Re: Certificate Transparency Newsletter - August 2015

42 views
Skip to first unread message

Rob Stradling

unread,
Oct 19, 2015, 7:31:36 AM10/19/15
to certificate-...@googlegroups.com, tr...@ietf.org, ct-p...@chromium.org
On 17/08/15 18:24, 'Adam Eijdenberg' via certificate-transparency wrote:
> (posted to certificate-...@googlegroups.com, tr...@ietf.org
> and ct-p...@chromium.org)
<snip>
> Lookahead:
> - We're very interested in exploring how we make it viable for a
> site-owner to be able to opt-in to requiring CT, ahead of any general
> browser-enforced deadlines. We would welcome participation in helping
> define what this might look like in a manner that would work well for
> both browsers and site-owners.

Adam,

RFC 7633: "X.509v3 Transport Layer Security (TLS) Feature Extension"

This newly standardized certificate extension could be used to signal
that the TLS server MUST send the CT TLS extension.

I realize that this may not suit many early adopters, since few deployed
servers support the CT TLS extension yet. But I figured it was worth
mentioning.

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

Tom Ritter

unread,
Oct 19, 2015, 9:29:59 AM10/19/15
to certificate-transparency, tr...@ietf.org, ct-p...@chromium.org
It could... but that seems awfully limited. Requiring CT is a lot
easier than requiring one of the specific forms. If you change
infrastructure, and lose the ability to include a TLS Extension, you
can at least staple OCSP or get them embedded in a cert.

-tom

Rob Stradling

unread,
Oct 19, 2015, 10:06:01 AM10/19/15
to Tom Ritter, certificate-transparency, tr...@ietf.org, ct-p...@chromium.org
On 19/10/15 14:29, Tom Ritter wrote:
That's true.

Perhaps 6962-bis should prohibit or recommend against using TLS Feature
for the CT TLS extension then. Or...

Actually, I can't find any explicit requirement in RFC7633 that says
words to the effect of "The TLS server MUST send TLS extension X". The
actual requirements are expressed more vaguely than that. e.g.
"A server offering an end-entity certificate with a TLS feature
extension MUST satisfy a client request for the specified feature"
"If these features are requested by the client in its ClientHello
message, then the server MUST return a ServerHello message that
satisfies this request."

So, perhaps 6962-bis could specify that, if a TLS client sends the CT
TLS extension and the TLS server's cert contains the TLS Feature cert
extension with the CT TLS extension identifier, then the TLS server MUST
"satisfy the request" by sending SCTs via any of the three supported
mechanisms (CT TLS extension, cert extension, stapled OCSP response
extension).

Tom Ritter

unread,
Oct 19, 2015, 12:29:55 PM10/19/15
to certificate-transparency, tr...@ietf.org, ct-p...@chromium.org
On 19 October 2015 at 09:05, Rob Stradling <rob.st...@comodo.com> wrote:
> Perhaps 6962-bis should prohibit or recommend against using TLS Feature for
> the CT TLS extension then. Or...
>
> Actually, I can't find any explicit requirement in RFC7633 that says words
> to the effect of "The TLS server MUST send TLS extension X". The actual
> requirements are expressed more vaguely than that. e.g.
> "A server offering an end-entity certificate with a TLS feature
> extension MUST satisfy a client request for the specified feature"
> "If these features are requested by the client in its ClientHello
> message, then the server MUST return a ServerHello message that
> satisfies this request."
>
> So, perhaps 6962-bis could specify that, if a TLS client sends the CT TLS
> extension and the TLS server's cert contains the TLS Feature cert extension
> with the CT TLS extension identifier, then the TLS server MUST "satisfy the
> request" by sending SCTs via any of the three supported mechanisms (CT TLS
> extension, cert extension, stapled OCSP response extension).

So... you could. But it wouldn't solve the generic problem of letting
a site owner dictate that CT should always be enabled for their
domain. The reason I'm critical of 7633 is that it only applies to a
single certificate[0]. If I want to 'enforce' CT for a single
certificate, via a x509 extension... I could just put the CT x509
extension in the certificate.

I'm opposed to the idea of a x509 extension seen on one certificate,
once, applying a policy for the entire domain. For one thing it's
weird, and for another thing it has no way to indicate how long the
policy should apply for. (And it couldn't work for wildcard certs.)

[0] Now technically where 7633 really comes into play and is very
useful is when it's included in intermediates or (my pounding heart be
still) - root certs. In *that* case it would work great for requiring
CT... but not for site owners, for certificate authorities. A CA is
assured that all the certs it issues will be publicly logged, and it
can use this as a check against misissuance. I think that's great...
but it still doesn't help site owners. =)

-tom

Rob Stradling

unread,
Nov 4, 2015, 7:28:16 AM11/4/15
to Tom Ritter, certificate-transparency, tr...@ietf.org, ct-p...@chromium.org
Tom,

I just raised http://trac.tools.ietf.org/wg/trans/trac/ticket/113 to
track this.

How do you envisage that we let "a site owner dictate that CT should
always be enabled for their domain"?
Some sort of HTTP header (a la HSTS and HPKP), perhaps?
Do you think this is something that the TRANS WG should specify (in
6962-bis or some other document)? Or should we punt it to WEBSEC or
some other place?

Thanks.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.

Tom Ritter

unread,
Nov 4, 2015, 10:26:51 AM11/4/15
to Rob Stradling, certificate-transparency, tr...@ietf.org, ct-p...@chromium.org
On 4 November 2015 at 06:28, Rob Stradling <rob.st...@comodo.com> wrote:
> Tom,
>
> I just raised http://trac.tools.ietf.org/wg/trans/trac/ticket/113 to track
> this.
>
> How do you envisage that we let "a site owner dictate that CT should always
> be enabled for their domain"?
> Some sort of HTTP header (a la HSTS and HPKP), perhaps?

Yea, probably.

> Do you think this is something that the TRANS WG should specify (in 6962-bis
> or some other document)? Or should we punt it to WEBSEC or some other
> place?

A process question for the chairs I'd say. Probably websec? I've
volunteered to do this draft before, and it still stands. Now that
Firefox is working on implementing the x509 version, they may be open
to implementing a header version as well - before the feedback seemed
to be "Yea, maybe, but will anyone implement in a timely fashion?"

-tom
Reply all
Reply to author
Forward
0 new messages