IETF Logo Mail Archive

Re: [TLS] draft-rescorla-tls-subcerts-01

Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 24 April 2017 16:33 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1345B131832 for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 09:33:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3KxfJOJTeWSJ for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 09:33:02 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id 8AEE513182D for <tls@ietf.org>; Mon, 24 Apr 2017 09:33:02 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 3782A25EAB; Mon, 24 Apr 2017 19:33:01 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id cy2Lrs1qi0Bu; Mon, 24 Apr 2017 19:33:00 +0300 (EEST)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id D11362313; Mon, 24 Apr 2017 19:33:00 +0300 (EEST)
Date: Mon, 24 Apr 2017 19:32:59 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Message-ID: <20170424163258.GB18783@LK-Perkele-V2.elisa-laajakaista.fi>
References: <bea3cb60-fdfc-950f-f628-90eb87ed42ef@gmx.net> <20170421104857.GA20822@LK-Perkele-V2.elisa-laajakaista.fi> <c2a45dce-4c58-295f-3e16-335a424bc4c5@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <c2a45dce-4c58-295f-3e16-335a424bc4c5@gmx.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0C6OuoQxnnDn7XLUsvf4l_kUZDk>
Subject: Re: [TLS] draft-rescorla-tls-subcerts-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2017 16:33:05 -0000

On Mon, Apr 24, 2017 at 05:39:39PM +0200, Hannes Tschofenig wrote:
> Hi Ilari,
> 
> thanks for your response. A few remarks inline:
> 
> On 04/21/2017 12:48 PM, Ilari Liusvaara wrote:
> > On Fri, Apr 21, 2017 at 10:37:21AM +0200, Hannes Tschofenig wrote:
> >> I read through draft-rescorla-tls-subcerts-01 and I ran into some basic
> >> questions.
> >>
> >> I have been wondering why the TLS server operator obtains an end-entity
> >> certificate from a CA (which cannot be used to sign further
> >> certificates) instead of running an intermediate CA him-/herself
> >> instead. This would work without requiring any changes to the client
> >> side. The proposed solution, although technically feasible, will
> >> unfortunately take a long time to deploy since it requires cooperation
> >> from clients, servers, and also from CAs.
> > 
> > There is enormous amount of red tape obtaining intermediates, even
> > technically constrained ones. And as consequence, it is enormously
> > expensive (through not nearly as expensive as public CA).
> 
> In essence you are doing this through the extension as well just using a
> different format.
> 
> > 
> > Defining new extensions is much more deployable, as slow as it is
> > (AFAICT, no BR changes needed).
> 
> I hope that this is true since otherwise you have just traded one
> problem against the other one.

AFAICT, CAs can add arbitrary extensions if (logically sufficient but
not necressary):

- CA is "aware" of "a reason" to include it, and
- Extension has meaning on "public Internet", and
- Extension does not mislead w.r.t. CA validation performed

(CABForum Baseline Requirements, version 1.4.4, section 7.1.2.4).

For this, AFAICT:
- CSR requesting it or other kind of request is "a reason" to include
  it.
- Defined in RFCs for public use imples meaning on "public Internet".
- This extension does not affect CA validation.


Of course:
- Fixed process delay on CABForum for technical changes to BRs is
  ~7 weeks (1 week of discussion + 1 week of voting + ~4.3 weeks of
  IPR review + few days of misc. other). That's much faster than the
  time CAs take to actually offer this (if ever!).
- Nobody changes the extension rules in nasty ways for reasons I can't
  fathom of.

> >> What is also not clear to my why some of the certificate management
> >> protocols, which provide the necessary level of automation, cannot be
> >> used with CAs to request short-lived certificates.
> > 
> > AFAIK, that would cause issues with CT and OCSP signing.
> > 
> > The latter would be fixable by reintroducing CABForum ballot 153 and
> > passing it (the reasons 153 failed were obviously political instead of
> > technical).
> Isn't this something ACME was trying to solve as well?

ACME can perform fast rolling of certificates. What it can't deal with
is any possible downsides to actually doing that in real world.


-Ilari

v2.23.0 | Report a Bug | By Email