Re: [Trans] Bad Technical Decision: Closing out the SCT encoding discussion
Erwann Abalea <eabalea@gmail.com> Fri, 13 March 2015 22:30 UTC
Return-Path: <eabalea@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 045911A0072 for <trans@ietfa.amsl.com>; Fri, 13 Mar 2015 15:30:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_34=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vnKc897zj4aL for <trans@ietfa.amsl.com>; Fri, 13 Mar 2015 15:29:58 -0700 (PDT)
Received: from mail-vc0-x230.google.com (mail-vc0-x230.google.com [IPv6:2607:f8b0:400c:c03::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC3781A1A99 for <trans@ietf.org>; Fri, 13 Mar 2015 15:29:57 -0700 (PDT)
Received: by mail-vc0-f176.google.com with SMTP id kv7so8739124vcb.7 for <trans@ietf.org>; Fri, 13 Mar 2015 15:29:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=bJnNrzwdGMZxBjF/fuxSosMnr25+KhEEjg7oR8ytyM0=; b=uC0a1xslTkT5WoTkvyTOZ8g+H+p6lPx/+fuSXcSaBx+Rojea4TA5lCnnwKxV/lFKAy vu8nGRTlJOPyRSxOBy3Vxb2MSE9GdH7XL1kILeqn26CHqmMFITD2oVs6CUoCVrRHJ7cQ SmxBekBtVrq0KvyjQy398HTMYADx5X9p85Lt5owg1jKykjkfzFyOHB2ZqHryQA8RaHZW obT7+0J4Y7pyPi7ZIf6r5K7gnLyZ83vtWwcTTnKvVTT/YxYGTFwdP4f/njoeWW1uOXwg Qx5ZcsqKb6nGz1SK58/4wHp/ALUSS1lI8mWBSFZl0gx8w2BhPdGvneiG/hPzCZsnb3Xu iFug==
MIME-Version: 1.0
X-Received: by 10.52.162.72 with SMTP id xy8mr54101782vdb.12.1426285796992; Fri, 13 Mar 2015 15:29:56 -0700 (PDT)
Received: by 10.52.77.69 with HTTP; Fri, 13 Mar 2015 15:29:56 -0700 (PDT)
In-Reply-To: <5503546D.9090100@comodo.com>
References: <550257A0.8050401@gmail.com> <B87AFA6C-2B9F-474C-AE0F-BF07829CD139@vigilsec.com> <550347A0.6070005@cs.tcd.ie> <55034F89.4060501@comodo.com> <5503511B.6000709@cs.tcd.ie> <55035385.8060001@comodo.com> <5503546D.9090100@comodo.com>
Date: Fri, 13 Mar 2015 23:29:56 +0100
Message-ID: <CA+i=0E5iAEjbptZj9oYFkXy3CFPutDfnK9O_rYebbqd2hCABag@mail.gmail.com>
From: Erwann Abalea <eabalea@gmail.com>
To: Rob Stradling <rob.stradling@comodo.com>
Content-Type: multipart/alternative; boundary="089e01628326472de90511330a94"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/bakH-mX7RI6FMrgwJbjdHxb90Ug>
Cc: "trans@ietf.org" <trans@ietf.org>, Paul Wouters <paul@nohats.ca>, Russ Housley <housley@vigilsec.com>, Melinda Shore <melinda.shore@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Trans] Bad Technical Decision: Closing out the SCT encoding discussion
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2015 22:30:00 -0000
Bonsoir,
Trying to do the ASN.1 conversion while trying to stay close to the current
SCTList definition, I got this:
SignedCertificateTimestampList ::= SEQUENCE OF SignedCertificateTimestamp
SignedCertificateTimestamp ::= SEQUENCE {
sct-version Version,
id LogID,
extensions CtExtensions,
signature-of-SignedEntry Signature }
Version ::= INTEGER { v1(0) } (0..255)
LogID ::= OCTET STRING (SIZE(32))
CtExtensions ::= OCTET STRING (SIZE(0..65535))
-- No extension is defined yet, but it should probably something like this
instead:
-- CtExtensions ::= SEQUENCE OF CtExtension
-- CtExtension ::= SEQUENCE {
-- type SomeType,
-- value SomeValue (taken from an ObjectSet)
-- }
-- That's an acceptable way to define a signature, it's a BIT STRING in
X.509, and an OCTET STRING in CMS
Signature ::= OCTET STRING (SIZE(0..65535))
But what is really signed is a SignedEntry.
The SignedEntry could also be redefined in ASN.1, but then we have a
different signature. Bad.
An ASN.1 defined SignedEntry would be something like this:
SignedEntry ::= SEQUENCE {
sct-version Version,
signature-type SignatureType, -- MUST be certificate-timestamp?
timestamp Uint64,
logentry LogEntry }
SignatureType ::= INTEGER {
certificate-timestamp(0),
tree-hash(1) } (0..255)
Uint64 ::= INTEGER (0..18446744073709551616)
LogEntry ::= CHOICE {
x509entry [0] ASN1Cert,
precertentry [1] PreCert }
PreCert ::= SEQUENCE {
issuer-key-hash OCTET STRING (SIZE(32)),
tbs-certificate TBSCertificate }
-- TBSCertificate is defined in RFC5280
ASN1Cert ::= Certificate
If we give up here and consider SignedEntry to be an OCTET STRING, then the
signature doesn't apply to the SignedEntry structure itself, but to its
content (tag and length excluded). Not really PKIX way.
I can't find a clean way to solve this.
2015-03-13 22:19 GMT+01:00 Rob Stradling <rob.stradling@comodo.com>:
>
> On 13/03/15 21:15, Rob Stradling wrote:
>
>> On 13/03/15 21:05, Stephen Farrell wrote:
>>
>>> On 13/03/15 20:58, Rob Stradling wrote:
>>>
>>>> On 13/03/15 20:25, Stephen Farrell wrote:
>>>> <snip>
>>>>
>>>>> And if we interpret 5280 strictly and conclude that is still a
>>>>> good plan then the question would be what to do about the SCT
>>>>> encoding, which could be to do something hacky like prepending
>>>>> another OCTET STRING tag and a length I suppose,
>>>>>
>>>>
>>>> Stephen, RFC6962 does precisely that, and the current 6962-bis text aims
>>>> to do the same.
>>>>
>>>
>>> Really?
>>>
>>
>> Really. That's what all the current implementations of RFC6962 are doing.
>>
>
> It probably doesn't help that RFC6962 has two definitions of "
> SignedCertificateTimestampList", one using ASN.1 and one using TLS
> encoding rules.
>
> SignedCertificateTimestampList ::= OCTET STRING
>
> struct {
> SerializedSCT sct_list <1..2^16-1>;
> } SignedCertificateTimestampList;
>
> This issue is addressed in 6962-bis -07.
>
> I though the extnValue was just the SignedCertificateTimestampList
>>> and did not contain yet another OCTET STRING tag? That how I read
>>> 6962 anyway.
>>>
>>
>> Some other folks read it that way too, apparently.
>>
>> Hence http://trac.tools.ietf.org/wg/trans/trac/ticket/14
>>
>> S.
>>>
>>>
>>>> Adding yet another OCTET STRING would turn it into an OCTET STRING
>>>> inside an OCTET STRING inside an OCTET STRING!
>>>>
>>>> I'd be surprised if Russ or Steve Kent would consider that to be any
>>>> better than the current plan (an OCTET STRING inside an OCTET STRING).
>>>>
>>>
>>
>
--
Erwann.
- Re: [Trans] Bad Technical Decision: Closing out t… Paul Wouters
- Re: [Trans] Bad Technical Decision: Closing out t… Nico Williams
- [Trans] Closing out the SCT encoding discussion Melinda Shore
- [Trans] Bad Technical Decision: Closing out the S… Russ Housley
- Re: [Trans] Bad Technical Decision: Closing out t… Stephen Farrell
- Re: [Trans] Bad Technical Decision: Closing out t… Rob Stradling
- Re: [Trans] Bad Technical Decision: Closing out t… Russ Housley
- Re: [Trans] Bad Technical Decision: Closing out t… Stephen Farrell
- Re: [Trans] Bad Technical Decision: Closing out t… Russ Housley
- Re: [Trans] Bad Technical Decision: Closing out t… Rob Stradling
- Re: [Trans] Bad Technical Decision: Closing out t… Rob Stradling
- Re: [Trans] Bad Technical Decision: Closing out t… Stephen Farrell
- Re: [Trans] Bad Technical Decision: Closing out t… Erwann Abalea
- Re: [Trans] Bad Technical Decision: Closing out t… Nico Williams