IETF Logo Mail Archive

[Trans] Write-up of the "Strict CT" variant

Eran Messeri <eranm@google.com> Tue, 23 May 2017 12:43 UTC

Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3024D129B2C for <trans@ietfa.amsl.com>; Tue, 23 May 2017 05:43:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.802
X-Spam-Level:
X-Spam-Status: No, score=-0.802 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZEXVpwh6OBQq for <trans@ietfa.amsl.com>; Tue, 23 May 2017 05:43:10 -0700 (PDT)
Received: from mail-it0-x235.google.com (mail-it0-x235.google.com [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20D12129B2B for <trans@ietf.org>; Tue, 23 May 2017 05:43:10 -0700 (PDT)
Received: by mail-it0-x235.google.com with SMTP id g126so18660461ith.0 for <trans@ietf.org>; Tue, 23 May 2017 05:43:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=3vH3v5gVYrSwP9rbQEjJgR8TYS4TSY3cUfBMwvvzK1E=; b=gIbDRtYEg6C3fT7PCJPGI/MpKoRJ8yvucdrVRHs90fLRWUcKoOH/LunxXYHZ8fOVCZ QITCVQAWIppiGI+cGBr4ywUW0cfD8P20cSR3cdsKTVtH6RJjTux0nwe9pMoqra0mWTIr bNvORSpRtMKbTQ5RTDvPqjdW/A+fyOdsiD7/NWmCSesGYkQbQudEjhzfO5r7q3NwaC58 12IvfgVUOlv3glsTQ9jdzTIWsnRtq7U4dsYm6SYM4/KotG+Z83fx3yoTR15OSmFuCDOa oN4jedCeiZxJSEiKyZR9XJ6yXaQm6Zaxf/b7BO3Q9xSxrmMvlckHxRazlzzCfo8zi1X/ 0bBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=3vH3v5gVYrSwP9rbQEjJgR8TYS4TSY3cUfBMwvvzK1E=; b=j1HMipPqwTCWU73CQ+fknXmjmPMUf4N0XutNKbqR1tr8utS6Sy9+4Op1ikOXcNrDjM 3usdMQ21foUQaWnGLOaf/zengmZaevIKOpkfxU4ouwZkBPQQ069xMlF4yV+AbuylYdIs Ill+1Ya35bQQuI94kwtKYdbGVUtcD29ND2FIfUfUb/6ti/c3qlzec1DryKB3jDGMT3cr R0X4HnWo9SCU1uuRPDUsbK5/vIQDSnTp8xDbMWFri2hJqbxSRd75J6/b+NEYyyKyukR8 PUH1i5mgL4lHx/US+abdTNKiWVGcq3tV+ydq0b+9e+rvZIyCyBvFD4k+epRea2cG4xCJ 8nqQ==
X-Gm-Message-State: AODbwcAM1kySxKLA97q0KtvIz21MGD/OLyzOQPt/qcm1nOXag1MCGAPD AYr21FDXe5kyiQA+ZNEQRiGKKPuOkYWcYiB5YA==
X-Received: by 10.36.29.204 with SMTP id 195mr2482027itj.112.1495543389020; Tue, 23 May 2017 05:43:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.129.6 with HTTP; Tue, 23 May 2017 05:42:38 -0700 (PDT)
From: Eran Messeri <eranm@google.com>
Date: Tue, 23 May 2017 13:42:38 +0100
Message-ID: <CALzYgEeUCmj4BgY7uKdMnsvTcbvfAunquuqHxD7FxuzZxY1=Fg@mail.gmail.com>
To: "trans@ietf.org" <trans@ietf.org>
Content-Type: multipart/alternative; boundary="001a1135b76473b9a10550305459"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/tCm13jGLlwlb9oP5bB9hXc_7t7s>
Subject: [Trans] Write-up of the "Strict CT" variant
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2017 12:43:12 -0000

Below is a write up of the “Strict CT” variant, based on Mozilla’s
suggestion.
The goal of this write-up is to serve as a foundation for a document that
will describe the deployment of CT needed to operate with stronger
guarantees for TLS clients, as well as the protocol extensions necessary to
deploy it.

*Goal*: Provide TLS clients with proof of inclusion to a tree state they
already know (save clients the need to audit logs themselves).

*Overview*:

   - UA vendor ("auditor") periodically collects an STH (denoted "official"
   STH [1]) from each log, distributes it to its UAs ("clients"). Clients are
   expected to cache all STHs.
   - CA/Site Owner ("submitter") submits (pre)certificate to the log, gets
   SCT [2].
   - Submitter waits until the next official STH that includes the
   certificate, gets an inclusion proof to be served alongside the certificate
    + SCT.
   - In the TLS handshake, clients get certificate + SCT + inclusion proof
   to an official STH they know about [5].


The purpose of the UA vendor sending down the official STH is to provide
third-party verification of the consensus.
The purpose of the submitter bundling the STH + inclusion proof is to avoid
the client having to retrieve it via some other protocol


Options for dealing with the delayed usability of certificates:

   - Submitter waits until an inclusion proof to an “official” STH becomes
   available, only starts serving that certificate then (could take up to 2 x
   MMD - two days, typically).
      - The CA could wait until the proof becomes available and only issue
      the final certificate then - delay issuance by up to MMD.
      - The requester could get the certificate immediately but only start
      using it once it’s able to obtain an inclusion proof to an
official STH [3].
   - Certificate is used immediately, only with SCT: Clients accept
   certificates only with SCTs for a limited duration; after that an inclusion
   proof must be accompanied [4].
   - Opt-in: servers requires presence of proofs via header / X.509
   extension [6].
   - Certificate is used after the client can fetch an inclusion proof and
   an STH the log has produced; if it’s an unknown STH the client sends it to
   the auditor for reconciliation.


Footnotes:

[1] The "official" STH does not have to be explicitly marked: Assuming
daily STH push cycle, a log could mint one marked STH every day, to be
distributed to clients. Alternatively, if STH issuance frequency (which
6962-bis requires specifying) is not too high (e.g. hourly) then the
"official" STH could be the first one issued after midnight UTC
(synchronizing on the clock).

[2] An intermediate improvement is to return, rather than just SCT, the SCT
+ STH issued immediately afterwards (~seconds) + inclusion proof to that
STH. Effectively, this would rid of SCTs - the STHs issued that way will
have the same privacy properties of SCTs, but it will simplify the system
by removing the requirement to deal with inclusion proofs, only consistency
proofs  (clients would still have to know how to check an inclusion proof
to those intermediate STHs, but not have to  fetch them).
If this variant can be successfully deployed using 6962-bis, in
6962-bis-bis we could get rid of SCTs completely.

[3] The web server only has to do this once for each new certificate since
clients are expected to cache all STHs indefinitely.

[4] That requires auditing logs asynchronously, since an attacker with
persistent access could keep getting new SCTs issued, or some clients may
not have fresh STHs because they missed some updates.

[5] There will be a time period where a submitter serves an official STH
that the client doesn’t yet know about because it wasn’t distributed, or
received, yet. Clients could send these for reconciliation, or the
submitter required to not serve it yet until it was distributed to clients.

[6] In theory, a new certificate, with the inclusion proof embedded, could
be issued - but it may run afoul of the restriction on issuing different
certificates with the same serial number.

Eran

v2.23.0 | Report a Bug | By Email