Re: [Trans] Section 4.2 follow-up
Eran Messeri <eranm@google.com> Thu, 14 December 2017 10:27 UTC
Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDD401267BB for <trans@ietfa.amsl.com>; Thu, 14 Dec 2017 02:27:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dw1JLNwBochM for <trans@ietfa.amsl.com>; Thu, 14 Dec 2017 02:27:20 -0800 (PST)
Received: from mail-it0-x235.google.com (mail-it0-x235.google.com [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 816EF124217 for <trans@ietf.org>; Thu, 14 Dec 2017 02:27:20 -0800 (PST)
Received: by mail-it0-x235.google.com with SMTP id d137so9976172itc.2 for <trans@ietf.org>; Thu, 14 Dec 2017 02:27:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=cQENcBxDj78lKprRabsGH97zwaxqf1b/XFStN2Cq7Kk=; b=nzhCjZdJkl/ezontjbAS+4YJqaspwOsZfD/1t/MqQI7bsH++7RrzdzWe700Zs8DiQf XXbv++YwYzLbVqSDbWzlPW6QdF9Tw/CEeU1MuwuK8kxEVknSs8nGs+Z//iWsYwf6Flyh O8aDuPRb2N1Xd+xvT6edkoCX3HtVe1Eg889qGDIBP+fUiXj77QZYb/kROK0iEX8KqKHf qZ1p9Dk5gCVN0rEmfTdaHApRExgDTXRd0T7tmTWdOqevst2/cqzphcL7uo6LwsZ2X46j fb/fFZwOdP0EMrsHiHltoiXcIb7ptbuGzn7wC9ibl2UsyAspz/jU0CdR7ksCuU3U7PIA obIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=cQENcBxDj78lKprRabsGH97zwaxqf1b/XFStN2Cq7Kk=; b=hFw0iQ0uoLo15A1Hya82VyfKCPqkf01uGFgWaLfjZWpptbGdFVB2n5vy4XjCZTD+wM fwNHpfL+whS+4zWs84VyUO7Smgb7BGufMfeNpRirs+KHIHQN0tpIjCrC6+5EOoOh3IMj fLu33MJOoBPFYGXuUyslHVMwc+Zw9+0k92WpJ/C8UkbKgxLjfVVclvIdw/pKCgP5nFCJ jNSZDLGkbSAzjGSAJtZyN4uLkcPX/L8auVboMggRMRHM8QVU8c+faUMcdcAj473b9BTn ILi82VGekgGWpKR/SCQYlio1Jen4cKeFBFgFqTWB/izi/lRHXa2/x9QIlmT5lykMW4nr X/fQ==
X-Gm-Message-State: AKGB3mK2+zbPeAqSIr9qQV25Aet6r4+fqP6bje08/Rzt7xh3GlFCMb27 4Jpe80Vh81Zd+04EBVM5+dP28h1GVhaakWSkY0n9Xw==
X-Google-Smtp-Source: ACJfBovJdL42i37fY85ucx3kNI15s0myAlM+bUErz/8A97A/eZlK5c6gah/tigoRdVQDO8rbFF7wGzN2g+MDpeczSw0=
X-Received: by 10.36.39.8 with SMTP id g8mr2993801ita.42.1513247239277; Thu, 14 Dec 2017 02:27:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.222.3 with HTTP; Thu, 14 Dec 2017 02:26:48 -0800 (PST)
In-Reply-To: <CABcZeBNafvFdEA6ZEotad1VWUb9a0PLf8-etw1wR-ppnxB7Gww@mail.gmail.com>
References: <CALzYgEcnUe=0=vE9sw4Ee0H_94w6mv5F2=T-1rtK51WHHeqUbg@mail.gmail.com> <CACM=_OcS2zvQ1O_-YqiNFOg9PYn=jATp6dMmp6qS-maQMtoOOQ@mail.gmail.com> <f284f289-0468-5b2f-f073-2b3022158ea0@comodo.com> <CABcZeBNafvFdEA6ZEotad1VWUb9a0PLf8-etw1wR-ppnxB7Gww@mail.gmail.com>
From: Eran Messeri <eranm@google.com>
Date: Thu, 14 Dec 2017 10:26:48 +0000
Message-ID: <CALzYgEd7TzMNa=+FkTMDapET9Bsu3vn3QPxLQTje9qF=CUxk1w@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Rob Stradling <rob.stradling@comodo.com>, Al Cutter <al@google.com>, Trans <trans@ietf.org>
Content-Type: multipart/alternative; boundary="001a1147c5ac28449c05604a544e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/3-oxmcPTJQYGS5_wUqAa_3z7R3A>
Subject: Re: [Trans] Section 4.2 follow-up
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2017 10:27:24 -0000
To follow up on some of the points raised in the issue: Examples of chains that are allowed under the current text: * RFC5280-compliant leaf -> intermediate -> trust anchor. * RFC5280-compliant leaf -> intermediate -> TA, where the leaf or one of the intermediate are revoked or not temporally valid (I don't know of any logs that do revocation checking currently). * Non RFC5280-compliant leaf (for example, BER-encoded instead of DER encoded) -> intermediate -> TA. * leaf -> intermediate1 -> intermediate2 without the trust anchor (however when the log stores and serves the chain it must serve the trust anchor used to accept the submission). Examples of chains that are not allowed: (1) Incomplete chain: leaf -> intermediate1 , missing intermediate2 -> trust anchor. (2) leaf -> intermediate -> trust anchor _not trusted by the log_. (3) leaf -> intermediate -> trust anchor, where the signatures either by the intermediate or the TA do not validate. In PR289 <https://github.com/google/certificate-transparency-rfcs/pull/289>, the suggestion was to change the MUST restricting chains (2), (3) from being admitted at all, to a SHOULD, so such chains may be admitted under some circumstances (that is, AFAIUI, the meaning of SHOULD in RFC2119). The arguments were: * Chrome CT policy requires CT logs to be RFC compliant. * A bug in a CT log implementation could lead to accepting a submission that doesn't chain to a trust anchor accepted by the root. * Such a bug would make the CT log non RFC-compliant, and so subject to removal from the set of logs trusted by Chrome. I do not think this is a strong argument in favour of these changes because: * The Chrome CT policy can be changed to accommodate some deviations from the standard (Chrome's policy is dynamic and may change at any time). * There have been cases where a log incorrectly accepted chains that do not terminate in an accepted TA (Rob Stradling has found at least one). In those cases the log was not disqualified from Chrome. * Most importantly, it further burdens monitors and log clients - which will have to investigate, and be able to cope with, corrupted chains. There are already quite a few certificates in 6962 logs that require particularly lax parsers and some CT log clients already resort to their own fork of DER parsers / X.509 decoders. I think perpetuating this situation in unhealthy in the long term. * These MUST statements are there to guide implementation - to make it clear that no 6962-bis implementation should admit submissions unless it can check their validity. While I can appreciate that the narrow view of a log operator would favour as few restrictions on the log as possible, relaxing the requirement that each chain is signed correctly and terminates at an accepted TA does not make sense for the overall protocol. The CT protocol is already biased towards ease of log implementation and I don't see a reason to tip the balance further towards log implementation (given it has already been demonstrated in the workgroup that finding feasible, privacy-preserving methods to audit logs or get stronger security guarantees from them is hard). Eran On Wed, Nov 22, 2017 at 4:58 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > > On Wed, Nov 22, 2017 at 3:55 AM, Rob Stradling <rob.stradling@comodo.com> > wrote: > >> On 21/11/17 19:33, Al Cutter wrote: >> >>> >>> >>> On Tue, Nov 21, 2017 at 7:20 PM, Eran Messeri <eranm@google.com <mailto: >>> eranm@google.com>> wrote: >>> >>> [shortening subject] >>> >>> Two MUSTs are being discussed: >>> (1) "the log MUST NOT accept any submission until it has verified >>> ..." >>> >>> >>> Actually it's just this one, I think the one below was included possibly >>> by mistake (I mentioned to that to Rob when I spotted it on the PR). >>> >> >> Yeah, I misunderstood which MUSTs (in section 4.2) EKR (and Al) thought >> should be SHOULDs. >> >> I've updated the PR. This discussion is now only about whether or not >> that first "MUST NOT" should be changed to "SHOULD NOT". >> >> From the discussion on the PR, it seems that: >> - Eran and Andrew strongly prefer "MUST NOT". >> - EKR wrote "this is a WG decision" and so I presume he'll accept >> either "MUST NOT" or "SHOULD NOT". >> > > I'll accept MUST NOT as long as the MUST NOT is unambiguous. I thought it > was but the discussion in the PR suggests that it's not because we don't > know what the lax validation exception covers. As long as you have clarity > on that point then SHOULD NOT/MUST NOT is totally up to the WG. > > -Ekr > > > > > >> - Al is the sole proponent of changing it to "SHOULD NOT". >> >> Al, can you live with "MUST NOT"? >> >> -- >> Rob Stradling >> Senior Research & Development Scientist >> COMODO - Creating Trust Online >> >> >> _______________________________________________ >> Trans mailing list >> Trans@ietf.org >> https://www.ietf.org/mailman/listinfo/trans >> > >
- [Trans] Section 4.2 follow-up Eran Messeri
- Re: [Trans] Section 4.2 follow-up Al Cutter
- Re: [Trans] Section 4.2 follow-up Rob Stradling
- Re: [Trans] Section 4.2 follow-up Eric Rescorla
- Re: [Trans] Section 4.2 follow-up Eran Messeri
- Re: [Trans] Section 4.2 follow-up Eric Rescorla