Re: [Trans] Precertificate format

Ben Laurie <benl@google.com> Thu, 11 September 2014 11:12 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA90C1A06D7 for <trans@ietfa.amsl.com>; Thu, 11 Sep 2014 04:12:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.031
X-Spam-Level:
X-Spam-Status: No, score=-3.031 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gkVeHb81FWf9 for <trans@ietfa.amsl.com>; Thu, 11 Sep 2014 04:12:05 -0700 (PDT)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BC9B1A892A for <trans@ietf.org>; Thu, 11 Sep 2014 04:12:02 -0700 (PDT)
Received: by mail-qg0-f52.google.com with SMTP id i50so6239568qgf.39 for <trans@ietf.org>; Thu, 11 Sep 2014 04:12:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pp8R7rRU8X2bq9vFjNPQKw4fJrjKLowfw9OMbM+3Ko0=; b=H5/ToAHJ8U67daQRrp/JoAF25kQwQ218ptCfAW1BJG5TvdLMYYwsBpXfJzcKv+jzwP g0FbhO3XY0UQZX1AF2EaAeIPkubLaj5nKplVD6v7+cYbNIBLH4zByK3SZnj16fCz1KwW Ydx7o0bRkLuZh8F4ca6BxyPfu0Au/ecEP3Ns+H/04h4z9DNRsf0kMEbLUL4sfrUbgwM1 5kFoq91s3OYQ9/FSbxRHOHlNLvCUW+kbzpPI6VYv3a7OxCuR6oWzfLVYLwUo9GFzS2aq liH1R2nN22YdzDIrxwt/cV77Oumw5PrlciItTZruuw4Fe9tKnlolJC9RSgLLowagfdOx blJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=pp8R7rRU8X2bq9vFjNPQKw4fJrjKLowfw9OMbM+3Ko0=; b=De2hIlG768Zjzg6c0GljbAL9duLuv43f2qHbhb996GVdGw37pBIk0ULLIBrTH9E1Fk yk6mlnM2OClXojM3DfVsZfSPIlg6pnqFcsJktccNRf1e3tR8JbwHKZGMHc+ms4eusJiN S/BpJtuFDvT9R8Y7oQC8HD8JkaLDReIAt9bINhewypKrurrPU2HJNFTtDUbDTqFddYcw 3NZFOtZaGenzQXDvpD6PxNSQxkByZRMoSGVowL770V6KkdZP9TLHN5nAEStYMod5MKa3 Mg5a/95kStNmt3BlJXcLtiMFa2EJMdT8cCvVfrsRxQnsHw5V/KQ3ovMVQ0GdzYR4X+lU xEVQ==
X-Gm-Message-State: ALoCoQk8QBL85bhyhLlwHlzjnTJouNQW0nC906OgsnjO4XUULmxjyflpiM0Etu2sMMnjFU6PqSJ/
MIME-Version: 1.0
X-Received: by 10.224.11.212 with SMTP id u20mr321983qau.82.1410433921305; Thu, 11 Sep 2014 04:12:01 -0700 (PDT)
Received: by 10.229.247.198 with HTTP; Thu, 11 Sep 2014 04:12:01 -0700 (PDT)
In-Reply-To: <54107771.501@bbn.com>
References: <540DFA75.2040000@gmail.com> <540E0E90.1070208@bbn.com> <4B184DAD-3C7A-4032-8BA6-634736BB2689@paypal.com> <540F3B42.3000708@bbn.com> <CABrd9SS4NgJo8mX72fB_9q4u8jQ5NQYsyk5hxPZvXxyfERvvcg@mail.gmail.com> <54107771.501@bbn.com>
Date: Thu, 11 Sep 2014 12:12:01 +0100
Message-ID: <CABrd9SQh7-7ogTkHbAvJfKioZrgoB2-m0noGeafrOWzcLKyi5Q@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/ohRAVoVBg6h4y7ikOpoioZvwxK4
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Precertificate format
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 11:12:08 -0000

On 10 September 2014 17:08, Stephen Kent <kent@bbn.com> wrote:
> Ben,
>
>> On 9 September 2014 18:39, Stephen Kent<kent@bbn.com>  wrote:
>>>
>>> I agree that the serial number is critical if one plans to revoke the
>>> cert.
>>> But ,
>>> the I-D makes no mention of remediation mechanisms, an omission I noted
>>> in
>>> my review
>>> a while ago.
>>
>> It makes no mention because they are not in scope. The point of CT is
>> to allow others to vet certificates and take appropriate action when
>> needed.
>
> As I noted earlier, there is no threat model for the CT mechanism.
>
> And there is no mapping of CT to the threat model.
>
> We usually do not standardize security mechanisms when these two
> critical elements are missing.

I think its pretty clear what the purpose of CT is - to make it
possible to detect mis-issuance of certificates - i.e. that
certificates conform to all the requirements for issuance. And its
also clear that to do this, you need to be able to see the contents of
the certificate. This is the threat model. Or, if you really want it
phrased as a threat, the threat is that some CA might issue a
certificate that does not conform to the requirements for issuance
(which, btw, vary over time) and the mitigation is a public,
append-only, verifiable log of the contents of all issued
certificates.

The I-D clearly states this already, I think, but if you don't like
the text, perhaps you can propose something you'd like better?

>> It is not up to us to describe all possible problems and how they are
>> remedied. If you think that's a valuable exercise, be my guest.
>
> There is a big difference between "all" and "none."

At least one problem is described: "Those who are concerned about
misissue can monitor the logs, asking

   them regularly for all new entries, and can thus check whether
   domains they are responsible for have had certificates issued that
   they did not expect."

I guess we could add some other examples, such as conformance to the
Baseline Requirements.

>>
>> However, when you suggest that inclusion of some particular thing is
>> problematic, then we can, of course, refer to potential problems CT
>> might reveal and available remedies as an illustration of why that
>> thing is needed.
>
> I don't know what this last, rather long sentence means. Please elaborate.

What I meant was that mentioning a problem in order to explain why
some field is needed does not mean that we then have to enumerate all
problems, find a problem that justifies every field, etc.

>
>
> Steve
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans