Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2560bis-15
"Black, David" <david.black@emc.com> Wed, 27 March 2013 14:30 UTC
Return-Path: <david.black@emc.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06EB721F912B; Wed, 27 Mar 2013 07:30:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m2q0N1G6T0yz; Wed, 27 Mar 2013 07:30:46 -0700 (PDT)
Received: from mexforward.lss.emc.com (hop-nat-141.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id EC75E21F9140; Wed, 27 Mar 2013 07:30:34 -0700 (PDT)
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r2REUA3S027507 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 27 Mar 2013 10:30:11 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd01.lss.emc.com [10.254.221.251]) by hop04-l1d11-si02.isus.emc.com (RSA Interceptor); Wed, 27 Mar 2013 10:30:05 -0400
Received: from mxhub32.corp.emc.com (mxhub32.corp.emc.com [128.222.70.172]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r2REU2uG005177; Wed, 27 Mar 2013 10:30:03 -0400
Received: from mx15a.corp.emc.com ([169.254.1.81]) by mxhub32.corp.emc.com ([128.222.70.172]) with mapi; Wed, 27 Mar 2013 10:30:02 -0400
From: "Black, David" <david.black@emc.com>
To: Stefan Santesson <stefan@aaa-sec.com>, "sts@aaa-sec.com" <sts@aaa-sec.com>, "mmyers@fastq.com" <mmyers@fastq.com>, "ambarish@gmail.com" <ambarish@gmail.com>, "slava.galperin@gmail.com" <slava.galperin@gmail.com>, "cadams@eecs.uottawa.ca" <cadams@eecs.uottawa.ca>, "gen-art@ietf.org" <gen-art@ietf.org>
Date: Wed, 27 Mar 2013 10:30:01 -0400
Thread-Topic: Gen-ART review of draft-ietf-pkix-rfc2560bis-15
Thread-Index: Ac4q4WTuNCfXXbFoRiakprKeTlGimgAFVYQg
Message-ID: <8D3D17ACE214DC429325B2B98F3AE71293D36628@MX15A.corp.emc.com>
References: <8D3D17ACE214DC429325B2B98F3AE71293D36522@MX15A.corp.emc.com> <CD7892BF.5EC93%stefan@aaa-sec.com>
In-Reply-To: <CD7892BF.5EC93%stefan@aaa-sec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
X-Mailman-Approved-At: Thu, 28 Mar 2013 07:33:50 -0700
Cc: "pkix@ietf.org" <pkix@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "Black, David" <david.black@emc.com>
Subject: Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2560bis-15
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2013 14:30:48 -0000
Hi Stefan, > Does this answer your question? Yes, please add some of that explanation to the next version of the draft ;-). Coverage of existing responder behavior/limitations (important "running code" concerns, IMHO) and alternatives to using "revoked" ("have a number of tools to prevent the client from accepting a bad certificate") seem particularly relevant. Thanks, --David > -----Original Message----- > From: Stefan Santesson [mailto:stefan@aaa-sec.com] > Sent: Wednesday, March 27, 2013 7:44 AM > To: Black, David; sts@aaa-sec.com; mmyers@fastq.com; ambarish@gmail.com; > slava.galperin@gmail.com; cadams@eecs.uottawa.ca; gen-art@ietf.org > Cc: pkix@ietf.org; Sean Turner; ietf@ietf.org > Subject: Re: Gen-ART review of draft-ietf-pkix-rfc2560bis-15 > > Hi David, > > Yes I missed to respond to that aspect. > > This is a bit complicated, but we have a large legacy to take into account > where some responders implements just RFC 2560, while some deliver > pre-generated responses according to RFC 5019 (Light-weight OCSP). LW > responders are not capable of producing a signed response at the time of > responding and in case such responder finds a request for a certificate > where no pre-produced response exists, it will reply with an unsigned > error response "unauthorized", which also is a legitimate way to respond. > So the actual OCSP responder may actually know that the certificate was > never issued, but since it delivers pre-produced responder through a CDN, > it can not provide a revoked response in real time. > > So the major aim with the current writing is to declare that the revoked > response is a MAY because there are other valid alternatives. > > We also want to avoid putting down a SHOULD respond revoked if a > certificate is known to be not-issued, because that would require us to > define what "known to be non-issued" actually means. And that could be > quite tricky as OCSP responders by no means are required to have this > knowledge. > > The OCSP responder simply have a number of tools to prevent the client > from accepting a bad certificate. > This update of OCSP simply allows responders to use the "revoked" response > as a preventive measure, without mandating it. > > This is also related to activities in the CA Browser Forum where they put > down requirements on responders complying with CAB rules to not respond > "good" to certificates that were never issued. > With this update in OCSP, they can now mandate in their policies both the > fact that their responders MUST know if a certificate was never issued and > MUST respond "revoked". > > So we allow other communities to raise the bar even if the base standard > defines the response as optional. > > In theory we could possibly say that responding revoked is optional, but > if you choose between revoked and unknown then you SHOULD favour revoked > over unknown. But such nested requirements just feels bad and impossible > to test compliance against. I'd much rather just leave it optional. I > think the Note gives a clear recommendation on this and the rationale > without spelling it out as a requirement. > > Does this answer your question? > > > On 3/27/13 12:51 AM, "Black, David" <david.black@emc.com> wrote: > > >Hi Stefan, > > > >This looks good - thank you for the prompt response. > > > >It looks like my speculation on item [1] was wrong, so could you respond > >to the question below, please?: > > > >> >[1] Section 2.2: > >> > > >> > NOTE: The "revoked" state for known non-issued certificate serial > >> > numbers is allowed in order to reduce the risk of relying > >> > parties using CRLs as a fall back mechanism, which would be > >> > considerably higher if an "unknown" response was returned. > >> > > >> >Given this explanation, I'm surprised that the use of "revoked" > >>instead of > >> >"unknown" for a known non-issued certificate is a "MAY" requirement and > >> >not a "SHOULD" requirement. Why is that the case? > > > >-------------- > > > >Beyond that, the proposed actions (or proposed non-actions) on items > >[2]-[5] > >are fine with me, Sean's taken care of the author permissions item from > >idnits, and I assume someone has or will check the ASN.1 . > > > >Thanks, > >--David > > > >> -----Original Message----- > >> From: Stefan Santesson [mailto:stefan@aaa-sec.com] > >> Sent: Monday, March 25, 2013 10:21 PM > >> To: Black, David; sts@aaa-sec.com; mmyers@fastq.com; ambarish@gmail.com; > >> slava.galperin@gmail.com; cadams@eecs.uottawa.ca; gen-art@ietf.org > >> Cc: pkix@ietf.org; Sean Turner; ietf@ietf.org > >> Subject: Re: Gen-ART review of draft-ietf-pkix-rfc2560bis-15 > >> > >> Hi David, > >> > >> Thanks for the review. > >> My reply in line. > >> > >> On 3/26/13 1:25 AM, "Black, David" <david.black@emc.com> wrote: > >> > >> >Authors, > >> > > >> >I am the assigned Gen-ART reviewer for this draft. For background on > >> >Gen-ART, please > >> >see the FAQ at > >><http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. > >> > > >> >Please resolve these comments along with any other Last Call comments > >>you > >> >may receive. > >> > > >> >Document: draft-ietf-pkix-rfc2560bis-15 > >> >Reviewer: David L. Black > >> >Review Date: March 25, 2013 > >> >IETF LC End Date: March 27, 2013 > >> > > >> >Summary: > >> >This draft is on the right track but has open issues, described in the > >> >review. > >> > > >> >This draft updates the OCSP protocol for obtaining certificate status > >> >with some minor extensions. > >> > > >> >Because this is a "bis" draft, I reviewed the diffs against RFC 2560. > >> > > >> >I did not check the ASN.1. I also did not see a writeup for this draft > >> >in the data tracker, and so will rely on the document shepherd to > >> >ensure that the ASN.1 has been checked when the writeup is prepared. > >> > > >> >I found five open issues, all of which are minor, plus one idnits item > >> >that is probably ok, but should be double-checked. > >> > > >> >Minor issues: > >> > > >> >[1] Section 2.2: > >> > > >> > NOTE: The "revoked" state for known non-issued certificate serial > >> > numbers is allowed in order to reduce the risk of relying > >> > parties using CRLs as a fall back mechanism, which would be > >> > considerably higher if an "unknown" response was returned. > >> > > >> >Given this explanation, I'm surprised that the use of "revoked" > >>instead of > >> >"unknown" for a known non-issued certificate is a "MAY" requirement and > >> >not a "SHOULD" requirement. Why is that the case? > >> > > >> >It appears that the reason is that the use of "revoked" in this > >>situation > >> >may be dangerous when serial numbers can be predicted for certificates > >> >that > >> >will be issued in the future. If that's what's going on, this concern > >>is > >> >already explained in the security considerations section, but it should > >> >also be mentioned here for completeness. > >> > >> No, this is not the main reason. The main reason is the one stated as a > >> Note: in this section: > >> > >> NOTE: The "revoked" state for known non-issued certificate serial > >>numbers > >> is allowed in order to reduce the risk of relying parties using CRLs as > >>a > >> fall back mechanism, which would be considerably higher if an "unknown" > >> response was returned. > >> > >> > >> > > >> >[2] Section 4.2.2.2: > >> > > >> > The key that signs a certificate's status information need not be the > >> > same key that signed the certificate. It is necessary however to > >> > ensure that the entity signing this information is authorized to do > >> > so. Therefore, a certificate's issuer MAY either sign the OCSP > >> > responses itself or it MAY explicitly designate this authority to > >> > another entity. > >> > > >> >The two instances of "MAY" in the above text were both "MUST" in RFC > >>2560. > >> > > >> >The RFC 2560 text construction of "MUST" or "MUST" is a bit odd, but > >>the two > >> >"MAY"s in this draft are even worse, as they allow "MAY do something > >>else > >> >entirely", despite being enclosed in an either-or construct. I > >>strongly > >> >suspect that the latter was not intended, so the following would be > >> >clearer: > >> > > >> > The key that signs a certificate's status information need not be the > >> > same key that signed the certificate. It is necessary however to > >> > ensure that the entity signing this information is authorized to do > >> > so. Therefore, a certificate's issuer MUST do one of the following: > >> > - sign the OCSP responses itself, or > >> > - explicitly designate this authority to another entity. > >> > >> > >> I Agree. I will adopt your text. > >> > >> > > >> >[3] Section 4.3: > >> > > >> >Is the "SHOULD" requirement still appropriate for the DSA with SHA-1 > >>combo > >> >(vs. a "MAY" requirement)? This requirement was a "MUST" in RFC 2560, > >>but > >> >I wonder about actual usage of DSA in practice. > >> > >> The change in algorithm requirements was provided by RFC 6277, and > >>further > >> refined in this draft in accordance with requests from Sean Turner. > >> > >> > > >> >[4] Section 5, last paragraph: > >> > > >> > Responding a "revoked" state to certificate that has never been > >> > issued may enable someone to obtain a revocation response for a > >> > certificate that is not yet issued, but soon will be issued, if the > >> > CA issues certificates using sequential certificate serial number > >> > assignment. > >> > > >> >The above text after starting with the "if" is too narrow - it should > >>say: > >> > > >> > if the certificate serial number of the certificate that > >> > will be issued can be predicted or guessed by the requester. > >> > Such prediction is easy for a CA that issues certificates > >> > using sequential certificate serial number assignment. > >> > > >> >There's also a nit in original text - its first line should be: > >> > > >> > Responding with a "revoked" state for a certificate that has never > >>been > >> > >> Good suggestions. I will update accordingly. > >> > >> > > >> >[5] Section 5.1.1: > >> > > >> > In archival applications it is quite possible that an OCSP responder > >> > might be asked to report the validity of a certificate on a date in > >> > the distant past. Such a certificate might employ a signing method > >> > that is no longer considered acceptably secure. In such > >> > circumstances the responder MUST NOT generate a signature using a > >> > signing mechanism that is not considered acceptably secure. > >> > > >> >This could use an additional warning that certificate archival should > >> >not rely solely on signatures in archived certificates for ensuring the > >> >validity and integrity of the archived certificates because the > >>signature > >> >algorithm(s) may transition to no longer being considered acceptably > >> >secure at some point after the certificates are archived. > >> > >> This note if I remember correctly is imported from RFC 6277, which is > >> incorporated into this document. The reason behind the text is only to > >> avoid usages of insecure algorithms. > >> Historical validation is a real can of worms that I really would like to > >> keep a tight lid on. I really want to avoid doing recommendations in > >>this > >> space as it may trigger a whole flood of things that could be equally > >> important to say about this subject. > >> > >> > > >> >Nits: > >> > > >> >idnits 2.12.15 said: > >> > > >> > -- The document seems to lack a disclaimer for pre-RFC5378 work, but > >>may > >> > have content which was first submitted before 10 November 2008. > >>If > >> >you > >> > have contacted all the original authors and they are all willing > >>to > >> >grant > >> > the BCP78 rights to the IETF Trust, then this is fine, and you can > >> >ignore > >> > this comment. If not, you may need to add the pre-RFC5378 > >> >disclaimer. > >> > (See the Legal Provisions document at > >> > http://trustee.ietf.org/license-info for more information.) > >> > > >> >This looks like it's ok because all the authors of RFC 2560 are also > >> >authors of > >> >this draft, but it should be double-checked. > >> > >> > >> I defer this one to Sean. I think he has this one under control. > >> > >> > >> Thanks again for the review. > >> > >> /Stefan > >> > >> > >> > > >> >Thanks, > >> >--David > >> >---------------------------------------------------- > >> >David L. Black, Distinguished Engineer > >> >EMC Corporation, 176 South St., Hopkinton, MA 01748 > >> >+1 (508) 293-7953 FAX: +1 (508) 293-7786 > >> >david.black@emc.com Mobile: +1 (978) 394-7754 > >> >---------------------------------------------------- > >> > > >> > > >> > >> > > > >
- [pkix] Gen-ART review of draft-ietf-pkix-rfc2560b… Black, David
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Sean Turner
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
- [pkix] Gen-ART review of draft-ietf-pkix-rfc2560b… Black, David
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
- [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Stefan Santesson
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Andris Berzins
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Andris Berzins
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Stefan Santesson
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Martin Rex
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Martin Rex
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Sean Turner
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Sean Turner
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Sean Turner
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
- Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson