David,
On Monday, September 29, 2014, Rick Andrews <[email protected]
<mailto:[email protected]>> wrote:
Santosh,
Since it's not an absolute requirement at this point (either from
CABF or from individual browsers' policies) I suggest that log
servers cannot enforce the use of technical constraints in
intermediate CAs.
We're talking about (non-normatively-specified) monitor servers here,
right?
I am suggesting that the checks be mandatory, and that logs perform them, so
that syntactically mis-issued certs don't get SCTs. If getting an SCT
based on a
pre-cert is supposed to "encourage" CAs to play the CT game, then this
helps them
get off on the right foot.
Log servers need to continue to accept based solely on signature
validity; otherwise they'll miss misissuance. (So *log* servers will
necessarily be agnostic about this.)
I disagree. Once Ben said that he meant mis-issuance to be interpreted
in a much broader context,
and cited EV cert requirements as an example, I pursued documenting what
that would mean. If
the WG wants to say that mis-issuance is more than issuing a cert to the
wrong Subject, then
we need to say just what it is, not hand wave.
Also, log servers, per se, do not detect mis-issuance, unless we have
them perform the checks
I suggested. What I think you meant to say is that if log servers reject
syntactically mis-issued
certs, then these certs will not be subject to analysis by Monitors.
That's true, but there seems
to be an inconsistent argument in play. If one argues that TLS client
will, eventually, reject c
erts that do not contain (or are not accompanied by) SCTs, then having
logs reject syntactically
mis-issued certs is a good thing.
If we agree that the CABF guidelines for Web PKI CAs are the best
reference we have for this
(which seems reasonable for the Web PKI context), then why not enforce
them? Having logs do
the checks has the advantage that CAs get immediate feedback when they
don't get it right at
this basic level.
Monitors, I think, should focus on detecting semantic mis-issuance for
the Subjects that they serve.
Not every Subject may arrange to have a Monitor protect its name and key
binding, and not every
Subject will perform monitoring for itself. So, if logs perform the
basis, syntactic checks,
we get that level of coverage for a lot of Subjects, without having to
require them to perform
or arrange for Monitor functions. Again, this is analogous to the
argument that has been made
for pre-certs, i.e., forcing a CA to embed an SCT into a cert avoids
relying on Subjects to
upgrade their web software to pass a post-issuance SCT during the TLS
handshake. if that is a
valid argument for why we're using the rather complex pre-cert
mechanism, it seems that my
argument for log checking of cert syntax is equally valid.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
