googlechrome / certificatetransparency Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
There could be a situation where a log distrust action will have to be applied retrospectively. I.e., if it comes to light that a log has been maliciously operating over the last 6 months, I assume SCTs from such a log would have to be retrospectively rejected?
The current policy and the definition of "once qualified" doesn't seem to account for such a scenario. It allows for a SCT to be acceptable as long as the log was qualified at the time of cert issuance.
The current CT Policy background provides historic context about things that have been required to be CT Qualified, but can be easily misunderstood as being an exhaustive list of everything that is required to be CT Qualified.
The introduction should be reworded to de-emphasize EV certificates, while continuing to introduce the notion of "CT Qualified" and its context.
Currently, the number of SCTs related to the Lifetime of Certificate is defined in months. However, this leaves it ambiguous as to how to calculate it.
Several possible interpretations have been arrived at:
notAfter.year
- notBefore.year
) * 12 + (notAfter.month
- notBefore.month
), and then subtracting one if notAfter.day
< notBefore.day
.Expressing this in days is seen as least ambiguous.
For Chrome, this is https://bugs.chromium.org/p/chromium/issues/detail?id=713362
This post by Devon O'Brien states that:
Since January 2015, Chrome has required that Extended Validation (EV) certificates be CT-compliant in order to receive EV status. In April 2018, this requirement will be extended to all newly-issued publicly-trusted certificates - DV, OV, and EV - and certificates failing to comply with this policy will not be recognized as trusted when evaluated by Chrome. Certificates issued from locally-trusted or enterprise CAs that are added by users or administrators are not subject to this requirement.
Reference: https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
That post links to the policy in this repository which mentions the CT requirement for EV, doesn't not mention the DV and OV certificates.
Reference: https://github.com/chromium/ct-policy/blob/master/ct_policy.md
Should this be updated or do I misunderstand the new requirements.
CC: @sleevi
The https://github.com/chromium/ct-policy/blob/master/README.md document says things like "Chromium requires" but CT enforcement is not enabled in Chromium by default.
We should replace "Chromium" with "Chrome" when describing product behavior.
There are several Logs pending inclusion which would restrict their set of accepted Root Certificates to a limited subset of CAs.
Does this meet the definition of "operating in the public interest?" Is there a minimum set of root certificates that must be accepted? How frequently should that change (for example, an existing CA creates a new root for inclusion - does it occur before or after inclusion)?
RFC6962 notes that "In order to avoid logs being spammed into uselessness, it is required that each chain is rooted in a known CA certificate." If a log accepts certificates that are signed with weak signature algorithms (e.g., md2WithRSAEncryption, md5WithRSAEncryption), there may be a risk that an attacker could mint fake certificates (where the hash of the TBSCertificate matches that of an existing certificate) at a rate that's fast enough to spam the log into uselessness.
This issue could be mitigated by policy, perhaps by requiring logs to...
The policy is currently unspecified as to what TLS certificate must be used for a Log.
This creates compatibility issues for monitors and clients, as seen at https://groups.google.com/a/chromium.org/d/msg/ct-policy/0B46Z5UcbuE/nIem5EBbAAAJ .
Under the Retired
heading on the log states/lifecycle page, the information for how a Retired
log transitions to other log states is a direct copy-paste from the second point of the transition info for the ReadOnly
log state.
CertificateTransparency/log_states.md
Lines 109 to 110 in cc113ef
RFC 6962, Section 3.1 states:
Logs MUST verify that the submitted end-entity certificate or
Precertificate has a valid signature chain leading back to a trusted
root CA certificate, using the chain of intermediate CA certificates
provided by the submitter. Logs MAY accept certificates that have
expired, are not yet valid, have been revoked, or are otherwise not
fully valid according to X.509 verification rules in order to
accommodate quirks of CA certificate-issuing software. However, logs
MUST refuse to publish certificates without a valid chain to a known
root CA.
Some clarifications would be useful:
GoogleChrome certificate transparency (docs)
https://github.com/GoogleChrome/CertificateTransparency/blob/master/log_policy.md?plain=1#L17
https://github.com/GoogleChrome/CertificateTransparency/blob/master/log_states.md?plain=1#L9 (maybe not this one?)
https://github.com/GoogleChrome/CertificateTransparency/blob/master/log_states.md?plain=1#L86
The Chromium implementation of CT is limited in support of public keys to the set of public keys it accepts for the Web PKI:
The Chromium implementation does not explicitly support Curve25519, although it could, and does not support other forms of EC keys.
@jsha raised this on the ct-policy mailing list , highlighting how TLS allows certificates up to 2^24 bytes (16.7 MB), while it's likely that logs may have a much smaller maximum client body size, or have implementations (e.g. MySQL) which have limits on maximum row size in some design.
Large certificates totally exist, and it should be better specified how to handle these.
https://ct.googleapis.com/pilot
https://ct.googleapis.com/aviator
....
these URLs don't exist.
Problems:
Idea:
When a log operator brings up a new Log, they specify:
For a certificate to be accepted by the Log:
How could Log Operators use this:
Suppose the longest lived cert that a CA can/will ever issue is 3 years (I'm not sure what it actually is, so this example would need to be adjusted to accommodate whatever it really is).
Using this new idea, a log operator could then create 4 logs (to cover a rolling 3 year period), each with the same set of accepted roots, but with (Start, End) values of:
(initial, initial+1yr)
(initial+1yr, initial+2yrs)
(initial+2yrs, initial+3yrs)
(initial+3yrs, initial+4yrs)
where initial = ~when the logs are created
New certificates issued with short lifetimes (for example Let’s Encrypt certs) would initially end up in the (initial, initial+1yr) log, whereas new certificates with longer lifetimes would end up in the logs with later acceptance ranges. Existing certificates that have not yet expired would fit into whichever log accepts their ‘Not After’ value, and expired certificates would be submitted to already existing archival logs (e.g. Google Daedalus).
As now progressed, and neared initial+1yr, another log would be spun up with (Start, End) = (initial+4yrs, initial+5yrs), to continue to cover any new certificates created with a 3 year lifetime. New short lived certificates would start being logged in the (initial+1yr, initial+2yrs) Log.
Once now passed initial+1yr, the log with (Start, End) = (initial, initial+1yr) would become archival, and not require the same level of maintenance, as all of the certificates within it would be expired.
Pros:
Cons:
As part of https://groups.google.com/a/chromium.org/d/msg/ct-policy/C3egwJb8Bp4/myrWhXQtAwAJ , it was suggested that there should be additional questions related to Logs' operational policies that would offer greater transparency for the community.
While that discussions included a number of questions to be refined, in that set, a few stand-out as immediately applicable:
The CT team at Google has announced on the ct-policy list that they are running mirrors for all CT logs recognized by Chrome. It would be useful to make a copy of the mirrors list in this repo alongside the list of logs, so it is easy to find them.
Proposal and discussion: https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/zVW7lDySFk4
Potential Attack:
Mitigation:
Recommend that CT Logs only accept certificates that have a 'Not After' value later than the time of submission to the Log.
Right now, the Inclusion Request bug is not linked in the table on the main page, only the revision in which the Log was first Qualified.
For CAs that wish to examine Logs' policies and/or reach out to the Log Operator, the Inclusion Request bug is the canonical source of truth, and so would benefit making that more prominent. Viewing the commit is an extra level of indirection that could be simplified by listing the Inclusion Request bug directly.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.