[cabfpub] Notes of meeting, CAB Forum, 18 April 2013

Ryan Hurst ryan.hurst at globalsign.com
Tue May 7 15:48:04 UTC 2013


Ben,

 

Unfortunately I was unable to attend the April 18th call; that said in
review of the notes I see a few things I felt I should comment on :

 

1.      "However, critical name constraints were viewed as a potential
solution, provided that all browsers implement them in a similar fashion. "

a.      From my perspective taking the position that partial solutions like
CAA which provide significantly less value than non-critical name
constraints should be adopted and at the same time on arguing usage of name
constraints without the extension being marked critical is not sufficient
because Apple has not yet implemented support for the extension is logically
inconsistent.

 

Today every major browser other than Safari supports Name Constraints and as
such get the benefit of the least privilege semantics they represent; It
won't be long before apple also adds support for this extension at which
point even they get the benefits this approach would take. At that time the
policy could be switched to mandating critical extensions. Waiting until
Apple gets its act together buys absolutely nothing and means folks are
exposed unnecessarily to over entitled issuing CAs.

 

We should be adopting non-critical name constraints now and not wait for
Apples update.

 

b.      As for browsers implementing name constraints handling in a similar
fashion in early 2000 NIST published the PKITS tests
(http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html) which
include a large battery of tests for name constraints; all major browser
vendors include these tests in their regression tests and they include
verification of Name Constraints behavior so where they are supported we can
expect to see them supported uniformly short of software bugs.

 

2.      "Wendy reminded the group that certificate validation will fail if
you add a subject alternative name that does not follow the pattern used for
critical name constraints (for instance, if you include a GUID/UUID in the
SAN)."

 

This is not what we have seen in testing, that is with the exception of
Windows XP - http://unmitigatedrisk.com/?p=201

 

3.      "and this might be one reason why Apple has not implemented it."

 

I have spoken to apple, while they do not publicly comment on what they are
implementing and not; I can assure you XPs behavior is not holding apple
back from implementing Name Constraints.

 

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Ben Wilson
Sent: Monday, May 06, 2013 2:36 PM
To: public at cabforum.org
Subject: [cabfpub] Notes of meeting, CAB Forum, 18 April 2013

 

Here are the notes of the penultimate CA/Browser Forum meeting held on 18
April 2013

 

1.                Present:  Ben Wilson, Mads Henriksveen, Jeremy Rowley,
Gerv Markham, Rick Andrews, Tom Albertson, Ryan Koski, Atsushi Inaba, Wayne
Thayer, Robin Alden, Eddy Nigg, Kirk Hall, Wendy Brown, Atilla Biler,
Stephen Davidson, Don Sheehy, and Joe Kaluzny

 

2.                Agenda review:  Version 2 of the agenda was reviewed,
which included discussion of Ballot 99, which Rick had requested previously.
Ben mentioned that he will start keeping a list of some action items not on
the agenda at the bottom of each agenda he sends out, just to keep them in
mind.

 

3.                Approve Minutes of 4 April 2013:  Mads asked for
clarification on Item 14 in the draft minutes regarding Phill's draft white
paper on code signing, which had not been circulated to the Forum as
indicated.  Tom clarified that it had been sent only to the code signing
working group.  With that correction, the minutes of 4 April 2013 were
approved for publication.

 

4.                Announcements and Review of Ballots:  There are no ballots
pending.  Ben stated that several CABF members had requested that we move
our Ankara F2F meeting away from October 1-3 because it conflicted with
their OTA meeting in Bellevue, Washington, on those same dates.  Gerv
suggested that we hold another straw poll. 

 

5.                DSA Keys Ballot 99:  Rick is writing up the text on Ballot
99 to amend Appendix A to add DSA 2048 to list of approved algorithms. 

 

6.                Report of NIST Workshop:  Ben explained that the purpose
of the workshop was to review the industry solutions that require
multi-stakeholder involvement-mainly DANE and CT-although several similar
technologies were discussed.  There was general consensus that DNSSEC when
fully deployed as a separate technology will help improve the overall
security of the Internet.  One of the barriers to DANE is the lack of full
DNSSEC deployment throughout the Internet.   There are also issues with CT
that need to be worked out-primarily who will run and manage the CT logs and
will they be sufficiently robust.  Another issue is how many log records
will have to be embedded in certificates.  Stephen noted that the
presentations on CT are helpful in understanding how the log servers will
work, but there is little information on what CAs will need to do to
participate in pilot testing.  It was suggested that we start a list
discussion to gather more information on this topic and that the resources
be collected on a wiki page dedicated to CT.  Rick said that Adam, Ben, and
Emilia from Google have been very helpful.  Stephen said that CAs developed
in-house will have an easier time implementing CT than those who have
acquired their systems off-the-shelf.  

 

During the NIST Workshop OCSP Stapling and Must-Staple were also discussed.
The take-away is that we need to identify remaining gaps that prevent
implementing OCSP must-staple as a solution.   Another take-away is that CAs
need to do a better job working with their customers and provide better
advice on server configurations and the use of SSL/TLS.  The Dutch
Government presented on Diginotar.  Fox-IT's time-lapse animation of OCSP
responses for the *.google.com from the Black Tulip Report was shown a
couple of times.  (http://youtu.be/wZsWoSxxwVY).  It showed how use of the
certificate concentrated in Iran, but then spread to other parts of the
world as a result of DNS redirection, etc.  Jens Bender presented on his
work on strengthening audit requirements for issuers of qualified
certificates and EV certificates.  Ben presented an overview of current
audit frameworks, including ETSI and WebTrust.  

 

Other technology discussions included CAA, HSTS, pinning, and hierarchical
geographic / DNS scoping.  There was consensus that, putting aside any
potential anti-competitive lock-in concerns, CAA would not break anything
and so should be considered as a partial solution.    HSTS and pinning
received favorable responses.  Pure hierarchy-based geographic and
jurisdiction-based domain name scoping were not received favorably.
However, critical name constraints were viewed as a potential solution,
provided that all browsers implement them in a similar fashion.  Rick noted
that no solution was identified as a fix-all, so the recommendation was that
all parties should try and implement as many of the solutions as they deemed
feasible so that we can experiment with them and get a better feel for what
works and what doesn't work.  Another related point was to identify how well
each of the solutions mitigates the threat and/or vulnerability that it aims
to address. 

 

Wendy said that from her perspective, the workshop organizers did not want
everyone going off and trying all of these different solutions, but that
they were trying to get people to come to consensus on which of the
solutions would provide the biggest bang for the buck, as opposed to
spreading efforts across all potential efforts.  Ben noted that NIST was
hoping a coordinating group would emerge that would give direction and
encouragement to the efforts already underway at IETF, CAB Forum, etc.  

 

7.                Ballot 89 Relaunch of EV Processing Guidelines:  Rick
updated the document following the F2F in Mountain View and would like to
put forth a ballot that either adopts an update to the current EV Processing
Guidelines on the web site or removes the current one.  Ben suggested that
the ballot could be made in the alternative, as outlined by Rick.  Rick
noted that there has been a certain degree of fatigue from those who have
worked on the revisions thus far.  Tom offered to review the current version
2 draft with people at Microsoft and Mozilla, including Kathleen, but it
might be a couple weeks before he is able to provide feedback.  

 

8.                Browser implementation of Critical Name Constraints and
use of DirectoryName and DNSName to technically constrain external subCAs:
Ben said that this agenda item was related to a proposal by Steve Roylance
to amend the Baseline Requirements, which has been discussed on the list,
and comments made during the NIST Workshop about whether browsers were
properly implementing critical name constraints, particularly Apple.   The
proposed ballot also addresses audit exceptions when sub CAs are technically
constrained, and the Mozilla policy includes similar language.  While Steve
could not be on this call, he had previously noted that we need to keep
moving forward on resolving this critical name constraints issue.  Wendy
reminded the group that certificate validation will fail if you add a
subject alternative name that does not follow the pattern used for critical
name constraints (for instance, if you include a GUID/UUID in the SAN).   A
take-away from criticality is that it makes it more likely that something
will fail if you don't do it right, and this might be one reason why Apple
has not implemented it.  Robin noted that criticality, per se, is not the
issue with Apple--Apple simply ignores name constraints altogether, but
Geoff has indicated previously that fixes to name constraints are part of
Apple's product plans.  However, no one currently has information on the
status of that fix.  Rick said we should also check to see if all other
browsers handle critical name constraints properly.

 

Kirk wondered whether the proposed ballot was to address audits of RAs under
Mozilla's policy, but that anyone with problems implementing name
constraints should take it up with the particular browser.  Robin said that
Mozilla has a clear position, but how it fits in with the root programs of
other browsers is also an issue.  Ben asked whether Tom could discuss name
constraints with Kathleen if he is going to talk to her anyway to see
whether all browsers have a common approach to name constraints.  Tom and
Gerv said that they support name constraints, so there may not be an issue
to discuss.

 

9.                Any Other Business:  Joe Kaluzny raised the issue from the
Baseline Requirements' prohibition on responding "good" to a non-issued
certificate (Ballot 80).   August 1, 2013 is fast approaching, and we had
said that we would revisit this prohibition if CRL-based systems had not
been patched in time.  Joe said that their Microsoft OCSP responder is based
on CRLs and they are concerned that a patch will not be available.  He also
said that some vendors may decide not to support that capability.  Gerv said
that before we take action to postpone this deadline, it would be good if we
could get reports back from vendors who are not compliant with this
requirement to find out what their plans are, and if they are going to patch
this, their anticipated date of delivery.  Joe said that from his last
discussions with Microsoft he did not believe that they were planning to
patch this.  Wendy and Jeremy discussed whether the revision to RFC 2560
would also address this.   Ben said that those planning on presenting a
ballot to eliminate or delaying the requirement should also present what
efforts they are making to address the problem of "non-issued" certificates
and moving certificate status technology forward beyond where we are
today-not that this suggestion is tied to the ballot, but just advice that
they should be looking at the solutions that are out there-including
security mitigations that show their risk posture is the same or better than
modifying their software to not respond "good" for non-issued certificates.

 

Next Code Signing meeting will be next Wednesday, April 24, at 1600 UTC.

 

10.          Next CAB Forum call will be Thursday, May 2nd, at 1600 UTC.

Meeting adjourned.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130507/7fd8922b/attachment-0003.html>


More information about the Public mailing list