[cabfpub] Ballot for limited exemption to RFC 5280 forCTimplementation
Ben Laurie
benl at google.com
Fri Sep 26 12:52:36 UTC 2014
On 19 September 2014 10:14, Steve Roylance
<steve.roylance at globalsign.com> wrote:
> Hi all,
>
> I've recently (For my own interest and not because I'm the responsible
> person
> within GlobalSign to debate such matters) been thinking of ways NOT to break
>
> 5280 but keep the same basic principle of CT intact. If we have some
> freedom with AKI
> then for me we have a very simple alternative which allows CA's to construct
>
> 5280 compliant certificates. Here goes...
>
> Initially you need a nonpublic "CT root" creating. You then create a 'test
> issuing CA' from this root which exactly matches the 'real' issuing CA that
> you intend to use in every way (such that the only differences are based on
> the key materials from these new CAs (bare with me on this part). You can
> of
> course make S/N, dates etc all 100% the same if you wish.
Why you call this a "test" issuing CA?
> You then issue the TBScertificate from the 'test issuing CA' (Here you
> ensure
> that 100% of the content of the EE matches the final 'real' certificate into
>
> which you'll also add the SCT, except that the AKI can never match the final
>
> cert without breaking 5280.... but we don't want to break it, so AKI remains
>
> correct for the TBScertificate based on the test CA and therefore chaining
> can
> be verified by the log server). Everything will validate correctly as it's
> a
> working RFC/BR complaint EE cert.
> In terms of logging, the CA submits the TBScertificate and the alternative
> 'real' AKI that the CA intends to use for the real certificate. The CT log
> server can then check chaining of the TBScertificate to the non public CT
> root, extract all items from the cert, replace the AKI and calculate the
> hash
> of the cert (Noting that issue date will change as we don't want to play
> with
> times for issuance but end date will stay the same) and you get back the SCT
>
> which will match your final 'real' certificate as intended. The SCT is
> effectively the CT log's reply that it promises to create an entry in the
> log,
> and the test cert is CA's promise that it 'intends' to create a certificate
> with all of the items in the test cert (and the changed AKI). So everyone is
>
> happy as nothing has to be broken. So the net result is:-
>
> 1) CA's don't have to break RFC5280 at all (No S/N issues, same s/w they use
>
> today etc.)
> 2) CA's only have to submit one root to a log server and therefore avoid
> having to run around the log servers in the future adding new roots as and
> when they create them (Caveat...maybe you need one test ECC root and one
> test
> RSA root)
Perhaps I'm misunderstanding, but this seems wrong:
a) You'd need one of these "test" CAs for each real CA, because the
subjects have to match, right?
b) You'd have to register the real roots anyway to allow non-pre-cert
SCTs to be obtained.
> 3) CA's only need to create one CA hierarchy for testing (which is a
> duplicate
> in terms of subject naming as a minimum) therefore making it very clear
> what's
> real and needs to be BR audited and what's not
> 4) It achieves 100% of the requirement from CT in that 100% of the
> deconstructed cert content
> must be the same between TBSCertificate and real cert so there are no
> padding possibilities.
As I understand it, the AKI would be different? So the log would
presumably have to log the pre-cert _and_ the AKI submitted alongside
it? And we'd have to have some mechanism for CAs to sign the AKI so
the log couldn't swap in a different one, I guess?
> 5) As the "CT root is unique to the CA, you will not get a DoS even from a
> hacker by the hacker simply sending a test cert to the log as the log only
> accepts certs based on the pre-registered roots (even if they are test ones
> and not real ones they are still the CA's statement of issuance and all
> CT benefits therefore apply)
I don't understand this point at all!
> 6) If at the last second the real certificate cannot be issued then no harm
> no
> foul.
I believe this is true in general - if a precert is issued but no
corresponding cert, then a CA has done nothing wrong. If the precert
is a promise for a cert that would be mis-issued, then the CA would
still have to revoke it, regardless of whether (it is claimed that) it
was actually issued or not.
> Does that solve some/all of the issues or should I go back to my day job?
>
> Kind Regards
>
> Steve Roylance
>
>> -----Original Message-----
>> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
>> Behalf Of Rob Stradling
>> Sent: 19 September 2014 09:24
>> To: Erwann Abalea; Brian Smith
>> Cc: CABFPub
>> Subject: Re: [cabfpub] Ballot for limited exemption to RFC 5280
>> forCTimplementation
>>
>> On 19/09/14 07:04, Erwann Abalea wrote:
>> <snip>
>> > The logic:
>> > - CA produces a PreCert by including the poison extension
>> > - log extracts the TBSCertificate from the PreCert, removes the
>> > poison extension, and changes issuer and AKI if the PreCert was issued
>> > under a PreCert Signing Certificate => the PreCert and what is signed
>> > by the log are now different (signature and signatureAlgorithm have
>> > been removed, poison extension has been removed, issuer and AKI has
>> > been changed if PreCert issuer is different than the final CA)
>> > - log signs this result and sends the SCT back to the publisher
>> > - CA includes a set of SCT in the final certificate
>> >
>> > Later:
>> > - the browser receives the final certificate
>> > - it extracts the TBSCertificate from it, takes the content of the
>> > SCT extension apart (keeps it for future use) and removes the extension
>> > - it verifies the resulting modified TBSCertificate against the
>> > signatures contained in the SCT extension it kept => if issuer and AKI
>> > weren't changed by the log, this verification would always fail if
>> > PreCert SC is different than final CA, and the browser can't know what
>> > these values were before modifications
>>
>> Thanks Erwann. This logic is exactly correct. The test cases in the
> certificate-
>> transparency.org code demonstrate that this is correct.
>>
>> Brian's error (which I shared until Emilia corrected me privately last
> week, and
>> which you also shared until I corrected you on TRANS earlier this week) is
> in
>> thinking that the AKI and Issuer modifications are done by the CA and are
>> reflected in the Precertificate. They're not.
>> They're done by the log when it transforms the Precertificate's
> TBSCertificate into
>> the "modified TBSCertificate".
>> (When a Precertificate Signing Certificate signs a Precertificate, that
>> Precertificate's Issuer and AKI match the Precertificate Signing
> Certificate's
>> Subject and SKI).
>>
>> When verifying a precert_entry SCT, a TLS Client needs to reconstruct the
>> "modified TBSCertificate", *NOT* the Precertificate's TBSCertificate.
>>
>> Since we've each independently reached the same wrong conclusion on this
>> issue and have needed to be corrected, I think we can safely say that
> relevant text
>> in RFC6962 is insufficiently clear!
>>
>> --
>> Rob Stradling
>> Senior Research & Development Scientist
>> COMODO - Creating Trust Online
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
More information about the Public
mailing list