IETF Logo Mail Archive

[Trans] draft-ietf-trans-rfc6962-bis-28: "no security implications"

Andrew Ayer <agwa@andrewayer.name> Tue, 20 March 2018 22:12 UTC

Return-Path: <agwa@andrewayer.name>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A97DD129C6D for <trans@ietfa.amsl.com>; Tue, 20 Mar 2018 15:12:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewayer.name
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CeR55DO4MoTL for <trans@ietfa.amsl.com>; Tue, 20 Mar 2018 15:12:50 -0700 (PDT)
Received: from thompson.beanwood.com (thompson.beanwood.com [34.214.229.188]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94A3D129515 for <trans@ietf.org>; Tue, 20 Mar 2018 15:12:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=andrewayer.name; s=beanwood20160511; t=1521583969; bh=tX7Id219cgS3N/qrxS+FwQL88XwB7nlGzp1UDHRw4x8=; h=Date:From:To:Subject; b=S0UTzjfswr4eaGb3XYIGnBKHgfGyuakXwjMGQP/gJOuKcz9YaSxtMa3wooAXPNTLK Hz8iKj9nEDKppSYulXhIK0KBoeMCyGYFpWx0QQBIrH01SJ1eHJXs+y8Px7LfcZx2fs +kw/VeBr/keLB9AIJy/P6ZwIw2a9Z9qjCISmz2jmdMaXuYQYkBx0rwQY6J6U6Q4Ws+ mT0LaTldVNgB6PFfTPHI9HLWQqlcD+Hj5QZUDLej0ZQXbJF3JMdnFiYlZDb38FGApF x7p/a6PHdmRkDg/Af8pQIF67uYqlSj/c2iKf4UnDK2JR5bVGMEH+BDFap8rNLKMU/N QUsfq9XlXaoDQ==
Date: Tue, 20 Mar 2018 15:12:49 -0700
From: Andrew Ayer <agwa@andrewayer.name>
To: trans@ietf.org
Message-Id: <20180320151249.ef2e85feaf05de8edac24479@andrewayer.name>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/wNYK7FNbWDNqoTpPO0u1HsJOpSc>
Subject: [Trans] draft-ietf-trans-rfc6962-bis-28: "no security implications"
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 22:12:51 -0000

draft-ietf-trans-rfc6962-bis-28 added the following text to
section 4.2:

"While there are no security implications to a log accepting
a submission that does not chain to one of its accepted trust
anchors..."

This isn't true.  The certificate chain enables the logged certificate
to be attributed to a known trust anchor.  This is security-sensitive,
as without the chain, monitors and trust store operators can't respond
to a misissued certificate because they don't know which trust anchor
should be sanctioned/distrusted for misissuing the certificate.[1]

Therefore, this text should be removed.

It might also be a good idea, to avoid any future confusion about this
requirement, to add "to ensure that logged certificates are attributable
to a known trust anchor" to the sentence at the beginning of 4.2 that
explains why the requirement exists.

Regards,
Andrew


[1] In the general case, a monitor could probably construct the chain
using its own store of intermediate certificates.  But this fails if
the intermediate isn't known, which might happen in the adversarial
case where an intermediate certificate is issued for the sole purpose
of evading responsibility for a misissued certificate.

v2.23.0 | Report a Bug | By Email