Option 1: No name redaction allowed at all.This is perhaps the simplest option, and provides the most public trust and transparency. This treats all domain names, and certificates issued by public trust anchors, as needing a degree of public accountability. It improves the present state of the anti-phishing world, by requiring that all domain names (which have certificates associated with them) be publicly disclosed and programatically accessible, which can then be used to do analysis and mitigation for threats.On the other hand, it is at some conflict with the hierarchical notion of the DNS - in which domain holders are permitted, by design, to set the policies below their domain. It does feel at odds with this design to dictate policies to domain holders that all labels must be, in effect, public.Option 2: Allow redaction without any associated policies.This is non-viable, precisely because it would allow a CA to redact domains to a degree that prevents detection of misissuance. For example, it is technically valid to log a precertificate for "*.?.com" - but such a log event provides no information to Monitors and Auditors of the well-functioning behaviour of the CA, or that a misissuance event has not occurred.Option 3: Only permit redaction up to the level of effective TLD - plus two labels.This relies upon using information from secondary sources, such as the public suffix list, to determine what an effective TLD is. For example, "com" is a TLD, as is "uk", as both appear within the IANA Root Zone Database, while "co.uk" is effectively a TLD, as registrations happen for independent and distinct security zones and entities below it, even though it is not part of the Root Zone Database.The "plus two labels" means that, for a given domain of top.secret.example.com, we determine the effective TLD as "com", thus one additional label is "example.com", and two additional labels are "secret.example.com". As such, it would be permissible to redact as "?.secret.example.com", but it would be a violation to redact as "?.?.example.com".The reasoning for this is subtle, and is based on finding the appropriate balance between the need for accountability and transparency with respect to Publicly Trusted Certificates, while accepting the sovereignty and needs of domain holders to keep some domain labels 'hidden' from the world at large. Accepting a policy of eTLD+1, such that "?.example.com", has been a concern of multiple domain operators we've spoken to, because of the uncertainty as to whether that certificate was for "www.example.com", "mail.example.com", or "testing-and-staging.example.com", each of which may be operated by different teams and different policies. The goal is to ensure that those running the server for, say, mail.example.com, cannot inadvertently permit a CA to misissue a certificate for www.example.com.This also seeks to balance the incentives of domain holders who desire redaction with the need for transparency, in that it admittedly does mean that, in order to leverage the advantages afforded by name redaction, an organization must take appropriate steps to segment their DNS into a redaction zone. The risk is that, without such a policy, redaction will be seen as the default, whether by users or, worse, encouraged by CAs, and thus mask or dilute misissuance events.With Option 3, there's two variants:Option 3a: The determination of the "effective TLD" shall consider both the ICANN and PRIVATE divisions of the Public Suffix List (as described at https://publicsuffix.org/list/ )Option 3b: The determination of the "effective TLD" shall only consider the ICANN section of the Public Suffix ListOn the basis of the security arguments, it would seem like Option 3a is the appropriate balance, and we've not yet found an argument for Option 3b, but are including for completeness.We would like to solicit discussion and feedback on these options, from CAs, domain holders, monitors, and clients. There are various concerns from stakeholders that have been privately raised, but we think it's much more appropriate to have a public discussion.We would also like to see about reaching a decision over the course of the next several weeks. We believe that if there is consensus to be found as to how redaction shall happen, then it can play a significant role in determining what appropriate steps Chromium takes in response to Symantec's misissuance event, both for the set of pre-existing certificates that were issued prior to 1 June 2016, and for those certificates issued after 1 June 2016.
--
You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+...@chromium.org.
To post to this group, send email to ct-p...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/c0aa7e6f-9f42-4b2d-a59a-5fc5184a16c3%40chromium.org.
As RFC 6962-bis approaches maturity, it seems an appropriate time to begin a discussion regarding policies surrounding the redaction of domain labels within certificates. This is particularly salient for two reasons: Ensuring that a Log Policy for RFC 6962-bis is appropriately ready as 6962-bis finalizes, and due to the upcoming requirement on 1 June 2016 that Symantec Corporation must disclose all certificates issued, as a result of a past continuous series of misissuance events.RFC 6962-bis, Draft 13, Section 4 spells out, briefly, the argument for domain redaction, as well as possible means of technically accomplishing it. These means are, in essence, the use of a wildcard certificate, a special construction of the pre-certificate to allow substitution of domains, or the use of what is termed as a Name-Constrained Intermediate CA, which is technically compatible with the definition in the Baseline Requirements of a Technically Constrained Subordinate CA Certificate.As part of this discussion, there are three main actors to consider - what is expected of the Logs when accepting a certificate, what is expected of CAs when submitting a precertificate, and what is expected of clients when encountering such a certificate. Our core concern is on the latter two elements - ultimately, the Log will ideally accept any submission (that appropriately chains), and instead, it's a question of what CAs are expected/permitted to do, and what Chromium clients will do in response.There's also two facets to this discussion - what is acceptable for EV certificates, and what is acceptable for those certificates that are not EV (i.e. notions like DV/IV/OV). To simplify this, we are only talking about policies for the not-EV case. As currently implemented and deployed, name redaction is not permitted for EV certificates, as reflective of the current UI treatment granted to them and communicated to users, we have no plans to revisit this decision as a matter of policy and trust, even if it becomes technically viable. So this discussion is primarily about DV certificates.To recap: This is focused on what CAs are expected to do (and what clients will do when encountering such) for non-EV certificates.Option 1: No name redaction allowed at all.This is perhaps the simplest option, and provides the most public trust and transparency. This treats all domain names, and certificates issued by public trust anchors, as needing a degree of public accountability. It improves the present state of the anti-phishing world, by requiring that all domain names (which have certificates associated with them) be publicly disclosed and programatically accessible, which can then be used to do analysis and mitigation for threats.On the other hand, it is at some conflict with the hierarchical notion of the DNS - in which domain holders are permitted, by design, to set the policies below their domain. It does feel at odds with this design to dictate policies to domain holders that all labels must be, in effect, public.
Option 2: Allow redaction without any associated policies.This is non-viable, precisely because it would allow a CA to redact domains to a degree that prevents detection of misissuance. For example, it is technically valid to log a precertificate for "*.?.com" - but such a log event provides no information to Monitors and Auditors of the well-functioning behaviour of the CA, or that a misissuance event has not occurred.Option 3: Only permit redaction up to the level of effective TLD - plus two labels.This relies upon using information from secondary sources, such as the public suffix list, to determine what an effective TLD is. For example, "com" is a TLD, as is "uk", as both appear within the IANA Root Zone Database, while "co.uk" is effectively a TLD, as registrations happen for independent and distinct security zones and entities below it, even though it is not part of the Root Zone Database.The "plus two labels" means that, for a given domain of top.secret.example.com, we determine the effective TLD as "com", thus one additional label is "example.com", and two additional labels are "secret.example.com". As such, it would be permissible to redact as "?.secret.example.com", but it would be a violation to redact as "?.?.example.com".The reasoning for this is subtle, and is based on finding the appropriate balance between the need for accountability and transparency with respect to Publicly Trusted Certificates, while accepting the sovereignty and needs of domain holders to keep some domain labels 'hidden' from the world at large. Accepting a policy of eTLD+1, such that "?.example.com", has been a concern of multiple domain operators we've spoken to, because of the uncertainty as to whether that certificate was for "www.example.com", "mail.example.com", or "testing-and-staging.example.com", each of which may be operated by different teams and different policies. The goal is to ensure that those running the server for, say, mail.example.com, cannot inadvertently permit a CA to misissue a certificate for www.example.com.This also seeks to balance the incentives of domain holders who desire redaction with the need for transparency, in that it admittedly does mean that, in order to leverage the advantages afforded by name redaction, an organization must take appropriate steps to segment their DNS into a redaction zone. The risk is that, without such a policy, redaction will be seen as the default, whether by users or, worse, encouraged by CAs, and thus mask or dilute misissuance events.With Option 3, there's two variants:Option 3a: The determination of the "effective TLD" shall consider both the ICANN and PRIVATE divisions of the Public Suffix List (as described at https://publicsuffix.org/list/ )Option 3b: The determination of the "effective TLD" shall only consider the ICANN section of the Public Suffix ListOn the basis of the security arguments, it would seem like Option 3a is the appropriate balance, and we've not yet found an argument for Option 3b, but are including for completeness.We would like to solicit discussion and feedback on these options, from CAs, domain holders, monitors, and clients. There are various concerns from stakeholders that have been privately raised, but we think it's much more appropriate to have a public discussion.We would also like to see about reaching a decision over the course of the next several weeks. We believe that if there is consensus to be found as to how redaction shall happen, then it can play a significant role in determining what appropriate steps Chromium takes in response to Symantec's misissuance event, both for the set of pre-existing certificates that were issued prior to 1 June 2016, and for those certificates issued after 1 June 2016.
--
I see another variant of option 3 which seems worth mentioning. Require that certificates with SCTs containing name redaction are only allowed to be served from the private IP address space. This is a policy that would have to be implemented in the client, so it's not a CA policy as such. That is, if the client receives a SCT with name redaction from a server on a public IP, the cert validation would fail. This could help mitigate phishing certs (only for those clients supporting CT though [1]), and it would probably restrain server owners from unnecessarily using name redactions.[1] ..or it could be combined with some "local only" critical extension, meaning that name redacted certs would only work in clients supporting the extension. This might be acceptable since it will only affect private networks where there is relative good control of which clients are being used.
On 1 April 2016 at 03:19, Ryan Sleevi <rsl...@chromium.org> wrote:
<snip>
On the other hand, it is at some conflict with the hierarchical notion of the DNS - in which domain holders are permitted, by design, to set the policies below their domain. It does feel at odds with this design to dictate policies to domain holders that all labels must be, in effect, public.
This point seems important to me, and allows for a fourth possibility:Option 4: Allow domain owners to set redaction policyThis could be informal, e.g. domain owners can spot certs with names in their domains that are overly redacted in their view, and then:a) Update their internal policies to prevent recurrence,b) Ask for the corresponding cert to be revoked.This could also deal with redactions like "?.com" as anyone owning a domain in .com would be able to ask for revocation.
On Fri, Apr 1, 2016 at 5:37 AM, Ben Laurie <be...@google.com> wrote:On 1 April 2016 at 03:19, Ryan Sleevi <rsl...@chromium.org> wrote:<snip>On the other hand, it is at some conflict with the hierarchical notion of the DNS - in which domain holders are permitted, by design, to set the policies below their domain. It does feel at odds with this design to dictate policies to domain holders that all labels must be, in effect, public.This point seems important to me, and allows for a fourth possibility:Option 4: Allow domain owners to set redaction policyThis could be informal, e.g. domain owners can spot certs with names in their domains that are overly redacted in their view, and then:a) Update their internal policies to prevent recurrence,b) Ask for the corresponding cert to be revoked.This could also deal with redactions like "?.com" as anyone owning a domain in .com would be able to ask for revocation.Unfortunately, I think relying on revocation - which seems key to this proposal - would be a non-starter, given that revocation doesn't work; not just for browsers, but also the vast majority of TLS clients (e.g. those based on OpenSSL, or those using language bindings from PHP, Perl, Python, Go, etc).So I want to avoid a situation where revocation (either via OCSP/CRL or via blacklisting) is seen as the mitigation for a problem.
The question of how to implement [1] is figuring out what represents an acceptable set of "local only" in a world of IPv6. My understanding and belief is that the notion of a separation between "public" and "private" becomes significantly more muddy in an IPv6 world - while you could say it's only applicable to link-local addresses, I believe that's different (and less flexible) then what you'd get with IPv4's reserved IP range - and so if we accept IPv6 as a reality, I'm not sure how we would implement that.
On 1 April 2016 at 17:14, Ryan Sleevi <rsl...@chromium.org> wrote:
<snip>
Unfortunately, I think relying on revocation - which seems key to this proposal - would be a non-starter, given that revocation doesn't work; not just for browsers, but also the vast majority of TLS clients (e.g. those based on OpenSSL, or those using language bindings from PHP, Perl, Python, Go, etc).So I want to avoid a situation where revocation (either via OCSP/CRL or via blacklisting) is seen as the mitigation for a problem.
So, is the idea with 3 that logs refuse to log certs that don't comply?
I'm generally supportive of name redaction, and I understand the
concerns with allowing eTLD+1 redaction. That said, the eTLD+2 policy
strikes me as rather arbitrary and I don't think it fully solves the
problems which you raised. For instance, a sub-division of example.com
which uses sub.example.com might outsource their mail server,
mail.sub.example.com, to a third party. If a name-redacted pre-cert
for ?.sub.example.com is logged, the monitor run by sub.example.com
would not know what to do. Also, CAs could still redact as
much as possible by default. If they think redaction is good, why
wouldn't they? The difference in harm to the CT ecosystem between
redacting to eTLD+1 by default and redacting to eTLD+2 by default is
just a matter of degree.
I would instead require mandatory opt-in to name redaction with
a newly-defined property in a CAA record. Any label to the left
of the name with the CAA record could be redacted. For example,
a domain holder could allow redactions like ?.internal.example.com
or ?.?.internal.example.com by setting the appropriate CAA record on
internal.example.com. A domain holder who is sufficiently confident in
their internal accounting of certificates could even permit redactions
like ?.example.com by setting a domain-wide CAA record on example.com.
And a domain holder who wants no redaction could have that too.
Browsers would not be able to enforce this policy. However, a domain
holder's monitor would know their redaction policy and raise an alarm
if an overly-redacted pre-certificate for their domain is logged. Of
course, browsers should still enforce that no labels are redacted past
eTLD+1, to ensure that a domain holder's monitor can actually notice
the log entry.
This procedure is independently verifiable - if there is no such CAA record on internal.company.co.uk, then the issued certificate is bogus.It does add latency - 1 uncommon DNS query - to the browser's TLS connection, which is unfortunate. I would recommend caching a positive result for a static period (24hr?) to avoid that overhead, and a negative result for a shorter period (10m?) to discourage attacks.
First of all, I support the eTLD+2 proposal, with language strongly suggesting that it be named things like 'private', 'internal', or 'restricted'. For example, "service.internal.company.co.uk" would be allowed to be logged as "?.internal.company.co.uk".What if we had a CAA record that was enforced by the browser?
This procedure is independently verifiable - if there is no such CAA record on internal.company.co.uk, then the issued certificate is bogus.It does add latency - 1 uncommon DNS query - to the browser's TLS connection, which is unfortunate. I would recommend caching a positive result for a static period (24hr?) to avoid that overhead, and a negative result for a shorter period (10m?) to discourage attacks.Also, it makes DNS a source of certificate validity information, which it was not in the past. Questionable dependency there.
I would make this a brand new CAA property, and completely decouple
it from the question of issue/issuewild enforcement. In theory, CAs
should have no problem with this - they aren't currently allowed to do
name redaction anyways, and the presence or lack of the name redaction
property would apply equally to all CAs. Adopting CAA for the limited
purpose of name redaction seems like all upside for CAs compared to
the status quo. Hopefully being able to offer name redaction to their
customers would be sufficient motivation for CAs to do the small amount
of engineering work needed and to overcome any psychological aversion
to the general concept of CAA. For this reason, I think it's important
that CAA be used from the beginning with name redaction if it is to ever
be used: rolling it out later will be much harder if it results in a
restriction on CAs compared to the status quo.
Good point, although it doesn't seem like this would be a dealbreaker
in practice. Redactions can't "escape" up the hierarchy, so if the
administrators of example.com see a redaction
of ?.internal.example.com, they know they need to talk with the
internal.example.com administrators.
Right, though to be clear CAs would only need to examine the name
redaction property, and not the issue/issuewild properties. I would
also propose that a violation by a CA of this policy would be grounds
to reject future name redactions by that CA.
On Fri, Apr 1, 2016 at 3:45 PM, Ryan Sleevi <rsl...@chromium.org> wrote:
> At fundamental question is whether or not an over-redacted pre-certificate
> should represent "misissuance". If so, it's clearer what can happen to that
> CA, up to and including removal. However, if it's not misissuance, but
> "something else," that becomes trickier.
An "over-redacted" pre-certificate should not be worse than no
pre-certificate. After all, there is no requirement that a CA log
every certificate they issue, as far as I know.
The requirements
suggested and discussed so far are all at the per-certificate level
and are "if you want Chrome to accept the certificate" not "if you
want Chrome to accept the CA", unless I'm missing something.
Majority of the domains where our customers chose to preserve privacy by opting out of CT logging fall under “secret.example.com” pattern – effective TLD + 2 labels. Large enterprise customers have expressed their strong desire to keep their internal domain names private. Permitting redaction up to the level of effective TLD - plus two labels will force many enterprises to change their internal network setup to add one more label to their domain names so that they can preserve the needed privacy.
There can be two options to preserve the privacy as well as give needed control to domain operators:
- Permit redaction up to the level of effective TLD - plus one label.
- Permit redaction up to the level of effective TLD - plus one label or allow domain operators to specify level of redaction for their domain.
A good prevention mechanism like CAA can be effectively used to allow specific CA to issue certificate to specific sub domain operated by different operators.
Let's pretend there is a third CA operator - InterGalacticTrust (IGT)
- in the same category as the above two and assume IGT has a CA called
"IGT Earth CA - G3". As I understand it, this CA could issue
certificates with the following characteristics:
1) EKU: serverAuth, contains SCTs
2) EKU: clientAuth, contains SCTs
3) EKU: serverAuth, no SCTs
4) EKU: clientAuth, no SCTs
Assuming that there are not SCTs in a stapled OCSP response or a TLS
extension, then Chrome would only trust (1), right? But is there any
reason that IGT couldn't log a precert for #3 or #4? And if they did,
why would it be worse to partially redact it versus not logging it?
So isn't the real issue determining if #1 really meets the requirement
to be trusted, rather than whether IGT is logging "overly" redacted
certificates?
Thanks for starting the discussion here. There are both material implementation benefits from eTLD+1 and reasonable approaches to address the concerns you’ve raised.Supporting eTLD+1 provides the ability for customers who want to redact the option to do so with today’s implementations — our data shows that the majority of server operators who want to redact at all are doing so with only eTLD+1 to begin with.
Supporting eTLD+1 will speed up the feasibility of making CT mandatory since it requires no changes to server operators’ infrastructure. The act of starting with eTLD+2 will necessarily slow down CT adoption to account for the time for server operators who require privacy for their internal domains to rename all their private sites — look at how long transitioning to 2048 or SHA2 is taking… starting with eTLD+1 completely eliminates the dependency on server operators and enables us to create a practical, immediately implementable (and enforceable) policy.
The rationale for eTLD+2 seems to be centered on minimizing false alarms.
There are two cases of false alarms that are being discussed:1. Where server operators individually manage www, mail, cdn and where these server operators monitor individually (if the domain is monitored centrally, eTLD+1 is preferable for server operators and info sec team because it requires less support). It is still possible to minimize false alarms for the individuals in this case, as previously suggested, by requiring CA’s to enable customers the ability to set the level at which they redact. With this requirement, if alarms are triggered for legitimate certificates, it will only be because internal enterprise policy on the acceptable level of redaction wasn’t followed… and those alarms are OK — they will force either no redaction or following of enterprise policy (which can include differences like info sec monitoring results for all of ?.example.com and their CDN monitoring only ?.cdn.example.com).
2. The case of truly bad false alarms would occur only where a CA independently over-redacts. Our expectation is that full logging (no redaction) MUST BE the default implementation for all CA’s, something that (along with allowing customers redaction level flexibility) could be formalized as part of the baseline requirements.
With these two requirements accompanying eTLD+1, we can solve for false alarms, require nothing new from server operators, and create an approach that can move the industry far more quickly to universal support for CT.
On Fri, Apr 1, 2016 at 4:51 PM, Sanjay Modi <sanja...@symantec.com> wrote:Majority of the domains where our customers chose to preserve privacy by opting out of CT logging fall under “secret.example.com” pattern – effective TLD + 2 labels. Large enterprise customers have expressed their strong desire to keep their internal domain names private. Permitting redaction up to the level of effective TLD - plus two labels will force many enterprises to change their internal network setup to add one more label to their domain names so that they can preserve the needed privacy.That's correct, and as explained, that would be intentional/desirable.
There can be two options to preserve the privacy as well as give needed control to domain operators:
- Permit redaction up to the level of effective TLD - plus one label.
- Permit redaction up to the level of effective TLD - plus one label or allow domain operators to specify level of redaction for their domain.
Given the previous explanation of concerns with eTLD+1 earlier on the thread, could you explain if anything was missed in the considerations thus far? Overall, this does not feel appropriate as a blanket policy, as I explained already, and even less so compared to eTLD+2.