idnits 2.17.1 draft-linus-trans-gossip-ct-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC6962]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (October 27, 2014) is 3470 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Unused Reference: 'RFC2119' is defined on line 219, but no explicit reference was found in the text ** Obsolete normative reference: RFC 4627 (Obsoleted by RFC 7158, RFC 7159) ** Obsolete normative reference: RFC 6962 (Obsoleted by RFC 9162) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) Summary: 4 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TRANS L. Nordberg 3 Internet-Draft NORDUnet 4 Intended status: Experimental October 27, 2014 5 Expires: April 30, 2015 7 Gossiping in CT 8 draft-linus-trans-gossip-ct-00 10 Abstract 12 This document describes gossiping in Certificate Transparency 13 [RFC6962]. 15 Status of This Memo 17 This Internet-Draft is submitted in full conformance with the 18 provisions of BCP 78 and BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF). Note that other groups may also distribute 22 working documents as Internet-Drafts. The list of current Internet- 23 Drafts is at http://datatracker.ietf.org/drafts/current/. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 This Internet-Draft will expire on April 30, 2015. 32 Copyright Notice 34 Copyright (c) 2014 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents 39 (http://trustee.ietf.org/license-info) in effect on the date of 40 publication of this document. Please review these documents 41 carefully, as they describe your rights and restrictions with respect 42 to this document. Code Components extracted from this document must 43 include Simplified BSD License text as described in Section 4.e of 44 the Trust Legal Provisions and are provided without warranty as 45 described in the Simplified BSD License. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 50 2. Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 51 3. Who should gossip . . . . . . . . . . . . . . . . . . . . . . 3 52 4. What kind of data to gossip about . . . . . . . . . . . . . . 3 53 4.1. Signed Tree Heads . . . . . . . . . . . . . . . . . . . . 3 54 4.1.1. Web browsers . . . . . . . . . . . . . . . . . . . . 3 55 4.1.2. CT monitors . . . . . . . . . . . . . . . . . . . . . 4 56 4.1.3. MTA:s . . . . . . . . . . . . . . . . . . . . . . . . 4 57 4.1.4. MUA:s . . . . . . . . . . . . . . . . . . . . . . . . 4 58 4.1.5. XMPP clients . . . . . . . . . . . . . . . . . . . . 4 59 4.2. Illegitimate Signed Certificate Timestamps . . . . . . . 4 60 5. Security considerations . . . . . . . . . . . . . . . . . . . 5 61 6. Open questions . . . . . . . . . . . . . . . . . . . . . . . 5 62 7. IANA considerations . . . . . . . . . . . . . . . . . . . . . 5 63 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 5 64 9. Normative References . . . . . . . . . . . . . . . . . . . . 5 65 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 67 1. Introduction 69 Gossiping in Certificate Transparency (CT) can be split up in three 70 pieces: 72 o A general gossip protocol. This document uses 73 [draft-linus-trans-gossip] for a general gossip protocol. 75 o Gossip strategy and policy - what data to gossip and how to deal 76 with incoming gossip information. 78 o Gossiping rules, i.e. what type of data and with whom to gossip. 80 The scope for this document is the last point, the gossiping rules. 82 2. Problem 84 Gossiping about what's known about CT logs helps solving the problem 85 of detecting malicious logs showing different views to different 86 clients, a.k.a. the partitioning attack. 88 The separate problem of how to disseminate information about a log 89 misbehaving in other ways may be helped by gossiping but poses a 90 potential threat to the privacy of end users. Gossiping about log 91 data linkable to a specific log entry and through that to a specific 92 site has to be constrained to using the gossiping message format and 93 gossiping transports for sending sensitive data only to particular 94 recipients. 96 3. Who should gossip 98 o TLS clients using PKIX (i.e. web browsers, MTA:s, MUA:s, XMPP 99 clients) 101 o CT auditors and CT monitors 103 4. What kind of data to gossip about 105 This section describes what type of log data to gossip. 107 4.1. Signed Tree Heads 109 All CT clients SHOULD gossip about Signed Tree Heads (STH's) with as 110 many other CT clients as possible. 112 Gossiping about STH's enables detection of logs presenting more than 113 one view of the log. 115 An STH contains: - the size of the tree being signed - a timestamp 116 indicating the time when the tree was signed - the merkle tree hash 117 of the tree being signed - a signature made by the log 119 An STH received from a client may indicate the following about that 120 client: - gossiping - using CT, as late as the timestamp and tree 121 size indicate - talking, indirectly, to the log indicated by the tree 122 hash - software being used and software version 124 Which STH's to send and how often is part of gossiping strategy and 125 out of scope for this document. 127 [TBD gossip about inclusion proofs and consistency proofs too?] 129 STH's are sent to a preconfigured gossip service in a 130 [draft-linus-trans-gossip] GOSSIP-MSG message with 'gossip-data' as a 131 JSON object [RFC7159] with the following content: 133 o sths: array of [RFC6962] Signed Tree Head's 135 4.1.1. Web browsers 137 Web browsers SHOULD send STH's to web servers using Transparency 138 Gossiping [draft-linus-trans-gossip] by sending GOSSIP-MSG messages 139 to a gossip service. Web browsers SHOULD use the 140 [draft-linus-trans-gossip-transport-https] transport and MAY use 141 other transports as well. 143 Which web servers STH's will be sent to depends on which web servers 144 the chosen transports are connected to and those web servers 145 capability and willingness to convey gossip. This is handled by the 146 gossip transports. 148 Web browsers MAY register as a gossip transport themselves and 149 perform the sending and receiving of gossip messages using 150 connections already in use. 152 4.1.2. CT monitors 154 CT monitors SHOULD send STH's to web servers using Transparency 155 Gossiping [draft-linus-trans-gossip] by sending GOSSIP-MSG messages 156 to a gossip service. 158 CT monitors SHOULD use as many transports as possible. 160 4.1.3. MTA:s 162 TBD 164 4.1.4. MUA:s 166 TBD 168 4.1.5. XMPP clients 170 TBD 172 4.2. Illegitimate Signed Certificate Timestamps 174 If a TLS client detects misbehaviour of a log related to a given 175 Signed Certificate Timestamp (SCT) it MAY send that SCT to the web 176 server it got the SCT from. A corresponding X.509 certificate chain 177 MAY be sent along with the SCT. The 178 [draft-linus-trans-gossip-transport-https] messaging format SHOULD be 179 used for this. 181 SCT's and corresponding X.509 certificates are sent to a 182 preconfigured gossip service in a [draft-linus-trans-gossip] GOSSIP- 183 MSG message with 'gossip-data' as a JSON object [RFC4627] with the 184 following content: 186 o entry: An array of objects consisting of 188 * sct: An [RFC6962] Signed Certificate Timestamp 189 * x509_chain: An array of base64-encoded X.509 certificates. The 190 first element is the end-entity certificate, the second chains 191 to the first and so on. 193 The 'x509_chain' element can be empty or include as many certificates 194 part of the same chain as available. 196 Note that 'gossip-data' is base64-encoded. 198 5. Security considerations 200 o TODO expand on why gossiping STH's is ok 202 o TODO expand on why gossiping SCT's is bad for privacy in the 203 general case 205 6. Open questions 207 o TODO active vs. passive participants 209 7. IANA considerations 211 TBD 213 8. Contributors 215 TBD 217 9. Normative References 219 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 220 Requirement Levels", BCP 14, RFC 2119, March 1997. 222 [RFC4627] Crockford, D., "The application/json Media Type for 223 JavaScript Object Notation (JSON)", RFC 4627, July 2006. 225 [RFC6962] Laurie, B., Langley, A., and E. Kasper, "Certificate 226 Transparency", RFC 6962, June 2013. 228 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 229 Interchange Format", RFC 7159, March 2014. 231 [draft-linus-trans-gossip] 232 "Transparency Gossip", n.d.. 234 [draft-linus-trans-gossip-transport-https] 235 "Transparency Gossip HTTPS transport", n.d.. 237 Author's Address 239 Linus Nordberg 240 NORDUnet 242 Email: linus@nordu.net