Re: [Trans] Cross-certificates and log servers
Eran Messeri <eranm@google.com> Wed, 02 July 2014 10:33 UTC
Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1386C1B28F4 for <trans@ietfa.amsl.com>; Wed, 2 Jul 2014 03:33:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vfVXX-_0b39u for <trans@ietfa.amsl.com>; Wed, 2 Jul 2014 03:33:19 -0700 (PDT)
Received: from mail-oa0-x236.google.com (mail-oa0-x236.google.com [IPv6:2607:f8b0:4003:c02::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CDA91B28F0 for <trans@ietf.org>; Wed, 2 Jul 2014 03:33:19 -0700 (PDT)
Received: by mail-oa0-f54.google.com with SMTP id eb12so11967222oac.13 for <trans@ietf.org>; Wed, 02 Jul 2014 03:33:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ZX1dezI195iawH1XTAcI4fHP8eGrg2UeaOImX4DHpo4=; b=DNKaJInlDdXuLQB7bLgsMGbI9LGWknqs4V3igva5eDPuxz0ne7TEVxJmOgovFnZXN2 Ppmt5VtieC5yESLK4WqOhVplfQ4sL9uW31r2M2nlN30RCCfEqJLuNgLwQ9pQaNAm24Px /7dwwStHWqI4x8HeCvyJiigTm/PgeOgeWya17PsuFVhxn3GxM6GtTDzMiM94jAwgYWrK sYHGmZCJwsFfodmTcWGDO9ZVgSluirLwqbfBmwi71aCzsiBdqlX51JF2HuVB4+PvncIj 9QW5HSTv9qfWXyhEd/oILbRU/B170ZE01aCjmstnusrrvGBvs00d/Fz0kLTcAqmcWGVe /S6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ZX1dezI195iawH1XTAcI4fHP8eGrg2UeaOImX4DHpo4=; b=aWkue1mPuOUNUFcv8PjGruMVSz6tlxqrHQRzaB6mlzaYab0E4C8s27lYPaW3SC2LqP QswwVYaxMovKagrkPKvCNIRwX8X7kHh260Gf2n4p+uSL4GvSyDh8s9tg9HJI+wCkRNhq Ijo2266zaT4jrM4v+oVjqQMYKbNsgg/Ldlyl5P1SKPc5orjc8oRGY1Z9VFcawO8Q4OAe cAODyAjuVYAV3mNINyyssiCcXdHBBQW/2JrugNx9Rmy+XIlP5wtwGo0J3R7g2iBCq6Oc sfRAW6Gn73AHv5BLGWkTewqAiMRimTriy6Hdy2CfxJolDVPGQFrRkAm++f2QvkZXxEb/ XxdA==
X-Gm-Message-State: ALoCoQnby+t24NInAgLHAqECCoGONTYL0McYcyt+dCIwvWHivd9/w0+t+dAItPifOdk+umvGJWva
MIME-Version: 1.0
X-Received: by 10.60.46.229 with SMTP id y5mr57506126oem.7.1404297198850; Wed, 02 Jul 2014 03:33:18 -0700 (PDT)
Received: by 10.182.33.200 with HTTP; Wed, 2 Jul 2014 03:33:18 -0700 (PDT)
In-Reply-To: <544B0DD62A64C1448B2DA253C011414607CCD4149A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
References: <544B0DD62A64C1448B2DA253C011414607CCD4149A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
Date: Wed, 02 Jul 2014 11:33:18 +0100
Message-ID: <CALzYgEcgRzm=KHvGLGCz0UzU+g5oEShSvjRiFm1q564Cgo+tnw@mail.gmail.com>
From: Eran Messeri <eranm@google.com>
To: Rick Andrews <Rick_Andrews@symantec.com>
Content-Type: multipart/alternative; boundary="089e0153745ab26aa804fd336b2c"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/3VQnCT7cNeSi6Y02aYJSmREi1vU
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Cross-certificates and log servers
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jul 2014 10:33:22 -0000
On Tue, Jul 1, 2014 at 11:45 PM, Rick Andrews <Rick_Andrews@symantec.com> wrote: > Symantec (and I suspect other CAs) would like more information about > what roots will be configured into log servers. > > Root Certificates: > The current spec includes a call to Retrieve Accepted Root Certificates. > Should we infer from that that the list might change over time? We expect > new roots would be added, but would roots ever get removed? For example, > browser vendors are in the process of removing 1024-bit roots from their > trust stores, and in the next few years we expect that SHA-1 roots might be > removed too. Would log server operators also phase out such roots? > The purpose behind requiring that submitted certificates chain to a set of accepted root certificates is to avoid the log being flooded with uninteresting certificates (e.g. self-signed certificates). To that purpose I do not think it matters if obsolete roots are removed because the log should not get submissions chaining to these roots. > > Once there are more than three log servers, we expect to decide up front > which log servers we will contact for SCTs. We do not expect to dynamically > query each log server to confirm that it still trusts our root, just before > attempting to log a certificate. Is that a valid assumption? > Yes - How a log operator changes the set of roots its log accepts is not specified in the RFC, but I expect log operators would communicate such changes beforehand. > > It would be preferable for the log server operator to publish a list of > roots and commit to supporting those roots until the CA informs the > operator that the root is no longer in active use, and all certificates > chained to that root have expired. > > > Cross-Certificates: > We have been providing cross-certificates to customers to deploy so that > their certificate could chain up to a 1024-bit root (for use in older > browsers without our 2048-bit roots). If the cross-certificate is ignored, > the end-entity cert chains up to one of our 2048-bit roots. We expect to > continue using cross-certificates until we determine that their use is no > longer required. We’d like to be sure that the use of cross-certificates > will not cause any problems for log servers. For example, take the case > where we log a certificate we’re about to issue (or have issued) and we > include the cross-certificate in the chain sent to the log server. Then the > customer (for whatever reason) decides to also send their certificate to > the log server, but without the cross-certificate. Will the log server see > this as the same certificate, and return to the customer the same SCTs? Or > will the certificate get logged a second time? If the latter, will that > cause any problems? > The SCT is over the certificate itself, not the entire chain, so that should not be a problem. As mentioned above, the log checks the chain just to prevent it being spammed. It shouldn't matter to the client if it gets the same SCT or not - as long as the log provides proofs for all SCTs it produces. The issue here is that to get a proof from the log the client has to provide the hash of the leaf in the tree, which is calculated over the certificate + timestamp from the SCT. If the log returns different SCTs from the same certificate it likely means it logged the certificate multiple times. Either way the client should get a valid inclusion proof. As a side note, it is beneficial if log operators keep obsolete roots in the set - that way it's easy to explain why a certificate was added to a log in the first place (since the chain that was in place when the certificate was added is never changed). > > -Rick > > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans > >
- [Trans] Cross-certificates and log servers Rick Andrews
- Re: [Trans] Cross-certificates and log servers Eran Messeri
- Re: [Trans] Cross-certificates and log servers Ben Laurie
- Re: [Trans] Cross-certificates and log servers Matt Palmer