IETF Logo Mail Archive

Re: [Trans] Cross-certificates and log servers

Eran Messeri <eranm@google.com> Wed, 02 July 2014 10:33 UTC

Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1386C1B28F4 for <trans@ietfa.amsl.com>; Wed, 2 Jul 2014 03:33:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vfVXX-_0b39u for <trans@ietfa.amsl.com>; Wed, 2 Jul 2014 03:33:19 -0700 (PDT)
Received: from mail-oa0-x236.google.com (mail-oa0-x236.google.com [IPv6:2607:f8b0:4003:c02::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CDA91B28F0 for <trans@ietf.org>; Wed, 2 Jul 2014 03:33:19 -0700 (PDT)
Received: by mail-oa0-f54.google.com with SMTP id eb12so11967222oac.13 for <trans@ietf.org>; Wed, 02 Jul 2014 03:33:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ZX1dezI195iawH1XTAcI4fHP8eGrg2UeaOImX4DHpo4=; b=DNKaJInlDdXuLQB7bLgsMGbI9LGWknqs4V3igva5eDPuxz0ne7TEVxJmOgovFnZXN2 Ppmt5VtieC5yESLK4WqOhVplfQ4sL9uW31r2M2nlN30RCCfEqJLuNgLwQ9pQaNAm24Px /7dwwStHWqI4x8HeCvyJiigTm/PgeOgeWya17PsuFVhxn3GxM6GtTDzMiM94jAwgYWrK sYHGmZCJwsFfodmTcWGDO9ZVgSluirLwqbfBmwi71aCzsiBdqlX51JF2HuVB4+PvncIj 9QW5HSTv9qfWXyhEd/oILbRU/B170ZE01aCjmstnusrrvGBvs00d/Fz0kLTcAqmcWGVe /S6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ZX1dezI195iawH1XTAcI4fHP8eGrg2UeaOImX4DHpo4=; b=aWkue1mPuOUNUFcv8PjGruMVSz6tlxqrHQRzaB6mlzaYab0E4C8s27lYPaW3SC2LqP QswwVYaxMovKagrkPKvCNIRwX8X7kHh260Gf2n4p+uSL4GvSyDh8s9tg9HJI+wCkRNhq Ijo2266zaT4jrM4v+oVjqQMYKbNsgg/Ldlyl5P1SKPc5orjc8oRGY1Z9VFcawO8Q4OAe cAODyAjuVYAV3mNINyyssiCcXdHBBQW/2JrugNx9Rmy+XIlP5wtwGo0J3R7g2iBCq6Oc sfRAW6Gn73AHv5BLGWkTewqAiMRimTriy6Hdy2CfxJolDVPGQFrRkAm++f2QvkZXxEb/ XxdA==
X-Gm-Message-State: ALoCoQnby+t24NInAgLHAqECCoGONTYL0McYcyt+dCIwvWHivd9/w0+t+dAItPifOdk+umvGJWva
MIME-Version: 1.0
X-Received: by 10.60.46.229 with SMTP id y5mr57506126oem.7.1404297198850; Wed, 02 Jul 2014 03:33:18 -0700 (PDT)
Received: by 10.182.33.200 with HTTP; Wed, 2 Jul 2014 03:33:18 -0700 (PDT)
In-Reply-To: <544B0DD62A64C1448B2DA253C011414607CCD4149A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
References: <544B0DD62A64C1448B2DA253C011414607CCD4149A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
Date: Wed, 02 Jul 2014 11:33:18 +0100
Message-ID: <CALzYgEcgRzm=KHvGLGCz0UzU+g5oEShSvjRiFm1q564Cgo+tnw@mail.gmail.com>
From: Eran Messeri <eranm@google.com>
To: Rick Andrews <Rick_Andrews@symantec.com>
Content-Type: multipart/alternative; boundary="089e0153745ab26aa804fd336b2c"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/3VQnCT7cNeSi6Y02aYJSmREi1vU
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Cross-certificates and log servers
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jul 2014 10:33:22 -0000

On Tue, Jul 1, 2014 at 11:45 PM, Rick Andrews <Rick_Andrews@symantec.com>
wrote:

>  Symantec (and I suspect other CAs) would like more information about
> what roots will be configured into log servers.
>
> Root Certificates:
> The current spec includes a call to Retrieve Accepted Root Certificates.
> Should we infer from that that the list might change over time? We expect
> new roots would be added, but would roots ever get removed? For example,
> browser vendors are in the process of removing 1024-bit roots from their
> trust stores, and in the next few years we expect that SHA-1 roots might be
> removed too. Would log server operators also phase out such roots?
>
The purpose behind requiring that submitted certificates chain to a set of
 accepted root certificates is to avoid the log being flooded with
uninteresting certificates (e.g. self-signed certificates). To that purpose
I do not think it matters if  obsolete roots are removed because the log
should not get submissions chaining to these roots.

>
> Once there are more than three log servers, we expect to decide up front
> which log servers we will contact for SCTs. We do not expect to dynamically
> query each log server to confirm that it still trusts our root, just before
> attempting to log a certificate. Is that a valid assumption?
>
Yes - How a log operator changes the set of roots its log accepts is not
specified in the RFC, but I expect log operators would communicate such
changes beforehand.

>
> It would be preferable for the log server operator to publish a list of
> roots and commit to supporting those roots until the CA informs the
> operator that the root is no longer in active use, and all certificates
> chained to that root have expired.
>


>
> Cross-Certificates:
> We have been providing cross-certificates to customers to deploy so that
> their certificate could chain up to a 1024-bit root (for use in older
> browsers without our 2048-bit roots). If the cross-certificate is ignored,
> the end-entity cert chains up to one of our 2048-bit roots. We expect to
> continue using cross-certificates until we determine that their use is no
> longer required. We’d like to be sure that the use of cross-certificates
> will not cause any problems for log servers. For example, take the case
> where we log a certificate we’re about to issue (or have issued) and we
> include the cross-certificate in the chain sent to the log server. Then the
> customer (for whatever reason) decides to also send their certificate to
> the log server, but without the cross-certificate. Will the log server see
> this as the same certificate, and return to the customer the same SCTs? Or
> will the certificate get logged a second time? If the latter, will that
> cause any problems?
>
The SCT is over the certificate itself, not the entire chain, so that
should not be a problem. As mentioned above, the log checks the chain just
to prevent it being spammed.
It shouldn't matter to the client if it gets the same SCT or not - as long
as the log provides proofs for all SCTs it produces. The issue here is that
to get a proof from the log the client has to provide the hash of the leaf
in the tree, which is calculated over the certificate + timestamp from the
SCT. If the log returns different SCTs from the same certificate it likely
means it logged the certificate multiple times. Either way the client
should get a valid inclusion proof.

As a side note, it is beneficial if log operators keep obsolete roots in
the set - that way it's easy to explain why a certificate was added to a
log in the first place (since the chain that was in place when the
certificate was added is never changed).

>
> -Rick
>
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>
>

v2.23.0 | Report a Bug | By Email