IETF Logo Mail Archive

Re: [Trans] Another Question about the PRIVATE option (Ticket #1)

Ben Laurie <benl@google.com> Wed, 19 March 2014 12:28 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 820501A0745 for <trans@ietfa.amsl.com>; Wed, 19 Mar 2014 05:28:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Level:
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GFSHNQK5lXnZ for <trans@ietfa.amsl.com>; Wed, 19 Mar 2014 05:28:36 -0700 (PDT)
Received: from mail-vc0-x229.google.com (mail-vc0-x229.google.com [IPv6:2607:f8b0:400c:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id 145C51A073F for <trans@ietf.org>; Wed, 19 Mar 2014 05:28:35 -0700 (PDT)
Received: by mail-vc0-f169.google.com with SMTP id ik5so9253740vcb.0 for <trans@ietf.org>; Wed, 19 Mar 2014 05:28:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Iam84rE3/lX3pmero6Vm29mOtpoPWZSFJxEBtGWVDM0=; b=Oh0D+L8U3UFujh/0lo9mO4JugHhesS0ajLCRwJ6VgJMr+zHpvsd/+F/md3dMqQYT8y Qmwl60wXWKBqvUMc3/wz54MdwoLe0dhlcETSumypgP2vLQWpjXP83mAVIQpsxZ2Lqnd4 6L9D6IxjqEPjZwhfOauGvt1G9PLtaYzViLTSAlorpDgYp3qb8JGXnShsiDwA/aF9imtX fZwDu4mjH/4m6EUZqPYhbKIN1s0MDGhuXjww6tztQGeG9bI7uAUQh4eqXswHl+R6rd04 4NepF/QxQSPRIm48p7rV8G6pVDvfxqNKVE7Xsg6BGtGMJXdjvdypbZSJnknqX4kkUP2F +ZTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Iam84rE3/lX3pmero6Vm29mOtpoPWZSFJxEBtGWVDM0=; b=IFl2ZQqu/tWACOYE75KqxupnMNKiKjI5Y0L5o80HUgb3pAvSD6ZTcTyQutp9jmHhrn Bdo1xaiLpCHaO90A3VLT+AD4i4RwKhH/SMgYVtn44D2jp95M4eTafjC7PChA4YwvKvc6 DbREv+tMdcc/T59YTtFSjTavaXhC90HsAY0iCLZQhmD9pVtRq9wj9JJEb96h9JxIiGtG JGpOjTzT1odAGowgShJnz5AxapangWUy9Vh+LY6JaaCcsdindYzf1kpczfCAB1C4XKG8 4yHa/ou8ZN+LVGUQGH6okCESldhAmmhrSZ12hoFdSANw3TJLctUj0/XUoNOcTF0g/7S8 UtGQ==
X-Gm-Message-State: ALoCoQk4LUTm45yGP2mcfvO+DmjXlP9CQvr2fyK/g/ummxi3qtHct3CsMJDX0TplKhv4UmCHlEFYpjZirEQ6/fobWChqBaGr2blUrxSrtrF+NjAdpkUH2Hvr6HvBZfxD1ovR1nTYdz2yKqqtzM73ztxSxWhtxmsOtgN8GDGufVAPl18JnRxiUuFL2ds1W6HuwU/r4wahvdoV
MIME-Version: 1.0
X-Received: by 10.221.34.211 with SMTP id st19mr30087083vcb.5.1395232107269; Wed, 19 Mar 2014 05:28:27 -0700 (PDT)
Received: by 10.52.230.105 with HTTP; Wed, 19 Mar 2014 05:28:27 -0700 (PDT)
In-Reply-To: <532894A6.5070301@fifthhorseman.net>
References: <544B0DD62A64C1448B2DA253C011414607C70EAF9E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <531EE6A6.7000007@comodo.com> <544B0DD62A64C1448B2DA253C011414607C77BCCBE@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <53204F9E.7000507@comodo.com> <CALzYgEf-=7+XpBYgV-+0ijq-whRsn9gam7AELERZfof-TJ5uEg@mail.gmail.com> <53217E29.7040004@comodo.com> <544B0DD62A64C1448B2DA253C011414607C7DAA2CF@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9SQONqLvemGtfy6WpyVQEN5Wuq8otFpjA2nKTirF6Z_5Qw@mail.gmail.com> <CAMm+Lwhy+ArnJhY-SjkbPtbZgPfDyZ4LkQ82mNJrvSO7jZr3Bw@mail.gmail.com> <53286F24.5080407@fifthhorseman.net> <CABrd9STuCQdzbWduJ9TOJ3xbCg4vSKw3sPGR50uo4L-3KqVxgg@mail.gmail.com> <532894A6.5070301@fifthhorseman.net>
Date: Wed, 19 Mar 2014 12:28:27 +0000
Message-ID: <CABrd9SSAbVR8SrzaR37qgH5QHFuLP8ZghKwH3R-q9Lp5zbvomQ@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/nQ437eKmMFcYWxyDI0Z4lSooVC0
Cc: "trans@ietf.org" <trans@ietf.org>, Phillip Hallam-Baker <hallam@gmail.com>, Rick Andrews <Rick_Andrews@symantec.com>
Subject: Re: [Trans] Another Question about the PRIVATE option (Ticket #1)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2014 12:28:38 -0000

On 18 March 2014 18:47, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> On 03/18/2014 12:22 PM, Ben Laurie wrote:
>> On 18 March 2014 16:07, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
>>> a) <PRIVATE>.com
>  [...]
>>> But if (a) is observed from monitoring the log, what can the site
>>> operator do?  Do we declare that (a) is indication of log misbehavior?
>>
>> Surely not - this, again, is misissuance (or misreporting by the CA,
>> if you prefer). i.e. the CA should be taken to task. The log does not
>> judge, it merely records.
>
> hm, i think this introduces a new way that a CA can misissue -- in
> particular, it's misissuing a precertificate by putting a <PRIVATE>
> label where it should not.
>
> Do you expect the logs to accept (and certify, and publish)
> arbitrarily-structured data in the PreCertificate so long as it is
> signed by a known CA?  Or will there be some constraints on the data
> submitted?

It has to look like an X509v3 certificate. But that's about it.

> If there are constraints on what kind of precerts a log is willing to
> certify, then this would seem to be a reasonable addition to the list of
> constraints (though it would be another way that a log could itself
> misbehave -- we'd want to add that to the list of things a monitor
> should look for).

As I said, the function of a log is to record and publish, not to
judge. The main reason we ask for logged items to be signed is to
avoid spam (also, of course, there's not a huge amount of point in
logging things that nothing can be done about, so attribution to a CA
seems useful).

> If the logs just accept and sign this data, what do you suppose should
> happen to a CA that has sent a precert of type (a) to the public logs?
> It's not clear who was harmed by it (since the actual dNSName used in
> the cert itself is not known, right?)

That is the the problem surely? The purpose of the log is to ensure
correct issuance. If the logged certificate contains insufficient data
to do that, then the CA is not cooperating.

> and for CT-aware TLS clients that
> know to ignore SCTs where <PRIVATE> falls immediately to the left of an
> entry in the public suffix list should ignore the SCT anyway.  But
> inevitably there will be some clients that see this and don't have an
> updated version of the public suffix list, or don't have the ability to
> fetch and retain such a thing, and will be fooled by the SCT.

The SCT does not tell you whether you should accept or reject the
certificate - it merely tells you it was logged. You always have to
check further to discover whether it was OK or not.

> It's very difficult for the domain holder to tell that they have
> specifically been harmed in this case (and possibly even difficult to
> make a strong case for negative consequences to the issuing CA or
> misbehaving log), so it seems like CT isn't fulfilling its mission of
> making detection of misissuance isn't being met here.  Or have i missed
> something?

I would claim that it is the CA that is not fulfilling its mission (of
logging appropriately). Logs need to be liberal in what they accept
otherwise they become a chokepoint for policy, which is surely not a
desirable outcome.

>>> presumably, this would be
>>> the same mechanism used to report an SCT that didn't show up within the
>>> MMD, right?  is there a reporting mechanism defined?
>>
>> Currently, only Chrome is implementing CT as a client (to our
>> knowledge) and so I guess the appropriate recipient of such a report
>> would be Google. We have not yet defined a way to do this, but
>> anticipate that Chrome will offer to do it when appropriate.
>
> Given that the scheme's robustness relies on clients reporting errors
> (in both the logs or the CAs), i think we need to be clearer about how
> such a report should happen.

OK, so I'm not specifying a detailed mechanism for reporting right
now, but clearly one is needed. For now "tell Ben or Chrome team"
seems sufficient. In general, enforcement has to lie with the clients
(and therefore, mostly with the authors of those clients), so I don't
see how I can define a general mechanism for this.

>> Another option might be the CA/B Forum.
>
> End users operating their browsers are not going to know how to send any
> kind of report to the CA/B Forum, unless you're suggesting that CA/B
> Forum could set up a public repository to hold cryptographically-proven
> documentation of misissuance or something, and the submission could be
> automated somehow.  I don't know enough about the CA/B Forum to know if
> that's within their scope or not.

I am not expecting end users to have to know anything - I expect
clients to assist them in this matter. Exactly how we will do this in
Chrome has not yet been decided, but clearly we do need to decide it,
and we will.

v2.23.0 | Report a Bug | By Email