Re: [Trans] [TLS] ct_compliant cached info field
Rob Stradling <rob@sectigo.com> Fri, 22 February 2019 14:41 UTC
Return-Path: <rob@sectigo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B60AF12D4EA; Fri, 22 Feb 2019 06:41:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=comodoca.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EQIm55je13va; Fri, 22 Feb 2019 06:41:16 -0800 (PST)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-eopbgr790072.outbound.protection.outlook.com [40.107.79.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDCC2129A87; Fri, 22 Feb 2019 06:41:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comodoca.onmicrosoft.com; s=selector1-sectigo-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dtdpZt18ulNDdZhdWhYoiozG5U55OdMlKHJHi/8JOWo=; b=Fh1cjUzg8ypfXfdVQjmkdQZjlzohE1N60akw4XX3ZQAJzkOaNnGYmu95wBKWdnhUOHFsrXPCb7JzatbB/cHl2bhY63yiv1KjVmvmyWuw4DSstYhYlDEGxQxgkvl6x6ODzDeAbYDeVNrWpRyfU4OS+sKbb+1vkhsjyFIS3yu7Izc=
Received: from DM6PR17MB2716.namprd17.prod.outlook.com (20.178.224.155) by DM6PR17MB2236.namprd17.prod.outlook.com (20.176.92.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.15; Fri, 22 Feb 2019 14:41:12 +0000
Received: from DM6PR17MB2716.namprd17.prod.outlook.com ([fe80::80e1:4c3b:1fac:22b9]) by DM6PR17MB2716.namprd17.prod.outlook.com ([fe80::80e1:4c3b:1fac:22b9%6]) with mapi id 15.20.1643.014; Fri, 22 Feb 2019 14:41:12 +0000
From: Rob Stradling <rob@sectigo.com>
To: Eric Rescorla <ekr@rtfm.com>, Martin Thomson <mt@lowentropy.net>, Trans <trans@ietf.org>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] ct_compliant cached info field
Thread-Index: AQHUng4AiTlMjhjKyU+rxTv7bjD+jKWYYcaAgACOqgCAU0y3AA==
Date: Fri, 22 Feb 2019 14:41:12 +0000
Message-ID: <1f481215-9a30-dd91-7039-8e2ac5351cbe@sectigo.com>
References: <CABcZeBNuQMW=e=DGU6atyBv7UqWvkb3JMKAjfhCd_uqdgELa8g@mail.gmail.com> <1546236377.2848619.1621803360.25FE2839@webmail.messagingengine.com> <CABcZeBOeL4+Bmi7DfvxbkaJYSANqnBNjzHWgVYT69Bc51=gb4Q@mail.gmail.com>
In-Reply-To: <CABcZeBOeL4+Bmi7DfvxbkaJYSANqnBNjzHWgVYT69Bc51=gb4Q@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: LO2P265CA0175.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::19) To DM6PR17MB2716.namprd17.prod.outlook.com (2603:10b6:5:122::27)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rob@sectigo.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2a02:1788:4ff:1000:f68e:38ff:fe7a:a226]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dc975829-0780-4e6d-36d2-08d698d3ca94
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:DM6PR17MB2236;
x-ms-traffictypediagnostic: DM6PR17MB2236:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <DM6PR17MB22360F63FB28320DBF215535AA7F0@DM6PR17MB2236.namprd17.prod.outlook.com>
x-forefront-prvs: 09565527D6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(136003)(366004)(396003)(39850400004)(376002)(189003)(199004)(81166006)(53546011)(386003)(6506007)(446003)(102836004)(99286004)(36756003)(71200400001)(31696002)(4326008)(6116002)(46003)(6436002)(305945005)(8936002)(86362001)(106356001)(476003)(68736007)(2616005)(486006)(11346002)(105586002)(186003)(6246003)(31686004)(71190400001)(6306002)(6486002)(6512007)(76176011)(2906002)(53936002)(110136005)(97736004)(7736002)(14444005)(256004)(8676002)(316002)(52116002)(478600001)(966005)(25786009)(81156014)(5660300002)(14454004)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR17MB2236; H:DM6PR17MB2716.namprd17.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: sectigo.com does not designate permitted sender hosts)
x-microsoft-exchange-diagnostics: 1;DM6PR17MB2236;23:ULh4zVB2W6tA0staXJm+vyip5d+atn0czwoiV5to1qSL1BcsrpxF0fO9k7RcqCwwfSYI1GX+q22wGtWpYZrNEAVPadxSZ2AFtDK6e15yERzSZJwh39xYL4FQGNDkvQaaW//MLiEnsgyOafqjjCqSlJhDWT2LPljTRyNhriNPbbnWeENmcBqJzxFlk3bwnWTWP9pirzv2kx7ZnpKMmNoHURQAbBsA1CYt0oW/XgvsMg1A6Ve2BHkC+YfTnDyTG5H1dAfJTDkNr3RK0qwhBtacsK2mbG6zG9AQoXXvDH5/j3S6wfJg/FCA7D3xJiOw6pM0TL5Aixg+bAgFaix8dEu6hbacvLpdLNEV4EexY4lo82XTcKpVR0A0qY3f/XN/Qec3BCfwZHypZSXUGcSlrv4ri7AV0A9ifxHpdS+9VPxHnyBewZBGNJxPdUznq4UXTapTAOigLNYjNApHt6M1KEGE8KDuUd2DEuxfAk9E6JuB4utBdDXiNQ/N2yrmi1KJWLRwki7SAhP5E5NjHVCZpyncoBen1Ormr/mulHQmeuge0ACreDtR/cO1ZsZpgXSLrd58+hZVJmNdQ98dbBxZ/ooNvviGfJqoCAL+bwFuDI0OPtc4qF3XvYjm5FpNHzy7Jifi1Uy5ACMh8AJu2WTA4wrdmVywuhIAK/9BOUDcr0zO2GmPqt6jgaFihrD73QaQCyUm16pZ61pkl9t1OTyn47YnGghKkND+zKZwWyvr3vblLrRYQB3j+2PWwUptBiHq/Jo5+MiK1h3vAp5aJZ65dDTvZAyulDGCMd8Lf05OCxF79qPW7vRWTQS1oh1Ath0NEUdvTRjROIwr7zvy/1jZSSGeMfoJftsM1wdwYNYDjX+lAooXvSr2nqE+1BXO3woL/KC5vyvLV+eczuY1vr1oKt0pbfc72U4x4yXAWqhJjKC9A1X0bL7oemvq//ne1SboLBX4M+nWQce39QMuUMCtiqYUmdEOFWIOHTDE47qWwIPWwPfl3RF63NRPuG1fe76PJtFEzcnrSDj6YeGXtLqtwze/CuZtNPToJMgvQIrOBcPfTEer6pYbP2zxCQC6u8uDDESSjQ0eUhndAYYd349rOF0DVkURZZ38C70RTArGMryAyDBf+wSSlGQbqoZyyI4TdxUB3hNsAaY6vg25DUxNFJDWyE8wNkp4rhomQA9NFyg3TSwq95W6q6PkIuxIYxOLG4fIEtKZekuB3N+0smWeJohng2sQ+DBGSyNxB8cP2ManYElCnpKzMILIxwbUMqbmEmjl
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: pM5u8O96LXC9RRUQIZg+g7KeGV8ckREqQvYAr0REs2/TSo3lXTBqSf/uQ+knnOlia9fkJwqBVgU4OvBCoJ/tyjj98TR785v2faR8kV/UGwkuTNar9I4k8fgsnDZ4qSoi4yfraHJPQwXc7qPQaapju1wviB79hp+tY56LqOIgQs1Fx/ahZ4sGouUUAYWAdnqUMdfrAxnAGW/PGSCkmVjnuGUJ+PApx9tbTILhz25sJzh5t9cCNPumDRPZeLBf6RZHVdFszlq2wSi1oq6X4/9JDSxe0jRtz/4Fqu03lOHUpLsF6446I/BdOHK9lSEA3G60DrxMF0Nh9YFThZgrKR8ey1oK2Nwz/dCdAa9aU5AhwK+fpCfXFlv+NQscEwbJSc/eMuAFqyvORFzi7f8PVmcd5/O8mzAe4aCDVpauOUSWBw0=
Content-Type: text/plain; charset="utf-8"
Content-ID: <47AE95E7F813554DA8AF5141AB2216D6@namprd17.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sectigo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dc975829-0780-4e6d-36d2-08d698d3ca94
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2019 14:41:10.7124 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-id: 0e9c4894-6caa-465d-9660-4b6968b49fb7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR17MB2236
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/s5WtyMaS-BmeLuQKMqtWDmLIN7I>
Subject: Re: [Trans] [TLS] ct_compliant cached info field
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 14:41:19 -0000
EKR, Martin, Hi, and sorry for the long delay in replying. This originated in [1] and was added to 6962-bis in [2]. The motivation was to provide a mechanism to permit a TLS server to avoid sending CT artifacts (SCTs, STHs, inclusion proofs) that it knows the TLS client already has or doesn't need, thereby reducing bytes on the wire for constrained and high-volume environments. The approach envisaged by RFC7924 seems to be: "here's a list of TLS message fingerprints I've received previously; please don't send these exact messages to me again". This works for stand-alone messages that contain one item, such as the server's Certificate message (which contains 1 server certificate chain). However, in 6962-bis's case, SCTs and inclusion proofs are not stand-alone items; instead, they correspond to particular certificates. Each relevant TLS message will contain a TransItemList, which will probably contain at least a set of several SCTs; and whilst each SCT is static, the set (and the order within the set) is not. Therefore, the approach of caching TLS messages by fingerprint didn't look like it would work for us. We concluded that it would make more sense for the client to make a more high-level statement: "here's a list of certificate fingerprints that I've received previously and that I already regard as being CT-compliant". This isn't an essential part of 6962-bis. Other than Ben L's "Sounds like a good idea" comment in [1], I don't recall anyone commenting on it until EKR started this thread. I propose to remove this cached-info mechanism from 6962-bis, if nobody objects. (It could of course be revisited in some future document, if there's interest). [1] https://trac.ietf.org/trac/trans/ticket/111 [2] https://github.com/google/certificate-transparency-rfcs/pull/186 On 31/12/2018 14:36, Eric Rescorla wrote: > + trans > > On Sun, Dec 30, 2018 at 10:06 PM Martin Thomson <mt@lowentropy.net > <mailto:mt@lowentropy.net>> wrote: > > > On Fri, Dec 28, 2018, at 04:58, Eric Rescorla wrote: > > Please take a look at > > > https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-30#section-6.5 > > At a minimum, this would seem to update cached_info. > > There's not a lot of meat on this text. It seems to be saying that > if you are providing transparency_info, then you can provide a > certificate other than any of the certificates that the client > believes to be CT compliant. Also, you don't provide "x509_sct_v2" > or "precert_sct_v2" in transparency_info. > > How is the client then able to determine that this new certificate > is CT compliant? Using "inclusion_proof_v2" and > "signed_tree_head_v2" (or one or other)? If so, the text doesn't > point in that direction. > > There's a lot of "why" missing in this document. Why would a client > choose to indicate "ct_compliant"? Why is cached_info being > extended in this way? > > I might guess that the reason here is that the draft aims to avoid > including information that might change over time, which would > render caches invalid. Isn't that motivation to recommend an SCT > over an STH? > > Separately, why does this establish a new registry for signature > schemes? It is obviously trying to keep TLS compatibility, based on > the codepoints, but forking the registry is a great way to create > problems. -- Rob Stradling Senior Research & Development Scientist Email: rob@sectigo.com
- Re: [Trans] [TLS] ct_compliant cached info field Eric Rescorla
- Re: [Trans] [TLS] ct_compliant cached info field Rob Stradling
- Re: [Trans] [TLS] ct_compliant cached info field Eric Rescorla
- Re: [Trans] [TLS] ct_compliant cached info field Rob Stradling