Opened 6 years ago

Closed 4 years ago

#146 closed defect (wontfix)

SCT Feedback doesn't account for privacy-sensitive EE certs

Reported by: david@… Owned by: draft-ietf-trans-threat-analysis@…
Priority: major Milestone:
Component: gossip Version:
Severity: - Keywords:
Cc:

Description

I think Section 7.1.3 of Gossip's requirement that "the 'x509_chain' element MUST contain at least the leaf certificate" would leak private information in some cases. SCT Feedback should probably be extended to handle name redaction and name-constrained intermediate CAs.

Change History (3)

comment:1 Changed 6 years ago by benl@…

What cases would it leak in?

Note that 7.1.3 is talking about what is sent back to the server the certificate allegedly came from in the first place...

comment:2 Changed 6 years ago by tom@…

No, I agree. Not because the server doesn't know about the certificate, but because the server is expected to share that exact same data with Auditors (either pushing the data or making available for polling.)

So I'm wondering: should clients not post redacted certificates to the servers they came from.... or should servers be expected to hide their redacted certificates from auditors?

I lean towards the latter.
a) If a server was attacked, their should get the details of that attack, not have it hidden by an attacker who chose to get a redacted SCT
b) the server wants to keep the data private, they can do the extra work

comment:3 Changed 4 years ago by melinda.shore@…

  • Resolution set to wontfix
  • Status changed from new to closed

From Linus:

I think that #146 [0] should be closed as wontfix since the sections of
6962bis that it refers to no longer exist.
Note: See TracTickets for help on using tickets.