Re: [Trans] draft-ietf-trans-rfc6962-bis-28: "no security implications"
Ryan Sleevi <ryan-ietf@sleevi.com> Tue, 24 April 2018 16:28 UTC
Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 295BD12E8D7 for <trans@ietfa.amsl.com>; Tue, 24 Apr 2018 09:28:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FMGDYWnYa6Go for <trans@ietfa.amsl.com>; Tue, 24 Apr 2018 09:28:32 -0700 (PDT)
Received: from homiemail-a103.g.dreamhost.com (homie-sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D439F12702E for <trans@ietf.org>; Tue, 24 Apr 2018 09:28:32 -0700 (PDT)
Received: from homiemail-a103.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a103.g.dreamhost.com (Postfix) with ESMTP id 3805930002B27 for <trans@ietf.org>; Tue, 24 Apr 2018 09:28:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=9+Z77FNZ9Jwxgbs5+y3vkJYxvGE=; b= uXRaKofuH5rryD1EzHDnPrYqTMCq8leQE+HGZ4UbZF5tn/n7zIy7LXrbmuR69Q1W y2qWcs1ZDBoRbscqz6POyNgs3w3ob7QvegERExziMlUBVxir8uBiaMBuIHTJQLXq KIdnFAMyObH0xwGeOAWSWNBllS0hm5yRIwzLaug1nIY=
Received: from mail-it0-f50.google.com (mail-it0-f50.google.com [209.85.214.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by homiemail-a103.g.dreamhost.com (Postfix) with ESMTPSA id 28DB730002B21 for <trans@ietf.org>; Tue, 24 Apr 2018 09:28:32 -0700 (PDT)
Received: by mail-it0-f50.google.com with SMTP id m134-v6so16305323itb.3 for <trans@ietf.org>; Tue, 24 Apr 2018 09:28:32 -0700 (PDT)
X-Gm-Message-State: ALQs6tD7kqIspM6PNf5gf5B2mWSd3pHekl4Hi5oFiJuzPVscUULe77Cq lupTfA8pd9ihgM033w5u4L8IFjYfYcIHppvIi8w=
X-Google-Smtp-Source: AIpwx48ZpzxfrQhL6MRqptFMtFs5tBWFrUNp6Raykyp+GnszsAgXqDmY/5qBdIdu+hwPW/63ebWFCooadDh/lHLKin8=
X-Received: by 2002:a24:d88b:: with SMTP id b133-v6mr17694966itg.119.1524587311466; Tue, 24 Apr 2018 09:28:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:985a:0:0:0:0:0 with HTTP; Tue, 24 Apr 2018 09:28:30 -0700 (PDT)
In-Reply-To: <08ec0e15-2244-ac90-3acf-d3e4153bcf75@ComodoCA.com>
References: <20180320151249.ef2e85feaf05de8edac24479@andrewayer.name> <08ec0e15-2244-ac90-3acf-d3e4153bcf75@ComodoCA.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Tue, 24 Apr 2018 12:28:30 -0400
X-Gmail-Original-Message-ID: <CAErg=HGeRe7Y9CHY9MgBD8fnYUJ+L6xNizwLMMRn-N7PmXjVaQ@mail.gmail.com>
Message-ID: <CAErg=HGeRe7Y9CHY9MgBD8fnYUJ+L6xNizwLMMRn-N7PmXjVaQ@mail.gmail.com>
To: Rob Stradling <Rob@comodoca.com>
Cc: Trans <trans@ietf.org>, Andrew Ayer <agwa@andrewayer.name>
Content-Type: multipart/alternative; boundary="00000000000021204f056a9aa529"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/VFKimsckos6lSPlJUUyF6unSWbc>
Subject: Re: [Trans] draft-ietf-trans-rfc6962-bis-28: "no security implications"
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 16:28:35 -0000
None here. I support this change :) On Fri, Apr 20, 2018 at 5:07 PM, Rob Stradling <Rob@comodoca.com> wrote: > I think this is a good change. I've posted a PR here: > https://github.com/google/certificate-transparency-rfcs/pull/296 > > Anyone have any objections? > > > On 20/03/18 22:12, Andrew Ayer wrote: > >> draft-ietf-trans-rfc6962-bis-28 added the following text to >> section 4.2: >> >> "While there are no security implications to a log accepting >> a submission that does not chain to one of its accepted trust >> anchors..." >> >> This isn't true. The certificate chain enables the logged certificate >> to be attributed to a known trust anchor. This is security-sensitive, >> as without the chain, monitors and trust store operators can't respond >> to a misissued certificate because they don't know which trust anchor >> should be sanctioned/distrusted for misissuing the certificate.[1] >> >> Therefore, this text should be removed. >> >> It might also be a good idea, to avoid any future confusion about this >> requirement, to add "to ensure that logged certificates are attributable >> to a known trust anchor" to the sentence at the beginning of 4.2 that >> explains why the requirement exists. >> >> Regards, >> Andrew >> >> >> [1] In the general case, a monitor could probably construct the chain >> using its own store of intermediate certificates. But this fails if >> the intermediate isn't known, which might happen in the adversarial >> case where an intermediate certificate is issued for the sole purpose >> of evading responsibility for a misissued certificate. >> >> _______________________________________________ >> Trans mailing list >> Trans@ietf.org >> https://www.ietf.org/mailman/listinfo/trans >> >> > -- > Rob Stradling > Senior Research & Development Scientist > Email: Rob@ComodoCA.com > > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans >
- [Trans] draft-ietf-trans-rfc6962-bis-28: "no secu… Andrew Ayer
- Re: [Trans] draft-ietf-trans-rfc6962-bis-28: "no … Rob Stradling
- Re: [Trans] draft-ietf-trans-rfc6962-bis-28: "no … Ryan Sleevi