Re: [Trans] [trans] #4 (rfc6962-bis): Should we sign TBS for Certificates?
"trans issue tracker" <trac+trans@tools.ietf.org> Fri, 27 March 2015 11:35 UTC
Return-Path: <trac+trans@tools.ietf.org>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A18A1ACD6D for <trans@ietfa.amsl.com>; Fri, 27 Mar 2015 04:35:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dmX_TTHERYvO for <trans@ietfa.amsl.com>; Fri, 27 Mar 2015 04:35:00 -0700 (PDT)
Received: from zinfandel.tools.ietf.org (zinfandel.tools.ietf.org [IPv6:2001:1890:123a::1:2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC9C01A0103 for <trans@ietf.org>; Fri, 27 Mar 2015 04:34:59 -0700 (PDT)
Received: from localhost ([::1]:38127 helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.82_1-5b7a7c0-XX) (envelope-from <trac+trans@tools.ietf.org>) id 1YbSXR-0007c2-9O; Fri, 27 Mar 2015 04:34:57 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: trans issue tracker <trac+trans@tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: benl@google.com, eranm@google.com, rob.stradling@comodo.com
X-Trac-Project: trans
Date: Fri, 27 Mar 2015 11:34:57 -0000
X-URL: http://tools.ietf.org/trans/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/trans/trac/ticket/4#comment:4
Message-ID: <071.afc3dc515880d49970ee376edd3db766@tools.ietf.org>
References: <056.5caee88c050c0996b0fcac0e32e5cb51@tools.ietf.org>
X-Trac-Ticket-ID: 4
In-Reply-To: <056.5caee88c050c0996b0fcac0e32e5cb51@tools.ietf.org>
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: benl@google.com, eranm@google.com, rob.stradling@comodo.com, trans@ietf.org
X-SA-Exim-Mail-From: trac+trans@tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/tTdl90z0fnLFE_T0xZsbDTUadnw>
Cc: trans@ietf.org
Subject: Re: [Trans] [trans] #4 (rfc6962-bis): Should we sign TBS for Certificates?
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 11:35:02 -0000
#4: Should we sign TBS for Certificates? Comment (by rob.stradling@comodo.com): Eran, don't the existing PrecertChainEntryV2/X509ChainEntry structs already hold the original submission? Can't we resolve this ticket just by changing !SignedCertificateTimestamp.signed_entry and !TimestampedEntry.signed_entry from... select(entry_type) { case x509_entry: ASN.1Cert; case precert_entry_V2: TBSCertificate; } signed_entry; ...to... select(entry_type) { case x509_entry: TBSCertificate; case precert_entry_V2: TBSCertificate; } signed_entry; I think it makes sense to retain a different struct for each !LogEntryType, rather than try to unify them. New !LogEntryType values might be defined in future that aren't unifiable with the existing two. -- ------------------------------+------------------------------ Reporter: eranm@google.com | Owner: benl@google.com Type: defect | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Resolution: Keywords: | ------------------------------+------------------------------ Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/4#comment:4> trans <http://tools.ietf.org/trans/>
- Re: [Trans] [trans] #4 (rfc6962-bis): Should we s… trans issue tracker
- Re: [Trans] [trans] #4 (rfc6962-bis): Should we s… trans issue tracker
- Re: [Trans] [trans] #4 (rfc6962-bis): Should we s… trans issue tracker
- Re: [Trans] [trans] #4 (rfc6962-bis): Should we s… trans issue tracker
- Re: [Trans] [trans] #4 (rfc6962-bis): Should we s… trans issue tracker
- Re: [Trans] [trans] #4 (rfc6962-bis): Should we s… trans issue tracker