IETF Logo Mail Archive

Re: [Trans] [trans] #79 (rfc6962-bis): Precertificate signaturemustbe over something other than just the TBSCertificate

Rob Stradling <rob.stradling@comodo.com> Fri, 12 June 2015 15:45 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 211AC1A0338 for <trans@ietfa.amsl.com>; Fri, 12 Jun 2015 08:45:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RG-AmkualIXp for <trans@ietfa.amsl.com>; Fri, 12 Jun 2015 08:45:33 -0700 (PDT)
Received: from mmextmx1.mcr.colo.comodoca.net (mmextmx1.mcr.colo.comodoca.net [IPv6:2a02:1788:402:c00::c0a8:9cd5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08A4B1A1A7F for <trans@ietf.org>; Fri, 12 Jun 2015 08:45:10 -0700 (PDT)
Received: (qmail 19044 invoked by uid 1004); 12 Jun 2015 15:45:07 -0000
Received: from ian.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.202) by mmextmx1.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Fri, 12 Jun 2015 16:45:07 +0100
Received: (qmail 29596 invoked by uid 1000); 12 Jun 2015 15:45:07 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Fri, 12 Jun 2015 16:45:07 +0100
Message-ID: <557AFE82.9000405@comodo.com>
Date: Fri, 12 Jun 2015 16:45:06 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Erwann Abalea <eabalea@gmail.com>, Ben Laurie <benl@google.com>
References: <064.abd6b6595a6018105f8527089cb573db@tools.ietf.org><079.727c660183267c66b37706330f6dc562@tools.ietf.org><557A00A9.5010906@bbn.com><557ADF0D.4060801@comodo.com> <CA+i=0E4dfmR9xf046T1MPePwi=b9n_qjYgv3MtwkGU=U7oO0jQ@mail.gmail.com>
In-Reply-To: <CA+i=0E4dfmR9xf046T1MPePwi=b9n_qjYgv3MtwkGU=U7oO0jQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/1VpvaxicotMbE_pmfr23QYaF4s8>
Cc: "trans@ietf.org" <trans@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [Trans] [trans] #79 (rfc6962-bis): Precertificate signaturemustbe over something other than just the TBSCertificate
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2015 15:45:41 -0000

On 12/06/15 16:27, Erwann Abalea wrote:
<snip>
> If the eContentType is set to id-data, the CMS producer can omit the
> SignedAttributes, the signature is performed over the eContent (which
> contains the TBSCertificate), and the resulting signed precertificate
> can be manipulated to become a valid certificate:
>    - take the TBSCertificate and the signature from the CMS/precertificate,
>    - build a SEQUENCE containing the TBSCertificate, a properly
> formatted SignatureAlgorithm, and the signature (reencode it from OCTET
> STRING to BIT STRING)
>    - you have a valid certificate

Indeed.

> To avoid this, just make sure that the TBD in the current rfc6962-bis is
> NOT id-data. Or require the presence of the SignedAttributes.

Ben, do you want to allocate an OID from the Google arc for this?

<snip>
>                After discussion with Rob, core point is that the CMS
>             signature is
>             not an X509 signature.
>
>                Fixed at https://github.com/google/certificate-transparency-
>                rfcs/commit/546e6e9451186e96ddd7b54ca02f17c8d86f951e.
>
> This commit has nothing to do with the ticket ;)

It was a series of several commits.  That was the final one.

Click the link just to the right of "1 parent".  Then do the same again, 
and you should arrive at...
https://github.com/google/certificate-transparency-rfcs/commit/c62061213c5085cf4d0f266dc8aa2c803bcf4c8f

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.

v2.23.0 | Report a Bug | By Email