IVvUy405W1S6YIq2XRIc/DTPpG010xHmpJ8bGQJSObNzt18dRgm1fg/cVnI3jq7OZeZUDuzD0y9tlEn1bsAZvp+yF4du3i2FHxFqpA0F5A1e8xlpedPMgMQqxd479AsczbmOpHEYYQ4k0aBGNj9muS7CscbSBZTy2JwYkD3mp2ewHym8384R3wnnUiIkLJxyon0HoIJj1lIxItC42pa5EsMyNqI1QvVMvTDF3mSPaMlO/MSBqoFEIwxH7hfRpYdSkNgAs38NGzqLa2ZcaWgNn1b64RwfNMd+KZHbpCaXcY3HyVOuogibowlgxYBdcPAUY4tGoMhs7FuV0Yk3tT6b9IC15R4iLW9XHdpiikoZThFbNYNhAEsahQHQRxMcSfi4Mh0dgmQ8DzhzYG56PvYcPvM7Ivkt9gRrF0pmFe7XtWyqZe88R5JKr9IXqWmxtSsgDgtXujghBCI6eCtQLJzDvJ05hYAYoLtqxVtZLhkYTx37onYvdUqWf8p8E3pa0w582sBl4Xw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3710233569_1003374575"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN5P110MB0560.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 38785a0a-5bb5-4660-8afc-08d9511b3f00
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2021 16:26:10.7824 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN5P110MB0383
X-OriginatorOrg: ll.mit.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-27_10:2021-07-27, 2021-07-27 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2103310000 definitions=main-2107270099
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/tasQ_SENzG7LgPDD6rKTIkqvniA>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 16:26:25 -0000

Without spending (and repeating) too many words – I agree with Eliot’s position and disagree with Ryan’s.

 

--

Regards,

Uri

 

There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.

The other is to make it so complex there are no obvious deficiencies.

                                                                                                                                     -  C. A. R. Hoare

 

 

From: Spasm <spasm-bounces@ietf.org> on behalf of Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Tuesday, July 27, 2021 at 12:19
To: Eliot Lear <lear@lear.ch>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>, LAMPS WG <spasm@ietf.org>, Russ Housley <housley@vigilsec.com>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

 

 

 

On Tue, Jul 27, 2021 at 11:44 AM Eliot Lear <lear@lear.ch> wrote:

CAs can barely handle three.  Adding one more will be challenging enough, which is why I asked if there was an intent to deploy by CAs, and the answer was, “yes”.

I don't think it's appropriate at all to generically refer to CAs like this, given that we have ample industry evidence to the contrary. It equally seems to be mistaken of the concerns to think that it's a question about what the CA deploys, since this is a question of and for relying party applications.

On (1), RFC 5280 was written prior to the requirement for explicit IANA policies, but there is no basis to believe that a protocol is required to establish an EKU. 

This is a very broad statement, and it's unclear if you're requesting to understand more of the historic basis for the {Extended, Enhanced} Key {Usage, Purpose} and its historic evolution. As the brackets note - this is a field that has had many names through its evolution, and while you're entirely right that RFC 7299 post-dates RFC 5280 and the previous work (e.g. ipki-part1-05 borrowing the field from ISO), and you can certainly examine the contemporary discussions around the intersection with keyUsage.

Finally, we do not want a requirement for more specific EKUs (or any other extension) to become a barrier to deployment.  In the end that just makes it less practical to use certificates.  If you're reading this as, “the CAs can't/won't keep up”, then you've understood my message.

Again, I believe it's misguided to speak of "the CAs" without speaking to the trust framework; your "CAs" are not my "CAs", and that's perfectly fine and working as intended. I understand and appreciate your sensitivities of concern with manual certificate management and the use of legacy smart cards; however, these concerns do not generically extend to all certificates or all CAs, nor are they sufficient to justify IANA/IETF action.

 

This document "could" be entirely reasonable as an Individual Submission; while that does not at all redeem its flaws, it also reflects the reality that what's being proposed here is explicitly not something that can or should be used in an interoperable way. It certainly, in its present form, explicitly conflicts with the objectives set forth in RFC 5280, Section 2.2:

 

   The goal of the Internet Public Key Infrastructure (PKI) is to meet
   the needs of deterministic, automated identification, authentication,
   access control, and authorization functions.  Support for these
   services determines the attributes contained in the certificate as
   well as the ancillary control information in the certificate such as
   policy data and certification path constraints.

 

Namely, that the objective of this EKU is, as stated, for non-deterministic, manual identification of certificates. This further contradicts Section 2.3's goal of ensuring the specification recognizes "the limitations in sophistication and attentiveness of the users themselves".

 

Concretely, our disagreement appears to be this: When faced with the question of a hypothetical new EKU, do the specifications provide sufficient guidance to relying party applications to make an automated determination about whether or not the use is appropriate or not? Explicitly, it does not: it does not provide a way, for example, to distinguish whether this "XMLDSig" signed thing is permitted, no more than it permits this "PDF-via-CMS" or "PDF-with-CMS" is permitted. It does not provide any further insight into either the CA's intended capability for the named subject, nor to the relying parties expectations of that capability, and intentionally so. A relying party application instead is expected to treat this as abstract, to be determined by each application whether or not it's appropriate, creating a fundamental disconnect between any CA that tries to issue such certificates and any relying party attempting to use them.

 

The solution for this disconnect is simple: relying parties and CAs to agree on semantics that are unambiguous as to what is acceptable or not. This is true with or without IANA/IETF action, as reflected by deployed reality.

v2.23.0 | Report a Bug | By Email