IETF Logo Mail Archive

Re: [Trans] Consolidating add-chain and add-pre-chain endpoints

Linus Nordberg <linus@sunet.se> Fri, 12 May 2017 14:01 UTC

Return-Path: <linus@sunet.se>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C0671205D3 for <trans@ietfa.amsl.com>; Fri, 12 May 2017 07:01:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zd6xJBz8TapL for <trans@ietfa.amsl.com>; Fri, 12 May 2017 07:01:42 -0700 (PDT)
Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3EA012EC12 for <trans@ietf.org>; Fri, 12 May 2017 06:55:48 -0700 (PDT)
Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id v4CDtiLm017880 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 12 May 2017 15:55:44 +0200
Received: from flogsta (smtp.adb-centralen.se [IPv6:2001:6b0:8::129]) (authenticated bits=0) by smtp1.nordu.net (8.14.7/8.14.7) with ESMTP id v4CDtfcu009886 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 12 May 2017 13:55:44 GMT
From: Linus Nordberg <linus@sunet.se>
To: Eran Messeri <eranm@google.com>
Cc: trans@ietf.org
Organization: Sunet
References: <20170504082553.9840d8b8a750f87509e75b43@andrewayer.name> <CAL02cgRUHVnWqtpHWSNcy_JgAQBK4aza0ZyGoG2m3Pv0+NU1qg@mail.gmail.com> <CALzYgEcXsn_LRE_vNcsSpbY68Mg4YCKikQOS59+qDBvs-X971A@mail.gmail.com>
Date: Fri, 12 May 2017 15:55:51 +0200
In-Reply-To: <CALzYgEcXsn_LRE_vNcsSpbY68Mg4YCKikQOS59+qDBvs-X971A@mail.gmail.com> (Eran Messeri's message of "Fri, 12 May 2017 14:27:04 +0100")
Message-ID: <8760h6i3h4.fsf@nordberg.se>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: CanIt (www . roaringpenguin . com)
X-Scanned-By: MIMEDefang 2.74
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-nordu-net:default, nordu-net:default, base:default, @@RPTN)
X-p0f-Info: os=unknown unknown, link=Ethernet or modem
X-CanIt-Geo: ip=2001:6b0:8::129; country=SE; latitude=59.3247; longitude=18.0560; http://maps.google.com/maps?q=59.3247,18.0560&z=6
X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default)
X-Canit-Stats-ID: 0aTjpTIEi - 8d0437c5e735 - 20170512
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral (e-mailfilter02.sunet.se: 2001:6b0:8::129 is neither permitted nor denied by domain linus@sunet.se) receiver=e-mailfilter02.sunet.se; client-ip=2001:6b0:8::129; envelope-from=<linus@sunet.se>; helo=smtp1.nordu.net; identity=mailfrom
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/S75unzbzZ3RWpJQwb0q9Rp7Co6o>
Subject: Re: [Trans] Consolidating add-chain and add-pre-chain endpoints
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 May 2017 14:01:46 -0000

I like the single add-entry call idea together with the explicit
'is_precertificate' indication.

The naming here is a bit unfortunate though, at least when compared with
PR 256 [1] where 'submission' seems to mean end-entity-(pre)cert _and_
chain. I suggest making the input to an add-entry call and the output
from the get-entries call identical, if at all possible.

[1] https://github.com/google/certificate-transparency-rfcs/pull/256/files

Eran Messeri <eranm@google.com> wrote
Fri, 12 May 2017 14:27:04 +0100:

> (follow-up from an out-of-band discussion with Andrew)
> The concern Andrew has raised,of some implementations accepting a null
> values, it is very valid. Fortunately, it's easy to check that logs do not
> behave that way.
>
> An alternative approach to unifying add-chain/add-pre-chain  is to have a
> single add-entry call which takes, as inputs:
> 'submission' - base64-encoded DER certificate OR CMS Precertificate.
> 'chain' - chaining the submission to a root, like now.
> 'is_precertificate' - indicating whether the 'submission' parameter should
> be parsed as a DER-encoded certificate or CMS Precertificate.
>
> Any opinions on that?
>
> Personally I think the concern Andrew has raised is very valid and the spec
> should explicitly deal with it, forbidding the presence of an empty
> 'precertificate' parameter if a 'certificate' is being supplied, and vice
> versa, and logs can easily be checked for compliance with that requirement.
>
> However I'm also OK with leaving add-chain / add-pre-chain as separate
> methods.
>
> Eran
>
> On Thu, May 4, 2017 at 7:24 PM, Richard Barnes <rlb@ipv.sx> wrote:
>
>> TBH, I don't feel very strongly about this.  Andrew's analysis seems
>> pretty sound.
>>
>> On Thu, May 4, 2017 at 11:25 AM, Andrew Ayer <agwa@andrewayer.name> wrote:
>>
>>> Regarding https://github.com/google/certificate-transparency-rfcs/pull>> /248
>>>
>>> I do not think this is a good change.
>>>
>>> If an implementation wants to use a struct to represent the add-entry
>>> message (as Google's Golang CT library currently does), the struct would
>>> need to contain nullable variables for the certificate and
>>> precertificate fields.  Nullable variables are error-prone and are best
>>> avoided if possible.
>>>
>>> For example, a client might accidentally send null as one of these
>>> fields instead of omitting it (with Go, this can easily happen if you
>>> forget to tag the struct field as omitempty).  Although this would be a
>>> malformed add-entry message, I expect many servers would accept it
>>> because many JSON deserializers I've seen (such as Go's) do not
>>> distinguish between a null struct field and an omitted struct field.
>>> This risks causing interoperability problems.  I expect the predominant
>>> 6962-bis log server will be Google's Trillian, which means clients will
>>> be interacting mostly with log servers which exhibit the lax
>>> deserialization behavior. The client's mistake won't be noticed until
>>> it tries to submit a chain to a rarer, stricter server, which might
>>> happen long after the client code has been deployed.
>>>
>>> Therefore, I favor keeping add-chain and add-pre-cert as separate
>>> endpoints.  That way, the structure of the messages are rigid and
>>> clearly indicated by the name of the endpoint.  The protocol will have
>>> only one joint (the endpoint name) instead of two (the endpoint name
>>> plus the presence or absence of the precertificate and certificate
>>> fields).
>>>
>>> Regards,
>>> Andrew
>>>
>>> _______________________________________________
>>> Trans mailing list
>>> Trans@ietf.org
>>> https://www.ietf.org/mailman/listinfo/trans>>
>>
>>
>> _______________________________________________
>> Trans mailing list
>> Trans@ietf.org
>> https://www.ietf.org/mailman/listinfo/trans>
>>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans

v2.23.0 | Report a Bug | By Email