IETF Logo Mail Archive

Re: [Trans] Precertificates and revocation

Rob Stradling <rob@sectigo.com> Mon, 23 September 2019 11:21 UTC

Return-Path: <rob@sectigo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36D94120807 for <trans@ietfa.amsl.com>; Mon, 23 Sep 2019 04:21:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=comodoca.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bVY9N0rZoIo9 for <trans@ietfa.amsl.com>; Mon, 23 Sep 2019 04:21:16 -0700 (PDT)
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-eopbgr710079.outbound.protection.outlook.com [40.107.71.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA801120073 for <trans@ietf.org>; Mon, 23 Sep 2019 04:21:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YZPEKh2PCfbYdud+D7HxfexUKLRLqFSUhgMwBa20TvFon8hHhN0VIaorFtIiRXy12DkpqLqUnEy+OrQGZUojt9w2AztVG3qwYQNAkolanmdjzh1rHcngxIptC3lnLZUZDux6AEbbZZ22z7d4Sn2gxUDFQgu326SgM2Lkr9915O1fWnPpRsfsPq5m6bteEFd/ds+y70NN46Q61QD0CSsNRAL+rleqOyZJpQ1R/EcN7mUftSRsZ/X4OqgzBl0p6ihYvgwCnGrCCQjvRsmZsU4GtutwKtz1e3rpDe1kbYR3hkTr3lelengsk26ejyWmNj93gApuTOfaQmyPW2w//0SFqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rs2RJfGMjDVGrcV6qn/Ve/SKv/f8a4gALQPqV+cNOvQ=; b=dPGAQF444/lSBYTLiwBlsVpCXmzVh64hKhnK/wksXQCyGuHEKHYiRYo7kkqphMUffglzQE0gBJeX2yOBoxGRePJ7W0Ab+DxNAGnJ9c8nM3NabinYsUwAyVt5l/P4AIsVb+qqqOy5GmIM4v4Mj+rIcnEHFFG/vi+Q3g+vQo7C8RH5pfBJgZdDuFC0yBSDZm8MBWoVqPJRE2MeQf2qLoBpfzEASWctRUsGBSP6dd2o0IrS0U46QdQDzvoY6sK51mpRE7rjKwqBUIRtLwJJ5glbz4NbFii1mWlGu7God2xgoDNR0IpXvDZuvCqBLTVnHx66x/RLCxeQYg22KSpfIYHqvw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sectigo.com; dmarc=pass action=none header.from=sectigo.com; dkim=pass header.d=sectigo.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comodoca.onmicrosoft.com; s=selector2-comodoca-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rs2RJfGMjDVGrcV6qn/Ve/SKv/f8a4gALQPqV+cNOvQ=; b=I6Pn0vZG0s+35dyGIoKf7scioGqub683XqnR4+WKPlqvo/DR1IOli9DDvMIKWVsflIryhfxwYMZT5M6NbQC144au7JFqJQP0aEamd9l8HHL7w+Y1fTdF39KrixVHbLkrHDGyevbQS5IzJcGToc5U3Djj60eX6n+P72g2YhQvd9g=
Received: from DM6PR17MB3162.namprd17.prod.outlook.com (20.176.124.223) by DM6PR17MB2233.namprd17.prod.outlook.com (20.176.89.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.26; Mon, 23 Sep 2019 11:21:14 +0000
Received: from DM6PR17MB3162.namprd17.prod.outlook.com ([fe80::dc78:38ff:9fc6:58cf]) by DM6PR17MB3162.namprd17.prod.outlook.com ([fe80::dc78:38ff:9fc6:58cf%3]) with mapi id 15.20.2284.023; Mon, 23 Sep 2019 11:21:14 +0000
From: Rob Stradling <rob@sectigo.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
CC: "trans@ietf.org" <trans@ietf.org>
Thread-Topic: [Trans] Precertificates and revocation
Thread-Index: AQHVb7qjeJ8k5jrm8UOJQ5rvAEBgSKc0vfSAgARklAA=
Date: Mon, 23 Sep 2019 11:21:13 +0000
Message-ID: <39d0ea14-36ca-b311-91df-074c1346f8c3@sectigo.com>
References: <20190916100800.5b62d43c0f28e30269f41b7a@andrewayer.name> <21a9ea1e-124b-3bf2-72f5-4dc755d4061b@sectigo.com> <CAErg=HHcG8p_6NAzKyDYg+gPpF6p7F688pSD+qD+shcFdr9vRA@mail.gmail.com>
In-Reply-To: <CAErg=HHcG8p_6NAzKyDYg+gPpF6p7F688pSD+qD+shcFdr9vRA@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: LO2P265CA0111.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:c::27) To DM6PR17MB3162.namprd17.prod.outlook.com (2603:10b6:5:192::31)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rob@sectigo.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2a0e:ac00:25d:300:f68e:38ff:fe7a:a226]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6f0da65e-a59c-47d7-10c6-08d7401824c2
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM6PR17MB2233;
x-ms-traffictypediagnostic: DM6PR17MB2233:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <DM6PR17MB22330206EF6EC62F0DC9501BAA850@DM6PR17MB2233.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0169092318
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39850400004)(396003)(376002)(346002)(136003)(199004)(189003)(40224003)(229853002)(52116002)(6246003)(186003)(99286004)(6506007)(53546011)(305945005)(7736002)(66574012)(86362001)(66556008)(66946007)(66476007)(478600001)(966005)(386003)(66446008)(76176011)(4326008)(31696002)(64756008)(6436002)(2616005)(11346002)(6486002)(71190400001)(71200400001)(6512007)(5660300002)(25786009)(14454004)(256004)(14444005)(36756003)(6116002)(476003)(81156014)(8676002)(486006)(31686004)(2906002)(6306002)(8936002)(81166006)(446003)(46003)(6916009)(102836004)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR17MB2233; H:DM6PR17MB3162.namprd17.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: sectigo.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 75MmIv24+JtJ6PT5MGqGrU27Sk8cRWUeUmsEDFfSYgBRWiHA9pUgjj15HZWRrlHPCqjV9YDswzWg7YE+uzb/b/d9SrW2FCao5vkhObWRNzViO5SRHgkAkP4MCslTOb3mTPF823cp+/aHkRaZ24vX+aIn4k7stheh717rGa8sPTUk/YYSHE+1jg3iyC1JVaBD0E4moOhTk1MPHc3V4GIoIEOB7PQMpbE5U/UwABICcTqzhr3drkCz0Rqa8ZEljmISSvvkmAtDwPcoxL78Jw8aG1XHRyqEkJGEr46p+xGfsgyG9tST0Fb9cjH2UhpEmtTF8OqsgpfJvoYLYHIcxdij6wOYsJw8IfQOk6FJM+zqugKwWOc9qNjyLiN9zI/eJceYxRpt7ZYH5idPicD25oRdVqV+65QT5PUEcItHNtv6nx0=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <3A1355D32504E34DB344A79CE12CB162@namprd17.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sectigo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f0da65e-a59c-47d7-10c6-08d7401824c2
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2019 11:21:13.8624 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0e9c4894-6caa-465d-9660-4b6968b49fb7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ONSoVYsFGgzZ+zIUuJUnSB1J1aSG5SDRgZTDawtTzssbscC0W67WuZ9ZUM4dvS7Y2kdMqItB/TAzfIyk9WxxCA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR17MB2233
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/EOUkKASJ9D2KmCHKSfsHSu_8RR0>
Subject: Re: [Trans] Precertificates and revocation
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2019 11:21:19 -0000

If 6962-bis says nothing about this topic, then ISTM that the default 
effective requirement will be that a CA MUST NOT provide OCSP status for 
a (CT v2) precertificate where the corresponding certificate has not 
(yet) been issued.  This is because, whichever way you look at it, a CT 
v2 precertificate is not a "certificate" according to 
RFC5280/RFC6960/RFC5019.

I agree that a statement such as "CAs MUST provide OCSP status for CT v2 
precertificates" would not belong in 6962-bis, but would instead belong 
in a TLS client policy document.  However, I would prefer to avoid the 
situation where 6962-bis has an effective MUST NOT but where (some, but 
not necessarily all) TLS client policies have a MUST.  In order to avoid 
such a conflict, I think it would be helpful for 6962-bis to outline the 
policy space by making the following points:

1. Since issuance of a precertificate `P` is a binding commitment to 
issue a corresponding certificate `C`, monitors may reasonably assume 
that `C` has been issued.
2. It follows that monitors may wish to request status information 
(e.g., via CRL and/or OCSP) for the serial number of `P`, even though 
(unbeknownst to the monitor) `C` has not actually been issued.
3. Although `P` is not a "certificate" according to 
RFC5280/RFC6960/RFC5019, some TLS clients may have policies that require 
CAs to provide certificate status (e.g., signed OCSP responses and/or 
CRLs) for the serial number of `P`, regardless of whether or not `C` has 
been issued.

Making these points would transform 6962-bis's effective requirement 
from a MUST NOT into a MAY.  A TLS client policy could then profile that 
to a MUST without introducing any conflict.

ISTM that this approach of outlining the policy space but not setting 
policy would be consistent with, for example, 
https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-33#section-6.1.

On 20/09/2019 17:16, Ryan Sleevi wrote:
> As I mentioned elsewhere, I'm not sure this is an entirely useful or 
> productive concern to be raising at this time. I have also shared that I 
> think this is a question of policy than protocol, even though the policy 
> decision has implications on other protocols. Thus I think it's much 
> more appropriately discussed among individual implementations.
> 
> As a protocol for allowing both the pre-disclosure of a certificate and 
> post-disclosure of a certificate. We saw, rather extensively in the 
> Threat Model document, different perspectives on policies regarding how 
> pre-disclosure should be treated and handled. For example, using the 
> protocol in 6962 or -bis, it's possible to use CT as a means of 
> detecting and correcting certificates prior to issuance (the discussion 
> about Logs applying rules to certificates). Similarly, it's possible for 
> CT as a protocol to be used entirely internal to an organization, as 
> part of audit logging for external audits via a common protocol, even 
> with the inclusion of data that might otherwise be inappropriate for 
> publicly-exposed logs.
> 
> So I do think that, from the point of view of the RFCs, it's a matter of 
> policy as to how the existence of a pre-certificate is treated, which 
> aligns with the particular intended deployment of the CT protocol. If a 
> policy (e.g. by a browser, for the Web PKI) treats the issuance of a 
> pre-certificate as an unrebuttable proof of an equivalent certificate, 
> which is certainly one of the core things CT enables policy to state, 
> then it naturally follows that it must be treated as such within 
> protocols that are keyed on the issuance of certificates.
> 
> It's an operational concern, defined by local policy, as to what impact, 
> if any, it has on other protocols. Just as RFC 5280 does not define, for 
> example, what forms of names to include within a distinguished name, I'm 
> not convinced that this would even belong in 6962-bis, because it covers 
> the operational aspects and implications of a PKI that may use, in part 
> or whole, these RFCs.

-- 
Rob Stradling
Senior Research & Development Scientist
Sectigo Limited

v2.23.0 | Report a Bug | By Email