Re: [therightkey] CT and RFC 5878 (was Re: CT Qs)
Emilia Kasper <ekasper@google.com> Fri, 25 January 2013 16:55 UTC
Return-Path: <ekasper@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5853F21F8858 for <therightkey@ietfa.amsl.com>; Fri, 25 Jan 2013 08:55:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.749
X-Spam-Level:
X-Spam-Status: No, score=-102.749 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_OBFU_Q1=0.227, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g46GfOcvAigi for <therightkey@ietfa.amsl.com>; Fri, 25 Jan 2013 08:55:19 -0800 (PST)
Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) by ietfa.amsl.com (Postfix) with ESMTP id 2575921F854E for <therightkey@ietf.org>; Fri, 25 Jan 2013 08:55:18 -0800 (PST)
Received: by mail-wg0-f51.google.com with SMTP id 8so368035wgl.30 for <therightkey@ietf.org>; Fri, 25 Jan 2013 08:55:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=iZkvx37WVHOBfGbBq8IhlDeqE0H3jHssjSQqF9AeK9M=; b=fhT3MNlUCrgNH5EiggoJnoMlW1/EZE/gfyiZxBmqTwBo99HAEEmRdDGwd7T2D3hwhC WlbPnxQadw/ZtvD59YfxJmbpKjSwdWwQXPHSu4v+ekUVsi8TSt0/9yMON8u5SDx199Qb H93GPX4x+6erkNIjnflYTPpEn85PZp6G+91Alf+W+iZSyvKjDaVwyPml37TQee0FYR53 BDF1oY7qy5tw322BsiaK5yLfz1PuGfufedtfv4L3naTBnAnwlOXpIXbw4L2//pbUKDYQ RjAvLbvB8iZDWceUMf+5XCueDEsqwQ1Mn/dwC7rGjbTzu2NClbc2t7BQ+S0myRfoOuaK ci6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=iZkvx37WVHOBfGbBq8IhlDeqE0H3jHssjSQqF9AeK9M=; b=mPpQaJarhH1bgzgLWnCA4IZGbnJ479OUJVGdtu+yLbFTM/NTUuRRxlLde+D1JhcWUS zEDYQ87KjDCkrmm8fboaFU78+3YrYIaUkWh8wek+1a9Jm77KfBU9BpP5xIZArv1SBn/E TNjABC9JChn9riEQtnyDBCW9yCqAlZlnffr3bCFfbQtsaV0bpbkK/GWcXfUn7g8BHn8U lJwxNWMBjuQuPbwElxOj8+Z+DqTrnfxAxAlNPVu6UDay/kXBwO4P946DKHuUPwnOSBnX b8l4m9lFIcnRXZllvi2ZshJojB9t10UKsTUu4UuD14OlkFB5Sqimr6lLCmVqpjooslga xC1A==
MIME-Version: 1.0
X-Received: by 10.180.19.136 with SMTP id f8mr9885799wie.0.1359132918137; Fri, 25 Jan 2013 08:55:18 -0800 (PST)
Received: by 10.194.51.231 with HTTP; Fri, 25 Jan 2013 08:55:18 -0800 (PST)
In-Reply-To: <CAGZ8ZG0Lb5YR-u6KaJrwdkv5sXaV1Y0isk3dn8=DY4ZWFMEHSQ@mail.gmail.com>
References: <CAGZ8ZG0Lb5YR-u6KaJrwdkv5sXaV1Y0isk3dn8=DY4ZWFMEHSQ@mail.gmail.com>
Date: Fri, 25 Jan 2013 17:55:18 +0100
Message-ID: <CABp4ts2Qo9FxghBbKRX=HxOTd_yUOn4PPnfXj-aRndeByvoJbA@mail.gmail.com>
From: Emilia Kasper <ekasper@google.com>
To: Trevor Perrin <trevp@trevp.net>
Content-Type: multipart/alternative; boundary="bcaec53d5aa3c9c1ff04d41fca70"
X-Gm-Message-State: ALoCoQlxCLI3Y57I+t3I0YQ+X6J+5+Z/8A3dsXDHVUcfM8Er4hMDCb9NfzT5IboTITkqQNZYrIt3fQAlwmzL2ADDtEax0ZuFHo+iVbxBbJVHm/ThNiwzW5qOMIHRBbaNeYSCBOM38V+FnDke/vw0dTN8lpU2i2Sy2jI/ovN1T2WlWMfPjamKYPiVXddI0zqDnxqQm+VCIw8T
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Ben Laurie <benl@google.com>
Subject: Re: [therightkey] CT and RFC 5878 (was Re: CT Qs)
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jan 2013 16:55:20 -0000
On Fri, Jan 25, 2013 at 1:26 AM, Trevor Perrin <trevp@trevp.net> wrote: > On Thu, Jan 24, 2013 at 4:10 AM, Emilia Kasper <ekasper@google.com> wrote: > > On Wed, Jan 23, 2013 at 8:25 PM, Trevor Perrin <trevp@trevp.net> wrote: > >> > >> Defining your own TLS Extension seems simpler, why not do it from the > >> start? > > > To expand on this: RFC 5878 seems unnecessary for server-provided > data such as CT's SignedCertificateTimestamps (or similar things like > TACK [1]). > > TLS already has an extension mechanism. 5878 uses this extension > mechanism to add a new extension mechanism. But the new mechanism > seems pointlessly redundant, complex, and not widely implemented. > It's also poorly designed and specified: > > * 5878 builds on the SupplementalData TLS handshake message defined > in 4680. But 5878's extension of 4680 appears wrong: The > "SupplementalData" structure in 5878 does not match the same-named > structure in 4680. I think 5878 is trying to extend 4680's > SupplementalDataEntry, but it's still wrong (missing > supp_data_length). > > * 5878's AuthorizationDataEntry has no overall length field, thus is > not generically parseable (it can only be handled by a parser which > knows the structure corresponding to each authz_format it encounters). > The OpenSSL implementation [2] attempts to parse it by assuming every > AuthorizationDataEntry contains a 2-byte overall length field > following the 1-byte type, but this is incorrect (see URLandHash in > 5878). > Thanks, you're correct - we didn't get it quite right on first attempt. We'll look into it. > > The claim is: > > > We've already implemented 5878 for OpenSSL and Apache. The wider benefit > of > > a more general mechanism is that adding new types of authorization data > > (Revocation Transparency?) will in the future not require upgrading > servers > > again. > > But this isn't an inherent virtue of 5878, it's due to the CT team > adding functionality to OpenSSL and Apache that allows specifying > server responses in a data file [3]. The server can parse the data > file and return whichever responses the client asks for, without > needing code changes to know their meaning. > > That's a great mechanism, but why not apply it to TLS Extensions? > Then we could deploy CT's timestamps (or other server auth data) > without needing server code changes *or* 5878. > > That would be the best of both worlds, wouldn't it? > I'm not sure I follow; do you mean specifying TLS extension data in a data file? Surely that doesn't work for arbitrary extensions... Emilia > > Trevor > > > [1] http://tools.ietf.org/html/draft-perrin-tls-tack > > [2] For OpenSSL, see ssl_rsa.c:authz_validate(), and incorrect comment > in ssl_locl.h: > > /* authz/authz_length contain authz data for this certificate. The > data > * is in wire format, specifically it's a series of records like: > * uint8_t authz_type; // (RFC 5878, AuthzDataFormat) > * uint16_t length; > * uint8_t data[length]; */ > > [3] OpenSSL's SSL_CTX_use_authz_file(), Apache's SSLRSAAuthzFile directive >
- [therightkey] CT and RFC 5878 (was Re: CT Qs) Trevor Perrin
- Re: [therightkey] CT and RFC 5878 (was Re: CT Qs) Emilia Kasper
- Re: [therightkey] CT and RFC 5878 (was Re: CT Qs) Trevor Perrin
- Re: [therightkey] CT and RFC 5878 (was Re: CT Qs) Ben Laurie