HTTP Working Group | E. Stark |
Internet-Draft | |
Intended status: Experimental | June 29, 2018 |
Expires: December 31, 2018 |
This document defines a new HTTP header field, named Expect-CT, that allows web host operators to instruct user agents to expect valid Signed Certificate Timestamps (SCTs) to be served on connections to these hosts. When configured in enforcement mode, user agents (UAs) will remember that hosts expect SCTs and will refuse connections that do not conform to the UA’s Certificate Transparency policy. When configured in report-only mode, UAs will report the lack of valid SCTs to a URI configured by the host, but will allow the connection. By turning on Expect-CT, web host operators can discover misconfigurations in their Certificate Transparency deployments and ensure that misissued certificates accepted by UAs are discoverable in Certificate Transparency logs.¶
Discussion of this draft takes place on the HTTP working group mailing list (ietf-http-wg@w3.org), which is archived at https://lists.w3.org/Archives/Public/ietf-http-wg/.¶
Working Group information can be found at http://httpwg.github.io/; source code and issues list for this draft can be found at https://github.com/httpwg/http-extensions/labels/expect-ct.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress”.¶
This Internet-Draft will expire on December 31, 2018.¶
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
This document defines a new HTTP header field that enables UAs to identify web hosts that expect the presence of Signed Certificate Timestamps (SCTs) [I-D.ietf-trans-rfc6962-bis] in future Transport Layer Security (TLS) [RFC5246] connections.¶
Web hosts that serve the Expect-CT HTTP header field are noted by the UA as Known Expect-CT Hosts. The UA evaluates each connection to a Known Expect-CT Host for compliance with the UA’s Certificate Transparency (CT) Policy. If the connection violates the CT Policy, the UA sends a report to a URI configured by the Expect-CT Host and/or fails the connection, depending on the configuration that the Expect-CT Host has chosen.¶
If misconfigured, Expect-CT can cause unwanted connection failures (for example, if a host deploys Expect-CT but then switches to a legitimate certificate that is not logged in Certificate Transparency logs, or if a web host operator believes their certificate to conform to all UAs’ CT policies but is mistaken). Web host operators are advised to deploy Expect-CT with caution, by using the reporting feature and gradually increasing the interval where the UA remembers the host as a Known Expect-CT Host. These precautions can help web host operators gain confidence that their Expect-CT deployment is not causing unwanted connection failures.¶
Expect-CT is a trust-on-first-use (TOFU) mechanism. The first time a UA connects to a host, it lacks the information necessary to require SCTs for the connection. Thus, the UA will not be able to detect and thwart an attack on the UA’s first connection to the host. Still, Expect-CT provides value by 1) allowing UAs to detect the use of unlogged certificates after the initial communication, and 2) allowing web hosts to be confident that UAs are only trusting publicly-auditable certificates.¶
Terminology is defined in this section.¶
The “Expect-CT” response header field is a new field defined in this specification. It is used by a server to indicate that UAs should evaluate connections to the host emitting the header field for CT compliance (Section 2.4).¶
Figure 1 describes the syntax (Augmented Backus-Naur Form) of the header field, using the grammar defined in [RFC5234] and the rules defined in Section 3.2 of [RFC7230].¶
Expect-CT = #expect-ct-directive expect-ct-directive = directive-name [ "=" directive-value ] directive-name = token directive-value = token / quoted-string
Figure 1: Syntax of the Expect-CT header field
Optional white space (OWS) is used as defined in Section 3.2.3 of [RFC7230]. token and quoted-string are used as defined in Section 3.2.6 of [RFC7230].¶
The directives defined in this specification are described below. The overall requirements for directives are:¶
The OPTIONAL report-uri directive indicates the URI to which the UA SHOULD report Expect-CT failures (Section 2.4). The UA POSTs the reports to the given URI as described in Section 3.¶
The report-uri directive is REQUIRED to have a directive value, for which the syntax is defined in Figure 2.¶
report-uri-value = absolute-URI
Figure 2: Syntax of the report-uri directive value
absolute-URI is defined in Section 4.3 of [RFC3986].¶
Hosts may set report-uris that use HTTP or HTTPS. If the scheme in the report-uri is one that uses TLS (e.g., HTTPS), UAs MUST check Expect-CT compliance when the host in the report-uri is a Known Expect-CT Host; similarly, UAs MUST apply HSTS if the host in the report-uri is a Known HSTS Host.¶
Note that the report-uri need not necessarily be in the same Internet domain or web origin as the host being reported about.¶
UAs SHOULD make their best effort to report Expect-CT failures to the report-uri, but they may fail to report in exceptional conditions. For example, if connecting to the report-uri itself incurs an Expect-CT failure or other certificate validation failure, the UA MUST cancel the connection. Similarly, if Expect-CT Host A sets a report-uri referring to Expect-CT Host B, and if B sets a report-uri referring to A, and if both hosts fail to comply to the UA’s CT Policy, the UA SHOULD detect and break the loop by failing to send reports to and about those hosts.¶
UAs SHOULD limit the rate at which they send reports. For example, it is unnecessary to send the same report to the same report-uri more than once.¶
The OPTIONAL enforce directive is a valueless directive that, if present (i.e., it is “asserted”), signals to the UA that compliance to the CT Policy should be enforced (rather than report-only) and that the UA should refuse future connections that violate its CT Policy. When both the enforce directive and report-uri directive (as defined in Figure 2) are present, the configuration is referred to as an “enforce-and-report” configuration, signalling to the UA both that compliance to the CT Policy should be enforced and that violations should be reported.¶
The max-age directive specifies the number of seconds after the reception of the Expect-CT header field during which the UA SHOULD regard the host from whom the message was received as a Known Expect-CT Host.¶
The max-age directive is REQUIRED to be present within an “Expect-CT” header field. The max-age directive is REQUIRED to have a directive value, for which the syntax (after quoted-string unescaping, if necessary) is defined in Figure 3.¶
max-age-value = delta-seconds delta-seconds = 1*DIGIT
Figure 3: Syntax of the max-age directive value
delta-seconds is used as defined in Section 1.2.1 of [RFC7234].¶
The following three examples demonstrate valid Expect-CT response header fields (where the second splits the directives into two field instances):¶
Expect-CT: max-age=86400, enforce Expect-CT: max-age=86400,enforce Expect-CT: report-uri="https://foo.example/report" Expect-CT: max-age=86400,report-uri="https://foo.example/report"
Figure 4: Examples of valid Expect-CT response header fields
This section describes the processing model that Expect-CT Hosts implement. The model has 2 parts: (1) the processing rules for HTTP request messages received over a secure transport (e.g., authenticated, non-anonymous TLS); and (2) the processing rules for HTTP request messages received over non-secure transports, such as TCP.¶
An Expect-CT Host includes an Expect-CT header field in its response. The header field MUST satisfy the grammar specified in Section 2.1.¶
Establishing a given host as an Expect-CT Host, in the context of a given UA, is accomplished as follows:¶
Expect-CT Hosts SHOULD NOT include the Expect-CT header field in HTTP responses conveyed over non-secure transport. UAs MUST ignore any Expect-CT header field received in an HTTP response conveyed over non-secure transport.¶
The UA processing model relies on parsing domain names. Note that internationalized domain names SHALL be canonicalized according to the scheme in Section 10 of [RFC6797].¶
The UA stores Known Expect-CT Hosts and their associated Expect-CT directives. This data is collectively known as a host’s “Expect-CT” metadata”.¶
If an HTTP response does not include an Expect-CT header field that conforms to the grammar specified in Section 2.1, then the UA MUST NOT update any Expect-CT metadata.¶
If the UA receives, over a secure transport, an HTTP response that includes an Expect-CT header field conforming to the grammar specified in Section 2.1, the UA MUST evaluate the connection on which the header field was received for compliance with the UA’s CT Policy, and then process the Expect-CT header field as follows.¶
If the connection does not comply with the UA’s CT Policy (i.e., the connection is not CT-qualified), then the UA MUST NOT update any Expect-CT metadata. If the header field includes a report-uri directive, the UA SHOULD send a report to the specified report-uri (Section 2.3.3).¶
If the connection complies with the UA’s CT Policy (i.e., the connection is CT-qualified), then the UA MUST either:¶
Upon receipt of the Expect-CT response header field over an error-free TLS connection (including the validation adding in Section 2.4), the UA MUST note the host as a Known Expect-CT Host, storing the host’s domain name and its associated Expect-CT directives in non-volatile storage.¶
To note a host as a Known Expect-CT Host, the UA MUST set its Expect-CT metadata given in the most recently received valid Expect-CT header field, as specified in Section 2.3.2.2.¶
For forward compatibility, the UA MUST ignore any unrecognized Expect-CT header field directives, while still processing those directives it does recognize. Section 2.1 specifies the directives enforce, max-age, and report-uri, but future specifications and implementations might use additional directives.¶
If the substring matching the host production from the Request-URI (of the message to which the host responded) does not congruently match an existing Known Expect-CT Host’s domain name, per the matching procedure specified in Section 8.2 of [RFC6797], then the UA MUST add this host to the Known Expect-CT Host cache. The UA caches:¶
If any other metadata from optional or future Expect-CT header directives are present in the Expect-CT header field, and the UA understands them, the UA MAY note them as well.¶
UAs MAY set an upper limit on the value of max-age, so that UAs that have noted erroneous Expect-CT hosts (whether by accident or due to attack) have some chance of recovering over time. If the server sets a max-age greater than the UA’s upper limit, the UA MAY behave as if the server set the max-age to the UA’s upper limit. For example, if the UA caps max-age at 5,184,000 seconds (60 days), and an Expect-CT Host sets a max- age directive of 90 days in its Expect-CT header field, the UA MAY behave as if the max-age were effectively 60 days. (One way to achieve this behavior is for the UA to simply store a value of 60 days instead of the 90-day value provided by the Expect-CT host.)¶
If the UA receives, over a secure transport, an HTTP response that includes an Expect-CT header field with a report-uri directive, and the connection does not comply with the UA’s CT Policy (i.e., the connection is not CT-qualified), and the UA has not already sent an Expect-CT report for this connection, then the UA SHOULD send a report to the specified report-uri as specified in Section 3.¶
When a UA sets up a TLS connection, the UA determines whether the host is a Known Expect-CT Host according to its Known Expect-CT Host cache. An Expect-CT Host is “expired” if the effective expiration date refers to a date in the past. The UA MUST ignore any expired Expect-CT Hosts in its cache and not treat such hosts as Known Expect-CT hosts.¶
When a UA connects to a Known Expect-CT Host using a TLS connection, if the TLS connection has no errors, then the UA will apply an additional correctness check: compliance with a CT Policy. A UA should evaluate compliance with its CT Policy whenever connecting to a Known Expect-CT Host, as soon as possible. However, the check can be skipped for local policy reasons (as discussed in Section 2.4.1), or in the event that other checks cause the UA to terminate the connection before CT compliance is evaluated. For example, a Public Key Pinning failure [RFC7469] could cause the UA to terminate the connection before CT compliance is checked. Similarly, if the UA terminates the connection due to an Expect-CT failure, this could cause the UA to skip subsequent correctness checks. When the CT compliance check is skipped or bypassed, Expect-CT reports (Section 3) will not be sent.¶
When CT compliance is evaluted for a Known Expect-CT Host, the UA MUST evaluate compliance when setting up the TLS session, before beginning an HTTP conversation over the TLS channel.¶
If a connection to a Known Expect-CT Host violates the UA’s CT policy (i.e., the connection is not CT-qualified), and if the Known Expect-CT Host’s Expect-CT metadata indicates an enforce configuration, the UA MUST treat the CT compliance failure as an error.¶
If a connection to a Known Expect-CT Host violates the UA’s CT policy, and if the Known Expect-CT Host’s Expect-CT metadata includes a report-uri, the UA SHOULD send an Expect-CT report to that report-uri (Section 3).¶
It is acceptable for a UA to skip CT compliance checks for some hosts according to local policy. For example, a UA may disable CT compliance checks for hosts whose validated certificate chain terminates at a user-defined trust anchor, rather than a trust anchor built-in to the UA (or underlying platform).¶
If the UA does not evaluate CT compliance, e.g., because the user has elected to disable it, or because a presented certificate chain chains up to a user-defined trust anchor, UAs SHOULD NOT send Expect-CT reports.¶
When the UA attempts to connect to a Known Expect-CT Host and the connection is not CT-qualified, the UA SHOULD report Expect-CT failures to the report-uri, if any, in the Known Expect-CT Host’s Expect-CT metadata.¶
When the UA receives an Expect-CT response header field over a connection that is not CT-qualified, if the UA has not already sent an Expect-CT report for this connection, then the UA SHOULD report Expect-CT failures to the configured report-uri, if any.¶
To generate a violation report object, the UA constructs a JSON [RFC8259] object with the following keys and values:¶
The UA SHOULD report an Expect-CT failure when a connection to a Known Expect-CT Host does not comply with the UA’s CT Policy and the host’s Expect-CT metadata contains a report-uri. Additionally, the UA SHOULD report an Expect-CT failure when it receives an Expect-CT header field which contains the report-uri directive over a connection that does not comply with the UA’s CT Policy.¶
The steps to report an Expect-CT failure are as follows.¶
Upon receiving an Expect-CT violation report, the report server MUST respond with a 2xx (Successful) status code if it can parse the request body as valid JSON and recognizes the hostname in the “hostname” field of the report. If the report body cannot be parsed or the report server does not expect to receive reports for the hostname in the “hostname” field, the report server MUST respond with a 4xx (Client Error) status code.¶
If the report’s “test-report” key is set to true, the server MAY discard the report without further processing but MUST still return a 2xx (Successful) status code.¶
When UAs support the Expect-CT header field, it becomes a potential vector for hostile header attacks against site owners. If a site owner uses a certificate issued by a certificate authority which does not embed SCTs nor serve SCTs via OCSP or TLS extension, a malicious server operator or attacker could temporarily reconfigure the host to comply with the UA’s CT policy, and add the Expect-CT header field in enforcing mode with a long max-age. Implementing user agents would note this as an Expect-CT Host (see Section 2.3.2.1). After having done this, the configuration could then be reverted to not comply with the CT policy, prompting failures. Note this scenario would require the attacker to have substantial control over the infrastructure in question, being able to obtain different certificates, change server software, or act as a man-in-the-middle in connections.¶
Site operators could themselves only cure this situation by one of: reconfiguring their web server to transmit SCTs using the TLS extension defined in Section 6.5 of [I-D.ietf-trans-rfc6962-bis], obtaining a certificate from an alternative certificate authority which provides SCTs by one of the other methods, or by waiting for the user agents’ persisted notation of this as an Expect-CT host to reach its max-age. User agents may choose to implement mechanisms for users to cure this situation, as noted in Section 7.¶
There is a security trade-off in that low maximum values provide a narrow window of protection for users that visit the Known Expect-CT Host only infrequently, while high maximum values might result in a denial of service to a UA in the event of a hostile header attack, or simply an error on the part of the site-owner.¶
There is probably no ideal maximum for the max-age directive. Since Expect-CT is primarily a policy-expansion and investigation technology rather than an end-user protection, a value on the order of 30 days (2,592,000 seconds) may be considered a balance between these competing security concerns.¶
Another kind of hostile header attack uses the report-uri mechanism on many hosts not currently exposing SCTs as a method to cause a denial-of-service to the host receiving the reports. If some highly-trafficked websites emitted a non-enforcing Expect-CT header field with a report-uri, implementing UAs’ reports could flood the reporting host. It is noted in Section 2.1.1 that UAs should limit the rate at which they emit reports, but an attacker may alter the Expect-CT header’s fields to induce UAs to submit different reports to different URIs to still cause the same effect.¶
Expect-CT can be used to infer what Certificate Transparency policy is in use, by attempting to retrieve specially-configured websites which pass one user agents’ policies but not another’s. Note that this consideration is true of UAs which enforce CT policies without Expect-CT as well.¶
Additionally, reports submitted to the report-uri could reveal information to a third party about which webpage is being accessed and by which IP address, by using individual report-uri values for individually-tracked pages. This information could be leaked even if client-side scripting were disabled.¶
Implementations must store state about Known Expect-CT Hosts, and hence which domains the UA has contacted.¶
Violation reports, as noted in Section 3, contain information about the certificate chain that has violated the CT policy. In some cases, such as organization-wide compromise of the end-to-end security of TLS, this may include information about the interception tools and design used by the organization that the organization would otherwise prefer not be disclosed.¶
Because Expect-CT causes remotely-detectable behavior, it’s advisable that UAs offer a way for privacy-sensitive users to clear currently noted Expect-CT hosts, and allow users to query the current state of Known Expect-CT Hosts.¶
This document registers the Expect-CT header field in the “Message Headers” registry located at https://www.iana.org/assignments/message-headers.¶
The MIME media type for Expect-CT violation reports is “application/expect-ct-report+json” (which uses the suffix established in [RFC6839]).¶
When the UA detects a Known Expect-CT Host in violation of the UA’s CT Policy, users will experience denials of service. It is advisable for UAs to explain the reason why.¶