Re: [therightkey] [cabfpub] Thoughts on reducing SCT sizes (was Re: Updated Certificate Transparency + Extended Validation plan)
Ben Laurie <benl@google.com> Tue, 18 February 2014 16:59 UTC
Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32B841A0402 for <therightkey@ietfa.amsl.com>; Tue, 18 Feb 2014 08:59:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.327
X-Spam-Level:
X-Spam-Status: No, score=-1.327 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_22=0.6, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iLPKncZ7Jot5 for <therightkey@ietfa.amsl.com>; Tue, 18 Feb 2014 08:58:59 -0800 (PST)
Received: from mail-vc0-x236.google.com (mail-vc0-x236.google.com [IPv6:2607:f8b0:400c:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 51BD71A03FF for <therightkey@ietf.org>; Tue, 18 Feb 2014 08:58:59 -0800 (PST)
Received: by mail-vc0-f182.google.com with SMTP id id10so13615896vcb.27 for <therightkey@ietf.org>; Tue, 18 Feb 2014 08:58:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=I4CC2k3LKj1qLGKIJp8QbrxXzBvD49y5TskRJJ4e51k=; b=XLj/VaCwcvhPbhzEPuuNkpNyLSrGdiQ9zRYShiyrkcafelgpePknv7OeP4yH6cyQQb MEJHM3cPvoPcwtqLuMiIxkBcL0k7Q93gXnqJGutvsZepnl1mhyG7BHdnB+pj40v4uT2Q ude+2ryAM1AVWEkSNv4P85l7FCqA0+vkGOQ/NTM0gYhv2kn+Ckrzu4Bntap2DKrYXgVo hdbRtabL5c7DYEVnGO5KbXmMgydcyhuhjSthzvCy/d5Oun1wl05Y8J4igZ7sxFL8GKXE mu4Gaa0LCcQH5p03bc8Vetuymt9Pzo6CAOqW6mQKly0CFyZf2cpiv1AP9Bd1e+3B4uei FB8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=I4CC2k3LKj1qLGKIJp8QbrxXzBvD49y5TskRJJ4e51k=; b=P7+OhYskTpjcrW8AXMhOJuklK41FiIBnmm9ZRK7nBCmWwiAQNczfquDaUKv8d/51JI unkE2LRrRg64E4rQGY+7BA/83wPG5FFYWlGQgsinBvSWq24GtGsUyunnMDCpfW4bMpoI 4kVHs310TZgnNHEMRKrCFG87goxkm1hY55aaGeXiJljVLbOOTiDlvaktaOih/4dd2nHw vNgMNmw8FpKK8PQp263VchQJ0MjpRnj0inMCynRZdWYCVxNs2wi0K6RjLKVnt5nnVovf oeYtOLtt6TG3ERfg2gfMSpDf/7CdUlMmVQ/Dqh7CVgEErFDEWp+lag4c21ezGD/OCSh1 dhhA==
X-Gm-Message-State: ALoCoQkZEOkw3/K9Ilanm/5gcMJej5mAKuAj8imB64kCJZPj7qLtS/xB7OVZBLsIiA2KVoUAOdVLZ/19SaltyNOsF19wTO/ljDpCTaWZ0E4nE/CK6Jfu5WHK7AtZArxvInuDI4Y4zSo3OdUX6gaxCbnTHmFG0PwjnWdtsOB5Szz8JXDPSlMrDFFhuGHokeAg4TktgBkrHtE5
MIME-Version: 1.0
X-Received: by 10.52.188.41 with SMTP id fx9mr18267100vdc.19.1392742736121; Tue, 18 Feb 2014 08:58:56 -0800 (PST)
Received: by 10.52.230.105 with HTTP; Tue, 18 Feb 2014 08:58:56 -0800 (PST)
In-Reply-To: <E1BBA898-CC1E-47B5-878D-299099E71F25@entrust.com>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <04a001cf21cf$3a649190$af2db4b0$@digicert.com> <CAL9PXLyWFSfHz_230SkWLvr7sUROPv_k0rfKgmkMRRttk-EjGQ@mail.gmail.com> <52F2305C.5040107@comodo.com> <0b3f01cf228d$fef92e30$fceb8a90$@digicert.com> <CABrd9SR3+ByEMeXRpbMiwUatqNcoyjv=vHxgr1tdfE8p=oWH-g@mail.gmail.com> <E1BBA898-CC1E-47B5-878D-299099E71F25@entrust.com>
Date: Tue, 18 Feb 2014 16:58:56 +0000
Message-ID: <CABrd9SRDRzb+ZruoKbn4K5bE8bQY4k8=vi9yvj2HHtcJ97SHBQ@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Tim Moses <tim.moses@entrust.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/therightkey/X6RWYUtzGRjtDUx-SktHOeGgIeA
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Rob Stradling <rob.stradling@comodo.com>, "certificate-transparency@googlegroups.com" <certificate-transparency@googlegroups.com>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] [cabfpub] Thoughts on reducing SCT sizes (was Re: Updated Certificate Transparency + Extended Validation plan)
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 16:59:01 -0000
On 18 February 2014 15:37, Tim Moses <tim.moses@entrust.com> wrote: > Ben - Will Chrome deny EV status to a certificate with too few SCTs, or will it grant EV status as long as at least one of its SCTs is from a log that remains in the program? It will deny. > > All the best. Tim. > >> On Feb 18, 2014, at 10:30 AM, "Ben Laurie" <benl@google.com> wrote: >> >> Sorry for long delay. >> >>> On 5 February 2014 16:19, Jeremy Rowley <jeremy.rowley@digicert.com> wrote: >>> Table 1 of the plan document said both 3 SCTs and 4 SCTs for 27 months. >>> Until there is clarification on which is required, 3-4 is the best >>> representation of the requirement. I'm hoping Ben meant 15-27 months = 3 and >>> 27 = 4, but it's not clear from the document. >> >> Yes, that's exactly what I meant. >> >>> >>> Jeremy >>> >>> -----Original Message----- >>> From: public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] On >>> Behalf Of Rob Stradling >>> Sent: Wednesday, February 05, 2014 5:37 AM >>> To: certificate-transparency@googlegroups.com >>> Cc: therightkey@ietf.org; CABFPub >>> Subject: [cabfpub] Thoughts on reducing SCT sizes (was Re: Updated >>> Certificate Transparency + Extended Validation plan) >>> >>>> On Tue, Feb 4, 2014 at 12:33 PM, Jeremy Rowley wrote: >>>> Three or four proofs for a 27 month certificate is way too many. >>> <snip> >>>> Adding 400 bytes per certificate will make EV certificates unusable by >>> entities concerned with performance. >>> >>> The updated CT+EV plan requires three SCTs for a (maximum length) 27-month >>> EV certificate, not four. 400 bytes for three SCTs is about right though. >>> >>> Assuming RFC6962-compliant v1 SCTs that contain no SCT extensions and are >>> signed using ECDSA and a P-256 private key, then, including all of the ASN.1 >>> fluff for the SCT List certificate extension, I calculate that it'll be... >>> >>> 140 or 141 bytes to embed 1 SCT >>> >>> 261 to 263 bytes to embed 2 SCTs >>> >>> 380 to 383 bytes to embed 3 SCTs >>> >>> For (non-EV) validity periods between 27 and 39 months: >>> 499 to 503 bytes to embed 4 SCTs >>> >>>> On 04/02/14 17:52, Adam Langley wrote: >>>> <snip> >>>> We should make the SCTs as small as possible >>> >>> Agreed. Time for some back-of-an-envelope sums. For SCT v2, if we were to >>> pack in the data as tightly as possible I reckon we could cut it down to as >>> little as... >>> >>> 84 bytes to embed 1 SCT >>> >>> 159 bytes to embed 2 SCTs >>> >>> 231 bytes to embed 3 SCTs >>> >>> 303 bytes to embed 4 SCTs >>> >>> Here's how... >>> >>> 1. Use a shorter OID for the SCT List extension. Perhaps CABForum could >>> define 2.23.140.n (with n < 128). Save 6 bytes. >>> >>> 2. The first 2 bytes of the SignedCertificateTimestampList structure are its >>> total length. Since this can be calculated from the OCTET STRING length, >>> these 2 bytes could be omitted. Save 2 bytes. >>> >>> 3. Pack the SCT fields into as few bytes as possible for the common case, >>> whilst retaining options for future expansion. Save 37 bytes per SCT. >>> Replace... >>> (1 byte) Version sct_version; >>> (32 bytes) LogID id; >>> (8 bytes) uint64 timestamp; >>> (2+? bytes) CtExtensions extensions; >>> ...with... >>> (2 bits) sct_version (00=v1; 01=v2; 10,11=unassigned) >>> (2 bits) log_id_type (00=SHA-256(log_public_key); >>> 01=1-byte Registered Log ID; >>> 10=2-byte Registered Log ID; >>> 11=4-byte Registered Log ID) >>> (2 bits) timestamp_size (00=8-bytes; >>> 01=6-bytes; >>> 10=5-bytes; >>> 11=4-bytes) >>> (1 bit) extensions (0=CtExtensions is present; >>> 1=CtExtensions is absent) >>> (1 bit) signature_type (0=digitally-signed struct; >>> 1=raw Ed25519 signature) >>> For the common case: >>> (1 byte) Registered Log ID >>> (4 bytes) Timestamp (seconds, not milliseconds) >>> >>> 4. Use the Ed25519 signature scheme instead of ECDSA. ECDSA signatures >>> using a P-256 key seem to be 72 or 73 bytes, whereas Ed25519 signatures are >>> 64 bytes. Save 8 or 9 bytes per SCT. >>> Also, for Ed25519, omit the 2 bytes containing the hash algorithm and >>> signature algorithm from the "digitally-signed struct" header. Save 2 bytes >>> per SCT. >>> >>> -- >>> Rob Stradling >>> Senior Research & Development Scientist >>> COMODO - Creating Trust Online >>> _______________________________________________ >>> Public mailing list >>> Public@cabforum.org >>> https://cabforum.org/mailman/listinfo/public >>> >>> -- >>> You received this message because you are subscribed to the Google Groups "certificate-transparency" group. >>> To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsubscribe@googlegroups.com. >>> For more options, visit https://groups.google.com/groups/opt_out. >> >> _______________________________________________ >> therightkey mailing list >> therightkey@ietf.org >> https://www.ietf.org/mailman/listinfo/therightkey
- [therightkey] Updated Certificate Transparency + … Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] Updated Certificate Transparenc… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- [therightkey] Thoughts on reducing SCT sizes (was… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] EXTERNAL: Re: [cabfpub] Updated… Mehner, Carl
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Thoughts on reducing … Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Carl Wallace
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… michal.proszkiewicz
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] [cabfpub] Updated Certificate T… Chema López González
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… kirk_hall@trendmicro.com
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Tim Moses
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… i-barreira
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron