Re: ASN.1 module OIDs for OCSP agility (draft-ietf-pkix-ocspagility-05)

Thanks Russ,

But I think I need one also for OCSP-AGILITY-88 { TBD }

/Stefan

On 10-02-26 8:11 PM, "Russ Housley" <housley <at> vigilsec.com> wrote:

> Done:
> 
> id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
>             dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
> 
> id-mod  OBJECT IDENTIFIER ::= { id-pkix 0 }    -- modules
> 
> id-mod-ocsp-agility-2009       OBJECT IDENTIFIER ::= { id-mod 66 }
> 
> Russ
> 
> On 2/26/2010 8:13 AM, Stefan Santesson wrote:
>> Russ,
>> 
>> The OCSP agility document has passed WGLC and is about to be sent to the
>> IESG.
>> At what point can you assign OIDs for the ASN.1 modules?
>> 
>> http://tools.ietf.org/html/draft-ietf-pkix-ocspagility-05
>> 
>> /Stefan
>> 

Re: ASN.1 module OIDs for OCSP agility (draft-ietf-pkix-ocspagility-05)

Let's do it this way:

id-mod-ocsp-agility-2009-93    OBJECT IDENTIFIER ::= { id-mod 66 }
id-mod-ocsp-agility-2009-88    OBJECT IDENTIFIER ::= { id-mod 67 }

Russ

On 3/1/2010 7:48 AM, Stefan Santesson wrote:
> Thanks Russ,
> 
> But I think I need one also for OCSP-AGILITY-88 { TBD }
> 
> /Stefan
> 
> 
> On 10-02-26 8:11 PM, "Russ Housley" <housley <at> vigilsec.com> wrote:
> 
>> Done:
>>
>> id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
>>             dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
>>
>> id-mod  OBJECT IDENTIFIER ::= { id-pkix 0 }    -- modules
>>
>> id-mod-ocsp-agility-2009       OBJECT IDENTIFIER ::= { id-mod 66 }
>>
>> Russ
>>
>> On 2/26/2010 8:13 AM, Stefan Santesson wrote:
>>> Russ,

I-D Action:draft-ietf-pkix-ocspagility-06.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.

	Title           : OCSP Algorithm Agility
	Author(s)       : P. Hallam-Baker, S. Santesson
	Filename        : draft-ietf-pkix-ocspagility-06.txt
	Pages           : 13
	Date            : 2010-03-01

The OSCP specification defined in RFC 2560 requires server responses
to be signed but does not specify a mechanism for selecting the
signature algorithm to be used leading to possible interoperability
failures in contexts where multiple signature algorithms are in use.
This document specifies an algorithm for server signature algorithm
selection and an extension that allows a client to advise a server
that specific signature algorithms are supported.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-ocspagility-06.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

_______________________________________________

Re: ASN.1 module OIDs for OCSP agility (draft-ietf-pkix-ocspagility-05)

Thanks

I have posted an updated draft with the new OIDs
http://www.ietf.org/id/draft-ietf-pkix-ocspagility-06.txt

See also diff at: 
http://tools.ietf.org/rfcdiff?url2=draft-ietf-pkix-ocspagility-06.txt

/Stefan

On 10-03-01 2:43 PM, "Russ Housley" <housley <at> vigilsec.com> wrote:

> Let's do it this way:
> 
> id-mod-ocsp-agility-2009-93    OBJECT IDENTIFIER ::= { id-mod 66 }
> id-mod-ocsp-agility-2009-88    OBJECT IDENTIFIER ::= { id-mod 67 }
> 
> Russ
> 
> 
> On 3/1/2010 7:48 AM, Stefan Santesson wrote:
>> Thanks Russ,
>> 
>> But I think I need one also for OCSP-AGILITY-88 { TBD }
>> 
>> /Stefan
>> 
>> 
>> On 10-02-26 8:11 PM, "Russ Housley" <housley <at> vigilsec.com> wrote:
>> 

Re: Proposal to review and adopt CertID and KeyID proposal

That's a great idea, Russ! (Also Stephen Farrell, for suggesting the 
Targets extension.) One of the attribute certificate structures might 
actually be more appropriate for the proposed linkage.

I am looking into that, and will post results after I analyze it a bit more.

Best regards,

Sean

On 2/24/2010 8:13 AM, Russ Housley wrote:
> Sean:
>
> RFC 3281 includes structures in an attribute certificate that point back
> to a particular certificate.  Can those same structures be used here to
> provide the same linkage?
>
> Russ
>    

_______________________________________________
pkix mailing list
pkix <at> ietf.org
https://www.ietf.org/mailman/listinfo/pkix

Call for agenda items - IETF 77, Anaheim

_______________________________________________
pkix mailing list
pkix <at> ietf.org
https://www.ietf.org/mailman/listinfo/pkix

Re: I-D Action:draft-ietf-pkix-certimage-06.txt

_______________________________________________
pkix mailing list
pkix <at> ietf.org
https://www.ietf.org/mailman/listinfo/pkix

Re: I-D Action:draft-ietf-pkix-certimage-06.txt

Hi Denis,

Comments in line.

/Stefan

On 10-03-02 1:03 PM, "Denis Pinkas" <denis.pinkas <at> bull.net> wrote:

> One of the main arguments to explain the motivations behind this draft is to
> complain 
> about the "lack of well defined semantics for critical identity attributes".
> In order to solve this complain, there is a much simpler solution
> which takes far less data in a certificate: simply define some additional OIDs
> for the construction of a DN to make it more descriptive. In this way
> there cannot be any mismatch between the data representation and the visual
> representation and a different visual representation may be done for any
> language 
> supported by the relying party.

This does not work as a replacement.

1) It is not backwards compatible. Certificate using systems are coded to
expect certain attributes and the use of attributes are locked into
international and national standards.

2) Many required attributes are national or local attributes that can't be
defined by the IETF

3) Attribute OIDs does not communicate any display metadata that can be used
by a UI. The attribute OID is just numbers and the UI have no way to
translate the OID to a meaningful UI representation.

4) Attribute OIDs can't provide any image information or any other elements
of visual design which is critical to provide a consistent user experience
across platforms.

> The major problem with the proposed solution is that human beings may be able
> to interpret the visual representation ... only if they understand English.
> See the example: "Civic Registration Number", "Country of Registration".

This is not true. This example is provided in English, but could as well be
provided in French.

> Applications will be unable to understand the visual representation.

True, applications are not intended to process images in any other way than
to simply display them when appropriate.

> As a consequence, there may be a difference between the data representation
> and 
> the visual representation. This means that CAs issuing visual representations
> must be fully trusted not to fool relying parties.

Yes, which it need to be anyway. The good thing is that the CA will have to
sign the certificate so if it issues conflicting certificates to fool
relying parties, it will pretty soon be out of business.

> However, even if fully trusted,
> since there is no guidance, nor rules, to make a "good" visual representation:
> two CAs might choose the same visual representation for different meanings.
> Another problem that is not addressed is the language. On page 6 it can be
> seen 
> that the LogotypeImageInfo data structure allows the inclusion of a language
> element. 
> There is not a single explanation in the draft about its use.

If you read on the first line, you will see that this structure is defined
in RFC 3709 which contains the discussion of how to represent the same
information under different languages.

> Suppose a signer 
> certificate 
> is issued in China but used in Spain and in Italy, then how many languages
> should be supported? What would be the size of the certificate supporting
> three languages? 

The CA free to choose how many languages it want to support and also which
of the language variants that are provided as embedded or externally stored
images.

Even if a large number of languages are supported, the certificate size can
remain small.

> Would three languages be enough?

That is up to the CAs to decide.

> The use of new OIDs for constructing a DN does not have this kind of problems,
> since these new OIDs would be locally interpreted in any language.

OIDs do not provide any display metadata in any language.

> This draft mentions three different purposes as indicated on page 3:
> 1) identify a web service. Today, the only way to make sure to be connected
> to the right web server is to check the URI when in HTTPS mode. Is the intent
> to provide a new functionality by clicking once or more to get an image?
> How many end users will really do one or more clicks?

This is not a substantiated claim. I'm mostly interested to know who the
actual service provider is.

It is up to web browsers, CAs and OS platforms to come up with clever UI
tools and design. It is not the intent of this standard to do UI design.

> 2) identify a signer. This seems the main motivation of the draft.
> As said above, using additional OIDs for constructing a DN solves the problem
> much more nicely.

As said above, OIDs do not provide any solution to the targeted problem.

> 3) locally select the appropriate certificate, e.g. when a certificate store
> contains 
> several certificates for a user. In this case, a signer simply needs to know
> who the issuer is.
> In many cases, the issuer will be different whether the certificate is usable
> for private use 
> or professional use. Otherwise looking at the DN will allow the signer making
> the difference 
> since at least, for professional use, there will be either an organization
> component or 
> an organization unit component with the name of a company or an organization
> the signer belongs to.

Which is defeated by the very example I provided. Public CAs operating on a
national level in EU today provide data in organizational attributes that
has nothing to do with belonging to that organization.

> It is also important to note that in some cases the signer will sign off-line.
> Hence the use 
> of the data URL scheme which minimizes the size of the image does not apply.
> Storing the image
> in the certificate will lead to store very large certificates in smart cards
> where space is limited.
> As the example, the size of the image sent as an exemple converted into png is
> 56 Kbytes: 
> such an image cannot fit into a smart card. This is not a valid approach.

That same image takes 2k in svgz

It's not reasonable to prevent use of images 2010 because they take to much
memory. I'm not sure how old SmartCard technology you are trying to use.

The concept of caching is a great tool for off-line situations  when the
images are provided as external references,

> Other comments
> On page 5 there is a MUST condition:
> ³ When present the Certificate Image MUST represent a complete visual
> representation of the
> certificate Š that the issuer subjectively defines as relevant at least the
> following 
> three aspects of the certificate:
>       - Certificate Context
>       - Certificate Issuer
>       - Certificate Subject².
> Since this is subjective, interpretations will be necessarily different.
> What is relevant for case 3) above is not relevant for case 1) above.

True, The key is that it is a complete representation in the sense that it
is meaningful to display on its own. Your ID-card in your wallet also always
looks the same no matter what you use it for. That provides consistency.
Same thing here.

> The image MUST contain ALL the elements which makes a SINGLE representation
> and will lead 
> to very large images. This is not acceptable.

Not at all. The attached example shows that it does not need to be very
complex or large. 

> If, as indicated, this becomes is the only visual representation, the
> application will not
> allow anymore the end-user to see the real content of a certificate. This is
> not acceptable.

There is nothing in this document that prevents application from allowing
the users to examine the content of the certificate.

> Page 6. The use of the OPTIONAL language element is not explained. If used,
> what should it contain?

This structure is imported from RFC 3709. It specifies the language used to
present information.

> How should a relying party use this field, if it is present?

A UI would try to match the user's local language preferences by selecting
the image that offers the most suitable language.

> Page 7. The use of the dataURL scheme leads to privacy considerations which
> are not addressed in the draft.
> Usually, certificates for human beings are not published on the Internet but
> are communicated 
> at the will of the certificate owner.
> Since the URL of the dataURL scheme will be accessible over the Internet, some
> people might try 
> to guess these URLs and retrieve the certificate images. This is not a major
> problem for web servers,
> but it is for human beings. The security considerations section is silent
> about this concern.

Yes, it makes sense to add a sentence on this issue in the security
considerations section.

> Page 8. The note of page 8 is the following:
>    Note: Implementations need to be cautious about the the size of
>          images included in a certificate in order to ensure that the
>          size of the certificate does not prevent the certificate to be
>          used as intended.
> It does not solve the issue.

There is no issue to solve. The CA has a number of options. The most
conservative option is to not store images in the certificate at all.

> It also hides the fact that multiple images would
> be needed 
> in different languages and for different purposes (e.g. case 3 would need a
> much smaller 
> image than case 2) which makes the problem even worse.

It does not hide any fact. It simply states that the CA need to be cautious
about size.

> Nowhere the document is saying that CAs MUST verify that the certimage matches
> with the content of the certificate.
> Since CAs will add semantics to the content of the certificate, there is no
> guarantee 
> that the semantics added by one CA will be comparable with the semantics of
> another CA.

All information provided by the CA need to be correct. That is in the nature
of being a CA and the reason people will trust it.

> For all these reasons, I am not in favor for going ahead with this draft.
> Denis
> 
> 
> _______________________________________________
> pkix mailing list
> pkix <at> ietf.org
> https://www.ietf.org/mailman/listinfo/pkix

_______________________________________________
pkix mailing list
pkix <at> ietf.org
https://www.ietf.org/mailman/listinfo/pkix

Re: Proposal to review and adopt CertID and KeyID proposal

Thank you for the comments, both public and private, regarding the 
CertID and KeyID proposal.

On review of the structures, it appears that repurposing the Holder 
field of an attribute certificate will give us what we need, because the 
Holder field can identify a certificate, public key, or other entity. 
The Target field is a close match but is not exact because there is no 
way to identify a public key (or all certificates containing a public 
key) directly, short of specifying such a thing in the GeneralName.

Peer review frequently helps and I think that in this case, the review 
was successful in identifying redundant parts of the proposal compared 
with the existing uses of GeneralName.

Nevertheless, I think that the CertID and KeyID proposal remains viable 
for its original purpose, as there is a fair amount of confusion out 
there about things like SubjectKeyIdentifier (and how it is not 
guaranteed to be universally unique). I would therefore like to revise 
the document in the following ways:

* Remove GeneralName proposals (section 4).
* Refocus the proposal to standardizing on a single structure for 
uniquely identifying certificates on a going-forward basis. Namely:
   PKIXCertID ::= ESSCertIDv2
  ,
   PKIXCertID ::= SCVPCertID
  ,
   or a new structure (although I think that using one of the existing 
structures is better, as the whole point is to reduce complexity, not 
add to it).
* State that new protocols SHOULD use PKIXCertID when uniquely 
identifying an existing certificate. Existing protocols are not 
modified, as they are already set in stone. New protocol designers need 
to decide first whether it is necessary to uniquely identify a 
certificate, or whether it is sufficient to identify certificates 
non-uniquely. If uniqueness is required, then PKIXCertID SHOULD/MUST be 
used. If not, another method is appropriate, such as issuer + serial 
number, subject name matching, etc.

* Provide clearer guidance about how existing structures do not uniquely 
identify certificates or keys (beef up the sentence/paragraph in Section 
1 on this topic).

* I would like to hear other use cases for identifying a single key, or 
"all certificates containing a single key", alone. If there are use 
cases, I think that the KeyID proposal is still viable.

In our use case, it is desirable to identify "something by a 
GeneralName, or something by a certificate [and therefore a single key], 
or something by a key inside of any number of certificates." As stated 
above, the Holder field is the most appropriate for this use case.

If we are talking about just identifying a key inside of any number of 
certificates alone, RFC 5755's ObjectDigestInfo is okay, but is less 
than ideal. The reason why is because you can identify a key with the 
ENUMERATED publicKey (0) option, but ObjectDigestInfo alone does not 
provide pointer information on how to locate the key. You can use the 
other fields of Holder for this purpose (baseCertificateID to find a 
certificate with that key, for example), but Holder may be seen as 
unnecessarily complicated if you do not care about all the generality.

If a use case cannot be found, it would be fine to eliminate the KeyID 
structure as-proposed, and make that section a non-normative section of 
how to identify keys using various methods (namely, reproducing the 
paragraphs above).

Regards,

Sean

_______________________________________________
pkix mailing list
pkix <at> ietf.org
https://www.ietf.org/mailman/listinfo/pkix

Re: Proposal to review and adopt CertID and KeyID proposal

Sean,

On this particular issue:

On 10-03-02 9:45 PM, "Sean Leonard" <dev+ietf <at> seantek.com> wrote:

> * Refocus the proposal to standardizing on a single structure for
> uniquely identifying certificates on a going-forward basis. Namely:
>    PKIXCertID ::= ESSCertIDv2

What is the point of defining PKIXCertID?
Why not just refer to ESSCertIDv2?

As we have done in RFC 3161 update. See:
http://tools.ietf.org/html/draft-ietf-pkix-rfc3161-update-09

/Stefan

_______________________________________________
pkix mailing list
pkix <at> ietf.org
https://www.ietf.org/mailman/listinfo/pkix