[therightkey] CT and RFC 5878 (was Re: CT Qs)
Trevor Perrin <trevp@trevp.net> Fri, 25 January 2013 00:26 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2196B11E80D1 for <therightkey@ietfa.amsl.com>; Thu, 24 Jan 2013 16:26:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.974
X-Spam-Level:
X-Spam-Status: No, score=-1.974 tagged_above=-999 required=5 tests=[AWL=0.776, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_OBFU_Q1=0.227]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kAqmjIHZiK53 for <therightkey@ietfa.amsl.com>; Thu, 24 Jan 2013 16:26:44 -0800 (PST)
Received: from mail-wg0-f49.google.com (mail-wg0-f49.google.com [74.125.82.49]) by ietfa.amsl.com (Postfix) with ESMTP id 51AEB11E8099 for <therightkey@ietf.org>; Thu, 24 Jan 2013 16:26:44 -0800 (PST)
Received: by mail-wg0-f49.google.com with SMTP id 15so3144967wgd.28 for <therightkey@ietf.org>; Thu, 24 Jan 2013 16:26:43 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:date:message-id:subject :from:to:cc:content-type:x-gm-message-state; bh=y5wqiQe2yNYKNMtWnqGFIAS3Jze8Dhtufk/YMglNpMA=; b=EY2wLUjw/+Qjj7B5ZRPXd47qbsg8AxbPHom0LgOng27+8baZ6v+iJRnncxKRsDk2Up 6nzXBzK/hEe8nGWyxfrPSE42gZfXDDjs1zq5vpqi4YSRHOAONemiGdz1JK2/l3hnibbH DP6w3LK4UN/2v1Cq7vtPFJK0QmUk8JJ6ORGNov9ydufP6lNYw+E4WWWRfofTXMid9/yQ My5N68GRkNuuqxJb1zNewAXuI6V8WvP4aWmc/NwwYWbiplx0r0tCUstVZyoF2DUrGC+B rPl01gB63wkwGNzqc8FeSr4gECnTV8k5eyWjOdKXSxcujVrBJARz0tdmykiUOJwUeTq+ 1TKQ==
MIME-Version: 1.0
X-Received: by 10.194.108.101 with SMTP id hj5mr6066413wjb.6.1359073603361; Thu, 24 Jan 2013 16:26:43 -0800 (PST)
Received: by 10.216.242.141 with HTTP; Thu, 24 Jan 2013 16:26:43 -0800 (PST)
X-Originating-IP: [166.137.212.37]
Date: Thu, 24 Jan 2013 16:26:43 -0800
Message-ID: <CAGZ8ZG0Lb5YR-u6KaJrwdkv5sXaV1Y0isk3dn8=DY4ZWFMEHSQ@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Emilia Kasper <ekasper@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQnecrgXX9t4+TsKmHuLk614EXTDtMaW4txXyO6lmxkDFaGdUrUyE1aVKkVCMHUJFOkFBuPh
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Ben Laurie <benl@google.com>
Subject: [therightkey] CT and RFC 5878 (was Re: CT Qs)
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jan 2013 00:26:45 -0000
On Thu, Jan 24, 2013 at 4:10 AM, Emilia Kasper <ekasper@google.com> wrote: > On Wed, Jan 23, 2013 at 8:25 PM, Trevor Perrin <trevp@trevp.net> wrote: >> >> Defining your own TLS Extension seems simpler, why not do it from the >> start? To expand on this: RFC 5878 seems unnecessary for server-provided data such as CT's SignedCertificateTimestamps (or similar things like TACK [1]). TLS already has an extension mechanism. 5878 uses this extension mechanism to add a new extension mechanism. But the new mechanism seems pointlessly redundant, complex, and not widely implemented. It's also poorly designed and specified: * 5878 builds on the SupplementalData TLS handshake message defined in 4680. But 5878's extension of 4680 appears wrong: The "SupplementalData" structure in 5878 does not match the same-named structure in 4680. I think 5878 is trying to extend 4680's SupplementalDataEntry, but it's still wrong (missing supp_data_length). * 5878's AuthorizationDataEntry has no overall length field, thus is not generically parseable (it can only be handled by a parser which knows the structure corresponding to each authz_format it encounters). The OpenSSL implementation [2] attempts to parse it by assuming every AuthorizationDataEntry contains a 2-byte overall length field following the 1-byte type, but this is incorrect (see URLandHash in 5878). The claim is: > We've already implemented 5878 for OpenSSL and Apache. The wider benefit of > a more general mechanism is that adding new types of authorization data > (Revocation Transparency?) will in the future not require upgrading servers > again. But this isn't an inherent virtue of 5878, it's due to the CT team adding functionality to OpenSSL and Apache that allows specifying server responses in a data file [3]. The server can parse the data file and return whichever responses the client asks for, without needing code changes to know their meaning. That's a great mechanism, but why not apply it to TLS Extensions? Then we could deploy CT's timestamps (or other server auth data) without needing server code changes *or* 5878. That would be the best of both worlds, wouldn't it? Trevor [1] http://tools.ietf.org/html/draft-perrin-tls-tack [2] For OpenSSL, see ssl_rsa.c:authz_validate(), and incorrect comment in ssl_locl.h: /* authz/authz_length contain authz data for this certificate. The data * is in wire format, specifically it's a series of records like: * uint8_t authz_type; // (RFC 5878, AuthzDataFormat) * uint16_t length; * uint8_t data[length]; */ [3] OpenSSL's SSL_CTX_use_authz_file(), Apache's SSLRSAAuthzFile directive
- [therightkey] CT and RFC 5878 (was Re: CT Qs) Trevor Perrin
- Re: [therightkey] CT and RFC 5878 (was Re: CT Qs) Emilia Kasper
- Re: [therightkey] CT and RFC 5878 (was Re: CT Qs) Trevor Perrin
- Re: [therightkey] CT and RFC 5878 (was Re: CT Qs) Ben Laurie