Re: [Trans] Consolidating add-chain and add-pre-chain endpoints
Eran Messeri <eranm@google.com> Fri, 12 May 2017 13:32 UTC
Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B15612EB84 for <trans@ietfa.amsl.com>; Fri, 12 May 2017 06:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0LQVdt8NlS0 for <trans@ietfa.amsl.com>; Fri, 12 May 2017 06:32:50 -0700 (PDT)
Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37EC812EB71 for <trans@ietf.org>; Fri, 12 May 2017 06:27:36 -0700 (PDT)
Received: by mail-it0-x236.google.com with SMTP id o5so10454577ith.1 for <trans@ietf.org>; Fri, 12 May 2017 06:27:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=csRVG+kTvqBniH9va8z+NTgJUXehERQwC6XvQuyfMj0=; b=hxXW1rzYH8XqG16Fw1u444JnwK67+Vl4ANi3IIHXCmQM99hMjFkacozqsoD3oL9pzF CaeVkQg1pJJHVnfsanwwGQ8LGu9Ll5V7vyxZBdnpb2GIJkoXVa1qNx1MMiUadSewj4vO UPDyCNCrCT1h66S/UEPeT9r1D0EyWtOyCMcZoW2xH2+302cR+qFKZ90D/kqZrJwyK29L HmhcvMUsYLHxXZpLh66C5xj3KbhaUhMWwfJ7JR2lQIgG+L8tyDAmcVDCFfjCrcDHwhXI +HJbqghaPttcGKPbDPrCdfdLdr+b+Ys0XU7ACXXMn2lFpFX5LbVwwCXowrM+8g1mW3br dg6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=csRVG+kTvqBniH9va8z+NTgJUXehERQwC6XvQuyfMj0=; b=kKc7Kf/ZqzCO9UxMc1NlqkRMwF8MTlU1rg+0zb1XnLZR1V/nCD5pfWaYcayif9ncKy esskMle2JGM7c/eWwPXwMIo5TNw/QciPNrytUgdQMOa1wsBFJHGh9+lpEBEJgF3a5JOc WrcVbs11Uq21ck1BJBELNKULQEGvXGxdoeHtDXZdhZP2GeCMFmthsILFgmwGcvmp2yez Jex0rTTVQz3aOdM6YkyNoENFC5Tit1AiE0w6exhCWQulPxbocfi2Cw5ldmTKRxQ+IAxN +CFrwVy144kGb9veK0S8lxw8sUbJOM0nRFJmAm9jHyk4Ha+43hqup9MFkrVXJJf0+upC W8yg==
X-Gm-Message-State: AODbwcC5Bft1QdnPxT2PdkYiH1Zm9Z/5uenJiA5V5QCfjgTA89NLTlQF enTWg+D/WYfRduGKGUQ/5S4eNUJrim3waiS4XA==
X-Received: by 10.36.3.13 with SMTP id e13mr3589328ite.112.1494595655305; Fri, 12 May 2017 06:27:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.129.6 with HTTP; Fri, 12 May 2017 06:27:04 -0700 (PDT)
In-Reply-To: <CAL02cgRUHVnWqtpHWSNcy_JgAQBK4aza0ZyGoG2m3Pv0+NU1qg@mail.gmail.com>
References: <20170504082553.9840d8b8a750f87509e75b43@andrewayer.name> <CAL02cgRUHVnWqtpHWSNcy_JgAQBK4aza0ZyGoG2m3Pv0+NU1qg@mail.gmail.com>
From: Eran Messeri <eranm@google.com>
Date: Fri, 12 May 2017 14:27:04 +0100
Message-ID: <CALzYgEcXsn_LRE_vNcsSpbY68Mg4YCKikQOS59+qDBvs-X971A@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: Andrew Ayer <agwa@andrewayer.name>, Trans <trans@ietf.org>
Content-Type: multipart/alternative; boundary="001a11419bfa1e8b61054f53ab10"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/SOx42hQATpsK3TOqV9ZvABUiWwo>
Subject: Re: [Trans] Consolidating add-chain and add-pre-chain endpoints
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 May 2017 13:32:53 -0000
(follow-up from an out-of-band discussion with Andrew) The concern Andrew has raised,of some implementations accepting a null values, it is very valid. Fortunately, it's easy to check that logs do not behave that way. An alternative approach to unifying add-chain/add-pre-chain is to have a single add-entry call which takes, as inputs: 'submission' - base64-encoded DER certificate OR CMS Precertificate. 'chain' - chaining the submission to a root, like now. 'is_precertificate' - indicating whether the 'submission' parameter should be parsed as a DER-encoded certificate or CMS Precertificate. Any opinions on that? Personally I think the concern Andrew has raised is very valid and the spec should explicitly deal with it, forbidding the presence of an empty 'precertificate' parameter if a 'certificate' is being supplied, and vice versa, and logs can easily be checked for compliance with that requirement. However I'm also OK with leaving add-chain / add-pre-chain as separate methods. Eran On Thu, May 4, 2017 at 7:24 PM, Richard Barnes <rlb@ipv.sx> wrote: > TBH, I don't feel very strongly about this. Andrew's analysis seems > pretty sound. > > On Thu, May 4, 2017 at 11:25 AM, Andrew Ayer <agwa@andrewayer.name> wrote: > >> Regarding https://github.com/google/certificate-transparency-rfcs/pull >> /248 >> >> I do not think this is a good change. >> >> If an implementation wants to use a struct to represent the add-entry >> message (as Google's Golang CT library currently does), the struct would >> need to contain nullable variables for the certificate and >> precertificate fields. Nullable variables are error-prone and are best >> avoided if possible. >> >> For example, a client might accidentally send null as one of these >> fields instead of omitting it (with Go, this can easily happen if you >> forget to tag the struct field as omitempty). Although this would be a >> malformed add-entry message, I expect many servers would accept it >> because many JSON deserializers I've seen (such as Go's) do not >> distinguish between a null struct field and an omitted struct field. >> This risks causing interoperability problems. I expect the predominant >> 6962-bis log server will be Google's Trillian, which means clients will >> be interacting mostly with log servers which exhibit the lax >> deserialization behavior. The client's mistake won't be noticed until >> it tries to submit a chain to a rarer, stricter server, which might >> happen long after the client code has been deployed. >> >> Therefore, I favor keeping add-chain and add-pre-cert as separate >> endpoints. That way, the structure of the messages are rigid and >> clearly indicated by the name of the endpoint. The protocol will have >> only one joint (the endpoint name) instead of two (the endpoint name >> plus the presence or absence of the precertificate and certificate >> fields). >> >> Regards, >> Andrew >> >> _______________________________________________ >> Trans mailing list >> Trans@ietf.org >> https://www.ietf.org/mailman/listinfo/trans >> > > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans > >
- [Trans] Consolidating add-chain and add-pre-chain… Andrew Ayer
- Re: [Trans] Consolidating add-chain and add-pre-c… Richard Barnes
- Re: [Trans] Consolidating add-chain and add-pre-c… Eran Messeri
- Re: [Trans] Consolidating add-chain and add-pre-c… Linus Nordberg
- Re: [Trans] Consolidating add-chain and add-pre-c… Rob Stradling
- Re: [Trans] Consolidating add-chain and add-pre-c… Linus Nordberg
- Re: [Trans] Consolidating add-chain and add-pre-c… Richard Barnes