IETF Logo Mail Archive

Re: [Trans] Certificate verification

Linus Nordberg <linus@nordu.net> Mon, 20 October 2014 12:32 UTC

Return-Path: <linus@nordu.net>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 896C81A8028 for <trans@ietfa.amsl.com>; Mon, 20 Oct 2014 05:32:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.028
X-Spam-Level: *
X-Spam-Status: No, score=1.028 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gv3WxRqtDLZl for <trans@ietfa.amsl.com>; Mon, 20 Oct 2014 05:32:05 -0700 (PDT)
Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A79891A0127 for <trans@ietf.org>; Mon, 20 Oct 2014 05:32:04 -0700 (PDT)
Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id s9KCW1CI012923 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 20 Oct 2014 14:32:01 +0200
Received: from kerio.nordu.net (kerio.nordu.net [109.105.110.42]) by smtp1.nordu.net (8.14.7/8.14.7) with ESMTP id s9KCVvVr018003 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 20 Oct 2014 12:32:00 GMT
VBR-Info: md=nordu.net; mc=all; mv=swamid.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nordu.net; s=default; t=1413808320; bh=1AfjqcNm2FfzXpQQAHQsG/aAYQ+3LHeR7JTAruTDUPM=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=s0SoReBX2/Z9cYTv5DXS3l4n96okSSuKX2Q9sqkdZZMihAg4LC8PpBSTPknHmQI8l 5i6aNrOYFWrhnR/oBtsRLqKlEPflq/qw/Scgpar1WcqmoKeFEqomCMUU25wvBfrsGw 2G81PQU0h7h6anv7Pnbfl9jbDZ9SGPAS9aUoZUTg=
X-Footer: bm9yZHUubmV0
Received: from flogsta ([193.10.5.129]) (authenticated user linus@nordu.net) by kerio.nordu.net (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)); Mon, 20 Oct 2014 14:31:56 +0200
From: Linus Nordberg <linus@nordu.net>
To: Ben Laurie <benl@google.com>
Organization: NORDUnet A/S
References: <871tq6uaf1.fsf@nordberg.se> <CABrd9STBA9jh6oHXBzEgUD73rWDRbgrFZc69H5tHOzD4Cw=WHg@mail.gmail.com>
Date: Mon, 20 Oct 2014 14:32:24 +0200
In-Reply-To: <CABrd9STBA9jh6oHXBzEgUD73rWDRbgrFZc69H5tHOzD4Cw=WHg@mail.gmail.com> (Ben Laurie's message of "Mon, 20 Oct 2014 12:09:48 +0000")
Message-ID: <87ppdmhqg7.fsf@nordberg.se>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: CanIt (www . roaringpenguin . com)
X-Scanned-By: MIMEDefang 2.74 on 109.105.111.32
X-p0f-Info: os=unknown unknown, link=Ethernet or modem
X-CanIt-Geo: ip=109.105.110.42; country=SE; latitude=62.0000; longitude=15.0000; http://maps.google.com/maps?q=62.0000,15.0000&z=6
X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default)
X-Canit-Stats-ID: 0aN5ow1VF - 4c142f364231 - 20141020
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/oVrceCHh7V2VyRnWsxXKWveXyxU
Cc: trans@ietf.org
Subject: Re: [Trans] Certificate verification
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 12:32:07 -0000

Ben Laurie <benl@google.com> wrote
Mon, 20 Oct 2014 12:09:48 +0000:

| On Fri Oct 17 2014 at 1:51:01 PM Linus Nordberg <linus@nordu.net> wrote:
| 
| > Hi list,
| >
| > 6962bis-4 says that logs may log and publish invalid certificates as
| > long as the chain ends in a known cert. It then lists three examples of
| > what can be accepted, all related to time.
| >
| >    Logs MUST verify that the submitted end-entity certificate or
| >    Precertificate has a valid signature chain leading back to a trusted
| >    root CA certificate, using the chain of intermediate CA certificates
| >    provided by the submitter.  Logs MAY accept certificates that have
| >    expired, are not yet valid, have been revoked, or are otherwise not
| >    fully valid according to X.509 verification rules in order to
| >    accommodate quirks of CA certificate-issuing software.  However, logs
| >    MUST refuse to publish certificates without a valid chain to a known
| >    root CA.  If a certificate is accepted and an SCT issued, the
| >    accepting log MUST store the entire chain used for verification,
| >    including the certificate or Precertificate itself and including the
| >    root certificate used to verify the chain (even if it was omitted
| >    from the submission), and MUST present this chain for auditing upon
| >    request.  This chain is required to prevent a CA from avoiding blame
| >    by logging a partial or empty chain.  (Note: This effectively
| >    excludes self-signed and DANE-based certificates until some mechanism
| >    to limit the submission of spurious certificates is found.  The
| >    authors welcome suggestions.)
| >
| > Since the purpose of the log is to put light on bad certificates, would
| > it make sense to instead have text 1) specifying a minimum of checks to
| > be done (i.e. the chain)
| 
| 
| Since checking is for spam limitation, and different logs may have
| different views on what is spam, I am not convinced this is a good idea -
| for example, any chain check would appear to automatically rule out logging
| self-signed certs, and it seems to me that should be left open to log

(Depends on how you define "trusted/known root CA certificate", but OK
that might be a stretch.)

But the current text _does_ require a chain check, doesn't it?

   Logs MUST verify that the submitted end-entity certificate or
   Precertificate has a valid signature chain leading back to a trusted
   root CA certificate, using the chain of intermediate CA certificates
   provided by the submitter.

and

                                                           However, logs
   MUST refuse to publish certificates without a valid chain to a known
   root CA.

My intention was to make the specification less restrictive by changing 

                               Logs MAY accept certificates that have
   expired, are not yet valid, have been revoked, or are otherwise not
   fully valid according to X.509 verification rules in order to
   accommodate quirks of CA certificate-issuing software.

to something indicating that anything more than a chain check is either
forbidden or discouraged.


| operators to think about (e.g. Microsoft would appear to have sufficient
| information to do spam limitation through use measurement:
| http://blogs.technet.com/b/pki/archive/2014/02/22/a-novel-method-in-ie11-for-dealing-with-fraudulent-digital-certificates.aspx)
| 
| 
| > and 2) encouraging logging and publishing of
| > all other certificates?
| >
| 
| That seems like a good plan :-)
| 
| 
| >
| >
| > On a minor note, I think that "trusted" in the very first sentence
| > should be changed to "known. Should I use the issue tracker?
| >
| 
| Yes, please.

Is this the right place?
https://github.com/google/certificate-transparency-rfcs/pull/7

v2.23.0 | Report a Bug | By Email