Re: [TLS] [therightkey] Fwd: Improving EV Certificate Security

"Ryan Sleevi" <ryan-ietf@sleevi.com> Thu, 26 September 2013 06:32 UTC

Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7560F11E8159; Wed, 25 Sep 2013 23:32:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o7YiCyX5mww0; Wed, 25 Sep 2013 23:31:58 -0700 (PDT)
Received: from homiemail-a55.g.dreamhost.com (mailbigip.dreamhost.com [208.97.132.5]) by ietfa.amsl.com (Postfix) with ESMTP id 8674621F9A16; Wed, 25 Sep 2013 23:31:58 -0700 (PDT)
Received: from homiemail-a55.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a55.g.dreamhost.com (Postfix) with ESMTP id 28FDA163B; Wed, 25 Sep 2013 23:31:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=message-id :in-reply-to:references:date:subject:from:to:cc:reply-to :mime-version:content-type:content-transfer-encoding; s= sleevi.com; bh=1s/06czCrsZTUnV6oko7w0C/A2o=; b=dDjzN1fOUa9UiMvIj 0sv1eSis+SM/lSS8Vqdtcx6ZHkAd3vA29YUVjqpXXOX/9RqFKJWPW7XmLKNF9Sl9 3a69g3IiF2QR/5WtLd735pxXdKOQCsx503BeJIgfq0uzrxA4RvgcitV4USoaj2yA Tc9gqIRKF61Jhq6GxktnOdc7tU=
Received: from webmail.dreamhost.com (caiajhbihbdd.dreamhost.com [208.97.187.133]) (Authenticated sender: ryan@sleevi.com) by homiemail-a55.g.dreamhost.com (Postfix) with ESMTPA id E35EF161E; Wed, 25 Sep 2013 23:31:57 -0700 (PDT)
Received: from 173.8.157.162 (proxying for 173.8.157.162) (SquirrelMail authenticated user ryan@sleevi.com) by webmail.dreamhost.com with HTTP; Wed, 25 Sep 2013 23:31:58 -0700
Message-ID: <b2fc60d9628717ed3806bd38c55cbdd3.squirrel@webmail.dreamhost.com>
In-Reply-To: <CAOe4UikiA6vLnZXCxyUdK=VXRUgKf6T5k--anEJiPvK59KWVzQ@mail.gmail.com>
References: <CABrd9STHiKL-ecavLCkw1jqGyLAUwEQb61yJWhZV9fFKbSR8vA@mail.gmail.com> <CABrd9STcVGiYb9QBrezFza=Lhpcc=Hwh4h03R4gomCYVp=zLUw@mail.gmail.com> <CAOe4UikiA6vLnZXCxyUdK=VXRUgKf6T5k--anEJiPvK59KWVzQ@mail.gmail.com>
Date: Wed, 25 Sep 2013 23:31:58 -0700
From: "Ryan Sleevi" <ryan-ietf@sleevi.com>
To: "Joseph Bonneau" <jbonneau@gmail.com>
User-Agent: SquirrelMail/1.4.21
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Wed, 02 Oct 2013 08:21:22 -0700
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] [therightkey] Fwd: Improving EV Certificate Security
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ryan-ietf@sleevi.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2013 06:32:03 -0000

On Wed, September 25, 2013 10:15 pm, Joseph Bonneau wrote:
>  I'd like some elaboration on the plan for step 6, creating a whitelist of
>  valid EV certificates without an SCT. How is this going to be achieved?
>  Also, if we could do this, why not do it for all certificates and
>  bootstrap
>  CT that way? Are the parameters of EV special for this (fewer certs,
>  better
>  records, etc.)?

Fewer certs, by many orders of magnitude, such that whitelisting is a
reasonable approach.

>
>  An alternate approach to a whitelist is to require SCTs for certs with a
>  "not before" validity period after time T (presumably this requirement
>  kicksn in around time T). With a stolen/compromised EV CA key you could
>  still issue a fraudulent cert and backdate it, so you'd have to more
>  strictly enforce the limits on validity periods for EV certs which I
>  believe are 27 months in the CA/Browser forum guidelines and 39 months in
>  the EV code-signing cert proposal. Of course this isn't attractive in that
>  it means years before you really have protection against fraudulent EV
>  certs. Has this approach been considered?
>
>  Joe

As you note, with a stolen/compromised EV CA key, you can still backdate
certs. The whitelist approach balances the tradeoffs and brings the delta
for practical checking on the client side down to a reasonable value and
with acceptable (and negligible) performance overheads, which decrease
over time.