IETF Logo Mail Archive

Re: [Last-Call] [EXTERNAL] Secdir last call review of draft-ietf-lamps-ocsp-nonce-update-04

Himanshu Sharma <himanshu@netskope.com> Tue, 09 April 2024 05:24 UTC

Return-Path: <himanshu@netskope.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D30DBC14F681 for <last-call@ietfa.amsl.com>; Mon, 8 Apr 2024 22:24:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.092
X-Spam-Level:
X-Spam-Status: No, score=-7.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netskope.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q7PL3SfZlOtE for <last-call@ietfa.amsl.com>; Mon, 8 Apr 2024 22:24:41 -0700 (PDT)
Received: from us-smtp-delivery-117.mimecast.com (us-smtp-delivery-117.mimecast.com [170.10.133.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BE80C14F708 for <last-call@ietf.org>; Mon, 8 Apr 2024 22:24:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netskope.com; s=mimecast20210603; t=1712640280; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=goVhDgBXJV8s7t3jHv1Uo2HwibmEetOd/fgebsUEMGU=; b=YFfaRTb/4V1g6+uFnRLxqxOtL6KZSls4FObVJx9tn7Q5jmXy+xjASSr6fDg0yL2vIC6KFO 17y0IcjL0knursJr6GgWUfYDqeifKicejQOY7VCkXo4+aqBxe+StMgzoP0n8L3zfGPn4+K zAA5ogQfKbGPxnECT8ODWBX4uEwiL6k=
Received: from mail-io1-f71.google.com (mail-io1-f71.google.com [209.85.166.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-682-MiRTzQZDMOOkOL91DoBm6Q-1; Tue, 09 Apr 2024 01:24:38 -0400
X-MC-Unique: MiRTzQZDMOOkOL91DoBm6Q-1
Received: by mail-io1-f71.google.com with SMTP id ca18e2360f4ac-7d5e515e162so187700139f.2 for <last-call@ietf.org>; Mon, 08 Apr 2024 22:24:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712640277; x=1713245077; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=EvyggTvawuajraQFiZTxaoVw1auRKMvln4g0bqd7PF0=; b=IH6S88rxtn7cznsnyMRWZGIGd5fssvCX9+w00nuz02Lc7eF8th77Uj5bkli+i4pRde P/KtQCl6KOuiS585FRZBgcVF8AgfHfz06/8/KFD0qsTpbVLGQD5KZ5Vc7AE3lMmP2WOo AVWCfPXVYoU5QtlZP5RTArrLPnIrkloD1CyUsTdtdAmAPuVNnNfX2JhP0+hrYuuCIM95 sDWafFCRL4OEtILlHbEt3D+Hqv3VTF5Os8WWtNxcXN2MbUCne/COEA/iK19lCBstSQfF w/wOu+OD4JK8W0U8eOvQyZefUDETxqqcbShzVF4QAxGetPxd/Bwuo/ONUkbPWD1wACLl lnxw==
X-Forwarded-Encrypted: i=1; AJvYcCWiThIaMX3qapFNr2QlB2l3AnqsplBgstiYs3438yaKB9Fi50pN8B0bHHf8l8ciY7B289LUoLZIlOSdP2kFqoQ59W4=
X-Gm-Message-State: AOJu0YwmVJhzrx1v59pv7fa5zdxcaHWAfmthTrxD27SROI6NSjAASFS6 bCe+twICtFLZeSxJFd/t/VcbNvHynOGHXMxILtdjkjAyBedVKYcyCTay1uIeXcjqcJBb8DyoKk/ Xdqpsbb1YaPQye/M4BTEfFJ/yi8frW1Nf/9EzmvhP/0MTmRO9GGMNimT9tgpL0PkOWaq/S5rimU CVmanahJlT3xeR9OyedcwMj7KZ
X-Received: by 2002:a05:6602:1a0a:b0:7d5:c7b6:ff10 with SMTP id bo10-20020a0566021a0a00b007d5c7b6ff10mr13271226iob.15.1712640277454; Mon, 08 Apr 2024 22:24:37 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHSceziOsBNipjtk87GxWJ5a8MwnB1EPqBRvaD2WZy8msMxVDa0RnqDysbX4P8Gg+At3KV1ret6ikyf
X-Received: by 2002:a05:6602:1a0a:b0:7d5:c7b6:ff10 with SMTP id bo10-20020a0566021a0a00b007d5c7b6ff10mr13271215iob.15.1712640277143; Mon, 08 Apr 2024 22:24:37 -0700 (PDT)
Received: from netskope.com ([163.116.131.242]) by smtp-relay.gmail.com with ESMTPS id s8-20020a5e9808000000b007d5ebe0340dsm146482ioj.11.2024.04.08.22.24.36 for <last-call@ietf.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Apr 2024 22:24:37 -0700 (PDT)
X-Relaying-Domain: netskope.com
Received: by mail-pl1-f199.google.com with SMTP id d9443c01a7336-1e2bb241663so39622755ad.1 for <last-call@ietf.org>; Mon, 08 Apr 2024 22:24:36 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCW1/2xeO964SlePzq/9xtYP3Cu3i9dNpLZduCJbTkYRy0GCg9hD+BtX9JGmYAq3i2KUf154GHW+1tMVYRw9sGTaugU=
X-Received: by 2002:a17:903:2312:b0:1e4:3c7f:c060 with SMTP id d18-20020a170903231200b001e43c7fc060mr5099222plh.66.1712640275628; Mon, 08 Apr 2024 22:24:35 -0700 (PDT)
X-Received: by 2002:a17:903:2312:b0:1e4:3c7f:c060 with SMTP id d18-20020a170903231200b001e43c7fc060mr5099202plh.66.1712640275214; Mon, 08 Apr 2024 22:24:35 -0700 (PDT)
MIME-Version: 1.0
References: <171191291059.15585.6093566049458714751@ietfa.amsl.com> <CAL9pJ7m=FWWwmXt0qBE_EAYtj19HRBDpnUdgq1rvOBpw37xJeg@mail.gmail.com>
In-Reply-To: <CAL9pJ7m=FWWwmXt0qBE_EAYtj19HRBDpnUdgq1rvOBpw37xJeg@mail.gmail.com>
From: Himanshu Sharma <himanshu@netskope.com>
Date: Mon, 08 Apr 2024 22:24:23 -0700
Message-ID: <CAL9pJ7kQJ9_7tgV_qArWLBMGSfd_2dgs6dGEQ4Ex4UHKZV8+uQ@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
Cc: secdir@ietf.org, draft-ietf-lamps-ocsp-nonce-update.all@ietf.org, last-call@ietf.org, spasm@ietf.org
x-netskope-inspected: true
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: netskope.com
Content-Type: multipart/alternative; boundary="0000000000003bd2a80615a323ca"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/FhfbWbPzYMNCTP1dzZsGISSSqPE>
Subject: Re: [Last-Call] [EXTERNAL] Secdir last call review of draft-ietf-lamps-ocsp-nonce-update-04
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2024 05:24:45 -0000

Hi Joseph
    In case the updated I-D was missed, I am trying to put the email on top.
Here I am summarizing our off-line discussion so that everyone in the group
will be on the same page.

[Joe] So 32 bytes will hopefully help interoperability.
[HS] Yes, I mentioned and explained the decision and discussion related to
RFC8954 and keeping the same Nonce length recommendation (32 bytes) for
interoperability purposes. I believe that the concern related to length of
32 bytes has been addressed.


[Joe] I think it is better to have a MUST.  It should result in better
interoperability.  (referring the section 2.1 para 2)
[HS] I have updated I-D to version 05 to include the "MUST" inplace of
"SHOULD"  As per your feedback and discussion.
Now I-D 05 mentions
"An OCSP client that implements this document MUST use a minimum
   length of 32 octets for Nonce octets in the Nonce extension. "


[Joe] With current deployed behavior servers can choose not to support the
nonce extension and ignore it.  For servers that do support the nonce
extension would it be acceptable to say that they have to respond to the
nonce extension if it is between 16 and 128 bytes? Or are there servers
that will just ignore nonces greater that 32 bytes (instead of sending an
error).
[HS] With this Draft we are making sure that the server that supports
Nonce, MUST support the nonce between 16-32  and may choose to ignore the
nonce between 1-to-16 and 33-to-128 bytes.


[Joe] What do clients typically do if they do not get a nonce in response,
do they reject the response?"
[HS] Most of the clients just log a warning message and accept
the response. As few public responders do not support nonce for performance
reasons.


I believe the I-D 05 version  (
https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce-update/05/)
addresses your concerns. Please let me know if there is any outstanding
concern that I can answer.

-Himanshu


On Thu, Apr 4, 2024 at 11:58 AM Himanshu Sharma <himanshu@netskope.com>
wrote:

> Hi Joseph,
>   As discussed offline, explained and agreed upon the reason for choosing
> the 32 bytes primarily for backward compatibility, and explained about the
> behavior of ocsp client in case of response that doesn't contain nonce from
> responder.
> I have updated the ID (
> https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce-update/05/)
> according to your and other reviewr's suggestions.
> Russ helped in verification of ASN.1 modules and it compiles fine.
>
> I believe it satisfies all the outstanding questions.
>  Please let me know if there are still any outstanding questions that I
> can answer in order to get the approval.
>
> Thanks
> Himanshu
>
>
>
>
> On Sun, Mar 31, 2024 at 12:21 PM Joseph Salowey via Datatracker <
> noreply@ietf.org> wrote:
>
>> Reviewer: Joseph Salowey
>> Review result: Has Issues
>>
>> I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the
>> IESG. These comments were written primarily for the benefit of the
>> security area directors. Document editors and WG chairs should treat
>> these comments just like any other last call comments.
>>
>> The summary of the review is has issues.  I'm probably just missing some
>> history/context, here are the items that stood out.
>>
>> 1. The document states "An OCSP client that implements this document
>> SHOULD use
>> a minimum length of 32 octets for Nonce octets in the Nonce extension."
>> How
>> was the minimum of 32 bytes chosen? This seems like it might be longer
>> than
>> necessary. Is there a security reason for this or a different reason?
>> Later in
>> the document it states receiver MUST accept at least 16 octets.
>>
>> 2. In addition, the SHOULD should say when it is acceptable not to follow
>> it.
>> When is it OK for an implementation to send less than 32 bytes?  For
>> example,
>> you could rephrase this as "clients MUST use a minimum length of 32 octets
>> unless they are configured to interoperate with a OCSP responder that
>> requires
>> a shorter nonce length or ... ".  Also if a client uses more than 32 bytes
>> their request may be ignored.
>>
>> 3. An 8954 server will respond to greater than 32 octet nonce with a
>> malformedRequest. The client can report this and indicate that perhaps it
>> needs
>> to be configured to talk to an 8954 server. The text goes further to say
>> that
>> the server MAY ignore nonces greater than 32 and less than 16 octets.
>> Does this
>> mean that the response does not contain the nonce? What should the client
>> do in
>> this case? Why even allow responders to ignore a nonce that is greater
>> than 32
>> octets?
>>
>> 4. I took a look at the ASN.1, it looks OK to me, but I'm a bit rusty. I
>> assume
>> that it was reviewed by the working group, it not then someone with more
>> recent
>> ASN.1 experience should look at it.
>>
>>
>>

v2.23.0 | Report a Bug | By Email