2
0
mirror of https://github.com/namecoin/proposals synced 2024-10-30 21:20:11 +00:00

Update IFA-0003.

This commit is contained in:
JeremyRand 2017-06-13 07:36:04 +00:00
parent c37aeda351
commit d9de3fd469
No known key found for this signature in database
GPG Key ID: B3F2D165786D6570

View File

@ -28,29 +28,37 @@ This document was authored by Jeremy Rand, with input from Ryan Castellucci and
Introduction Introduction
------------ ------------
This document extends the Domain Names specification, IFA-0001. It specifies an additional format of encoding the "tls" item type. This format is more suited for integrating "tls" item support into mainstream certificate trust stores, given the API limitations of those trust stores. This document extends the Domain Names specification, IFA-0001. It specifies an additional format of encoding the `tls` item type. This format is more suited for integrating `tls` item support into mainstream certificate trust stores, given the API limitations of those trust stores.
Dehydrated "tls" Items Extensible Alternate Encoding for `tls` Items
---------------------------------------------
IFA-0001 specifies that a TLS item is a JSON list. This specification redefines TLS items to instead be a JSON object, of the form `{encoding: data}`. *encoding* can be `"dane"`, in which case `data` is a JSON list in the form specified by IFA-0001. *encoding* can also be `"d8"`, in which case `data` is in the form specified below. If multiple *encoding* keys exist for a single TLS item (e.g. both `dane` and `d8` are available), then implementations MUST pick one of their choice. Implementations MAY assume that all *encoding* options for a TLS item are equivalent. If a TLS item that contains a JSON list instead of a JSON object is encountered, implementations MUST treat the list `list` as the JSON object `{"dane": list}`, which ensures backward-compatibility with IFA-0001.
Dehydrated `tls` Items
---------------------- ----------------------
A dehydrated certificate in JSON format looks like: A dehydrated certificate in JSON format looks like:
``` ~~~
["MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJlmDLitmolpxbKFQxRSj5AbF7VOip9XOyAC9HfmTWibGMpODJQH7LXyEo5o/wc2fHB+7aoKcW+eZ74+3ZN+4SA==",4838688,5154336,10,"MEYCIQCtBKJDjBg3M+RuHecPWgdo99wyPASBXsLMIlG3OYKJywIhAMXPMA+mDqNhgsLGdiyLQ09hsYbwami2hkvM9ijDPJj7"] {"d8":[1,"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGm0zZlzrnwEYvub3BG3+VTKjvXWdMntoTanw3cwGAqcb0ALFrt5MdChT9t4josaefnGdVHa+ZBNmSEIaNZNhnw==",4944096,5154336,10,"MEUCIQCEkb4Q+AV8FsQgRoWSZ3S+1Ww/SySl4238SjTv5d/WAgIgX2rAhfCQ3gGG1Abhme8mDTG641vIYHJuz8d6m7IrgJo="]}
``` ~~~
It is a JSON list of 5 items. It is a JSON object of the form `{"d8":list}`, where `list` is a JSON list of 6 items.
1. a base64 string representing the public key. Typically an EC public key, not RSA, because EC is much more compact. The public key is not compressed, because compressed EC public keys are not widely supported by libraries (particularly the Golang standard library). 1. an integer representing a version number. Currently `1` is the only defined version. Dehydrated certificates with an unknown version MUST be ignored.
2. an integer representing the "not before" part of the validity period, in units of 5 minutes. 5 minutes essentially divides the number by 300, which eliminates slightly more than 1 byte. 2. a base64 string representing the public key. Typically an EC public key, not RSA, because EC is much more compact. The public key is not compressed, because compressed EC public keys are not widely supported by libraries (particularly the Golang standard library).
3. an integer representing the "not after" part of the validity period, in units of 5 minutes. 5 minutes essentially divides the number by 300, which eliminates slightly more than 1 byte. 3. an integer representing the "not before" part of the validity period, in units of 5 minutes. 5 minutes essentially divides the number by 300, which eliminates slightly more than 1 byte.
4. an integer representing the signature algorithm. Typically ECDSA with SHA256. 4. an integer representing the "not after" part of the validity period, in units of 5 minutes. 5 minutes essentially divides the number by 300, which eliminates slightly more than 1 byte.
5. a base64 string representing the signature. Typically ECDSA with SHA256. 5. an integer representing the signature algorithm. Typically ECDSA with SHA256.
6. a base64 string representing the signature. Typically ECDSA with SHA256.
These 5 items are chosen for 3 reasons: `d8` is an abbreviation for how "dehydrate" is pronounced in English.
1. A valid certificate can be rehydrated from these 5 items (plus a domain name). This means that TLS applications that require possessing a full certificate (not just a public key hash) in order to set up an override can be configured without out-of-band retrieval of a certificate. These 6 items are chosen for 3 reasons:
2. These items are much smaller than the rehydrated certificate would be, and therefore can comfortably fit into a datastore where storage is expensive (e.g. a Namecoin value).
1. A valid certificate can be rehydrated from these 6 items (plus a domain name). This means that TLS applications that require possessing a full certificate (not just a public key hash) in order to set up an override can be configured without out-of-band retrieval of a certificate.
2. These items are much smaller (they are circa 255 bytes of JSON) than the rehydrated certificate would be, and therefore can comfortably fit into a datastore where storage is expensive (e.g. a Namecoin value).
3. Rehydrated certificates are minimally trusted. For example, rehydrated certificates cannot be valid for other domain names or uses (via SAN, the CA flag, etc.) than the one which the user retrieving a TLSA record expects. As a result, these certificates can be added to a root CA trust store with minimal security implications. 3. Rehydrated certificates are minimally trusted. For example, rehydrated certificates cannot be valid for other domain names or uses (via SAN, the CA flag, etc.) than the one which the user retrieving a TLSA record expects. As a result, these certificates can be added to a root CA trust store with minimal security implications.
To rehydrate into a full certificate, construct a self-signed certificate with the following fields: To rehydrate into a full certificate, construct a self-signed certificate with the following fields:
@ -63,7 +71,7 @@ To rehydrate into a full certificate, construct a self-signed certificate with t
* SignatureAlgorithm: based on dehydrated data * SignatureAlgorithm: based on dehydrated data
* PublicKey: based on dehydrated data * PublicKey: based on dehydrated data
* Signature: based on dehydrated data * Signature: based on dehydrated data
* Subject Organization: the .bit domain in use * Subject CommonName: the .bit domain in use
* Subject SerialNumber: "Namecoin TLS Certificate" * Subject SerialNumber: "Namecoin TLS Certificate"
* DNSNames: the .bit domain in use * DNSNames: the .bit domain in use
* SerialNumber: first 19 bytes of SHA256(SHA256(the .bit domain in use) | SHA256(PublicKey) | SHA256(big-endian int64 of NotBefore in units of 5 minutes) | SHA256(big-endian int64 of NotAfter in units of 5 minutes)) * SerialNumber: first 19 bytes of SHA256(SHA256(the .bit domain in use) | SHA256(PublicKey) | SHA256(big-endian int64 of NotBefore in units of 5 minutes) | SHA256(big-endian int64 of NotAfter in units of 5 minutes))
@ -76,23 +84,24 @@ Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: Serial Number:
3a:f7:1d:51:bc:af:96:ca:96:a7:a7:2e:28:65:18:dc:dc:f9:8d 51:06:10:fe:12:53:81:e5:cd:ed:9a:38:7d:19:25:42:34:10:54
Signature Algorithm: ecdsa-with-SHA256 Signature Algorithm: ecdsa-with-SHA256
Issuer: O=www.veclabs.bit/serialNumber=Namecoin TLS Certificate Issuer: CN=www.veclabs.bit/serialNumber=Namecoin TLS Certificate
Validity Validity
Not Before: Jan 1 00:00:00 2016 GMT Not Before: Jan 1 00:00:00 2017 GMT
Not After : Jan 1 00:00:00 2019 GMT Not After : Jan 1 00:00:00 2019 GMT
Subject: O=www.veclabs.bit/serialNumber=Namecoin TLS Certificate Subject: CN=www.veclabs.bit/serialNumber=Namecoin TLS Certificate
Subject Public Key Info: Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit) Public-Key: (256 bit)
pub: pub:
04:26:59:83:2e:2b:66:a2:5a:71:6c:a1:50:c5:14: 04:1a:6d:33:66:5c:eb:9f:01:18:be:e6:f7:04:6d:
a3:e4:06:c5:ed:53:a2:a7:d5:ce:c8:00:bd:1d:f9: fe:55:32:a3:bd:75:9d:32:7b:68:4d:a9:f0:dd:cc:
93:5a:26:c6:32:93:83:25:01:fb:2d:7c:84:a3:9a: 06:02:a7:1b:d0:02:c5:ae:de:4c:74:28:53:f6:de:
3f:c1:cd:9f:1c:1f:bb:6a:82:9c:5b:e7:99:ef:8f: 23:a2:c6:9e:7e:71:9d:54:76:be:64:13:66:48:42:
b7:64:df:b8:48 1a:35:93:61:9f
ASN1 OID: prime256v1 ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions: X509v3 extensions:
X509v3 Key Usage: critical X509v3 Key Usage: critical
Digital Signature Digital Signature
@ -103,21 +112,21 @@ Certificate:
X509v3 Subject Alternative Name: X509v3 Subject Alternative Name:
DNS:www.veclabs.bit DNS:www.veclabs.bit
Signature Algorithm: ecdsa-with-SHA256 Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:ad:04:a2:43:8c:18:37:33:e4:6e:1d:e7:0f: 30:45:02:21:00:84:91:be:10:f8:05:7c:16:c4:20:46:85:92:
5a:07:68:f7:dc:32:3c:04:81:5e:c2:cc:22:51:b7:39:82:89: 67:74:be:d5:6c:3f:4b:24:a5:e3:6d:fc:4a:34:ef:e5:df:d6:
cb:02:21:00:c5:cf:30:0f:a6:0e:a3:61:82:c2:c6:76:2c:8b: 02:02:20:5f:6a:c0:85:f0:90:de:01:86:d4:06:e1:99:ef:26:
43:4f:61:b1:86:f0:6a:68:b6:86:4b:cc:f6:28:c3:3c:98:fb 0d:31:ba:e3:5b:c8:60:72:6e:cf:c7:7a:9b:b2:2b:80:9a
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBzTCCAXKgAwIBAgITOvcdUbyvlsqWp6cuKGUY3Nz5jTAKBggqhkjOPQQDAjA9 MIIBzDCCAXKgAwIBAgITUQYQ/hJTgeXN7Zo4fRklQjQQVDAKBggqhkjOPQQDAjA9
MRgwFgYDVQQKEw93d3cudmVjbGFicy5iaXQxITAfBgNVBAUTGE5hbWVjb2luIFRM MRgwFgYDVQQDEw93d3cudmVjbGFicy5iaXQxITAfBgNVBAUTGE5hbWVjb2luIFRM
UyBDZXJ0aWZpY2F0ZTAeFw0xNjAxMDEwMDAwMDBaFw0xOTAxMDEwMDAwMDBaMD0x UyBDZXJ0aWZpY2F0ZTAeFw0xNzAxMDEwMDAwMDBaFw0xOTAxMDEwMDAwMDBaMD0x
GDAWBgNVBAoTD3d3dy52ZWNsYWJzLmJpdDEhMB8GA1UEBRMYTmFtZWNvaW4gVExT GDAWBgNVBAMTD3d3dy52ZWNsYWJzLmJpdDEhMB8GA1UEBRMYTmFtZWNvaW4gVExT
IENlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJlmDLitmolpx IENlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGm0zZlzrnwEY
bKFQxRSj5AbF7VOip9XOyAC9HfmTWibGMpODJQH7LXyEo5o/wc2fHB+7aoKcW+eZ vub3BG3+VTKjvXWdMntoTanw3cwGAqcb0ALFrt5MdChT9t4josaefnGdVHa+ZBNm
74+3ZN+4SKNRME8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMB SEIaNZNhn6NRME8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMB
MAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LnZlY2xhYnMuYml0MAoGCCqG MAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LnZlY2xhYnMuYml0MAoGCCqG
SM49BAMCA0kAMEYCIQCtBKJDjBg3M+RuHecPWgdo99wyPASBXsLMIlG3OYKJywIh SM49BAMCA0gAMEUCIQCEkb4Q+AV8FsQgRoWSZ3S+1Ww/SySl4238SjTv5d/WAgIg
AMXPMA+mDqNhgsLGdiyLQ09hsYbwami2hkvM9ijDPJj7 X2rAhfCQ3gGG1Abhme8mDTG641vIYHJuz8d6m7IrgJo=
-----END CERTIFICATE----- -----END CERTIFICATE-----
``` ```
@ -125,7 +134,7 @@ Note that a canonical implementation (in Go) of this scheme is being added to nc
An IFA-0001-based JSON value which uses the above dehydrated certificate looks like this: An IFA-0001-based JSON value which uses the above dehydrated certificate looks like this:
``` ~~~
{ {
"map":{ "map":{
"www":{ "www":{
@ -134,18 +143,16 @@ An IFA-0001-based JSON value which uses the above dehydrated certificate looks l
"map":{ "map":{
"_443":{ "_443":{
"tls":[ "tls":[
[ {
"d8", "d8":[
0, 1,
0, "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGm0zZlzrnwEYvub3BG3+VTKjvXWdMntoTanw3cwGAqcb0ALFrt5MdChT9t4josaefnGdVHa+ZBNmSEIaNZNhnw==",
[ 4944096,
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJlmDLitmolpxbKFQxRSj5AbF7VOip9XOyAC9HfmTWibGMpODJQH7LXyEo5o/wc2fHB+7aoKcW+eZ74+3ZN+4SA==",
4838688,
5154336, 5154336,
10, 10,
"MEYCIQCtBKJDjBg3M+RuHecPWgdo99wyPASBXsLMIlG3OYKJywIhAMXPMA+mDqNhgsLGdiyLQ09hsYbwami2hkvM9ijDPJj7" "MEUCIQCEkb4Q+AV8FsQgRoWSZ3S+1Ww/SySl4238SjTv5d/WAgIgX2rAhfCQ3gGG1Abhme8mDTG641vIYHJuz8d6m7IrgJo="
]
] ]
}
] ]
} }
} }
@ -154,9 +161,7 @@ An IFA-0001-based JSON value which uses the above dehydrated certificate looks l
} }
} }
} }
``` ~~~
The "d8", 0, 0 before the certificate data is a magic indicator that this is a dehydrated certificate rather than a format based on RFC 6698 (DANE). "d8" is an abbreviation for how "dehydrate" is pronounced in English, and will not collide with future revisions to DANE because DANE uses an integer here while this spec uses a string. The latter 0 is intended as a version field. The former 0 is reserved, and is only present so that the number of elements in a "tls" record is constant regardless of whether it's dehydrated or DANE-based.
Design Goals Design Goals
------------ ------------
@ -171,9 +176,10 @@ There are no changes to item suppression or other processing rules.
Changes to Domain Name Owner Recommendations Changes to Domain Name Owner Recommendations
-------------------------------------------- --------------------------------------------
Dehydrated "tls" items are more widely compatible with currently deployed TLS implementations, e.g. Google Chrome and Mozilla Firefox. However, because their encoding contains more data than a public key hash, dehydrated "tls" items will incur higher storage costs than the encoding specified in IFA-0001. Domain name owners are advised to consider the tradeoffs between compatibility and storage costs when choosing how to encode their "tls" items. It is our belief that, in most publicly deployed website configurations, the improved compatibility of dehydrated "tls" items makes their usage preferable, and that their increased storage costs are negligible in such configurations. Dehydrated `tls` items are more widely compatible with currently deployed TLS implementations, e.g. Google Chrome and Mozilla Firefox. However, because their encoding contains more data than a public key hash, dehydrated `tls` items will incur higher storage costs than the encoding specified in IFA-0001. Domain name owners are advised to consider the tradeoffs between compatibility and storage costs when choosing how to encode their `tls` items. It is our belief that, in most publicly deployed website configurations, the improved compatibility of dehydrated `tls` items makes their usage preferable, and that their increased storage costs are negligible in such configurations.
Changelog Changelog
--------- ---------
- 20170613: Revisions based on feedback.
- 20160612: Initial revision. - 20160612: Initial revision.