IETF Logo Mail Archive

Re: [therightkey] Defining CT-for-PKIX and CT-for-DNSSEC

Paul Hoffman <paul.hoffman@vpnc.org> Sat, 17 November 2012 19:37 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0BD921F8532 for <therightkey@ietfa.amsl.com>; Sat, 17 Nov 2012 11:37:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.563
X-Spam-Level:
X-Spam-Status: No, score=-102.563 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BWwBA-gGvL6f for <therightkey@ietfa.amsl.com>; Sat, 17 Nov 2012 11:37:49 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 428C021F8687 for <therightkey@ietf.org>; Sat, 17 Nov 2012 11:37:49 -0800 (PST)
Received: from [10.20.30.102] (50-0-66-243.dsl.dynamic.fusionbroadband.com [50.0.66.243]) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id qAHJbe0o053229 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sat, 17 Nov 2012 12:37:41 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <E96961C4-9FCB-470D-BD16-A792CF6F484C@bbn.com>
Date: Sat, 17 Nov 2012 11:37:42 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <2603023B-FBA3-433D-82BF-A742BC43FB66@vpnc.org>
References: <2B12532F-90DE-4265-9EDB-38F49B5CA951@vpnc.org> <20121117181839.GA25913@isc.upenn.edu> <E96961C4-9FCB-470D-BD16-A792CF6F484C@bbn.com>
To: "Richard L. Barnes" <rbarnes@bbn.com>
X-Mailer: Apple Mail (2.1499)
Cc: therightkey@ietf.org
Subject: Re: [therightkey] Defining CT-for-PKIX and CT-for-DNSSEC
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Nov 2012 19:37:50 -0000

On Nov 17, 2012, at 11:32 AM, "Richard L. Barnes" <rbarnes@bbn.com> wrote:

>>> CT-for-PKIX helps a web site administrator determine if a trusted CA ever issued a certificate that should not have been issued.  
>>> 
>>> CT-for-DNSSEC helps a DNS zone administrator determine whether a DNS server in the hierarchy above the leaf zone ever included a DS record that should not have been included.
>>> 
>>> It would be good to have agreement on the above; feel free to offer changes and see if the authors agree. Then we can talk about the relationship between the two.
>>> 
>> 
>> Sounds reasonable to me.
>> 
>> Does "CT" need to be renamed for DNSSEC? Since we're talking about 
>> transparency of delegation records/keys and not X.509 certificates. 
>> If C means "certification" in the general sense, then I suppose it
>> might still be applicable since a (signed) DS record certifies the
>> authenticity of the secure entry point key in a subordinate zone.
> 
> "DST"?
> 
> The definitions sound reasonable, but I'm at a loss as to why you would bother with "CT-for-DNSSEC".  The whole point of CT is that the space of X.509 issuers is very large, and the certificates can be presented by any server on the Internet.    It's a hassle to check every, say, HTTPS server on the Internet to see if a cert with your name is being provided.
> 
> In DNSSEC, the set of "issuers" is very small (parent domains), and the DS records originate from a well-defined set of sources (authoritative servers for those domains).  Checking those servers is not that much more difficult than checking a CT log, and doesn't require any new protocol.

Maybe you missed the earlier discussion of this in the past few days.

Rogue DS records might not be detectable to the party with the leaf record. For example, assume the domain name example.newtld. The owner of example has put DS record A in the newtld zone. If the owner of newtld goes rogue and shows DS record B to a limited number of requests (such as to a particular geographic region or set of network addresses), the party with the private key associated with B can spoof example, and the owner of example would not know unless he could see B.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email