IETF Logo Mail Archive

Re: [Trans] Extensibility and algorithm agility

Eran Messeri <eranm@google.com> Fri, 14 March 2014 10:18 UTC

Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92C181A0118 for <trans@ietfa.amsl.com>; Fri, 14 Mar 2014 03:18:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.925
X-Spam-Level:
X-Spam-Status: No, score=-1.925 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ep8wdU4FZLr for <trans@ietfa.amsl.com>; Fri, 14 Mar 2014 03:18:02 -0700 (PDT)
Received: from mail-oa0-x22e.google.com (mail-oa0-x22e.google.com [IPv6:2607:f8b0:4003:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id B9E501A0107 for <trans@ietf.org>; Fri, 14 Mar 2014 03:17:57 -0700 (PDT)
Received: by mail-oa0-f46.google.com with SMTP id i7so2378115oag.33 for <trans@ietf.org>; Fri, 14 Mar 2014 03:17:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=jYOknnKdAvNOiD051X4yrJiNSkj5hE43LlszFBwf5Do=; b=ds0dT5xF9iMfbSxEc/H4UOfpA9nnESs8yvX/CpjtDOEUuSxkhE6oHg8lcjVOoJaKI5 73q79p28iJtK1yYf7rrgDpCKEg8oCKhXLb61bpLbbsIHi33aCkEuu1+7SMZA9EnGSU3I UwLfaMHNhiJ75pUocxofoUwrw4PeoH9IouySpOPR4SjmbWHQP8man+ji27d6dBrtc4Je YpgoXyudvT//3COHb3j99S5KC0WyXtQuLc2IQwL45WudjC/+frQgN9ZnwB5LDU0q4+oj Jgo3sNgk+VclnM9z3uOD0nEx04HogZGb1sl7GwqrkXynLWYRtYZei9bjsICg39QSzWRO 9T3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=jYOknnKdAvNOiD051X4yrJiNSkj5hE43LlszFBwf5Do=; b=kfcgMHEWTpxpB4TH/Os51+zy9DaIhQwRkXbqKZNn6vY05JwYEawmPPUAqCHbs/NXbO n00aE8Kmlv+HdMolm97+XnBohsbp7zeWgUWbB21iZj4+fMUWeVXGOPxfkDvuN99XrtdS QyeVXlcKrKamjbxnOVSaaCB7hRcJTddZu3MP+5Jr5AykzBDGlA+KyaNHv3UJViKvi5q6 nlmbMp0uPdpNgVBkBqguvfQipvW9H6/67bBiUFSjQY5mE5pkVO/9sZD/DpDJnueWr9SF nPo42p5Urc4/ioFhXtP7dNVbezrOtEftRRFkPO+L/NJZw2+6AQJDdH4v/kDbaHjhUW8G QXkQ==
X-Gm-Message-State: ALoCoQnErEc7CVSTzQw5ahYgeNspQmHv/I+CkhMxz/R6ZY+I0O7vU2P2Z1F3JiXeR91NItqHGplex8YXsFDtBl1H8Eb6Hb9p8y+XQloMKiZ5z2bHoL3SzEthdiVvLN8ytVOuDO9RPnLo+NOAPzvrO51TUejrxnqkYtoO+fwLCTyE2CZtSpOqaxqqjd+rvMvkGDUGsQfxDJcV
MIME-Version: 1.0
X-Received: by 10.182.233.106 with SMTP id tv10mr1237894obc.59.1394792270913; Fri, 14 Mar 2014 03:17:50 -0700 (PDT)
Received: by 10.182.142.198 with HTTP; Fri, 14 Mar 2014 03:17:50 -0700 (PDT)
In-Reply-To: <CABrd9SQ1vbg6fEfrTFYd8knJt2EVtQS8GgPFFQ7uPACbvHvLnw@mail.gmail.com>
References: <CAMm+LwjpCGA4Hc-cjMWZsgLQWkxHc-j3Z9fyqALCJVqXpSpzNg@mail.gmail.com> <CABrd9SQ1vbg6fEfrTFYd8knJt2EVtQS8GgPFFQ7uPACbvHvLnw@mail.gmail.com>
Date: Fri, 14 Mar 2014 10:17:50 +0000
Message-ID: <CALzYgEd+T7MtMaz+btPCZFjQWDd+e7iPVDzAYXG_h5YCPusJPQ@mail.gmail.com>
From: Eran Messeri <eranm@google.com>
To: Ben Laurie <benl@google.com>
Content-Type: multipart/alternative; boundary="f46d0445191fd7fac604f48e6107"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/iSNLfbACViQTp942taLZkDMjAao
Cc: "trans@ietf.org" <trans@ietf.org>, Phillip Hallam-Baker <hallam@gmail.com>
Subject: Re: [Trans] Extensibility and algorithm agility
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Mar 2014 10:18:06 -0000

On Thu, Mar 13, 2014 at 6:08 PM, Ben Laurie <benl@google.com> wrote:

> On 12 March 2014 12:57, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> > One of the areas that we have to address to go to proposed standard is
> > algorithm agility. Another area we can skip but probably should not is
> > strategy for extensibility so as to be able to apply TRANS to other
> areas.
> >
> > On algorithm agility we have to consider questions like:
> >
> > * Using algorithms other than SHA-2-256 for the tree.
> > * How does a client discover which algorithm is being used.
> > * What sort of algorithm substitution attacks become possible.
> >
> > * How does a client make a selection where a choice of signing algorithm
> is
> > offered for the SCT heads?
>
> Because SCTs can be embedded in certificates, there's no hope of being
> agile. All certs would have to be re-issued and the re-issued certs
> would have to be deployed. Realistically, this is not going to happen.
>
> Thus, you change algorithms by creating new logs with different metadata.
>
> > Questions we don't have to answer but should probably consider include:
> >
> > * How would alternative log topologies be identified, for example skip
> > lists?
>
> See above.
>
> > * Do we want to permit the size of the tree to be bounded by periodically
> > rolling to a new log? If so we probably want to have a mechanism for
> > incorporating the old log as the stating point of the new.
>
> This one may be worth addressing. But again, it can also be addressed
> by simply starting a new log.
>
> > Extensibility is an area where we can and quite probably should punt.
> But we
> > do need to describe a punting strategy.
> >
> > The TLS data encoding used in TRANS is a placed based encoding that can
> only
> > be decoded by reference to the corresponding schema. That makes it very
> hard
> > to use it in an application where extensibility is being used. The
> > extensions end up being encoded in opaque extension blobs. This is one of
> > the many parts of ASN.1 that don't work either and is one of the reasons
> > that JSON has become much more interesting. JSON is after all simply
> RFC822
> > headers with braces added to allow recursive structures to be
> represented...
> >
> >
> > When I started looking at this, I had thought that the TRANS data
> structures
> > are fixed because any changes would be reflected deep in the Merkle tree.
> > However looking at the situation again, it seems to me that just as a
> tree
> > head could be signed with a different algorithm, a different encoding for
> > the SCT data structure could be communicated in the same way.
>
> I agree that different encodings are possible, and somewhat
> straightforward, but there are a bunch of other moving parts - for
> example, should you have SCTs or just go straight to
> proof-of-inclusion. What about including proof-of-STH-linkage. And so
> forth.
>
> None of these are possible with TLS certs for various reasons, but
> clearly are for other scenarios, particularly where there is no
> legacy.
>
> > Another, rather more minor issue is version numbering. At the moment
> there
> > is (or appears to be) one version number for the SCT structures and the
> > protocol. But there is no reason why these should be linked or even that
> > every data structure should need to be changed if there is a rev. When we
> > talk about X.509v3 we are actually talking about v2 of the CRL structure.
> >
> > This matters because the v1 protocol does not have a mechanism for
> > specifying what the version of the data structure being requested is.
>
> Yes it does: its in the URL. But I agree that the STH and the leaves
> should have separate versions. I thought there was a ticket for this
> already.
>
There is now: http://trac.tools.ietf.org/wg/trans/trac/ticket/12

>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>

v2.23.0 | Report a Bug | By Email