Re: [Trans] Proposal to modularize pre certificate transformation
Eran Messeri <eranm@google.com> Tue, 28 March 2017 14:36 UTC
Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A06031296B4 for <trans@ietfa.amsl.com>; Tue, 28 Mar 2017 07:36:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BzJq4vXqFLoa for <trans@ietfa.amsl.com>; Tue, 28 Mar 2017 07:36:17 -0700 (PDT)
Received: from mail-it0-x235.google.com (mail-it0-x235.google.com [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB784129654 for <trans@ietf.org>; Tue, 28 Mar 2017 07:36:14 -0700 (PDT)
Received: by mail-it0-x235.google.com with SMTP id 190so20775858itm.0 for <trans@ietf.org>; Tue, 28 Mar 2017 07:36:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=S8K1SRTzx38FnPqc8EdhfH/tUit7fJf4lqH7GSIy6KI=; b=Lw2QIe23KILEZ1rd+se8TdTIebqLtH7sn3WlkN0DTx63wgwxIxg0irQ/Uq/Rkula/a 9FNIwyd31njfCbMtjmres2mViovkCIwrfd4KYPWRd5oDFa4AePJdruU8Kgob5xfw0XjA 2cW9CGKzjGf+JIQdZDuW8ug6Jbj88J9Ul7mUwCZhrb8Gg/5p+qQUzuZMOA3p4iWymVaU e1H18XTSmpf32YKvLyxNTq4cREPdub5z3XrjEZ/rRqlj27SayRV80ESzaHPqq8HXLw4e iqYMpNeSPLS22USdpyZo9HwEWQBfROttRkaQjGz0Aub+R5d9fVlSnokx0vVxdguPsGTq dxNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=S8K1SRTzx38FnPqc8EdhfH/tUit7fJf4lqH7GSIy6KI=; b=V9yucjoZhYDVmEqBX1TxEn68m2VunUwLfDg16sHcZyzx4TTc1wqL5jftBynEQIh1/4 dCprSJrUM10JTYna9uK+SIMpKqqvSPrrdZj7GwCKX75Mk+x7bIT6zTP7MedtyfixeqS2 I4IwujvyFYigfb1NfupXd3WVmVvRaWSqHT9LdosI0V/d8djLZPI9F75UojVx74ZwFALK Gl68JWBtBOP0+hbos3oFcvU02JmgWu7eK3JDBKJhbr6IZfpeOatH+aNmMMgZPupLUAXr RyRthSNt6mmzAveCHnhEy5zDEcUMqSMWG8jxQBKnIMod7cI5GaoMVTIH3gr/LSoah4ue urUw==
X-Gm-Message-State: AFeK/H3K+3wEUXj5mT0XFGDqBuiMlYA9mzeg31mBescWExl6IBrbXAn+MaARwKHPxfxd+PXs1k5z6v6CEPY+1wBp
X-Received: by 10.36.131.201 with SMTP id d192mr11992600ite.60.1490711773530; Tue, 28 Mar 2017 07:36:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.164.200 with HTTP; Tue, 28 Mar 2017 07:36:12 -0700 (PDT)
Received: by 10.107.164.200 with HTTP; Tue, 28 Mar 2017 07:36:12 -0700 (PDT)
In-Reply-To: <CAK6vND8quW3H0=vkUCSt7Y2uWmYcypOTtwPCpiEzfsx8UvbR-g@mail.gmail.com>
References: <D4F8495D.4F2D%tarah_wheeler@symantec.com> <20170327153907.435444debbebff6d9a08f95b@andrewayer.name> <CAK6vND8quW3H0=vkUCSt7Y2uWmYcypOTtwPCpiEzfsx8UvbR-g@mail.gmail.com>
From: Eran Messeri <eranm@google.com>
Date: Tue, 28 Mar 2017 09:36:12 -0500
Message-ID: <CALzYgEdqM_17EKB-ZFFJmWFwNvoUO21t6n6ZMuMUpsE4zLaegA@mail.gmail.com>
To: Peter Bowen <pzbowen@gmail.com>
Cc: "trans@ietf.org" <trans@ietf.org>, Tarah Wheeler <Tarah_Wheeler@symantec.com>, Andrew Ayer <agwa@andrewayer.name>
Content-Type: multipart/alternative; boundary="94eb2c118a36b9e212054bcb61ac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/B3nWB79hDkj6-Pyz8lQt15GJ2PY>
Subject: Re: [Trans] Proposal to modularize pre certificate transformation
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2017 14:36:20 -0000
On 28 Mar 2017 8:32 am, "Peter Bowen" <pzbowen@gmail.com> wrote: On Mon, Mar 27, 2017 at 3:39 PM, Andrew Ayer <agwa@andrewayer.name> wrote: > On Wed, 22 Mar 2017 19:31:43 +0000 > Tarah Wheeler <Tarah_Wheeler@symantec.com> wrote: > >> Peter Bowen and I have been collaborating on a possible solution for >> certificate privacy. Thoughts? >> > Your proposal is very similar to the original redaction mechanism > that existed in draft-ietf-trans-rfc6962-bis-16, the main differences > being your proposal also supports IP address redaction and solves the > multiple-certs-per-precert problem. > > Like the original redaction mechanism, your proposal imposes a high > complexity cost on TLS clients by forcing them to do a lot of decoding > and re-encoding of a certificate in order to reconstruct the > pre-certificate. This problem was discussed here: > > https://mailarchive.ietf.org/arch/msg/trans/WU_ XveDh0GmyyiQbmqEr1SVuC84 > https://mailarchive.ietf.org/arch/msg/trans/ eOHPqmAskBXMrGzSJAFzT9dzwOQ > > It led to the solution in draft-ietf-trans-rfc6962-bis-17 (now in > draft-strad-trans-redaction-00), described here: > > https://mailarchive.ietf.org/arch/msg/trans/ gGWZhqCXG0wlkktB_d0a2fPM4VU > > I think that any new redaction proposal should address the problem of > client complexity at least as well as draft-strad-trans-redaction-00 > does. Andrew, Thank you for the feedback. I take full responsibility for the failure to make the tech spec as friendly to clients as the strad-trans-redaction draft. When I was drafting this proposal, I ended up covering two related but distinct issues, which I think muddies the water. First, I think it would be good to have an explicit precertificate transformation algorithm called out. 6962 and 6962bis both have algorithms discussed in the text for how to go from a final certificate to a precertificate. The two algorithms are slightly different. From an implementer's perspective, I would prefer to have a clear statement of that algorithm being used which then also allows for clear introduction of new algorithms, instead of relying upon hints such as the presence of a new extension. That's a concern Richard Barnes brought up as well. Assuming we'll get the green light to make further changes to 6962-bis, I'm hoping to describe a clearer, more accurate algorithm to re-construct the data structure which the signature in the SCT covers (as well as reconstructing the Log Entry). Second is a proposal for an algorithm for precertificate transformation that occludes discovery of full SANs from precertificates. This proposal needs a few tweaks to hit the points covered in the discussions above and strad-trans-redaction draft; I'll work on revising it to address these. Saba's presentation on the meeting today should describe something for that purpose. Thanks, Peter _______________________________________________ Trans mailing list Trans@ietf.org https://www.ietf.org/mailman/listinfo/trans
- [Trans] Proposal to modularize pre certificate tr… Tarah Wheeler
- Re: [Trans] Proposal to modularize pre certificat… Melinda Shore
- Re: [Trans] Proposal to modularize pre certificat… Peter Bowen
- Re: [Trans] Proposal to modularize pre certificat… Melinda Shore
- Re: [Trans] [EXT] Re: Proposal to modularize pre … Tarah Wheeler
- Re: [Trans] Proposal to modularize pre certificat… Andrew Ayer
- Re: [Trans] Proposal to modularize pre certificat… Peter Bowen
- Re: [Trans] Proposal to modularize pre certificat… Eran Messeri