Re: [Trans] Fwd: Certificate Transparency with Russian GOST algorithms

Ben Laurie <> Tue, 18 March 2014 14:20 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 9913C1A044F for <>; Tue, 18 Mar 2014 07:20:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HQPDPrjllkJy for <>; Tue, 18 Mar 2014 07:20:57 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400c:c01::22c]) by (Postfix) with ESMTP id B40741A02F9 for <>; Tue, 18 Mar 2014 07:20:57 -0700 (PDT)
Received: by with SMTP id jx11so7035022veb.17 for <>; Tue, 18 Mar 2014 07:20:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=EgYbT4NZBdsIt/UuwIj2ZoIK9e5eI5MSzjDhMFZBRUo=; b=XGX7JMOaz4KMsild/t/TusdPJBDlDqcfqBzSuVZpkgpwyEEou4DhO+RcJp0t01Wttj svGrN6z6neD3k+EXA4PHfmxaeSzXWYJcYr6woinTTz75LU8YhQe92uT3Ldd9dIxi/rlA o3V+84z+5ijuj/cOAbkFpaF1KtpStFllbGKu1tB1DbOdNbsPRaLmKx5ua2hWF4sKgH+E UEX79v1u4Cg6M5ho8H4laljo+u+ePmr3UUiczUEirrjp3bN/q1iE6fsXFnQTQkpUSz/K XAZCsfxhOgaAjsQcpu1q6W9n/swv1IvJH5azSws0/WCqkNHdRIAzxhJgDUfOX6cSYxiP wXkg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=EgYbT4NZBdsIt/UuwIj2ZoIK9e5eI5MSzjDhMFZBRUo=; b=effKs7iGLpIAgYPP/Y9/HDI0eieDdMuXmHIRC4niAiDP7yQsKEPaz5WRv+kSb64kd3 p1uSa7ssTgzAJ5ZxeUQFlJSn9M2EBk6mu2vMerE0aGszoymOCZ2H2Ma/NikWNbJtEY0f 2Ys/QNZgmyjwQSM9H9XY29BEUaaGp/h3AymxkVK2tT5P3Ok4mWVCOjgGqT3YsX3V9RPv /ctS98XZNZ2WcxdFdEw0chBH0wImSWggaYgruW+MvcwhwPKmlW5I9cqh7qcA1UZs0rMp DfxvM6JSJBY5OHmplVUoExeeKD6Of4TdZ/qEoR8XGq/W5Z2R7o8LrUzf4pW0POOO8HBk u0Yg==
X-Gm-Message-State: ALoCoQmOVEbp99VisFRiQb2rpXcrFDKVjbM5DM1yybqzBZpJD2szj9XYNSTQyhHV/ZK4LqNErzpML35K5mEpISaY2e72eUBQrzb/crsoeng3jhDpSG7YseG7eY0CLQSed/A2IXQhM3xRifDzC6WQJxd6e1EUOcykizDdR2M9YiQvnoRNq96vjH1aBW6JHS/FTc86w0BupIAY
MIME-Version: 1.0
X-Received: by with SMTP id p18mr25311972vci.14.1395152449233; Tue, 18 Mar 2014 07:20:49 -0700 (PDT)
Received: by with HTTP; Tue, 18 Mar 2014 07:20:49 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Tue, 18 Mar 2014 14:20:49 +0000
Message-ID: <>
From: Ben Laurie <>
To: Melinda Shore <>
Content-Type: text/plain; charset="UTF-8"
Cc: "" <>
Subject: Re: [Trans] Fwd: Certificate Transparency with Russian GOST algorithms
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 18 Mar 2014 14:20:59 -0000

On 11 March 2014 18:36, Melinda Shore <> wrote:
> For some reason Dmitry's mail is not arriving at the
> IETF server, so I thought I would forward it myself.
> Melinda
> -------- Original Message --------
> Subject: Certificate Transparency with Russian GOST algorithms
> Date: Tue, 11 Mar 2014 22:16:47 +0400
> From: Dmitry Belyavsky <>
> To:
> CC:
> Hi all!
> Here are some thoughts about using CT in Russia with Russian
> cryptographic algorithms (GOST). They were discussed with Ben Laurie
> during the IETF meeting in London. I am not sure which mailing list is
> the right place to post to, so I post it to the WG mailing list.
> Laws and practice in Russia requires using of the GOST hash and digital
> signature in X.509 certificates for government services. These
> certificates are signed by Russians CAs which are not in lists of
> trusted CAs in major browsers. It is not a problem to create an
> installation of log server in Russia containing the list of Russian CAs.
> But Russia-based service should use the GOST hash algorithm in the
> Merkle tree and GOST signature algorithm for signing SCT. It seems to be
> not a problem because if GOST-based certificates are submitted to
> GOST-based log, browsers not understanding the GOST algorithms will not
> have to verify GOST-based SCTs. But also it means that the hashing
> algorithm of Merkle tree should become the config-time parameter of the
> log instance instead of being hardcoded. Also it should be possible to
> find out which algorithm is used in this or that log instance and it
> should be strictly prohibited to change this algorithm after start of
> the log instance. It seems to be a good idea anyway because of the
> requirements of cryptographic algorithms agility.

As I mentioned elsewhere, in our view you change algorithm by starting
a new log.

The hash/signing algorithms are fixed properties of the log.

It seems to me there shouldn't be any difficulty accommodating GOST
like this - I guess we'd have to add the rule that non-GOST
certificates MUST NOT use GOST logs. Not sure whether we should
require the opposite, though (i.e. GOST certificates MUST NOT use
EC/SHA logs)?