IETF Logo Mail Archive

Re: [Trans] Mirja Kühlewind's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)

"Salz, Rich" <rsalz@akamai.com> Wed, 23 October 2019 12:22 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE1D3120846; Wed, 23 Oct 2019 05:22:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g4OYd_i4cwkm; Wed, 23 Oct 2019 05:22:33 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91BB61200D8; Wed, 23 Oct 2019 05:22:33 -0700 (PDT)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x9NCLOds030058; Wed, 23 Oct 2019 13:22:32 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=UF5XxuH0rZZT0OkvQzbViGEHC4CJ+tdXrHp0HJ7kggE=; b=EgxI3owlI9Rp7te+Fz3+pJ5+XC5TfN9GcJjGUOats0v01L3X2gHSrA81QwaiZYUNpER4 tErCd8lAALMoXqVX1+QKbcA8BfZ0RMIsOgKurPgnrrwNVYiCuWuXGd9LPqg8UtzSWSle WpJPXRmu33xFIxX3vgpiFj5FWxHhzJFyREfaql70yb1zFMdGZ2xmGIIbj/g7mpt337Sk c58updRsYJ+VoFMynfEtOZhh6pkLXNrY1qmegZEfKIQWMTxdwL0zZGrxu5ABn+lP8hQY bcEB/qz8INWIKGu7CWfwzXDv0/upWfWM93ExzqfairwLijFoIXI2uPvoVmo7OwKgPBef 6g==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2vqsr9vdp3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 23 Oct 2019 13:22:31 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x9NCGm9C025953; Wed, 23 Oct 2019 08:22:30 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint2.akamai.com with ESMTP id 2vqwtwhap9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 23 Oct 2019 08:22:30 -0400
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 23 Oct 2019 08:22:29 -0400
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com ([172.27.123.103]) by usma1ex-dag1mb3.msg.corp.akamai.com ([172.27.123.103]) with mapi id 15.00.1473.005; Wed, 23 Oct 2019 08:22:29 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Rob Stradling <rob@sectigo.com>, "trans@ietf.org" <trans@ietf.org>
CC: "draft-ietf-trans-rfc6962-bis@ietf.org" <draft-ietf-trans-rfc6962-bis@ietf.org>, Paul Wouters <paul@nohats.ca>, Mirja Kuehlewind <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>, "trans-chairs@ietf.org" <trans-chairs@ietf.org>
Thread-Topic: [Trans] Mirja Kühlewind's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)
Thread-Index: AQHViZyJbSzCz55vp0esRfE6eHWGyQ==
Date: Wed, 23 Oct 2019 12:22:28 +0000
Message-ID: <2B1C3261-7034-45D9-A70D-EA194C11C5E5@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.33.221]
Content-Type: text/plain; charset="utf-8"
Content-ID: <3F6C68F242BA9F4FAE0DF9CEBC84FA79@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-23_03:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910230126
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-23_03:2019-10-23,2019-10-23 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 impostorscore=0 adultscore=0 phishscore=0 mlxlogscore=999 spamscore=0 priorityscore=1501 malwarescore=0 suspectscore=0 lowpriorityscore=0 clxscore=1011 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910230127
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/ladc9MmS2YguM-3w0OxtUY_tWyg>
Subject: Re: [Trans] Mirja Kühlewind's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2019 12:22:36 -0000

How about "Servers may wish to send a Retry-After header" ?


On 10/23/19, 6:15 AM, "Rob Stradling" <rob@sectigo.com> wrote:

    On 23/10/2019 10:52, Mirja Kuehlewind wrote:
    > Hi Rob,
    > 
    > Just one more comment regarding the default for the waiting time: I understand that it is arbitrary but I guess someone implementing CT in the first place has to make the same arbitrary choice and just select some value. Of course this value should be configurable but recommending some default or at least a range or order of value could reduce surprises. However, this is a just a recommendation from me and it’s your call!
    
    Would anyone else like to comment on whether they agree or disagree with 
    this recommendation?
    
    If you agree, then please propose a default waiting time (for situations 
    where the log server does not send an explicit "Retry-After" header).
    
    Thanks.
    
    > Mirja
    > 
    > 
    >> On 16. Oct 2019, at 15:36, Rob Stradling <rob@sectigo.com> wrote:
    >>
    >> On 14/10/2019 16:32, Mirja Kuehlewind wrote:
    >>> Hi Rob,
    >>>
    >>> Thanks for your replies and edits. I will clear my discuss as soon as the new version is submitted.
    >>
    >> Thanks Mirja.
    >>
    >>> Please see some minor comments below!
    >>
    >> Replies inline.
    >>
    >>> Thanks!
    >>> Mirja
    >>>
    >>>
    >>>> On 14. Oct 2019, at 16:07, Rob Stradling <rob@sectigo.com> wrote:
    >>>>
    >>>> Hi Mirja.  Sorry for the looong delay.
    >>>>
    >>>> Comments inline, and I've just posted this PR:
    >>>> https://github.com/google/certificate-transparency-rfcs/pull/316
    >>>>
    >>>> On 14/03/2019 13:50, Mirja Kühlewind via Datatracker wrote:
    >>>>> Mirja Kühlewind has entered the following ballot position for
    >>>>> draft-ietf-trans-rfc6962-bis-31: Discuss
    >>>>>
    >>>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    >>>>> for more information about IESG DISCUSS and COMMENT positions.
    >>>>>
    >>>>>
    >>>>> The document, along with other ballot positions, can be found here:
    >>>>> https://datatracker.ietf.org/doc/draft-ietf-trans-rfc6962-bis/
    >>>>>
    >>>>>
    >>>>>
    >>>>> ----------------------------------------------------------------------
    >>>>> DISCUSS:
    >>>>> ----------------------------------------------------------------------
    >>>>>
    >>>>> There was a presentation at maprg IETF 103 about the question if CT helps
    >>>>> attackers to find new domains. I think this risk should at least be mentioned
    >>>>> in the security considerations section.
    >>>>
    >>>> Addressed by
    >>>> https://github.com/robstradling/certificate-transparency-rfcs/commit/3b2ec0a51f8abb4c8c0b985614fefa4291432dd9
    >>>>
    >>>>> ----------------------------------------------------------------------
    >>>>> COMMENT:
    >>>>> ----------------------------------------------------------------------
    >>>>>
    >>>>>   1) I found section 2 a bit hard to follow. Would it maybe be possible to
    >>>>>   provide more textual explanation of the algorithms instead of just describing
    >>>>>   the steps of the algorithms? Also I was wondering how much much these
    >>>>>   algorithms are actually „part“ of the protocol spec…? Are could these be
    >>>>>   rather seen as example algorithms? Maybe that could be further clarified
    >>>>
    >>>> We'll consider these comments on section 2 at a later date, along with
    >>>> Benjamin Kaduk's comments on section 2.
    >>>>
    >>>>>   2) Please expand STH on first occurrence (in sec 4.1)
    >>>>
    >>>> Addressed by
    >>>> https://github.com/robstradling/certificate-transparency-rfcs/commit/d2d6b0ac303af2659e5df538391002f1bf454edb
    >>>>
    >>>>>   3) Sec 4.4: „A log's operator MUST either allocate the OID
    >>>>>      themselves or request an OID from the Log ID Registry (see
    >>>>>      Section 10.6.1).“
    >>>>> Isn't there an obligation to register?
    >>>>
    >>>> The Log ID Registry is merely a source of OIDs that have short DER
    >>>> encodings.  A log operator may either (1) request an OID from the Log ID
    >>>> Registry, or (2) allocate an OID themselves (from an OID arc that they
    >>>> control, naturally).
    >>>>
    >>>> The Registry is not intended to be a global directory of all logs.
    >>>
    >>> Could be good to clarify in the text.
    >>
    >> Addressed by
    >> https://github.com/robstradling/certificate-transparency-rfcs/commit/18be3bdc0eb3a8f5b95040081ccfaddcd2924fcb
    >>
    >>>>>   4) sec 4.8: „If an
    >>>>>     implementation sees an extension that it does not understand, it
    >>>>>     SHOULD ignore that extension.“
    >>>>> Maybe it’s just me because I may have missed some context but does „ignore“
    >>>>> mean here that it should log it or not?
    >>>>
    >>>> "It" (the precertificate or certificate) must have already been logged,
    >>>> because the corresponding SCT (that contains a potentially unrecognized
    >>>> extension) couldn't otherwise exist.
    >>>
    >>> Could be good to clarify in the text.
    >>
    >> I think other sections of the document already make it clear that a
    >> certificate or precertificate must be submitted to (and accepted by) a
    >> log before an SCT will be produced.
    >>
    >> Section 3 says:
    >>    "If a log accepts a submission, it will return a Signed Certificate
    >>     Timestamp (SCT)"
    >>
    >> Section 4 says:
    >>    "When it receives and accepts a valid submission, the log MUST return
    >>     an SCT that corresponds to the submitted certificate or
    >>     precertificate."
    >>
    >> I think reiterating this point again would be both unnecessary and out
    >> of scope for section 4.8, the purpose of which is to define the
    >> structure of an SCT.
    >>
    >>>>>   5) sec 5: „MAY retry the same
    >>>>>     request without modification at a later date.“
    >>>>> Would it be possible to provide a recommendation how long the client should
    >>>>> wait?
    >>>>
    >>>> The very next sentence in section 5 already specifies a mechanism for
    >>>> doing just that:
    >>>>    'Note that as per
    >>>>     [RFC7231], in the case of a 503 response the log MAY include a
    >>>>     "Retry-After:" header in order to request a minimum time for the
    >>>>     client to wait before retrying the request.’
    >>>
    >>> I meant, would it make sense to actually provide a default value or something for this waiting time?
    >>
    >> We could, but it would be fairly arbitrary.  So why bother?
    >>
    >> Some transient failures may be very short-lived, but others may last for
    >> hours.  Only the log operator can possibly know how long a client should
    >> wait before retrying a request would be expected to succeed.
    >>
    >>>>>   6) sec 5.6: „Logs MAY restrict the number of entries that can be retrieved per
    >>>>>     "get-entries" request.“
    >>>>> Should this be added to sec 4.1?
    >>>>
    >>>> I don't think that's a good idea.  I can imagine that operational issues
    >>>> might cause a log operator to want to vary this restriction at any time.
    >>>>
    >>>> Clients should always be prepared to receive get-entries responses that
    >>>> contain fewer entries than they requested.
    >>>>
    >>>> See also https://trac.ietf.org/trac/trans/ticket/95
    >>>>
    >>>>>   7) sec 10.3: Couldn’t you use the TLS  SignatureScheme Registry directly
    >>>>>   (instead of forming an own registry)?
    >>>>
    >>>> It makes sense to synchronize the signature algorithm values we use with
    >>>> the TLS SignatureAlgorithm registry, because our data structures are
    >>>> defined according to the conventions laid out in the TLS RFC.
    >>>>
    >>>> However, I don't think it's a good idea to use the TLS
    >>>> SignatureAlgorithm registry directly.  In 6962-bis, we've taken steps to
    >>>> make log artifacts smaller (compared to RFC6962); related to that, we've
    >>>> removed the option of logs being permitted to use RSA keys/signatures.
    >>>> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16
    >>>> permits RSA, and several other signature algorithms that we don't wish
    >>>> to permit or recommend (i.e. "anonymous", DSA, GOST, and "Reserved for
    >>>> Private Use").
    >>>>
    >>>>>   8) sec 10.4: i Wonder if an RFC-required policy wouldn’t be more appropriate
    >>>>>   for the VersionedTransTypes registry?
    >>>>
    >>>> In 6962-bis section 10.4.1, we ask the appointed Expert to "review the
    >>>> public specification to ensure that it is detailed enough to ensure
    >>>> implementation interoperability".
    >>>>
    >>>> AFAICT from RFC8126, "RFC Required" doesn't imply Expert Review, whereas
    >>>> "Specification Required" does.  So I think we should leave it as
    >>>> "Specification Required”.
    >>>
    >>> RFC Required implies that the document got some reviews based on the respective process.
    >>>
    >>> However, I guess I actually wanted to propose IETF Review (and used the wrong term). That would imply that it had to go through the IETF process with respective review (and therefore usually it is expected that no expert review is needed in addition). Anyway this was mainly a comment to double-check this decision.
    >>
    >> I personally don't have a preference, but I'll start another list thread
    >> to discuss this proposal.
    >>
    >>>>>   9) sec 10.6.1:I guess  the registration policy is FCFS? RFC 8126 recommend to
    >>>>>   always (clearly) name the registry.
    >>>>
    >>>> Thanks.  In our response to Alissa Cooper's DISCUSS/COMMENTs (see
    >>>> https://github.com/google/certificate-transparency-rfcs/pull/309), we've
    >>>> already clarified that the Log ID Registry is indeed First Come First
    >>>> Served.
    >>>>
    >>>>> And finally one higher level question mainly out of curiosity: was it
    >>>>> considered to e.g. use json for all data structures? Is there a performance
    >>>>> reason to not do that or wasn’t that even discussed?
    >>>>
    >>>> Please don't restart the format wars.  ;-)
    >>>
    >>> Didn’t know that…
    >>>
    >>>>
    >>>> We must use ASN.1 for all data structures, because X.509 certificates
    >>>> are involved.  But we must use "TLS encoding" for all data structures,
    >>>> because TLS is involved.  But we must use JSON for all data structures,
    >>>> because JSON is more API-friendly.
    >>>>
    >>>> It was impossible to please everyone.  We had to choose something, so we
    >>>> chose TLS encoding for the data structures, and JSON for the APIs.
    >>>>
    >>>> As I mentioned earlier, one goal of 6962-bis is to make log artifacts
    >>>> smaller.  TLS encoding is more suited to this than JSON.
    >>>
    >>> Okay thanks for the background info. As long as this was discussed that's fine!
    >>
    >> --
    >> Rob Stradling
    >> Senior Research & Development Scientist
    >> Sectigo Limited
    >>
    > 
    
    -- 
    Rob Stradling
    Senior Research & Development Scientist
    Email: rob@sectigo.com
    Bradford, UK
    Office: +441274024707
    Sectigo Limited
    
    This message and any files associated with it may contain legally 
    privileged, confidential, or proprietary information. If you are not the 
    intended recipient, you are not permitted to use, copy, or forward it, 
    in whole or in part without the express consent of the sender. Please 
    notify the sender by reply email, disregard the foregoing messages, and 
    delete it immediately.
    _______________________________________________
    Trans mailing list
    Trans@ietf.org
    https://www.ietf.org/mailman/listinfo/trans

v2.23.0 | Report a Bug | By Email