TRANS L. Nordberg
Internet-Draft NORDUnet
Intended status: Experimental October 27, 2014
Expires: April 30, 2015
Gossiping in CT
draft-linus-trans-gossip-ct-00
Abstract
This document describes gossiping in Certificate Transparency
[RFC6962].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 30, 2015.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Nordberg Expires April 30, 2015 [Page 1]
Internet-Draft Gossiping in CT October 2014
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Who should gossip . . . . . . . . . . . . . . . . . . . . . . 3
4. What kind of data to gossip about . . . . . . . . . . . . . . 3
4.1. Signed Tree Heads . . . . . . . . . . . . . . . . . . . . 3
4.1.1. Web browsers . . . . . . . . . . . . . . . . . . . . 3
4.1.2. CT monitors . . . . . . . . . . . . . . . . . . . . . 4
4.1.3. MTA:s . . . . . . . . . . . . . . . . . . . . . . . . 4
4.1.4. MUA:s . . . . . . . . . . . . . . . . . . . . . . . . 4
4.1.5. XMPP clients . . . . . . . . . . . . . . . . . . . . 4
4.2. Illegitimate Signed Certificate Timestamps . . . . . . . 4
5. Security considerations . . . . . . . . . . . . . . . . . . . 5
6. Open questions . . . . . . . . . . . . . . . . . . . . . . . 5
7. IANA considerations . . . . . . . . . . . . . . . . . . . . . 5
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 5
9. Normative References . . . . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
Gossiping in Certificate Transparency (CT) can be split up in three
pieces:
o A general gossip protocol. This document uses
[draft-linus-trans-gossip] for a general gossip protocol.
o Gossip strategy and policy - what data to gossip and how to deal
with incoming gossip information.
o Gossiping rules, i.e. what type of data and with whom to gossip.
The scope for this document is the last point, the gossiping rules.
2. Problem
Gossiping about what's known about CT logs helps solving the problem
of detecting malicious logs showing different views to different
clients, a.k.a. the partitioning attack.
The separate problem of how to disseminate information about a log
misbehaving in other ways may be helped by gossiping but poses a
potential threat to the privacy of end users. Gossiping about log
data linkable to a specific log entry and through that to a specific
site has to be constrained to using the gossiping message format and
gossiping transports for sending sensitive data only to particular
recipients.
Nordberg Expires April 30, 2015 [Page 2]
Internet-Draft Gossiping in CT October 2014
3. Who should gossip
o TLS clients using PKIX (i.e. web browsers, MTA:s, MUA:s, XMPP
clients)
o CT auditors and CT monitors
4. What kind of data to gossip about
This section describes what type of log data to gossip.
4.1. Signed Tree Heads
All CT clients SHOULD gossip about Signed Tree Heads (STH's) with as
many other CT clients as possible.
Gossiping about STH's enables detection of logs presenting more than
one view of the log.
An STH contains: - the size of the tree being signed - a timestamp
indicating the time when the tree was signed - the merkle tree hash
of the tree being signed - a signature made by the log
An STH received from a client may indicate the following about that
client: - gossiping - using CT, as late as the timestamp and tree
size indicate - talking, indirectly, to the log indicated by the tree
hash - software being used and software version
Which STH's to send and how often is part of gossiping strategy and
out of scope for this document.
[TBD gossip about inclusion proofs and consistency proofs too?]
STH's are sent to a preconfigured gossip service in a
[draft-linus-trans-gossip] GOSSIP-MSG message with 'gossip-data' as a
JSON object [RFC7159] with the following content:
o sths: array of [RFC6962] Signed Tree Head's
4.1.1. Web browsers
Web browsers SHOULD send STH's to web servers using Transparency
Gossiping [draft-linus-trans-gossip] by sending GOSSIP-MSG messages
to a gossip service. Web browsers SHOULD use the
[draft-linus-trans-gossip-transport-https] transport and MAY use
other transports as well.
Nordberg Expires April 30, 2015 [Page 3]
Internet-Draft Gossiping in CT October 2014
Which web servers STH's will be sent to depends on which web servers
the chosen transports are connected to and those web servers
capability and willingness to convey gossip. This is handled by the
gossip transports.
Web browsers MAY register as a gossip transport themselves and
perform the sending and receiving of gossip messages using
connections already in use.
4.1.2. CT monitors
CT monitors SHOULD send STH's to web servers using Transparency
Gossiping [draft-linus-trans-gossip] by sending GOSSIP-MSG messages
to a gossip service.
CT monitors SHOULD use as many transports as possible.
4.1.3. MTA:s
TBD
4.1.4. MUA:s
TBD
4.1.5. XMPP clients
TBD
4.2. Illegitimate Signed Certificate Timestamps
If a TLS client detects misbehaviour of a log related to a given
Signed Certificate Timestamp (SCT) it MAY send that SCT to the web
server it got the SCT from. A corresponding X.509 certificate chain
MAY be sent along with the SCT. The
[draft-linus-trans-gossip-transport-https] messaging format SHOULD be
used for this.
SCT's and corresponding X.509 certificates are sent to a
preconfigured gossip service in a [draft-linus-trans-gossip] GOSSIP-
MSG message with 'gossip-data' as a JSON object [RFC4627] with the
following content:
o entry: An array of objects consisting of
* sct: An [RFC6962] Signed Certificate Timestamp
Nordberg Expires April 30, 2015 [Page 4]
Internet-Draft Gossiping in CT October 2014
* x509_chain: An array of base64-encoded X.509 certificates. The
first element is the end-entity certificate, the second chains
to the first and so on.
The 'x509_chain' element can be empty or include as many certificates
part of the same chain as available.
Note that 'gossip-data' is base64-encoded.
5. Security considerations
o TODO expand on why gossiping STH's is ok
o TODO expand on why gossiping SCT's is bad for privacy in the
general case
6. Open questions
o TODO active vs. passive participants
7. IANA considerations
TBD
8. Contributors
TBD
9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4627] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627, July 2006.
[RFC6962] Laurie, B., Langley, A., and E. Kasper, "Certificate
Transparency", RFC 6962, June 2013.
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, March 2014.
[draft-linus-trans-gossip]
"Transparency Gossip", n.d..
[draft-linus-trans-gossip-transport-https]
"Transparency Gossip HTTPS transport", n.d..
Nordberg Expires April 30, 2015 [Page 5]
Internet-Draft Gossiping in CT October 2014
Author's Address
Linus Nordberg
NORDUnet
Email: linus@nordu.net
Nordberg Expires April 30, 2015 [Page 6]