Re: [Trans] Relaxing section 5.1

Peter Bowen <pzbowen@gmail.com> Wed, 02 November 2016 14:09 UTC

Return-Path: <pzbowen@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66CA5129491 for <trans@ietfa.amsl.com>; Wed, 2 Nov 2016 07:09:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nnWPLZrx-0UR for <trans@ietfa.amsl.com>; Wed, 2 Nov 2016 07:09:39 -0700 (PDT)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AC4212945E for <trans@ietf.org>; Wed, 2 Nov 2016 07:09:39 -0700 (PDT)
Received: by mail-it0-x22d.google.com with SMTP id e187so83317401itc.0 for <trans@ietf.org>; Wed, 02 Nov 2016 07:09:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=X5qo3vPCnfrLxuBmcUwjYg7y4tmuBrrj+KV4eM2u7rg=; b=CetDFDSCCiRVylcuFaH+R5Wr1K8UMOR74Kp5A7FnkJrpRaCvJNMpdfxDKPkOGACJy9 keWTvMD6afs7Oj5Jgnl83VtbSMcLbA22Jkoex4KCx3q49M0HgncZos0Kiufiw1F5AUB7 XP8u4LsvXcEi3vV1WT2EWGkWctMbSUAeeqbnSAlbBhrzUI+yxq6E+0hl1eeLc2nQnXFD WStoa2uJ74tztxHmSlgckISUq+ePJJnlh9bsLnL29rc4sCv28bXaVg2Stp6DzDUAumyG pHauxgNjUeN2uAWpyNw0RvW3ou56sMkykLKHWmGA5HjZq2EMaG7UiXL98xXGvuR0sZ5Y aTGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=X5qo3vPCnfrLxuBmcUwjYg7y4tmuBrrj+KV4eM2u7rg=; b=Iaba/VQC8FjuSrGMEtilaq3kWm648YbbXbgRSVrqEfUFOhjjqHHTbzgUvQjYKPP/Xh XEmCcJ/a1T3mpNIf9kxmI3PLtAXJRFqzP7paI+vqMlnms3cCIHL7Q1LnjMOa05hl35Qv Vvjj4TbXqtY6TaTh5jvAD4pM8YiRtFS3SpPBuZ7b7OH8608G0l/4zVsfe7Z8Jgd51BuT sx00fUIjZemA5pAVImB3G213lyJ1gFoogm3WfUFB+40KQXgbUZ9mJKsQjRnkn8M96QMs vUOdZ8+n3lC1OO+4Wab3xZcqcU6OblApfZPxJY/WoyR7fD9k7iLRdpSPncI2PJ4GJ6nb QsrQ==
X-Gm-Message-State: ABUngvekVxUMAs2ecmcepw7Pw70/w+T5M3JCBWxwiZmAJ2xacc2F8BRl7DVoip6vgnKOblu2UMj6mvVCgSrxkg==
X-Received: by 10.107.184.214 with SMTP id i205mr4383753iof.167.1478095726564; Wed, 02 Nov 2016 07:08:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.39.68 with HTTP; Wed, 2 Nov 2016 07:08:45 -0700 (PDT)
In-Reply-To: <1c7240d7-f38d-2011-ad45-587843e0f1f8@gmail.com>
References: <CAK6vND8_4OQ0du0MC8Z5=NJR5ho1EpT-8H41O+Te9tvM3YeNcg@mail.gmail.com> <CALzYgEcuf+WoUVy=vsPYJ7t49ASe_5Tc7ySOuKoYJMzpODHtSA@mail.gmail.com> <1c7240d7-f38d-2011-ad45-587843e0f1f8@gmail.com>
From: Peter Bowen <pzbowen@gmail.com>
Date: Wed, 02 Nov 2016 07:08:45 -0700
Message-ID: <CAK6vND_XeyQsO=4pP12e3HL+r8Cdw_M7Gm1SB5zoQKGHbKUP7w@mail.gmail.com>
To: Melinda Shore <melinda.shore@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/JjB7Zx0TpItd-VfYBIo70xTFfc0>
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Relaxing section 5.1
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 14:09:41 -0000

On Wed, Nov 2, 2016 at 6:39 AM, Melinda Shore <melinda.shore@gmail.com> wrote:
> 6962-bis has completed working group last call.  Minor editorial
> changes are fine, but let's try to avoid major changes that would
> require yet another WGLC.  If there's a need for an additional
> document dealing with operational considerations or operational
> specifications, we can do that.  If there's a major problem with
> 6962-bis, we can deal with that as well, but it would need to
> be serious (i.e. goes to the correctness of the specification,
> fixes something that's broken, etc.).

I realize that 6962bis has passed WGLC, so I know there is a high bar
for changes.  However I think this might pass that bar.  The highly
restrictive language that imposes minimum policy for logs prevents
interoperability with other IETF RFCs on the standards track very
hard.  6962bis appears to assume that DANE (RFCs 7671 and 6698) will
never be implemented and that concepts like RFC 6091 will never come
to fruition.

By requiring all logs MUST accept any certificate that chains to a
root in the log's root list, 6962bis fails to allow log operators to
mitigate any Denial of Service attacks mounted by attempting to log
massive numbers of certificates that are not relevant to the log
scope.  For example, many existing certification authorities issue
both server authentication certificates and certificates for personal
identification.  For some roots, acquiring large numbers of these is
relatively easy (see discussion of fetching millions of Taiwanese
Citizen Digital Certificates in
https://smartfacts.cr.yp.to/smartfacts-20130916.pdf)  As written
today, a log MUST accept these.  There is no option for a log to
require that all certificates must meet some usability criteria.

I agree that a future additional document dealing with operational
considerations is fine, but as drafted today, 6962bis does not allow a
log to implement these considerations.

Thanks,
Peter