IETF Logo Mail Archive

Re: [Trans] Precertificates and revocation

Rob Stradling <rob@sectigo.com> Thu, 10 October 2019 22:01 UTC

Return-Path: <rob@sectigo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 633411200C1 for <trans@ietfa.amsl.com>; Thu, 10 Oct 2019 15:01:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=comodoca.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rhivnEarUv7t for <trans@ietfa.amsl.com>; Thu, 10 Oct 2019 15:01:35 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780082.outbound.protection.outlook.com [40.107.78.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ABBC120041 for <trans@ietf.org>; Thu, 10 Oct 2019 15:01:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=St5gb5GBFxpWstpbWDakDp7RBNCaLfnLevE06RMykkwIXo2dE/Qp7aEhH1H3Co+8Y70UGWF2OCg8Mhb2iXNGPZnNyr1/CgIDltw4C9qK8NevxyoZVJDNP+daZJAB439h57wz4GARmyRdNyo4ddQrKIsCYKimIrthjejLaBN1RH/Q0vwIWS+8MM4wUoloptE7zhJIo76vQt5gGiWhFealHpuPeGa7WImqBos20urI7kuOw+f3ZAKVUEpLFm+PCCYQalZ+l2PL4IE+4lfE9SyLchp6+BTKgXbMrXigUCTy0FBP5sgbNm+hq3I9Xs9nyi1Qdg+g0HInZuKjzUaeYaTlxw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j87Zf4rtxTNJRNk80Oakymx+zCDgyRyklX8KCCZ6NM8=; b=mJJWgmmu+2MZTn6HUCw1OOoZ7YyWpJAKOby6wSrxD+cUrQt2zo5cDWmFlQZxXF7jqhcQVYVFrpCY/kxXZaC5XjQZhLoLfDDXs+xgB5B7BuE68ftafsLLNLiAxZU7FHrC+i+nEqM8yx0aPKwE5wdUVhc23zcuOoDD4r0BLoS2eZ/lANKec6fpcRsy+q8QUbs7IYaxq01ao5KNgVXBdHTAuwGP2lsHxToC5RJDJ0bvyd3PA/Yy/sZlFYXrsevK1+3v0Fz1ndqqOBrzDYreGQ45eVBAOYzhPyKPLOJLPorczRZi4PLdg6XJ994e4HXp13jFxjD5h+irjFBFGaen8tIcIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sectigo.com; dmarc=pass action=none header.from=sectigo.com; dkim=pass header.d=sectigo.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comodoca.onmicrosoft.com; s=selector2-comodoca-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j87Zf4rtxTNJRNk80Oakymx+zCDgyRyklX8KCCZ6NM8=; b=DWeVSUrNw71c1eaWmXUYHTSc3yY+U2Z+jpY8SHVE75LbW0kgB3EyLNmMM7ZFHl5mTZrUFqEhgjN/cx6RVyYjdu4ZVqo/0qL3HlN8peCGScZCLNf/bRUg6A2sWnIVFvNQSmqgq0u1cy7GTPdWpRE9p/s8tqRFIPU1xDpcYhN/p2Y=
Received: from DM6PR17MB3162.namprd17.prod.outlook.com (20.176.124.223) by DM6PR17MB3947.namprd17.prod.outlook.com (20.180.22.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.17; Thu, 10 Oct 2019 22:01:33 +0000
Received: from DM6PR17MB3162.namprd17.prod.outlook.com ([fe80::20eb:41b7:b275:1695]) by DM6PR17MB3162.namprd17.prod.outlook.com ([fe80::20eb:41b7:b275:1695%3]) with mapi id 15.20.2347.016; Thu, 10 Oct 2019 22:01:33 +0000
From: Rob Stradling <rob@sectigo.com>
To: "trans@ietf.org" <trans@ietf.org>
CC: Ryan Sleevi <ryan-ietf@sleevi.com>, Eran Messeri <eranm@google.com>
Thread-Topic: [Trans] Precertificates and revocation
Thread-Index: AQHVb7qjeJ8k5jrm8UOJQ5rvAEBgSKc0vfSAgARklACAA4LeAIABh9wegAqWpICAAEWXgIALg3EF
Date: Thu, 10 Oct 2019 22:01:33 +0000
Message-ID: <DM6PR17MB31620B66797CAD12B9499039AA940@DM6PR17MB3162.namprd17.prod.outlook.com>
References: <20190916100800.5b62d43c0f28e30269f41b7a@andrewayer.name> <21a9ea1e-124b-3bf2-72f5-4dc755d4061b@sectigo.com> <CAErg=HHcG8p_6NAzKyDYg+gPpF6p7F688pSD+qD+shcFdr9vRA@mail.gmail.com> <39d0ea14-36ca-b311-91df-074c1346f8c3@sectigo.com> <CALzYgEciP=y401SWQhsCc71tbFVVFZ0W5S929QStXqJ1EQfFog@mail.gmail.com> <DM6PR17MB3162ED32E10F53952FD61FA2AA860@DM6PR17MB3162.namprd17.prod.outlook.com> <CALzYgEd5Q-UGMiHS4+nRjUvAt-YneMW0W1m=377kb8qzA4oxgg@mail.gmail.com>, <401e243a-98bb-7030-51e4-69faadb8977e@sectigo.com>
In-Reply-To: <401e243a-98bb-7030-51e4-69faadb8977e@sectigo.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rob@sectigo.com;
x-originating-ip: [143.159.112.29]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b008074b-52c3-459d-c5b4-08d74dcd69d3
x-ms-traffictypediagnostic: DM6PR17MB3947:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <DM6PR17MB3947C03AED31304222B7AF0BAA940@DM6PR17MB3947.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 018632C080
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(396003)(136003)(366004)(39850400004)(199004)(189003)(40224003)(102836004)(105004)(19627405001)(5660300002)(55016002)(486006)(52536014)(6916009)(66574012)(446003)(2351001)(6116002)(2501003)(2906002)(3846002)(186003)(74316002)(26005)(54896002)(476003)(54906003)(316002)(7736002)(9686003)(11346002)(236005)(5640700003)(6306002)(229853002)(6436002)(86362001)(66066001)(33656002)(4326008)(53546011)(6506007)(76176011)(99286004)(966005)(6246003)(25786009)(478600001)(7696005)(606006)(8936002)(91956017)(76116006)(66476007)(66446008)(64756008)(14444005)(71200400001)(66556008)(66946007)(81166006)(8676002)(256004)(81156014)(71190400001)(1730700003)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR17MB3947; H:DM6PR17MB3162.namprd17.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: sectigo.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9koZQ+uCDXh1v3xs8GWn1NKpfYfDK5gJRvqqO31G2DlZlH5L9eHic3kI9+bZ1nI4s0mGuSTM25A/ByiyxyZma1XUgdWX6cZM6LZenIv2Z7QO71ksXYdW7VkEGQWWXbn2/NnGRkwAhgtfrqe4lWrvl6K0EG5Y10To5VnyJh92WAhfD5eg3S9na4T+ReQE7PwmNqGDANcuvSMh5KT01fXGQyE376LBndBI9KckaJGpQ2T/jgjSUm0Mq+f7yF3S0OfdMkBox2iW4FgGQVJSgVfOqMilY3nrXRVDW9OhEqyEdBlII83cGtTQUsF102b+6fqIYIMLu9s2DmpWyKchIMT1vZUIhDhbYKrEi5fCivsWfD8KeiJokYeoFCzR8svGDTzgtIbwo5zB5G9VuP5XqZ8H9mv7fpfW2Mtfwe9xhpRR/uRo35V8FznnVdT4WrGFspg+mZtcU90KGnWsSfhWLcZJGw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR17MB31620B66797CAD12B9499039AA940DM6PR17MB3162namp_"
MIME-Version: 1.0
X-OriginatorOrg: sectigo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b008074b-52c3-459d-c5b4-08d74dcd69d3
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2019 22:01:33.3796 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0e9c4894-6caa-465d-9660-4b6968b49fb7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZND6rW9Wk5g+n76djs+xLA1rAt9rNuKnfqnK52vzN1UnujI2qKyj6nRmxsvVwkFoAr7gx/91LQn2rn/m93ws5w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR17MB3947
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/hJTn5ghKsOuDpLQ-B_IMKXxbgyQ>
Subject: Re: [Trans] Precertificates and revocation
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2019 22:01:40 -0000

Chairs,

May I interpret silence as consent, and go ahead and merge this PR?

________________________________
From: Trans <trans-bounces@ietf.org> on behalf of Rob Stradling <rob@sectigo.com>
Sent: 03 October 2019 15:11
To: trans@ietf.org <trans@ietf.org>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>; Eran Messeri <eranm@google.com>
Subject: Re: [Trans] Precertificates and revocation

Here's a PR:
https://github.com/google/certificate-transparency-rfcs/pull/315

Feedback welcome.

On 03/10/2019 11:02, Eran Messeri wrote:
> That reasoning makes sense to me. If 6962-bis precertificate is not a
> certificate but 6962-bis states that the existence of a precertificate
> indicates intent to issue a certificate, then checking whether the final
> certificate has been issued/revoked via OCSP makes sense.
>
> On Thu, Sep 26, 2019 at 5:40 PM Rob Stradling <rob@sectigo.com
> <mailto:rob@sectigo.com>> wrote:
>
>     Hi Eran.  OCSP (RFC6960, RFC5019) responses and CRLs (RFC5280)
>     provide status information for certificates (RFC5280).  In CTv1
>     (RFC6962), precertificates are certificates; whereas in CTv2
>     (6962-bis), precertificates are (by design!) not certificates.
>
>     The "effective MUST NOT" is because anything that is not a
>     certificate (be it a CTv2 precertificate, a cat GIF, or whatever) is
>     not in scope for OCSP, as currently specified.
>
>     The fact that a CTv2 precertificate has a serial number that is
>     intended to subsequently belong to a certificate makes it possible
>     to imagine extending the OCSP protocol to report statuses of CTv2
>     precertificates.  But until the OCSP protocol is extended in this
>     way, the fact is that...the OCSP protocol has not yet been extended
>     in this way.
>
>     I think 6962-bis should extend the OCSP protocol in this way.  If it
>     can be avoided, I don't think it should be left to CT client
>     policies to extend IETF protocols.
>
>     ------------------------------------------------------------------------
>     *From:* Eran Messeri <eranm@google.com <mailto:eranm@google.com>>
>     *Sent:* 25 September 2019 17:58
>     *To:* Rob Stradling <rob@sectigo.com <mailto:rob@sectigo.com>>
>     *Cc:* Ryan Sleevi <ryan-ietf@sleevi.com
>     <mailto:ryan-ietf@sleevi.com>>; trans@ietf.org
>     <mailto:trans@ietf.org> <trans@ietf.org <mailto:trans@ietf.org>>
>     *Subject:* Re: [Trans] Precertificates and revocation
>     Rob, what leads you to say that "6962-bis has an effective MUST NOT"
>     regarding the CA not having to provide status information for a
>     6962-bis precertificate?
>
>     I agree it'd be helpful to add a clarification in 6962-bis regarding
>     CAs possibly being asked about revocation status of a not-yet-issued
>     certificate. I just want to understand where 6962-bis prevents CAs
>     from publishing revocation info for 6962-bis precerts.
>
>     On Mon, Sep 23, 2019 at 12:21 PM Rob Stradling <rob@sectigo.com
>     <mailto:rob@sectigo.com>> wrote:
>
>         If 6962-bis says nothing about this topic, then ISTM that the
>         default
>         effective requirement will be that a CA MUST NOT provide OCSP
>         status for
>         a (CT v2) precertificate where the corresponding certificate has
>         not
>         (yet) been issued.  This is because, whichever way you look at
>         it, a CT
>         v2 precertificate is not a "certificate" according to
>         RFC5280/RFC6960/RFC5019.
>
>         I agree that a statement such as "CAs MUST provide OCSP status
>         for CT v2
>         precertificates" would not belong in 6962-bis, but would instead
>         belong
>         in a TLS client policy document.  However, I would prefer to
>         avoid the
>         situation where 6962-bis has an effective MUST NOT but where
>         (some, but
>         not necessarily all) TLS client policies have a MUST.  In order
>         to avoid
>         such a conflict, I think it would be helpful for 6962-bis to
>         outline the
>         policy space by making the following points:
>
>         1. Since issuance of a precertificate `P` is a binding
>         commitment to
>         issue a corresponding certificate `C`, monitors may reasonably
>         assume
>         that `C` has been issued.
>         2. It follows that monitors may wish to request status information
>         (e.g., via CRL and/or OCSP) for the serial number of `P`, even
>         though
>         (unbeknownst to the monitor) `C` has not actually been issued.
>         3. Although `P` is not a "certificate" according to
>         RFC5280/RFC6960/RFC5019, some TLS clients may have policies that
>         require
>         CAs to provide certificate status (e.g., signed OCSP responses
>         and/or
>         CRLs) for the serial number of `P`, regardless of whether or not
>         `C` has
>         been issued.
>
>         Making these points would transform 6962-bis's effective
>         requirement
>         from a MUST NOT into a MAY.  A TLS client policy could then
>         profile that
>         to a MUST without introducing any conflict.
>
>         ISTM that this approach of outlining the policy space but not
>         setting
>         policy would be consistent with, for example,
>         https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-33#section-6.1.
>
>         On 20/09/2019 17:16, Ryan Sleevi wrote:
>          > As I mentioned elsewhere, I'm not sure this is an entirely
>         useful or
>          > productive concern to be raising at this time. I have also
>         shared that I
>          > think this is a question of policy than protocol, even though
>         the policy
>          > decision has implications on other protocols. Thus I think
>         it's much
>          > more appropriately discussed among individual implementations.
>          >
>          > As a protocol for allowing both the pre-disclosure of a
>         certificate and
>          > post-disclosure of a certificate. We saw, rather extensively
>         in the
>          > Threat Model document, different perspectives on policies
>         regarding how
>          > pre-disclosure should be treated and handled. For example,
>         using the
>          > protocol in 6962 or -bis, it's possible to use CT as a means of
>          > detecting and correcting certificates prior to issuance (the
>         discussion
>          > about Logs applying rules to certificates). Similarly, it's
>         possible for
>          > CT as a protocol to be used entirely internal to an
>         organization, as
>          > part of audit logging for external audits via a common
>         protocol, even
>          > with the inclusion of data that might otherwise be
>         inappropriate for
>          > publicly-exposed logs.
>          >
>          > So I do think that, from the point of view of the RFCs, it's
>         a matter of
>          > policy as to how the existence of a pre-certificate is
>         treated, which
>          > aligns with the particular intended deployment of the CT
>         protocol. If a
>          > policy (e.g. by a browser, for the Web PKI) treats the
>         issuance of a
>          > pre-certificate as an unrebuttable proof of an equivalent
>         certificate,
>          > which is certainly one of the core things CT enables policy
>         to state,
>          > then it naturally follows that it must be treated as such within
>          > protocols that are keyed on the issuance of certificates.
>          >
>          > It's an operational concern, defined by local policy, as to
>         what impact,
>          > if any, it has on other protocols. Just as RFC 5280 does not
>         define, for
>          > example, what forms of names to include within a
>         distinguished name, I'm
>          > not convinced that this would even belong in 6962-bis,
>         because it covers
>          > the operational aspects and implications of a PKI that may
>         use, in part
>          > or whole, these RFCs.
>
>         --
>         Rob Stradling
>         Senior Research & Development Scientist
>         Sectigo Limited
>
>         _______________________________________________
>         Trans mailing list
>         Trans@ietf.org <mailto:Trans@ietf.org>
>         https://www.ietf.org/mailman/listinfo/trans
>

--
Rob Stradling
Senior Research & Development Scientist
Email: rob@sectigo.com
Bradford, UK
Office: +441274024707
Sectigo Limited

This message and any files associated with it may contain legally
privileged, confidential, or proprietary information. If you are not the
intended recipient, you are not permitted to use, copy, or forward it,
in whole or in part without the express consent of the sender. Please
notify the sender by reply email, disregard the foregoing messages, and
delete it immediately.
_______________________________________________
Trans mailing list
Trans@ietf.org
https://www.ietf.org/mailman/listinfo/trans

v2.23.0 | Report a Bug | By Email