Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
Deb Cooley <debcooley1@gmail.com> Thu, 29 July 2021 00:44 UTC
Return-Path: <debcooley1@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8310A3A077A for <spasm@ietfa.amsl.com>; Wed, 28 Jul 2021 17:44:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.846
X-Spam-Level:
X-Spam-Status: No, score=-1.846 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1RasXxVAgwxw for <spasm@ietfa.amsl.com>; Wed, 28 Jul 2021 17:44:04 -0700 (PDT)
Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80F3E3A0785 for <spasm@ietf.org>; Wed, 28 Jul 2021 17:44:04 -0700 (PDT)
Received: by mail-qk1-x735.google.com with SMTP id o13so4207515qkk.9 for <spasm@ietf.org>; Wed, 28 Jul 2021 17:44:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BFWS0Y7VgQoARQvVgdUpBi3lZdKBp0ShSm7ilET8Q6o=; b=pJmwVaAUnkb6zECR1woVp8zzSwMNQPdordS7MX4sF8JyajSLf/BiOPfBdvYIDeXKa2 h0CC2w761TqIjz0kWJe0Qrx8EeQeuysefrkTjORIyLMeLdlwU7jU7oIKSp92m/IGTgvU BV1ot7GcvOxJyUhnh/vQOmhbHkL9hQgglyz3bSpBS3MOKpzu9ZwS5oOvUbYywaVT61cA xGDukNjeBWNmWZ9QSkBRo4/XnkIYlXyX4NSOtmWTE/DXyndNcHIzlBAzU6q2PSV14MYO X6WlI/93SG42lJsaqBVGz/0/uBQFJy3mjeDbMEhsdpjbRvaOCQ1XJdPf9bjI9dsUsl4A SVWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BFWS0Y7VgQoARQvVgdUpBi3lZdKBp0ShSm7ilET8Q6o=; b=CeqdBsq/rCTn0qxDy8J+4ELJYr304ceT2a/Gt4v/kf6P8BNZigzinZzWnYu4Ic7thx 0+nOMifnT60Ms82UAzUXQaHwL4KmLMQTCnrUVX1ccg7ET1AV4juEBYnaI4kAgT9mDWqZ BBfH5KNnmOj95uluqEdoiPmYeh2vaSYQNZc5N3r6/BZ/AUsBtRPfjGTm6qoGGBUUInwb 2mGcpj/fCfOVjhPwUoTzOpf/agaNa2wnWGIJYVmTczV32W7XR+7a29pL8yUP6DYE4sfx YGLLIj7ZnVUqHSyDFOzvZbXg//u++eEbyWn+GKe4VXJUwacX2lAj/Dh6rQiOJV3ZUo3k PoOQ==
X-Gm-Message-State: AOAM533X+f31E0KaezEn/QFrfQgqIL85xGcXkluhniE7LiPXWrH+shym yhHyX8BWDzHcixlSRt1LR7s7fsEJHkixrzOTuQ==
X-Google-Smtp-Source: ABdhPJzjYNB0IbT5KcwRXZpyDgEO4ciPZK4gGDm1+cyD1pBIdFxcekhQ9M9z8EucaM2Vr70nmQt3GVoavERiRK9I3X0=
X-Received: by 2002:a37:a20d:: with SMTP id l13mr2490732qke.83.1627519442408; Wed, 28 Jul 2021 17:44:02 -0700 (PDT)
MIME-Version: 1.0
References: <CD589623-52EE-4958-80AB-73F0CFB3A36E@vigilsec.com> <CAErg=HF_hcXO=9=KJh5EBEov4ybS_8g4xF=cANL9+83UvP0zvQ@mail.gmail.com> <adf86f46-093f-756f-8292-9b5e088f4344@lear.ch> <CAErg=HEUFV2F8R8g8e6yCDKz_e6RebNyB5Zb2Lvgn4oc3BtE-w@mail.gmail.com> <CO6PR14MB4468A7A5EB138542CEBA5D9CEAE99@CO6PR14MB4468.namprd14.prod.outlook.com> <CAErg=HH4aDgju=8C7Neq_4H19EX8S2inNd9fMAMYH3h95S48Rg@mail.gmail.com> <CO6PR14MB44688BC4188063BCA54E80C4EAE99@CO6PR14MB4468.namprd14.prod.outlook.com> <CAErg=HGDA+16N4xhgMvuQz25DqD+_nkiFC+OuAJMkFzYYqFV0w@mail.gmail.com> <2550c1c3-1400-b380-c9ad-dad59286feee@lear.ch> <CAErg=HGnKMNNyaf-=w+DmqfXg7XYbKD2Ah-WUxf96xNN5Ecikg@mail.gmail.com> <CAErg=HFVx5JTog5_aWOrx3vAm5o=LxHfwxEqkVM8FifYCm2P+A@mail.gmail.com> <CAGgd1OdcLujCJQOaTGvS_Hkqg1=pUP-5Mu=06kqkrgFU3fVG5g@mail.gmail.com> <CAErg=HGL-s2v9=5J64GnaaFxWN4QYWMUnDRPcpC0DN5XgM1-yw@mail.gmail.com>
In-Reply-To: <CAErg=HGL-s2v9=5J64GnaaFxWN4QYWMUnDRPcpC0DN5XgM1-yw@mail.gmail.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Wed, 28 Jul 2021 20:43:51 -0400
Message-ID: <CAGgd1OemU0qX1Wsmx7YPMTiexKz9hmhKj3c89iT3BcrahiUP8A@mail.gmail.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
Cc: LAMPS WG <spasm@ietf.org>, "Cooley, Dorothy E" <decoole@nsa.gov>
Content-Type: multipart/alternative; boundary="0000000000003ada0a05c83866de"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/zxXf-GUIiyM67ArNIXMbCiSV3dA>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2021 00:44:10 -0000
Thanks for that. I'd be lying if I said I'd read all the references.... I'm not sure that we (by this I mean US DOD) need this per se, at least I've not heard it asked for. I suspect we (again DOD) are doing this today merely w/ the DS KU (and maybe a timestamp piece). What I'd really like to avoid is to have to add a bazillion EKUs to a signing certificate just to handle Adobe, or whatever the application is du jour. I know that some people like to make this complicated, but I'd really like it to be easy to understand (I know, stop laughing, we are well past that point). I guess that makes two things that worry me - 1. mis-use of the code signing EKU (which certainly doesn't have a working group or RFC to define it either) and 2. having to deal w/ a bazillion EKUs because US DOD uses every blasted application in the world (maybe I'll retire before then). Deb Cooley decoole@nsa.gov On Wed, Jul 28, 2021 at 3:40 PM Ryan Sleevi <ryan-ietf@sleevi.com> wrote: > > > On Wed, Jul 28, 2021 at 2:53 PM Deb Cooley <debcooley1@gmail.com> wrote: > >> Just to push on this a little more (apologies). What do you believe is >> the correct path forward? Abuse of the code signing EKU is worrying. >> > > The context behind this request is the CA/Browser Forum is working to > specify S/MIME policies, and are similarly interested in fixing these > abuses. I am, without a doubt, 100% on board with this. I just see it as a > matter of domain-specific policy, rather than IETF coordination. > > Concretely: I would see vendors that are targeting specific signature > protocols to have EKUs for those protocols. For example, ETSI ESI TC has a > suite of specifications that the European Union has granted the presumption > of legal recognition (in certain cases) or > mandatory-to-implement/interoperate assumptions (e.g. for public services). > These are PAdES, CAdES, XAdES, and collectively describe signature > requirements for PDF, CMS, and XML. Nothing would prevent ETSI ESI from > using its OID arc (0.4) to assign an EKU to indicate "Used in conjunction > with the ETSI ESI document signing specifications" - with the assumption > here is that ETSI ESI TC will ensure that these distinct formats do not > permit cross-format attacks that allow for confused deputy (of which there > have been many [1]). > > In implementation practice, EKUs effectively operate as substitutes for > certificatePolicies. Whether we hate that or not - and the past debate has > been clear there's folks in both camps - that's the implementation reality. > For example, to have a certificate successfully validate with > 'id-kp-serverAuth' on a macOS system, you need to comply with Apple's > certificate policies. This doesn't matter whether you're a CA included by > default in the OS, or something locally configured in the Enterprise: any > application using Apple's cryptographic libraries has to comply with the > policies if they assert the particular EKU, that EKU is required to use > their TLS client libraries, and that's a net-positive for users. [2]. > Sometimes, these changes only apply to CAs included in their software by > default [3], but other times, it's system wide. > > In practice, the EKU is used to indicate compliance, or non-compliance, to > a particular certificate profile, defined by the vendor of the relying > party application. This is true for major trust store vendors like > Microsoft, Apple, Google, Mozilla, and across different protocols: Google's > GMail has its policies [4], just like Adobe has their AATL [5]. The EKU is > enforced at the protocol level, but equally, it implies and reflects > compliance with policy. > > In the browser space, the CA/Browser Forum exists to help coordinate the > interpretation of 'id-kp-serverAuth' as it applies to browsers, and to > reduce the risk of conflicts in those profile requirements. There's nothing > preventing similar groups - such as ETSI (in the case of the *AdES family) > or the CA/Browser Forum (in a hypothetical document signing chartered > working group) to do the same, with an EKU specific to their constituency > to reflect the "I intend to use it with this {protocol}, which has {these > policy assumptions in the PKI design}". Yes, in a perfect world, this would > have used certificatePolicies, with client libraries requiring end-entity > certificates asserting a particular policy, and validating that policy is > in the effective policy set, and that EKU is purely a protocol indicator: > but that's not the world we ended up at. > > The issue with the IETF defining a generic EKU here is that we don't have > a "Document Signing Protocol WG" that defines the format and semantics of > what a signed document is, in the way we have a TLS WG or an IPSEC WG or a > Kerberos WG. Within those WGs, we do see efforts at preventing > cross-protocol and cross-format confusion, and we also see the use of > multiple certificates and keys when appropriate, and including new EKUs as > needed, when possible. For example, TLS Delegated Credentials work > proposes... an additional certificate for servers to obtain to express > further restrictions on private key usage [6]. This was due to needing to > work around the fact that few TLS client implementations outside of > browsers robustly support features like those in RFC 4158 [7], and the TLS > WG had to work around that legacy, as otherwise, EKU would have been > appropriate. > > Concretely: ETSI could easily allocate OIDs for PAdES, CAdES, and XADeS. I > haven't done the protocol analysis to know if there's cross-format attacks, > so it could be three OIDs, or it could be a singular OID if they are > robustly secured, indicating compliance with the ETSI specifications and > the eIDAS policy framework. Adobe could similarly take a lead here, with > respect to PDF signing, and say "This EKU is used for PDFs according to > this {Adobe, ISO} specification and the AATL policy". If the CA/Browser > Forum was chartered for this (it presently is not, but that, like all > charters, is changable), it could also define an EKU to say "This EKU is > used in conjunction with {these document signing protocols} and the > CA/Browser Forum policy". CAs that, say, meet the requirements of all three > organizations, could easily assert all three EKUs in a single certificate, > provided that they (and relying parties) have analyzed for > cross-protocol/cross-format attacks. But we can't pretend they're the same > constituencies: even where there's overlap (and there's plenty of 2-of-3 > and 3-of-3 overlap in these examples), they are still fundamentally > different use cases and policy authorities. > > [1] https://pdf-insecurity.org/index.html > [2] https://support.apple.com/en-us/HT210176 > [3] https://support.apple.com/en-us/HT211025 > [4] https://support.google.com/a/answer/7300887?hl=en > [5] https://helpx.adobe.com/acrobat/kb/approved-trust-list2.html > [6] > https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-10#section-4.2 > [7] https://datatracker.ietf.org/doc/html/rfc4158 >
- [lamps] Call for adoption for draft-ito-documents… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Salz, Rich
- Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Tadahiko Ito
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Tomofumi Okubo
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Tomofumi Okubo
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
- Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
- Re: [lamps] Call for adoption for draft-ito-docum… Santosh Chokhani
- Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
- Re: [lamps] Call for adoption for draft-ito-docum… Salz, Rich
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Michael Richardson
- Re: [lamps] [EXTERNAL] Call for adoption for draf… Mike Ounsworth
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Daniel Kahn Gillmor
- Re: [lamps] Call for adoption for draft-ito-docum… Michael Richardson
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Russ Housley
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] Call for adoption for draft-ito-docum… Michael Richardson
- [lamps] Call for adoption for draft-ito-documents… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Yoshiro YONEYA
- Re: [lamps] Call for adoption for draft-ito-docum… Corey Bonnell
- Re: [lamps] Call for adoption for draft-ito-docum… Brown, Wendy (10421)
- Re: [lamps] Call for adoption for draft-ito-docum… Stefan Santesson
- Re: [lamps] Call for adoption for draft-ito-docum… Tadahiko Ito
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Tadahiko Ito
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley