IETF Logo Mail Archive

Re: [Trans] AIA/cRL for logged certificates

Carl Wallace <carl@redhoundsoftware.com> Fri, 27 March 2015 12:51 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB93C1ACDAD for <trans@ietfa.amsl.com>; Fri, 27 Mar 2015 05:51:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AADHEzsY4wHg for <trans@ietfa.amsl.com>; Fri, 27 Mar 2015 05:51:26 -0700 (PDT)
Received: from mail-qg0-f42.google.com (mail-qg0-f42.google.com [209.85.192.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D05291ACDA8 for <trans@ietf.org>; Fri, 27 Mar 2015 05:51:25 -0700 (PDT)
Received: by qgep97 with SMTP id p97so132064933qge.1 for <trans@ietf.org>; Fri, 27 Mar 2015 05:51:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version:content-type; bh=ILXY6J1hWQVnnSw5IuvTZSBuWKO+pIMmDQB+Vi4q1Ko=; b=FgRjgUl3HEpHPv89Je5HDaWwyVXLgT9AznxLj/kV6t7kzICDPVfft2llxrUTpKXyoY U4BCWKlgn6/i/ZQgeujWXeoCqWz6JG966YlM9e3X736RM8Hf3K1aEIi6xaMU6p0kUcxu /BSZE7PzQ24elS4hFU8pUFf7oI/RCIlSQTMrD7kT/ClCbILeb3WNXWFSmw2/NZ0Hedlt sfFwdHvU54AOk/ySvkuTxUstJFwndtCf2k1EBEV+8ApfTfZAFPODVugkqFTMfeqVZGMu d5Lr8xHM7jvxa5o0CIdnX885LU0q0Yr7Cz5fIbw+IqJ8McuBh662HpwC8N+Z7BXNIo10 Gs0g==
X-Gm-Message-State: ALoCoQkiKz4hWCTcEb4WITZujWVXsQBwO7eP/ooaZYuGnPCsvDHsU7lrwEzPK/V79sUYwj8lXsyo
X-Received: by 10.55.20.35 with SMTP id e35mr38849841qkh.37.1427460684869; Fri, 27 Mar 2015 05:51:24 -0700 (PDT)
Received: from [192.168.2.27] (pool-96-241-148-223.washdc.fios.verizon.net. [96.241.148.223]) by mx.google.com with ESMTPSA id 23sm1357057qkr.41.2015.03.27.05.51.22 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 27 Mar 2015 05:51:24 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.4.7.141117
Date: Fri, 27 Mar 2015 08:51:20 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Ben Laurie <benl@google.com>, Eran Messeri <eranm@google.com>
Message-ID: <D13AC9E6.3152F%carl@redhoundsoftware.com>
Thread-Topic: [Trans] AIA/cRL for logged certificates
References: <CALzYgEcS8DuqbcPKZRbn1DC2hpSX9WM-NnQf7dkvx_V-jL+QMQ@mail.gmail.com> <CABrd9SQ1FXEVrLXS-fOHRYpsShX3R-ByBo8E3qxhkoOBMQZY5g@mail.gmail.com>
In-Reply-To: <CABrd9SQ1FXEVrLXS-fOHRYpsShX3R-ByBo8E3qxhkoOBMQZY5g@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3510291083_7098146"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/y6ACd5VAEtKjIumRrj3smLjs924>
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] AIA/cRL for logged certificates
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 12:51:29 -0000

From:  Ben Laurie <benl@google.com>
Date:  Friday, March 27, 2015 at 8:47 AM
To:  Eran Messeri <eranm@google.com>
Cc:  "trans@ietf.org" <trans@ietf.org>
Subject:  Re: [Trans] AIA/cRL for logged certificates

> 
> 
> On 27 March 2015 at 12:45, Eran Messeri <eranm@google.com> wrote:
>> I'd like to get opinions from the list on solutions to the following problem,
>> which Ben originally pointed out. It applies to Precertificates currently,
>> but would apply to X.509 certificates if ticket #4 is accepted.
>> 
>> An "undesirable" certificate is issued and logged (without including
>> Authority Information Access / CRL distribution point) and upon discovery is
>> revoked - the CRL distribution point in the issuer or one of the intermediate
>> certs will list it as revoked.
>> That certificate would be signed a second time with the same issuer key, but
>> not logged a second time (as the SCT produced for the first certificate is
>> valid for the second one). When it is served, it is served together with a
>> chain that is different than the one logged, and the issuer or intermediates
>> in this chain point to a different AIA/CRL that does *not* show list this
>> certificate as revoked (The implied assumption is that the attacker controls
>> the private key of the issuer).
>> 
>> Implication: A client believes it has a legitimate certificate by validating
>> the SCT and performing an online revocation check.
>> 
>> Potential mitigations:
>> - Require that the client only use the AIA/CRL distribution point from the
>> chain logged in the CT log (which forces the client to fetch it online,
>> before completing the connection).
> 
> Then its not a potential mitigation!

This option would not necessarily work as the CRL referenced by the DP in
the log may not cover the newly issued certificate.

>  
>> - Require the presence of AIA/CRL distribution point in the end-entity
>> certificate.
>> 
>> Any other suggestions?
>> Eran
>> 
>> _______________________________________________
>> Trans mailing list
>> Trans@ietf.org
>> https://www.ietf.org/mailman/listinfo/trans
>> 
> 
> _______________________________________________ Trans mailing list
> Trans@ietf.org https://www.ietf.org/mailman/listinfo/trans

v2.23.0 | Report a Bug | By Email