|
| 1 | +Umbilical certificates |
| 2 | +====================== |
| 3 | + |
| 4 | +For first experiments with Merkle Tree Certificates, a client may wish |
| 5 | +that each Merkle Tree Certificate is backed by a traditional X.509 |
| 6 | +certificate (chain) issued by a trusted CA. We call this the *umbilical* |
| 7 | +certificate/chain. |
| 8 | + |
| 9 | +To accommodate this we allocate two new `EvidenceType`: |
| 10 | + |
| 11 | +``` |
| 12 | +enum { |
| 13 | + umbilical(0), |
| 14 | + compressed_umbilical(1), |
| 15 | + (2^16-1) |
| 16 | +} EvidenceType; |
| 17 | +``` |
| 18 | + |
| 19 | +For `umbilical` the `info` field of an `Evidence` entry contains the |
| 20 | +concatenated ASN.1 DER encoded X.509 certificates of the umbilical chain. |
| 21 | + |
| 22 | +The `-from-x509-pem` (`-x`) and `-from-x509-server` (`-X`) options to |
| 23 | +`mtc ca queue` and `mtc new-assertion-request` will automatically |
| 24 | +add the X.509 chain as evidence to the assertion-request. |
| 25 | + |
| 26 | +MTCA evidence policy |
| 27 | +-------------------- |
| 28 | +By default, the MTCA will publish the evidence, but it will not check it |
| 29 | +or require its presence. |
| 30 | + |
| 31 | +The MTCA can be configured to require umbilical evidence before publishing, |
| 32 | +by setting the *evidence policy* to `umbilical`: |
| 33 | + |
| 34 | +``` |
| 35 | +mtc ca new -evidence-policy umbilical -umbilical-roots root_store.certs 62253.12.15 ca.example.com |
| 36 | +``` |
| 37 | + |
| 38 | +The `-umbilical-roots` flag sets the PEM encoded root certificates that |
| 39 | +are accepted. |
| 40 | + |
| 41 | +Before accepting an assertion request to the queue, the MTCA will |
| 42 | +require an umbilical chain as evidence, which verifies against one |
| 43 | +of the umbilical roots. It will also check revocation using OCSP if available, |
| 44 | +and falling back to CRL otherwise. CRLs are cached in `revocation-cache`. |
| 45 | + |
| 46 | +A mirror will follow the evidence policy set by the CA. If the CA does not |
| 47 | +have an evidence policy set, the mirror will simply copy evidence, but not |
| 48 | +performe any checks. If the CA has umbilical evidence policy, it will |
| 49 | +check for each entry whether the umbilical evidence is present and correct. |
| 50 | + |
| 51 | +To ensure the mirror checks umbilical evidence, you can |
| 52 | +pass `-evidence-policy umbilical` to `mtc mirror new`. You can also set |
| 53 | +the umbilical roots using `-umbilical-roots`, which are otherwise blindly |
| 54 | +copied from the CA. |
| 55 | + |
| 56 | +Compressed umbilical |
| 57 | +-------------------- |
| 58 | +The plain `umbilical` evidence format will lead to many duplicated |
| 59 | +intermediate certificates. To save space, there is an alternate format |
| 60 | +`compressed_umbilical`. Evidence with the `compressed_umbilical` type |
| 61 | +has as `info` field set to the concatenation of the SHA256 hashes |
| 62 | +of each of the original ASN.1 DER encoded X.509 certificates. |
| 63 | + |
| 64 | +The certificates themselves are published in an `umbilical-certificates` |
| 65 | +file in each batch. The format of the `umbilical-certificates` file |
| 66 | +is described in `umbilical/frozencas/frozencas.go`. It basically |
| 67 | +concatenates the certificates and adds a simple index to look up |
| 68 | +a certificate by its SHA256 hash using interpolation search. |
| 69 | +(`frozencas` stands for *frozen content-addressed storage* btw.) |
| 70 | + |
| 71 | +An umbilical certificate does not have to appear in the `umbilical-certificates` |
| 72 | +file of the batch it's used in, but must appear in one of the batches within |
| 73 | +the window that ends at the current batch. |
| 74 | + |
| 75 | +The mirror accepts both umbilical and compressed umbilical evidence. |
| 76 | +When set to umbilical evidence policy, the MTCA will always use the |
| 77 | +compressed evidence format. |
0 commit comments