Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Russ Housley <housley@vigilsec.com> Thu, 21 May 2020 14:51 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DABEB3A0997 for <tls@ietfa.amsl.com>; Thu, 21 May 2020 07:51:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a2OrX9-XZ6qU for <tls@ietfa.amsl.com>; Thu, 21 May 2020 07:51:54 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 522543A09D3 for <tls@ietf.org>; Thu, 21 May 2020 07:51:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A9779300B65 for <tls@ietf.org>; Thu, 21 May 2020 10:51:51 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id GWEysYhBU_3w for <tls@ietf.org>; Thu, 21 May 2020 10:51:49 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id C7A37300A91; Thu, 21 May 2020 10:51:48 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <24269E65-2CCD-42D7-AACF-85A1D5141CA0@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5F83E906-C2A3-4157-B38A-A04004202FFC"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
Date: Thu, 21 May 2020 10:51:50 -0400
In-Reply-To: <CAErg=HFNMz+JEna8FP6agD_XRuW1u7xavGCByupMJ5A9iDvqaA@mail.gmail.com>
Cc: IETF TLS <tls@ietf.org>
To: Ryan Sleevi <ryan-ietftls@sleevi.com>
References: <CAOgPGoDqtCmkBZYoGT5BaMJN8wgSBFKR00VSUXB9Qu8rDT3S_g@mail.gmail.com> <47A87699-B13C-480B-9C51-2386F1C69D74@vigilsec.com> <CAErg=HFNMz+JEna8FP6agD_XRuW1u7xavGCByupMJ5A9iDvqaA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ds9hfDRDWh3_1m8vRnaTtcfXQ5c>
Subject: Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2020 14:51:57 -0000


> On May 21, 2020, at 10:12 AM, Ryan Sleevi <ryan-ietftls@sleevi.com> wrote:
> 
> 
> On Wed, May 20, 2020 at 6:40 PM Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
> MINOR
> 
> Section 1 also says:
> 
>    Because the above problems do not relate to the CA's inherent
>    function of validating possession of names, ....
> 
> The CA is responsible for confirming that the public key in the
> certificate corresponds to a private key that can be used by the
> certificate subject.  This is usually done by a proof of possession
> mechanism.  So, I think that the start of this sentence should be
> reworded to avoid the impression that the CA only validates the
> name.
> 
> The existing framing is correct. The most widely used Internet PKI, the Web PKI, intentionally doesn’t not require a proof of possession mechanism. It is not used as an authentication mechanism (i.e. a binding of a key to an identity) but an authorization mechanism (i.e. a binding of an authorized set of identities to a key).
> 
> The “CA only validates the name” is not just an impression, it’s the widespread running code. Due to how TLS certificates are used (online protocol negotiation, without non-repudiation support), there’s no risk opened nor any necessity to do a strong proof of possession binding, even in cases of strong identity binding.

The CSR is signed with the key to be certified.  That is proof of possession.

> 
> QUESTION
> 
> While I have no objection to the DelegationUsage extension,
> I wonder is an extended key usage would provide the same
> confidence in the certificate.
> 
> In practice, no. As things currently are, it would unfortunately undermine the confidence, although this an entirely fair and reasonable question.
> 
> As a recap (and more for those without the same context you have) the way 5280 and it’s predecessors were designed, the Certificate Policies extension is the primary means of expressing or indicating compliance to a particular policy. If a relying party explicitly attempts to validate a certificate, for a RP-determined Certificate Policy, then they can know whether or not that certificate complied with their expectations for issuance and management. This is all defined within 5280, albeit quite complex, and involves processing rules for both leaves and intermediates, as well as the ability to map between different policies (via policyMappings), such that an RP expecting policy A can validate a certificate bearing only policy B, provided some trusted party in the certification path asserted that B was equal-or-equivalent-to A
> 
> Additionally, certificates have the extendedKeyUsage, which is most commonly used to restrict the protocol or protocols a given certificate can be used for. In RFC 5280 and friends, this restriction only applies to lead certificates. However, from the very earliest days of PKIX, the two main implementations (Microsoft and Netscape) diverged from this, in unspecified ways that ultimately PKIX declined to incorporate, to allow EKUs to be used on intermediates to restrict the protocols that certificates can be issued for. If a leaf EKU is not a subset of its issuing chain, then that EKU is not permitted; much like policy OIDs.
> 
> This divergence, which has existed since the very earliest days of TLS, resulted in a different approach to managing policy than the idealized goal of PKIX. Rather than having every relying party application provide an initial policy, such as a policy OID assigned by the root store vendor (typically the OS/browser vendor), to indicate compliance with the root store’s policy, and using policy mappings for that, implementations simply used the EKU as a joint indicator for “uses protocol X and complies with the issuance policies for protocol X, as defined by the root store vendor”.
> 
> This whole long preamble builds to our present day. In wide practice, and even for those root stores/OSes/applications that do not implement EKU chaining in the fashion mentioned above, the mere presence of an EKU is the indicator for compliance with a set of policies, and altering EKUs, like altering policy OIDs, requires issuing new intermediates permitted for that EKU.
> 
> If DC certificates only bore a DC EKU, they would, in effect, be exempt from all of the certificate policies widely practiced for the issuance of TLS certificates, which would reduce the confidence in the certificate. They would also typically require the CA to issue new intermediate certificates prior to being able to issue such certificates that were accepted. For applications, the certificate validation libraries apply local policy to certificates based on their EKU via technical measures, to ensure they match the expected issuance policy, such as checking for certificate transparency information or limiting the maximum validity period the application will accept.
> 
> Recall that the design of DC is also possible via simply nameConstrained subCAs, but part of the reason for DC is that it does not require or reduces dependencies on external PKIs in order to satisfy local protocol needs. The same argument applies here against EKU: to use EKU would place ongoing dependencies back on those external PKI, be incompatible with how those PKIs are typically administered, and would cause significant challenges for applications implementing on common libraries (such as those provided by their OS).
> 
> It’s far from perfect, but the current state of the art is this approach. If something is meant to be “like” TLS, at minimum, it needs to contain the TLS EKU, so it is subjected to the TLS policies and usable with TLS validation stacks. Extensions, with or without the critical bit set, serve as the way to distinguish whether and how it should be usable with TLS and the “something like TLS” protocol.
> 
> An EKU certainly could be pursued, and it’s by no means an unreasonable question, but in order to provide the same confidence as currently specified, existing root store policies would need to be rewritten and redefined to include that EKU in scope of their “subject to TLS”, as would their software and validation libraries similarly be updated to process that.

I am aware of the "fight" about EKU chaining.  I have a view, but I did not really want to drag subcerts into that controversy.

I guess I ask the authors to add a paragraph to the rationale section that says something about why this extension was used instead of an extended key usage.

Russ