Re: [Trans] updated definition and attack analysis text
Santosh Chokhani <schokhani@cygnacom.com> Sun, 05 October 2014 18:37 UTC
Return-Path: <schokhani@cygnacom.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 150051A1A94 for <trans@ietfa.amsl.com>; Sun, 5 Oct 2014 11:37:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.014
X-Spam-Level:
X-Spam-Status: No, score=0.014 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11lqw3tRP9WL for <trans@ietfa.amsl.com>; Sun, 5 Oct 2014 11:37:52 -0700 (PDT)
Received: from ipedge1.cygnacom.com (ipedge1.cygnacom.com [216.191.252.12]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB2711A1A8E for <trans@ietf.org>; Sun, 5 Oct 2014 11:37:51 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.04,660,1406606400"; d="scan'208,217";a="4332227"
Received: from unknown (HELO scygexch10.cygnacom.com) ([10.4.60.26]) by ipedge1.cygnacom.com with ESMTP; 05 Oct 2014 14:37:50 -0400
Received: from SCYGEXCH10.cygnacom.com ([::1]) by scygexch10.cygnacom.com ([::1]) with mapi id 14.03.0195.001; Sun, 5 Oct 2014 14:37:49 -0400
From: Santosh Chokhani <schokhani@cygnacom.com>
To: Stephen Kent <kent@bbn.com>, "trans@ietf.org" <trans@ietf.org>
Thread-Topic: [Trans] updated definition and attack analysis text
Thread-Index: AQHP3aBJzE0wM8osr0i7nW4ODSW41ZwdOxdggAHNyICAAtGKAA==
Date: Sun, 05 Oct 2014 18:37:48 +0000
Message-ID: <4262AC0DB9856847A2D00EF817E811392396F3@scygexch10.cygnacom.com>
References: <542C3EFA.7010204@bbn.com> <4262AC0DB9856847A2D00EF817E8113923603B@scygexch10.cygnacom.com> <542EF969.1020507@bbn.com>
In-Reply-To: <542EF969.1020507@bbn.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.60.117.7]
Content-Type: multipart/alternative; boundary="_000_4262AC0DB9856847A2D00EF817E811392396F3scygexch10cygnaco_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/f7ZKTChBAziDk8G7m0nV01pl83Q
Subject: Re: [Trans] updated definition and attack analysis text
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Oct 2014 18:37:56 -0000
Steve, How about the following "The entity (monitor, subject, or another entity) that is examining the logs for certificate of interest for a subject (i.e., domain) has or obtains a list valid certificates from the subject in a secure manner. The examining party or the subject must not rely on the authorized CA or RA database for this information or use certificate discovery protocols; this information must be developed by the subject based on the certificates it has obtained and installed. If the authorized CA or RA database is used to reconcile with the certificates in the log, the mechanism does not detect mis-issuance due to malfeasance on the part of the authorized CA or the RA or due to compromise of the authorized CA or the RA. If the authorized CA or RA database is used, it does detect mis-issuance by unauthorized CA. The examining party must not rely on certificate discovery mechanisms to build the list of valid certificates since such mechanisms may also result in mis-issued certificates being added to the list." From: Trans [mailto:trans-bounces@ietf.org] On Behalf Of Stephen Kent Sent: Friday, October 03, 2014 3:31 PM To: trans@ietf.org Subject: Re: [Trans] updated definition and attack analysis text Santosh, Steve, Thanks. My primary concern with the analysis is that it does not discuss the practicality and resources and data required for the monitoring activity. It is quite possible that monitoring will not be done at all or will miss things or will be ineffective leaving the benefit of CT to largely as a deterrent as opposed to detection mechanism. Threat analysis may wish to point that out with significant emphasis since 6962 does not seem to emphasize this enough. I see CAs offering to perform monitoring service, which will not detect problems if the authorized CA or RA are compromised or have gone rogue. In summary, the last paragraph of the analysis may wish to point out the monitors may require subjects to use secure means to provide a list of valid certificates from time to time and for monitor to check the logs for mis-issuance against this list. 6962 does not address the critical aspect of monitoring from the perspective of checking that the certificates are legitimate. I'm happy to specific receive text to add to the analysis. I'll be updating it next week to reflect the revised syntax checking anyway. Also, I have completed an initial cut at the EV cert syntax rules and pkan to issue a complete Appendix A version next week as well. I agree that a CA that operates a log for itself, or a Monitor for its clients seems questionable. When I think about Monitor services I look at what is available today for address space monitoring. Companies monitor BGP advertisements, from open and proprietary sources, looking for advertisements of prefixes that belong to client. If an advertised prefix does not have the origin AS of the client, it's suspicious. The client is informed and can take action, e.g., contacting the AS that is advertising itself as the origin of the client's prefix. This works reasonable well, but it is a for profit activity, i.e., people pay to have their prefixes monitored. If the designers of CT envision this as a likely deployment scenario for CT, it ought to be mentioned. While just about everyone is against checking the certification path and certificate, but if the goal is to secure Web PKI, to improve user experience or at least protect less informed users from making bad choices when a browser barfs, I would think checking certificate, certification path, and even cipher suites including proper range for RSA public exponent are good things. I agree. Since I revised my proposal, so that even certs that fail syntactic validation are logged, maybe we can revisit the path validation issue. One could imagine adding an error code to an SCT that noted when the syntax is OK, but path validation fails, and why. On specifics of your analysis, on Note 2, I would think the CA may wish to get the whole certificate to verify that the certificate was issued by it by verifying the signature using its own public keys. Good point. The log entry contains the cert, so it makes sense to provide that to the CA what requesting that the cert be revoked. I'll make that change. Steve
- [Trans] updated definition and attack analysis te… Stephen Kent
- Re: [Trans] updated definition and attack analysi… Santosh Chokhani
- Re: [Trans] updated definition and attack analysi… Stephen Kent
- Re: [Trans] updated definition and attack analysi… Rick Andrews
- Re: [Trans] updated definition and attack analysi… Santosh Chokhani
- Re: [Trans] updated definition and attack analysi… Stephen Kent
- Re: [Trans] updated definition and attack analysi… Stephen Kent