IETF Logo Mail Archive

Re: [Trans] Precertificates and revocation

Erwann Abalea <eabalea@gmail.com> Fri, 20 September 2019 18:03 UTC

Return-Path: <eabalea@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82E2A1208AA for <trans@ietfa.amsl.com>; Fri, 20 Sep 2019 11:03:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FUZZY_CPILL=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ynwn-Sr8Gu99 for <trans@ietfa.amsl.com>; Fri, 20 Sep 2019 11:03:46 -0700 (PDT)
Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD93B120099 for <trans@ietf.org>; Fri, 20 Sep 2019 11:03:45 -0700 (PDT)
Received: by mail-oi1-x22c.google.com with SMTP id i185so2493810oif.9 for <trans@ietf.org>; Fri, 20 Sep 2019 11:03:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HCVJ9CTJHxUmd+QlXHmtDbgQg3EVae/I3dzZ7IkbAqI=; b=gJ8iuqm7h2q/bEmZRcwQ1xktgdxklJ08AOvloy/3e9lXIMqjCKlW5goUOsQfGRtc+R Vx61WlSgNjWt3cOaHAIJbjI3bxjezVrqYu/ZAM2823/Bl6GYiIT8hB5GsycLw9YvSHVW wyZSY+f+mMWHaaBHgmfkWXSUNbsILKQcQ+wKpjugOot6kJ1v2pnC9HzPVdJ7otR8Yi6q Q+RqfVUpcQBwxT9GJ0W6peeUFAwq4R2hnYLWtaxBASmEK9Vt5kQSSNQewUyJg9isxXqK KDdz6MFDBa/Sl0VP7tw9m93+pATx6sujnCpm3k65SeTQRJ7wvQR7ch2KhPVKD6lTQgOA V6Ag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HCVJ9CTJHxUmd+QlXHmtDbgQg3EVae/I3dzZ7IkbAqI=; b=OrPpXhBYOHImSwB3hl+apMupSnY6AgMwlxMKcygXQH+wEz9yBQUcYyB+YuaXI3nzGg 6+l8W144so3rXoT1SgDNXmcDEjc7NQTur3MkHNeeEUfS7mFpjPtlhw7m0KszHpTfcxHy QmmJDTZ+8I2Dre17XCTFThLffHmSijoX+H9REElVlnXuaKU0tlJs8BeFAtlaCrf6/5vJ WC1RO6Cj4BNpjbdvFR4AaGDUQ9A03oAPKycW4qu6LAetOiX5dJmSh1Ykk82QN8e/OoU1 0JQ/sz2ptUs7L7xacTqApJy6/UczAOdtCf+oWh7cmjxqg6dRY2GpfHdC7U/BoVupTXTJ psiw==
X-Gm-Message-State: APjAAAU4hVsw5ZmGCiw5ivttkyFgHlQOBt9FuKR0aHEPdv5ee+q1U08C whKSo2H1WKt7hA1OfU09LjXFnHurcfBtrY82a0Wmig==
X-Google-Smtp-Source: APXvYqydS9WhIu7mi2zpx2ARCIp/uiedP6iWhHnWhYit8zz822aoNEf+wL2ITMAJnucBHhggollhrwrugKIeyNKO9tk=
X-Received: by 2002:aca:cc0b:: with SMTP id c11mr3870528oig.169.1569002624780; Fri, 20 Sep 2019 11:03:44 -0700 (PDT)
MIME-Version: 1.0
References: <20190916100800.5b62d43c0f28e30269f41b7a@andrewayer.name> <21a9ea1e-124b-3bf2-72f5-4dc755d4061b@sectigo.com>
In-Reply-To: <21a9ea1e-124b-3bf2-72f5-4dc755d4061b@sectigo.com>
From: Erwann Abalea <eabalea@gmail.com>
Date: Fri, 20 Sep 2019 20:03:33 +0200
Message-ID: <CA+i=0E74Obi+Q=H_km9MFKzMBUTsjxRKt2-XxpJuf60Bz+99mw@mail.gmail.com>
To: Rob Stradling <rob@sectigo.com>
Cc: "trans@ietf.org" <trans@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001a0f690592ffe441"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/95sM9D9EHsjLT7YoVg3wxXR8TwI>
Subject: Re: [Trans] Precertificates and revocation
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Sep 2019 18:03:49 -0000

In the case of a precert subordinate CA, the CRLDP and AIA:ocsp will
contain the URLs of the real CA (the one that issued the precert sub CA).
How is it supposed to work? In a CTv1 world.

Le ven. 20 sept. 2019 à 15:52, Rob Stradling <rob@sectigo.com> a écrit :

> [This topic came up on mozilla.dev.security.policy recently.  Although
> the focus there is on the currently deployed CT v1 ecosystem, ISTM that
> TRANS should consider if/how CT v2 (6962-bis) should address the same
> issue]
>
> How should revocation servers behave when a precertificate exists but
> the corresponding certificate has not yet been (or will never be) issued?
>
> Should it be possible to revoke a precertificate when the corresponding
> certificate has not been issued?
>
> In RFC6962, precertificates are X.509 certificates, and so it's not
> unreasonable to expect OCSP responders to be able to provide their
> status.  However, 6962-bis precertificates are not X.509 certificates,
> which I think changes what might or might not be a reasonable expectation.
>
> Andrew points out (see forwarded message below) that outside observers
> have to assume that a certificate has been issued when they see a
> corresponding precertificate (since the presumed-to-exist certificate
> may never be submitted to a log), and that outside observers will expect
> CAs to operate revocation services for the presumed-to-exist certificates.
>
> Back to CT v1: Mozilla now requires [1] that...
> "- A CA must provide OCSP services and responses in accordance with
> Mozilla policy for all certificates presumed to exist based on the
> presence of a Precertificate, even if the certificate does not actually
> exist
> - A CA must be able to revoke a certificate presumed to exist, if
> revocation of the certificate is required under Mozilla policy, even if
> the certificate does not actually exist."
>
> ISTM that we should address this topic in 6962-bis somehow, but what do
> folks think we could say without straying into "policy"?
>
>
> [1]
>
> https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#Precertificates
>
>
> -------- Forwarded Message --------
> Subject: Re: DigiCert OCSP services returns 1 byte
> Date: Mon, 16 Sep 2019 10:08:00 -0700
> From: Andrew Ayer <agwa@andrewayer.name>
> To: Rob Stradling <rob@sectigo.com>
> CC: dev-security-policy@lists.mozilla.org
>
> On Fri, 13 Sep 2019 08:22:21 +0000
> Rob Stradling via dev-security-policy
> <dev-security-policy@lists.mozilla.org> wrote:
>
> > Thinking aloud...
> > Does anything need to be clarified in 6962-bis though?
>
> Yes, it's long past time that we clarified what this means:
>
> "This signature indicates the CA's intent to issue the certificate.  This
> intent is considered binding (i.e., misissuance of the precertificate is
> considered equivalent to misissuance of the corresponding certificate)."
>
> The goal is that a precertificate signature creates an unrebuttable
> presumption that the CA has issued the corresponding certificate. If a
> CA issues a precertificate, outside observers will treat the CA as if
> it had issued the corresponding certificate - whether or not the CA
> really did - so the CA should behave accordingly.
>
> It's worth explicitly mentioning the implications of this:
>
> * The CA needs to operate revocation services for the corresponding
> certificate as if the certificate had been issued.
>
> * If the corresponding certificate would be misissued, the CA will be
> treated as if it had really issued that certificate.
>
> Are there any other implications that 6962-bis should call out
> explicitly?
>
> Regards,
> Andrew
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>
-- 
Erwann.

v2.23.0 | Report a Bug | By Email