IETF Logo Mail Archive

Re: [TLS] Merkle Tree Certificates

Watson Ladd <watsonbladd@gmail.com> Tue, 14 March 2023 17:47 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6392C15152F for <tls@ietfa.amsl.com>; Tue, 14 Mar 2023 10:47:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KBgcvdFXNZOq for <tls@ietfa.amsl.com>; Tue, 14 Mar 2023 10:47:28 -0700 (PDT)
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DBA7C14CE52 for <tls@ietf.org>; Tue, 14 Mar 2023 10:47:28 -0700 (PDT)
Received: by mail-pf1-x42e.google.com with SMTP id c4so10267192pfl.0 for <tls@ietf.org>; Tue, 14 Mar 2023 10:47:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678816048; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HYWbCgPtQFzvYVT4Qmo3luaLI2q0SBvVrIIT/ev4uTc=; b=YGETnu46IMrbYKNitIWtBlHQPRV/zjDsx9DqvdIsCYb00MrzpxCqCW3N9HPZoqWrvL 08Q9Pk9ArRb/b0gXlAHaqV4sB1fhhNayWffgVxiffIAKdJ6nt8X4sMwQL1luuPbQ5dbc EVpEqsCOW2dPN6jv/5RiDzPyWy/uRHfrW3LtcEeBIoWKMhNRFlh3Y5Z6yK2MoZm9M3Vz Km6ucwMEVfAuaWyzhb5noL8rICacTr6Ln0j8S6lfLsUiAa3S/qqMFl8mNETeFtoZQ3xQ 1VY2yoILCADKUxyW/qhlTsGOBF2g9T8ZWWl4SAI6+J9EhoSdy0LiFkxOVpTDNeg1WL3/ 0o1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678816048; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HYWbCgPtQFzvYVT4Qmo3luaLI2q0SBvVrIIT/ev4uTc=; b=t3DLUOxN9GzQiIcDGB4urlzbGz0xhL+M6/r46BO4uRim4KsjaUvMI2NzbmTlqecviP f0a23NXZQE6QutrRpqIol91U6DBnkJpLJ0gsLbCxqIHuNsXcYShppHpJUKEKXfjyIwuq nFB2XINGjxSf6xa6jCIuQBiFboaJeTB7Dod028GnbEncjCf+F2eNTe5YpPaUZPXwiBHU zx77GtsQ7vAX1uIpVY7RjXittI5JPcnO68dgERcwKGnz83tDg/3GHEFqryELYX7wFHUv WRq0X04zg881W2cZt4Evcye0jNSju2+6cbBOltj4srXCeD14XfKu8YO7FiUG0nNGwbn8 IGtQ==
X-Gm-Message-State: AO0yUKWuV7+b7DgvqEw+w97HNSSJObTbhmVCpNQ2ZyRkNhmOWn6Fdxjf y0X2S7++/qLm3iK8nez3x+k+4ojj22NWvC7C/SM=
X-Google-Smtp-Source: AK7set+wjfivXzOrDkSzqxPxTJjQ7WFqbCOBETuwbaSFg0umK7gXd4RsQZUm2y4SqAJkN39x5L6fB5SAYm626Q+3/ao=
X-Received: by 2002:a62:1b14:0:b0:622:aa8e:f659 with SMTP id b20-20020a621b14000000b00622aa8ef659mr3520708pfb.2.1678816047739; Tue, 14 Mar 2023 10:47:27 -0700 (PDT)
MIME-Version: 1.0
References: <167848430887.5487.1347334366320377305@ietfa.amsl.com> <CAF8qwaD9x5v1uU6mLtnUAGMnBW881ZE0ymK8rsQzrV2hfj7yHA@mail.gmail.com>
In-Reply-To: <CAF8qwaD9x5v1uU6mLtnUAGMnBW881ZE0ymK8rsQzrV2hfj7yHA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 14 Mar 2023 10:47:16 -0700
Message-ID: <CACsn0c=o03sVZ-n9j6T=qJXwUPdeeFwVWci78vbvoSrEq_Bt9g@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Cc: "<tls@ietf.org>" <tls@ietf.org>, Devon O'Brien <asymmetric@google.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/16E85tX_Ux4lhoSRGRSSR0s_dIQ>
Subject: Re: [TLS] Merkle Tree Certificates
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2023 17:47:28 -0000

Come embrace the temptations of the Sea-SIDH!

Intermediate certs are rarely used, so that would achieve 204 byte sig
on intermediate+ 64 byte intermediate key + 204 byte  sig of EE cert
since the signing time doesn't matter. Then with SCT and OCSP, it's
204 bytes each.

As for the actual proposal, I like the idea of per-protocol subjects.
I am worried about the way this makes the PKI a more distributed
system, in the Lamportian sense. A certificate being used successfully
depends now on the transparency service propagating the batch from the
CA and the CA creating the batch, and the user-agent, not the site,
determines what transparency service is used. This makes it much more
difficult for sites to be sure their certificates will actually work.

Sincerely,
Watson Ladd

--
Astra mortemque praestare gradatim

v2.23.0 | Report a Bug | By Email