Re: [Trans] Certificate and Precertificate extensions ordering

Rob Stradling <rob.stradling@comodo.com> Thu, 11 September 2014 11:46 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D11451A89A8 for <trans@ietfa.amsl.com>; Thu, 11 Sep 2014 04:46:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.29
X-Spam-Level:
X-Spam-Status: No, score=-1.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_NET=0.611, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xjwg7n2Q2XzQ for <trans@ietfa.amsl.com>; Thu, 11 Sep 2014 04:46:07 -0700 (PDT)
Received: from ian.brad.office.comodo.net (eth5.brad-fw.brad.office.ccanet.co.uk [178.255.87.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B4CA1A6F1F for <trans@ietf.org>; Thu, 11 Sep 2014 04:45:21 -0700 (PDT)
Received: (qmail 27430 invoked by uid 1000); 11 Sep 2014 11:45:19 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Thu, 11 Sep 2014 12:45:19 +0100
Message-ID: <54118B4F.8000102@comodo.com>
Date: Thu, 11 Sep 2014 12:45:19 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.1.0
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>
References: <CA+i=0E5o_JEUquZpxhwiVKU3dvDTOHSf0fbeD7Nj7vrDwAkeSw@mail.gmail.com><CALzYgEcEpegaBt6-w+Y7Hs6EODdHUe=CFA6W=H8Afd9gxZjaSg@mail.gmail.com><541184B7.9070701@comodo.com><CABrd9SRL+O+GUNT2hvc9ysKwjksG0DJ1C7oHHH-8es1npzELnA@mail.gmail.com> <CABrd9SRF1vhkWktjVXKzJNY2Zu01TK9gKA4SsDMp8--gRdtZng@mail.gmail.com>
In-Reply-To: <CABrd9SRF1vhkWktjVXKzJNY2Zu01TK9gKA4SsDMp8--gRdtZng@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/xGo4eXPL_m4aov5VZ_jo772svZU
Cc: "trans@ietf.org" <trans@ietf.org>, Eran Messeri <eranm@google.com>, Erwann Abalea <eabalea@gmail.com>
Subject: Re: [Trans] Certificate and Precertificate extensions ordering
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 11:46:13 -0000

On 11/09/14 12:31, Ben Laurie wrote:
> On 11 September 2014 12:27, Ben Laurie <benl@google.com> wrote:
>> On 11 September 2014 12:17, Rob Stradling <rob.stradling@comodo.com> wrote:
>>> On 11/09/14 11:56, Eran Messeri wrote:
>>>>
>>>> The poison extension is removed from the Precertificate prior to the log
>>>> producing an SCT over it, so a client never has to know about it. What
>>>> the TLS client has to do is to remove the "embedded SCTs" extension
>>>>    from the certificate prior to validating the signature.
>>>
>>> Ditto for the future "redactedlabels" extension.
>>
>> That one appears in the cert, too, doesn't it?
>
> Sorry, ignore that, it is in the cert but not the precert (though that
> seems like an arbitrary decision to me).

I was ditto-ing Eran's second sentence, not his first.  Sorry if I 
wasn't clear.

Yes, I think we could put the "redactedlabels" extension in the precert 
too.  Or, might those who wish to use the redaction mechanism also want 
to keep secret the number of redacted domain components?

Hmmm...if we do decide that the number of redacted domain components can 
be revealed by the precert, then it might be simpler to scrap the 
"redactedlabels" extension altogether and instead say that "(PRIVATE)" 
always covers precisely 1 domain component.  Then, if you want to redact 
3 components, you'd put 
"SAN:dNSName=(PRIVATE).(PRIVATE).(PRIVATE).mydomain.com" in the precert.

(To reduce bloat, we could shrink "(PRIVATE)" to "?".  e.g. 
"SAN:dNSName=?.?.?.mydomain.com").

<snip>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online