IETF Logo Mail Archive

Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)

Bas Westerbaan <bas@cloudflare.com> Thu, 17 March 2022 14:13 UTC

Return-Path: <bas@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03C6F3A083C for <tls@ietfa.amsl.com>; Thu, 17 Mar 2022 07:13:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.591
X-Spam-Level:
X-Spam-Status: No, score=0.591 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nwRfbsAr7hwg for <tls@ietfa.amsl.com>; Thu, 17 Mar 2022 07:13:25 -0700 (PDT)
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31B3C3A0859 for <tls@ietf.org>; Thu, 17 Mar 2022 07:13:24 -0700 (PDT)
Received: by mail-wm1-x32e.google.com with SMTP id 7-20020a05600c228700b00385fd860f49so3270736wmf.0 for <tls@ietf.org>; Thu, 17 Mar 2022 07:13:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=apg5rdo3eZR+Upt2Ror8QAGT0GmmlXdHA5mFzY+eVgw=; b=l4zuZwWbymVpmxDrDLi6w7Cw6NC+MLGcIkBdAGg1TKruiNPccAyuv5KvsNjmljR0Tq btOd81puy0EH3nWtYFeNLl4/V37J2CqF4GD8lXL8EVsMfo2jcDafkikiiKO56Ak0fmDS OWae8YSvPDlkLRtCQYAm1y0L75RaEchiBcIZg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=apg5rdo3eZR+Upt2Ror8QAGT0GmmlXdHA5mFzY+eVgw=; b=IoM/pv3xUejnHdGG1964NWTzqmEfZF1hOMyP/cEkXeo1V6NLZgMIYENqt/RcGjvzRP 6/3SxegO8tZtQjQ0BUhLyDxy0dKDOzgOlOIQ0Xn9wY3VJWEuDqiDmooS6cyH24KQiIs8 fb0F2dT98JOsDgIEcVIGl+bSlvOTWrRGAM/UcvSw0SRwPuIoi5g+WwPiKveKYYD1Izve mf8GOhtfrp/UeTvL4PyPHL3/Qks/HI7sngC1FxmRL01O7jKXxMpY75kPoZI5UFpApxJ4 X4+IhNGC0jND6kh+Yq70RHaqxItJqd0ZOKv0uUg1WTNsAKjcfRhYIZHnWCIMOoSb11wk TMJA==
X-Gm-Message-State: AOAM531zuD3ZqIeNZEqOx7TCB/K9xRX5HaYk2znNJHiDu2W4+kZ6oXb+ jYTSX5DtHCBooeAfUtylHVZnAcHxMFa2vg6dB2Tp30LFsqyqbg==
X-Google-Smtp-Source: ABdhPJxMdORDLpiJ9OUU0ju3IY/jWwG7MRMcFecuLd6DqHj/i3OSyS/GTlswoaaajFYY3jZdMbXhkBs2p/TKOZuXKqc=
X-Received: by 2002:a05:600c:1548:b0:389:cde3:35cc with SMTP id f8-20020a05600c154800b00389cde335ccmr11844143wmg.133.1647526401708; Thu, 17 Mar 2022 07:13:21 -0700 (PDT)
MIME-Version: 1.0
References: <83f923185c3741ccb668826f5b11b0c3@EX13D01ANC003.ant.amazon.com> <CAErg=HFamywTBGriKsVd4eB=yo46Mz2JcKnnjHY8s36f12qEFg@mail.gmail.com> <180543c01fdf439cbdfd8214ec75eb76@EX13D01ANC003.ant.amazon.com> <CAErg=HGufDVCKN+PqPQ80MoVobK0N7ocVjLoDaAyqq5+Bma6TQ@mail.gmail.com> <caa7508995694a56b5b5f632ed8bf49a@EX13D01ANC003.ant.amazon.com> <YhDRHwiTXI6T78+c@LK-Perkele-VII2.locald> <8fa949930e2041cb81c4d8b9e487bd4c@EX13D01ANC003.ant.amazon.com>
In-Reply-To: <8fa949930e2041cb81c4d8b9e487bd4c@EX13D01ANC003.ant.amazon.com>
From: Bas Westerbaan <bas@cloudflare.com>
Date: Thu, 17 Mar 2022 15:13:10 +0100
Message-ID: <CAMjbhoUfG5Nyd1t2t5v0KwB8KzmnTAd6tmgrbj8FCRgran0oTA@mail.gmail.com>
To: "Kampanakis, Panos" <kpanos=40amazon.com@dmarc.ietf.org>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/mixed; boundary="000000000000ef1dad05da6aa15d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/roEnn98D3b_B0ytj_xH8I5ZSx4c>
X-Mailman-Approved-At: Thu, 17 Mar 2022 10:07:28 -0700
Subject: Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 14:13:42 -0000

To get a sense for the size and possible issues with a list of
intermediates, I had a look at the intermediates in Certificate
Transparency. Let me stress that there are many caveats and I certainly do
not wish to suggest that this is the method to compile such a list of
intermediates.

Februari 20th, I downloaded all submissions from the CT logs
{nimbus,nessie,yeti,argon,xenon,oak}202[23], sabre and oak. Recall that
certificates are submitted to certificate transparency with a
certificate chain. Notably missing are skydiver and digicert CT1, which
have about 10m and 1m unexpired certificates each.

I found 43,280 unique intermediates. The vast majority are by browsers
untrusted intermediates used by Google for test submissions to check for
maximum-merge-delay (MMD) violations on CT logs.

For each non-MMD intermediate I recorded the latest expiring certificate,
the *example*, signed by the intermediate and submitted as such to the CT
logs, provided the certificate hasn't expired (Feb. 20th), is already valid
and has server authentication EKU.

That yields 910 intermediates.

By design CT logs are less strict about validation than browsers (the goal
is to record issuance — not check it.) Because of this expired/revoked
intermediates, there are certificates that are no longer valid with the
chain they were submitted with. Others would have never been accepted by
any browser to begin with.

For each example I verified the original chain (using the union of all
roots accepted by the CT logs.) If that didn't work, I tried to build a
chain using the other intermediates from CT which might not have popped up
earlier. Adding those and removing those that didn't work out, leaves us
with 902 intermediates.

Those account for 1,838,205,562 submissions, (here a certificate is counted
as many times as it has been submitted) although I did only check the
single example certificate

For 91,540 submissions (0.05%) I could not verify the example (for various
reasons.) For the majority of those the intermediate seemed valid, except
for 2,602 submissions.

I ignored policy constraints.

Please find details per certificate in the attached log. Hashes are sha256.

Best,

 Bas

v2.23.0 | Report a Bug | By Email