IETF Logo Mail Archive

Re: [Trans] Bad Technical Decision: Closing out the SCT encoding discussion

Russ Housley <housley@vigilsec.com> Fri, 13 March 2015 21:05 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 818711A87EB for <trans@ietfa.amsl.com>; Fri, 13 Mar 2015 14:05:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.9
X-Spam-Level:
X-Spam-Status: No, score=-103.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id otY2dy6Ncvyu for <trans@ietfa.amsl.com>; Fri, 13 Mar 2015 14:05:06 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id D839D1A879E for <trans@ietf.org>; Fri, 13 Mar 2015 14:05:05 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 8EFAD9A4012; Fri, 13 Mar 2015 17:04:55 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id Yx+oVzXG1riB; Fri, 13 Mar 2015 17:04:33 -0400 (EDT)
Received: from [192.168.2.100] (pool-96-255-133-185.washdc.fios.verizon.net [96.255.133.185]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id B7B269A4014; Fri, 13 Mar 2015 17:04:33 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <550347A0.6070005@cs.tcd.ie>
Date: Fri, 13 Mar 2015 17:04:22 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <AD1D5393-F4FE-48DA-A5D7-55882177D76F@vigilsec.com>
References: <550257A0.8050401@gmail.com> <B87AFA6C-2B9F-474C-AE0F-BF07829CD139@vigilsec.com> <550347A0.6070005@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/y-UTtTAOS9wvdHudafqJY-ooRRk>
Cc: Paul Wouters <paul@nohats.ca>, trans@ietf.org, Melinda Shore <melinda.shore@gmail.com>
Subject: Re: [Trans] Bad Technical Decision: Closing out the SCT encoding discussion
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2015 21:05:08 -0000

Stephen:

Yes, you have captured the essence of my technical concern.

In addition, I point out that the currently-specified structure contains several elements, and these could easily be carried in an ASN.1 structure.  There are many places in the current specification that require the handling of ASN.1, so it is not an implementation imposition to require conformance with RFC 5280, section 4.2:

   Each extension includes an OID and an ASN.1 structure.  When an
   extension appears in a certificate, the OID appears as the field
   extnID and the corresponding ASN.1 DER encoded structure is the value
   of the octet string extnValue.  A certificate MUST NOT include more
   than one instance of a particular extension.  For example, a
   certificate may contain only one authority key identifier extension
   (Section 4.2.1.1).  An extension includes the boolean critical, with
   a default value of FALSE.  The text for each extension specifies the
   acceptable values for the critical field for CAs conforming to this
   profile.

Russ


On Mar 13, 2015, at 4:25 PM, Stephen Farrell wrote:

> 
> Hi Russ,
> 
> On 13/03/15 18:58, Russ Housley wrote:
>> Stephen:
>> 
>> I strongly disagree with this technical decision.  The content of
>> certificate extensions should be OCTET STRING wrapped ASN.1
>> structures, and I pointed out the text in RFC 2459 (that remains in
>> RFC 5280) during this discussion.  
> 
> So you did - I missed that earlier. Yes, you do raise an issue
> that needs dealing with if it's not already been dealt with (and
> I think that is the case, but I'm not 100% sure).
> 
> The issue being whether (or not) the 5280 wording does in fact
> call for all extnValue fields ever defined by the IETF to contain
> DER encoded ASN.1 structures.
> 
> The question seems to boil down to whether or not the wording in
> RFC 5280 section 4.2 [1] 2nd para applies to only the extensions
> defined in 5280 or (I guess?) to all extensions ever documented
> in IETF stream RFCs.
> 
> In other words does "Each extension" in that sentence mean "Each
> extension defined in 5280" or does it mean "Any extension defined
> in an IETF stream RFC" or something else.
> 
>   [1] https://tools.ietf.org/html/rfc5280#section-4.2
> 
> If one interprets the statement in the former/looser manner as
> only being about extensions defined in 5280 then I guess one
> would read the chairs' decision as being consistent with 5280.
> 
> If one interprets 5280 in the latter/stricter manner, I guess
> a subsequent question might be whether that's (still) a good
> plan and if not, what to do about it.
> 
> And if we interpret 5280 strictly and conclude that is still a
> good plan then the question would be what to do about the SCT
> encoding, which could be to do something hacky like prepending
> another OCTET STRING tag and a length I suppose, or something
> else.
> 
> I think the question of whether or not doing this would break
> something isn't a new question but is one that was dealt with
> already in that we don't know of any such breakage. And in any
> case the chairs sensibly indicated that new facts would cause a
> reappraisal. So I take it that you're not claiming that there
> is some known system that'd be damaged here, but rather that
> deviating from the stricter reading of 5280 might cause such
> breakage, even if we don't know of any such case.
> 
> Lastly, there is a comment in the ASN.1 module that says that
> extnValue contains a DER encoding of an ASN.1 value, but I
> think we don't need to worry about that as it's really the
> same question as the first one above.
> 
> Does the above correctly capture your objection/appeal?
> 
>> I am quite concerned with (4)
>> listed below.  I hope you will revisit this decision.
>> 
>> Please treat this as the first step in the appeal of this technical
>> decision.
> 
> Given that we're not at AD or IESG evaluation, I guess you're
> appealing the WG chairs' decision here and so the initial
> response should I think come from the WG chairs. If you're still
> not satisfied at that point then it'd be time for you to appeal
> to me, as the responsible AD. (At which point I'll process it.)
> But for now, I guess I get to pass the parcel back to the chairs.
> 
> So chairs - assuming Russ agrees with my characterisation above,
> will you take a look at that and consider his appeal?
> 
> Cheers,
> S.
> 
> 
>> 
>> Russ
>> 
>> 
>> On Mar 12, 2015, at 11:21 PM, Melinda Shore wrote:
>> 
>>> Hi, all:
>>> 
>>> We've been banging away on the SCT encoding issue for a year, and
>>> we really must close it out.  Paul and I have been doing due 
>>> diligence on the issue in the background.  We made a concerted
>>> effort to find technical problems with the current text that would
>>> exclude the possibility of allowing it in the -bis document.
>>> Here's what we found:
>>> 
>>> 1) The proposed encoding does not violate the letter of any 
>>> specification that we can find, 2) Peter Gutmann said that it's not
>>> a good idea but it isn't incorrect, 3) We checked with the authors
>>> of several widely-used pieces of certificate processing software
>>> and in every case that person said that the proposed encoding would
>>> not cause problems with their code, and 4) We verified that the
>>> IETF security ADs would not reject the encoding during IESG review
>>> 
>>> Basically, in a nutshell, where we've landed is that while the
>>> current encoding probably isn't the best idea ever, it doesn't
>>> violate any specification that anybody could identify and it
>>> doesn't appear to break anything.  So, it's going to stand.  We
>>> will not be revisiting this issue unless new information is
>>> presented.  This includes discussion at the upcoming meeting in
>>> Dallas.
>>> 
>>> Thanks,
>>> 
>>> Melinda and Paul
>>> 
>>> _______________________________________________ Trans mailing list 
>>> Trans@ietf.org https://www.ietf.org/mailman/listinfo/trans
>> 
>> _______________________________________________ Trans mailing list 
>> Trans@ietf.org https://www.ietf.org/mailman/listinfo/trans
>> 
> 
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans

v2.23.0 | Report a Bug | By Email