Re: [Trans] Masking of private subdomains
Rick Andrews <Rick_Andrews@symantec.com> Thu, 20 March 2014 18:54 UTC
Return-Path: <Rick_Andrews@symantec.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B37871A0720 for <trans@ietfa.amsl.com>; Thu, 20 Mar 2014 11:54:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.148
X-Spam-Level:
X-Spam-Status: No, score=-4.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IBYJ1GxXM2so for <trans@ietfa.amsl.com>; Thu, 20 Mar 2014 11:53:57 -0700 (PDT)
Received: from ecl1mtaoutpex01.symantec.com (ecl1mtaoutpex01.symantec.com [166.98.1.209]) by ietfa.amsl.com (Postfix) with ESMTP id 154E91A08F3 for <trans@ietf.org>; Thu, 20 Mar 2014 11:53:57 -0700 (PDT)
X-AuditID: a66201d1-b7fcb8e0000060bb-14-532b393a3471
Received: from tus1smtintpin01.ges.symantec.com (tus1smtintpin01.ges.symantec.com [192.168.215.101]) by ecl1mtaoutpex01.symantec.com (Symantec Brightmail Gateway out) with SMTP id 8A.E2.24763.A393B235; Thu, 20 Mar 2014 18:53:47 +0000 (GMT)
Received: from [155.64.220.139] (helo=TUS1XCHHUBPIN03.SYMC.SYMANTEC.COM) by tus1smtintpin01.ges.symantec.com with esmtp (Exim 4.76) (envelope-from <Rick_Andrews@symantec.com>) id 1WQi66-00044W-HK; Thu, 20 Mar 2014 18:53:46 +0000
Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([155.64.220.147]) by TUS1XCHHUBPIN03.SYMC.SYMANTEC.COM ([155.64.220.139]) with mapi; Thu, 20 Mar 2014 11:53:09 -0700
From: Rick Andrews <Rick_Andrews@symantec.com>
To: Rob Stradling <rob.stradling@comodo.com>, "trans@ietf.org" <trans@ietf.org>
Date: Thu, 20 Mar 2014 11:53:08 -0700
Thread-Topic: [Trans] Masking of private subdomains
Thread-Index: Ac9ENZ9EOh1nLwAGQsaxko6Wr3/B2wAN61Ew
Message-ID: <544B0DD62A64C1448B2DA253C011414607C7F662C2@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
References: <544B0DD62A64C1448B2DA253C011414607C7F65A0D@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <532ADB15.8030302@comodo.com>
In-Reply-To: <532ADB15.8030302@comodo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupnkeLIzCtJLcpLzFFi42I5sOJ6qq61pXawQc9sNotFjYtZLdY+vsji wORxaclsRo8lS34yBTBFcdmkpOZklqUW6dslcGWcetrPXrBBpeLujlvMDYw7lLsYOTkkBEwk pp5awA5hi0lcuLeerYuRi0NI4COjxO6tn1khnFeMEr+6L7FDOKsYJRbPvcQI0sImoCex5fEV sHYRgUCJk9/WsILYLAKqEku/nAezhQWMJHYvfsACUWMssXn/cyjbSGLVs/NsIDavQJTE+3On mUFsIYEqiTc/XoDFOQW0JF5eOwkWZwQ67/upNUwgNrOAuMStJ/OZIM4WkFiy5zwzhC0q8fLx P1aIelGJO+3rge7kAKrXlFi/Sx+iVVFiSvdDdoi1ghInZz5hmcAoNgvJ1FkIHbOQdMxC0rGA kWUVo0xqco5hbklifmlJQWqFgaFecWVuIjCSkvWS83M3MQKjaVkS48UdjBcO6x5iFOBgVOLh TTXUDhZiTSwDqjzEKMHBrCTCe00XKMSbklhZlVqUH19UmpNafIhRmoNFSZy3ykE5WEggPbEk NTs1tSC1CCbLxMEp1cC4ybnE+8BnB/nWqP8N+zbsnh7fYWgm9sEuW0PtFJ//5JK5IRvmf1Tx +j6zvbpsQXTFXyvv63t+bM5UnXq4Z2fawQdfoxn7tk7eulFxp/FspfnzvhnHXZC300pOnBj/ /uvGi6vkbkg+yiu4V1yv+sfbyHdHk1w87+zc21u2XZt+k7Fn+1bnQ+oMSizFGYmGWsxFxYkA lax4HaICAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/AXvqxePSwwHRlPBzPBK3aU_fwt8
Subject: Re: [Trans] Masking of private subdomains
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 18:54:01 -0000
OK, then, to answer my second question, we'd have to put each masked SAN in the precert even if they were identical: SAN1=<PRIVATE>.example.com SAN2=<PRIVATE>.example.com SAN3=<PRIVATE>.example.com I see the need for the array of the number of masked domain components, but it complicates the code. -Rick -----Original Message----- From: Rob Stradling [mailto:rob.stradling@comodo.com] Sent: Thursday, March 20, 2014 5:12 AM To: Rick Andrews; trans@ietf.org Subject: Re: [Trans] Masking of private subdomains Rick, I agree that the number of masked domain components is not especially interesting to some of the participants in the CT ecosystem. Here's why I proposed it... When a TLS Client encounters a Certificate that contains Precertificate SCT(s), it needs to be able to precisely reconstruct the Precertificate (using only the Certificate) in order to verify those Precertificate SCT(s). If the TLS Client doesn't know the exact number of domain components that are masked in the Precertificate, it would have to make multiple attempts at Precertificate reconstruction and SCT signature verification. e.g. first attempt: Try "SAN:dNSName=top.secret.example.com" second attempt: Try "SAN:dNSName=<PRIVATE>.secret.example.com" third attempt: Try "SAN:dNSName=<PRIVATE>.example.com" fourth attempt: Try "SAN:dNSName=<PRIVATE>.com" For a multi-domain certificate that has domain components masked for many/all of the domains, there would be a cartesian explosion in the required number of attempts. Now, I'm sure it would be possible to write TLS Client code to do the cartesian explosion thing, but it would certainly be sub-optimal! On 19/03/14 21:13, Rick Andrews wrote: > Rob Stradling has proposed: > "The PreCertificate could contain SAN:dNSName=<PRIVATE>.customer.com (I mean the literal string "<PRIVATE>"), and the real certificate could contain: > •SAN:dNSName=top.secret.customer.com > •an extension that records the mapping between "top.secret" and "<PRIVATE>". I suggest a SEQUENCE of INTEGERs, one for each Subject:commonName and SAN:dNSName (and in the same order that they appear in the cert), indicating how many leftmost domain components are masked." > > 1) I agree there should be an extension to alert clients to the fact that a subdomain has been masked, but I'm not sure I see the value in knowing how many leftmost domain components are masked. A monitor will notify the domain owner that a certificate appeared in the log for their domain, with serial number 1234. The domain owner will then search through their list of known certificates for one issued by that CA cert with that serial number. Knowing the number of masked subdomains is of little or no value. > > 2) Consider a case where a cert contains multiple SANs from the same domain, all of which are to be masked: > SAN1=foo.example.com > SAN2=bar.example.com > SAN3=foo.bar.example.com > All would be replaced with the same masked value. Should the precertificate hold duplicate information, like this: > SAN1=<PRIVATE>.example.com > SAN2=<PRIVATE>.example.com > SAN3=<PRIVATE>.example.com > Or should it contain only one <PRIVATE>.example.com? What's the value in knowing the number of SANs in the cert if they're all masked? > > -Rick -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online
- [Trans] Masking of private subdomains Rick Andrews
- Re: [Trans] Masking of private subdomains Rob Stradling
- Re: [Trans] Masking of private subdomains Rick Andrews