Re: [Trans] Threat model outline, attack model

Stephen Kent <> Mon, 15 September 2014 19:03 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id AB8D11A87C7 for <>; Mon, 15 Sep 2014 12:03:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.853
X-Spam-Status: No, score=-5.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id u3Mb-EdmfP0b for <>; Mon, 15 Sep 2014 12:03:18 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 288141A700C for <>; Mon, 15 Sep 2014 11:53:00 -0700 (PDT)
Received: from ([]:59645 helo=comsec.home) by with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <>) id 1XTbOj-000POJ-Kg for; Mon, 15 Sep 2014 14:53:13 -0400
Message-ID: <>
Date: Mon, 15 Sep 2014 14:52:57 -0400
From: Stephen Kent <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Trans] Threat model outline, attack model
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 15 Sep 2014 19:03:21 -0000


Thanks for explaining what you and your co-authors have in mind when
you use the term mis-issuance. This is a very important first step toward
clarification for CT.
>> A certificate is characterized as mis-issued if the certificate is issued to
>> an entity that is not authorized to represent the host (web server) named in
>> the certificate Subject field or Subject Alternative Name extension. <do we
>> want to focus exclusively on SAN vs. Subject?)
> This is not the only form of mis-issue - for example, the Baseline
> Requirements impose key size limits, lifetime limits, usage bits
> restrictions and so forth.
> EV adds even more stuff.
So the scope of mis-issuance is much broader than what I had imagined.

I think we may need to add two things to 6269-bis:

     - normative references to CABF documents that are the basis for the 
       set of cert issuance criteria that you note

     - maybe two appendices to enumerate the criteria. this will be 
critical if
       if the CABF docs contain other criteria that are outside the 
scope of CT,
       e.g., criteria that cannot be evaluated based on what is logged.

Do you agree?
>> ...
> The other recourse is to revoke directly in the browsers - either the
> whole CA or the offending certificate(s). This is what happened to
> DigiNotar, for example.
I agree that one might do that, but I am aware of no IETF standards for
doing so. My understanding is that DigiNotar, as a trust anchor, was
removed from the TA list. I am not aware (but then I am not a browser
vendor) of an equivalent mechanism for CAs below TAs. Also, the TA list
mechanism is not an IETF standard. We need to cite a spec, preferably
a standard, on how to deal with browser-based revocation. Is there an
appropriate CABF document that needs to become a normative reference?

> ...
> I do agree that we need to define the gossip protocol to complete the CT story.
I'm glad that we're in agreement here.