Summary RE: Last Call: Qualified Certificates
"Stefan Santesson" <stefans@microsoft.com> Fri, 19 December 2003 16:15 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA14444 for <pkix-archive@lists.ietf.org>; Fri, 19 Dec 2003 11:15:51 -0500 (EST)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBJEejib053080 for <ietf-pkix-bks@above.proper.com>; Fri, 19 Dec 2003 06:40:45 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBJEejGP053079 for ietf-pkix-bks; Fri, 19 Dec 2003 06:40:45 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail-dub.microsoft.com (mail-dub.microsoft.com [213.199.128.160]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBJEehib053069 for <ietf-pkix@imc.org>; Fri, 19 Dec 2003 06:40:44 -0800 (PST) (envelope-from stefans@microsoft.com)
Received: from dub-imc-01.europe.corp.microsoft.com ([65.53.196.35]) by mail-dub.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 19 Dec 2003 14:40:39 +0000
Received: from 65.53.196.35 by dub-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 19 Dec 2003 14:40:39 -0000
Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by dub-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 19 Dec 2003 14:40:39 +0000
X-MimeOLE: Produced By Microsoft Exchange V6.5.7122.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: Summary RE: Last Call: Qualified Certificates
Date: Fri, 19 Dec 2003 14:40:33 -0000
Message-ID: <0C3042E92D8A714783E2C44AB9936E1D9B6928@EUR-MSG-03.europe.corp.microsoft.com>
Thread-Topic: Summary RE: Last Call: Qualified Certificates
Thread-Index: AcOpWeAvu40TVwStQ5q0olJdw3pUXAc3EhGQ
From: Stefan Santesson <stefans@microsoft.com>
To: jimsch@exmsft.com, Tim Polk <tim.polk@nist.gov>
Cc: ietf-pkix@imc.org
X-OriginalArrivalTime: 19 Dec 2003 14:40:39.0455 (UTC) FILETIME=[12583AF0:01C3C63E]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hBJEeiib053074
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit
I try to summarize the issues and their resolution to see if we all can
live with this. I exclude the typo remarks.
Issue 1: use of term "Private extensions"
Resolution: We will change and just talk about extensions
Issue 2: Exclude ASN.1 other than ASN.1 in 1988 syntax.
Resolution: We will keep the 1997 syntax as informative, as approved by
Russ.
Issue 3: New section stating changes from RFC 3039
Resolution: Section will be added
Issue 4: Defining granularity of Date of birth
Resolution: We conclude that the best solution would have been if we
just defined a raw text format from the beginning, independent of
GenerelizedTime. That is to late now though, since this attribute
already in use. The problem is that display of a date specified in this
format may be changed to another date due to adjustments for timezones.
The only time that will cause the same date display regardless of
timezone is 12.00.00 GMT. We will therefore recommend the time to be set
to 12.00.00 including second. We also recommend that clients parsing
this attribute should ignore any time data and display just the date
without any adjustment for local time zone.
Issue 5: countryOfResidence and countryOfCitizenship. Multi valued
attributes or Multipple occurance of single valued attributes or
requirement to include just 1 value in a certificate.
Resolution: We don't want to restrict to 1 country value for any of
these attributes. Neither do we want to forbid any variant to include
multiple countries. We do however want to RECOMMEND attribute values to
be repeated as multiple occurrences of single valued attributes, if more
than one value is to be included.
Issue 6: What is hashed in a graphic picture of biometric info?
Resolution: The whole file should be hashed. We will use the same
wording as the new logotype RFC but we will not enhance or change the
ASN.1 structure since this extension is being deployed.
Issue 7: Updating the qcStatement-1 for the new RFC
Resolution: Yes we should define a new OID for compliance with V2 of
this standard, which then also will help indicate the updated/clarified
semantics of the subject Directory attributes.
Issue 8: Optional absence of statementInfo of qcStatament for the
predefined statement
Resolution: We think this is syntactically defined in 3.2.5 but we are
willing to add a clarifying sentence in 3.2.5.1 as well.
Issue 9: Changing the pretty name of the ASN.1 module.
Resolution: We want to follow the praxis of other RFC:s in this area and
keep the name with a new OID. Why wouldn't that work for this standard
when it works for RFC 3280?
I hope this is OK for everyone
If so we will issue a new draft with these changes ASAP.
/Stefan
>
> 3. New section 1.1 is required to be added stating the differences
> between this document and 3039
>
> 4. Section 2, para 2:
> The text "where the certificate meet some qualification
> requirements" should be imported to either "certificates meet" or
> "certificate meets"
>
> 5. Section 2, bullet item 3: Suggest new text of
> "- Definition of usage for the key usage extension in Qualified
> Certificates.."
>
> 6. Section 3.2.1 - DateOfBirth SHOULD state the proper encoding to be
> used. I.E. are we looking for seconds, minutes or hours or just DATE
in
> the GeneralTime field?
>
> 7. Section 3.2.1 - countryOfResidence and countryOfCitizenship - If
you
> have multiple countrys to be listed, should this be a multi-value item
> or should there be two distinct attributes? (Alternatively should this
> be restricted back to a single attribute with a single value - i.e you
> can only list one of your countries of citizenship.)
>
> 8. Section 3.2.4 - This is something that I have no experence with.
If
> you look at a jpeg, bitmap or other type if image, who defines what is
> considred to be a label and what is considered to be the image data?
> What is done in this case about different sized images?
>
> 9. Section 3.2.5.1 - I would like to know the reason that
qcstatement-1
> has not been updated to a new OID. This is a new draft document with
> some different semantics than 3039. Are these changes all suffiently
> small that a new policy is not needed?
>
> 10. Sectin 3.2.5.1 - I have decided to put the predefined statement
into
> my QC. After reading this document I understand that what I want
> stearts as follows:
>
> EXTENSION { id-pe-qcStatements,
> { id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
> In this case I don't have asemanticsIdentifier created by the
document,
> so I must be incoluding the NameRegistrationAuthorities otion.
However
> I don't know if what goes here is the pkix working group name or some
> other value.
>
> 11. Sectin A.1 - I suggest changing the pretty name to
> PKIXqualified88-03 to distinquish from rfc3039.
>
>
>
> jim
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBUAQZib052433 for <ietf-pkix-bks@above.proper.com>; Tue, 30 Dec 2003 02:26:35 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBUAQZim052432 for ietf-pkix-bks; Tue, 30 Dec 2003 02:26:35 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp1.fre.skanova.net (smtp1.fre.skanova.net [195.67.227.94]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBUAQXib052427 for <ietf-pkix@imc.org>; Tue, 30 Dec 2003 02:26:34 -0800 (PST) (envelope-from anders.rundgren@telia.com)
Received: from arport (t12o913p34.telia.com [213.64.28.154]) by smtp1.fre.skanova.net (8.12.10/8.12.10) with SMTP id hBUAQBYT019607; Tue, 30 Dec 2003 11:26:17 +0100 (CET)
Message-ID: <004501c3cebe$b4db12b0$0500a8c0@arport>
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: "Marc Poulaud" <marc.poulaud@i-solve.co.uk>, "Stephen Kent" <kent@bbn.com>
Cc: <ietf-pkix@imc.org>
References: <PCEFJNAPLMIBHBMBCGJFKENPDLAA.marc.poulaud@i-solve.co.uk> <p06020404bc1653dc01c8@[128.89.89.75]>
Subject: Re: IDPKC
Date: Tue, 30 Dec 2003 11:21:25 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Steve,
That was a truly brilliant analysis of IDPKC!
It would however be nice to get a similarly educated analysis of
PKI in the form you have more faith in. Like how you actually can
build shrink-wrapped, reliable, and user-friendly RP software based
on standards having the following characteristics:
"RFC3280 [6] when taken to its extreme by exploring all possible
valid uses, allows each EE certificate to be an entirely unique
object with no relationship to other EE certificates belonging
to the same PKI hierarchy, except for sharing a common trust
anchor. That is, a single CA may vouch for an arbitrary number
of different certificate policies. CAs conforming to RFC3280
may also deploy subject DNs that may only be locally unique for
the CA, potentially creating name space conflicts between
different CAs. In spite of the availability of X.509 policy
extensions, limited efforts have been made to establish a common
set of certificate policy identifiers, further complicating the
handling of multiple CAs by relying parties"
Hoping for a better 2004 with more mutual understanding
Anders R
----- Original Message -----
From: "Stephen Kent" <kent@bbn.com>
To: "Marc Poulaud" <marc.poulaud@i-solve.co.uk>
Cc: <ietf-pkix@imc.org>
Sent: Monday, December 29, 2003 23:45
Subject: Re: IDPKC
At 16:29 +0000 12/16/03, Marc Poulaud wrote:
>Hi,
>
>Appreciating this a PKI group, I wanted to know if there is any knowledge
>of, or experience in IDPKC vs PKI. My intention is not to start a
>religious war, but just understand if there is anything approaching a
>consensus view. Also, does anybody know of any real/serious
>implementations of IDPKC. I'll take private emails, if people feel it's
>off topic.
>
>Marc.
>iSolve Ltd.
Marc,
Pardon this belated response.
One should put identity-based PKC (IDPKC) in perspective. The concept
dates back to the mid-1980's when Adi Shamir first proposed the
problem of deriving a key pair from an identifier, e.g., an e-mail
address. Several methods of doing this were developed over the next
15 years, the most recent work is by Dan Boneh and his colleagues. It
is arguably the most sophisticated from a crypto perspective, and the
commercial, e-mail product based on their work also is the best in
terms of solving some of the problems present in previous work.
However, there are some limitations in all of these approaches, which
I comment upon below.
First, in any large environment characterized by multiple
administrative "domains," there is a need to have multiple CAs. No
one CA will suffice to issue certs for all users. All IDPKC
mechanisms rely on the ability of the sender of a message (I'll use
the e-mail example here) to acquire some public values that are
unique to the CA that serves the user to whom the mail is being sent.
So, there has to be a way to securely acquire these public
parameters, and to know which CA serves which users. This is
generally equivalent to the problem of acquiring the right CA cert
for the user. Only if the CAs align EXACTLY with the name space for
the users would the problem be easier in the IDPKC context.
(Personally I would prefer such alignment, but in practice it rarely
happens!) Note that this characteristic is essential, because if one
uses the wrong parameters, the e-mail will be decipherable by the CA
whose parameters were used! So, in this part of the problem, it is
not clear that IDPKC is a big win, because it would seem necessary,
in general, to have some cert-like mechanism to securely distribute
the CA public values, and to somehow bind each user to the CA that
serves him/her.
Once one has the right set of parameters for the user in question,
one can input the name of the user, e.g., his e-mail address, and
generate the user's public key. but, this simple model does not work
well, because it implies a need to change one's e-mail address to
deal with compromise! So, IDPKC schemes have to add some parameter to
the key generation process to accommodate the desire to keep the
e-mail address constant while changing the key pair. The best
solution I've seen for this problem (thanks for Boneh, et al.) is to
use the current date as an additional input to the key generation
process. This provides a very reasonable window for revocation,
analogous to what one gets with daily CRL distribution, but without
the need to push the CRLs or to contact OCSP servers on a daily basis.
Of course, there is no free lunch. The implication of the daily key
pair change is that the users of a CA must receive new private keys
from the CA on a daily basis, in order to be able to decipher
incoming e-mail. One can argue about the magnitude of this problem,
vs. the CRL and cert distribution problem. In the IDPKC case, one has
to deliver private keys to all users served by a given CA daily, or
allow these users to fetch the keys (for the current day and some set
of prior days). These are private keys, so they need to be encrypted
independently for each user. In a PKI, a CA has to make the certs and
CRLs for its clients available to everyone who wants to communicate
with the clients, presumably a much larger population. But, the
certs are generally fairly static (e.g., annual or biannual renewal)
and the certs and CRLs are signed public info that can be stored
anywhere. So it is hard to say which problem is easier to solve, and
there may not be one answer for all contexts.
The CAs in an IDPKC act as key escrow agents, implicitly, and may
have to hold onto private keys for at least a moderate period of
time, to allow users to retrieve and decrypt mail that arrived when
the users were away or otherwise unable to acquire new keys. In
contrast, in a traditional PKI, a user may generate a key pair and
never disclose the private key to anyone, even his CA. So there are
significant differences in the security offered for private keys in
these two models, especially if the PKI makes use of hardware crypto
tokens that generate their own key pairs.
Finally, what about signatures? I have not looked at what Boneh
proposed for signatures, but in general signature
generation/validation pose opposite problems from
encryption/decryption. A sender needs his private signature key to
sign each message, and the receiver needs to be able to verify that
the key is authentic and not-revoked. IDPKC does not seem to be so
well suited to the signature verification problem. if signature keys
are managed the same way as encryption keys, then every recipient of
a signed message needs to acquire the current, public signature key
for the sender, which imposes a serious burden on distributing these
keys if one does not use certs. Also, if a signature key is
discovered to have been compromised AFTER a recipient retrieved it,
how does the recipient learn of this? With CRLs a CA can add an entry
when a "late discovery compromise" occurs, and depending on when the
signed data is processed, this late entry might suffice to warn the
receiver.
So, overall, I am not convinced that IDPKC is a significant,
practical technology, at least as it has been described so far. It
might prove useful in some contexts, but these contexts need to be
carefully defined to permit a valid comparison with PKI technology.
Steve
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBTMlTib017667 for <ietf-pkix-bks@above.proper.com>; Mon, 29 Dec 2003 14:47:29 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBTMlTAL017666 for ietf-pkix-bks; Mon, 29 Dec 2003 14:47:29 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from aragorn.bbn.com ([128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBTMlNib017649 for <ietf-pkix@imc.org>; Mon, 29 Dec 2003 14:47:23 -0800 (PST) (envelope-from kent@bbn.com)
Received: from [128.89.89.75] (dhcp89-089-075.bbn.com [128.89.89.75]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id hBTMkfM9022305; Mon, 29 Dec 2003 17:46:42 -0500 (EST)
Mime-Version: 1.0
X-Sender: kent@po2.bbn.com
Message-Id: <p06020404bc1653dc01c8@[128.89.89.75]>
In-Reply-To: <PCEFJNAPLMIBHBMBCGJFKENPDLAA.marc.poulaud@i-solve.co.uk>
References: <PCEFJNAPLMIBHBMBCGJFKENPDLAA.marc.poulaud@i-solve.co.uk>
Date: Mon, 29 Dec 2003 17:45:26 -0500
To: "Marc Poulaud" <marc.poulaud@i-solve.co.uk>
From: Stephen Kent <kent@bbn.com>
Subject: Re: IDPKC
Cc: <ietf-pkix@imc.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang)
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
At 16:29 +0000 12/16/03, Marc Poulaud wrote:
>Hi,
>
>Appreciating this a PKI group, I wanted to know if there is any knowledge
>of, or experience in IDPKC vs PKI. My intention is not to start a
>religious war, but just understand if there is anything approaching a
>consensus view. Also, does anybody know of any real/serious
>implementations of IDPKC. I'll take private emails, if people feel it's
>off topic.
>
>Marc.
>iSolve Ltd.
Marc,
Pardon this belated response.
One should put identity-based PKC (IDPKC) in perspective. The concept
dates back to the mid-1980's when Adi Shamir first proposed the
problem of deriving a key pair from an identifier, e.g., an e-mail
address. Several methods of doing this were developed over the next
15 years, the most recent work is by Dan Boneh and his colleagues. It
is arguably the most sophisticated from a crypto perspective, and the
commercial, e-mail product based on their work also is the best in
terms of solving some of the problems present in previous work.
However, there are some limitations in all of these approaches, which
I comment upon below.
First, in any large environment characterized by multiple
administrative "domains," there is a need to have multiple CAs. No
one CA will suffice to issue certs for all users. All IDPKC
mechanisms rely on the ability of the sender of a message (I'll use
the e-mail example here) to acquire some public values that are
unique to the CA that serves the user to whom the mail is being sent.
So, there has to be a way to securely acquire these public
parameters, and to know which CA serves which users. This is
generally equivalent to the problem of acquiring the right CA cert
for the user. Only if the CAs align EXACTLY with the name space for
the users would the problem be easier in the IDPKC context.
(Personally I would prefer such alignment, but in practice it rarely
happens!) Note that this characteristic is essential, because if one
uses the wrong parameters, the e-mail will be decipherable by the CA
whose parameters were used! So, in this part of the problem, it is
not clear that IDPKC is a big win, because it would seem necessary,
in general, to have some cert-like mechanism to securely distribute
the CA public values, and to somehow bind each user to the CA that
serves him/her.
Once one has the right set of parameters for the user in question,
one can input the name of the user, e.g., his e-mail address, and
generate the user's public key. but, this simple model does not work
well, because it implies a need to change one's e-mail address to
deal with compromise! So, IDPKC schemes have to add some parameter to
the key generation process to accommodate the desire to keep the
e-mail address constant while changing the key pair. The best
solution I've seen for this problem (thanks for Boneh, et al.) is to
use the current date as an additional input to the key generation
process. This provides a very reasonable window for revocation,
analogous to what one gets with daily CRL distribution, but without
the need to push the CRLs or to contact OCSP servers on a daily basis.
Of course, there is no free lunch. The implication of the daily key
pair change is that the users of a CA must receive new private keys
from the CA on a daily basis, in order to be able to decipher
incoming e-mail. One can argue about the magnitude of this problem,
vs. the CRL and cert distribution problem. In the IDPKC case, one has
to deliver private keys to all users served by a given CA daily, or
allow these users to fetch the keys (for the current day and some set
of prior days). These are private keys, so they need to be encrypted
independently for each user. In a PKI, a CA has to make the certs and
CRLs for its clients available to everyone who wants to communicate
with the clients, presumably a much larger population. But, the
certs are generally fairly static (e.g., annual or biannual renewal)
and the certs and CRLs are signed public info that can be stored
anywhere. So it is hard to say which problem is easier to solve, and
there may not be one answer for all contexts.
The CAs in an IDPKC act as key escrow agents, implicitly, and may
have to hold onto private keys for at least a moderate period of
time, to allow users to retrieve and decrypt mail that arrived when
the users were away or otherwise unable to acquire new keys. In
contrast, in a traditional PKI, a user may generate a key pair and
never disclose the private key to anyone, even his CA. So there are
significant differences in the security offered for private keys in
these two models, especially if the PKI makes use of hardware crypto
tokens that generate their own key pairs.
Finally, what about signatures? I have not looked at what Boneh
proposed for signatures, but in general signature
generation/validation pose opposite problems from
encryption/decryption. A sender needs his private signature key to
sign each message, and the receiver needs to be able to verify that
the key is authentic and not-revoked. IDPKC does not seem to be so
well suited to the signature verification problem. if signature keys
are managed the same way as encryption keys, then every recipient of
a signed message needs to acquire the current, public signature key
for the sender, which imposes a serious burden on distributing these
keys if one does not use certs. Also, if a signature key is
discovered to have been compromised AFTER a recipient retrieved it,
how does the recipient learn of this? With CRLs a CA can add an entry
when a "late discovery compromise" occurs, and depending on when the
signed data is processed, this late entry might suffice to warn the
receiver.
So, overall, I am not convinced that IDPKC is a significant,
practical technology, at least as it has been described so far. It
might prove useful in some contexts, but these contexts need to be
carefully defined to permit a valid comparison with PKI technology.
Steve
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNKiXib054876 for <ietf-pkix-bks@above.proper.com>; Tue, 23 Dec 2003 12:44:33 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBNKiXox054875 for ietf-pkix-bks; Tue, 23 Dec 2003 12:44:33 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id hBNKiWib054818 for <ietf-pkix@imc.org>; Tue, 23 Dec 2003 12:44:32 -0800 (PST) (envelope-from housley@vigilsec.com)
Received: (qmail 27668 invoked by uid 0); 23 Dec 2003 20:44:24 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (138.88.18.193) by woodstock.binhost.com with SMTP; 23 Dec 2003 20:44:24 -0000
Message-Id: <5.2.0.9.2.20031223151536.04a3f828@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Tue, 23 Dec 2003 15:44:17 -0500
To: Denis Pinkas <Denis.Pinkas@bull.net>
From: Russ Housley <housley@vigilsec.com>
Subject: Re: RFC3039bis last call ?
Cc: ietf-pkix@imc.org
In-Reply-To: <3FE85C94.4080704@bull.net>
References: <0C3042E92D8A714783E2C44AB9936E1D9EF5D6@EUR-MSG-03.europe.corp.microsoft.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Denis:
>>RFC 3039 is a profile of RFC 3280 so we reference it.
>
>We all know that the key usage section in RFC 3280 has a problem and needs
>to be fixed.
I guess this discussion will never end. There has been a very long thread
on this point, and I take offense at your characterization of that
thread. Given the volume of messages on the thread, your statement that
"we all know" is just plain misleading.
My personal conclusion from that very long thread is that the RFC 3280 text
has the consensus of the working group. There is clearly not unanimous
agreement with it. We all know that you do not agree with it.
Last June, I posted a message that recommended an update to RFC 3280. (See
http://www.imc.org/ietf-pkix/mail-archive/msg06188.html ) One of the three
reasons for an update is to ensure alignment of the IETF and the ITU-T
specifications with respect to key usage. Based on my reading of the most
recent ITU-T language, I suggest that no changes are needed in this
area. The biggest change is the name of the bit, which in my opinion will
not lead to clarity. It may, however, help satisfy some issues raised in
the legal community.
Russ
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNKZqib053932 for <ietf-pkix-bks@above.proper.com>; Tue, 23 Dec 2003 12:35:52 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBNKZqvP053931 for ietf-pkix-bks; Tue, 23 Dec 2003 12:35:52 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNKZiib053909 for <ietf-pkix@imc.org>; Tue, 23 Dec 2003 12:35:44 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08070; Tue, 23 Dec 2003 15:35:29 -0500 (EST)
Message-Id: <200312232035.PAA08070@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-proxy-10.txt
Date: Tue, 23 Dec 2003 15:35:28 -0500
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : Internet X.509 Public Key Infrastructure Proxy Certificate Profile
Author(s) : S. Tuecke
Filename : draft-ietf-pkix-proxy-10.txt
Pages : 48
Date : 2003-12-23
This document forms a certificate profile for Proxy Certificates,
based on X.509 Public Key Infrastructure (PKI) certificates as
defined in RFC 3280, for use in the Internet. The term Proxy
Certificate is used to describe a certificate that is derived from,
and signed by, a normal X.509 Public Key End Entity Certificate or
by another Proxy Certificate for the purpose of providing
restricted proxying and delegation within a PKI based
authentication system.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-proxy-10.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-pkix-proxy-10.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-pkix-proxy-10.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <2003-12-23153222.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-proxy-10.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-pkix-proxy-10.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <2003-12-23153222.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNKZjib053924 for <ietf-pkix-bks@above.proper.com>; Tue, 23 Dec 2003 12:35:45 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBNKZjNZ053920 for ietf-pkix-bks; Tue, 23 Dec 2003 12:35:45 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNKZiib053908 for <ietf-pkix@imc.org>; Tue, 23 Dec 2003 12:35:44 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08086; Tue, 23 Dec 2003 15:35:34 -0500 (EST)
Message-Id: <200312232035.PAA08086@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-proxy-10.txt
Date: Tue, 23 Dec 2003 15:35:34 -0500
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : Internet X.509 Public Key Infrastructure Proxy Certificate Profile
Author(s) : S. Tuecke
Filename : draft-ietf-pkix-proxy-10.txt
Pages : 48
Date : 2003-12-23
This document forms a certificate profile for Proxy Certificates,
based on X.509 Public Key Infrastructure (PKI) certificates as
defined in RFC 3280, for use in the Internet. The term Proxy
Certificate is used to describe a certificate that is derived from,
and signed by, a normal X.509 Public Key End Entity Certificate or
by another Proxy Certificate for the purpose of providing
restricted proxying and delegation within a PKI based
authentication system.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-proxy-10.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-pkix-proxy-10.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-pkix-proxy-10.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <2003-12-23153222.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-proxy-10.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-pkix-proxy-10.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <2003-12-23153222.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNJw3ib052363 for <ietf-pkix-bks@above.proper.com>; Tue, 23 Dec 2003 11:58:03 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBNJw3r9052362 for ietf-pkix-bks; Tue, 23 Dec 2003 11:58:03 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail-dub.microsoft.com (mail-dub.microsoft.com [213.199.128.160]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNJw1ib052354 for <ietf-pkix@imc.org>; Tue, 23 Dec 2003 11:58:01 -0800 (PST) (envelope-from stefans@microsoft.com)
Received: from dub-imc-01.europe.corp.microsoft.com ([65.53.196.35]) by mail-dub.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 23 Dec 2003 19:57:57 +0000
Received: from 65.53.196.35 by dub-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 23 Dec 2003 19:57:57 -0000
Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by dub-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 23 Dec 2003 19:57:57 +0000
X-MimeOLE: Produced By Microsoft Exchange V6.5.7122.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: RFC3039bis last call ?
Date: Tue, 23 Dec 2003 19:57:39 -0000
Message-ID: <0C3042E92D8A714783E2C44AB9936E1D9EF6FE@EUR-MSG-03.europe.corp.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: RFC3039bis last call ?
Thread-Index: AcPJdZcQ/iOOnbRtQce1LCfMN+ayGAAFokog
From: "Stefan Santesson" <stefans@microsoft.com>
To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Stefan Santesson" <stefans@microsoft.com>
Cc: <ietf-pkix@imc.org>
X-OriginalArrivalTime: 23 Dec 2003 19:57:57.0348 (UTC) FILETIME=[0F772A40:01C3C98F]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hBNJw2ib052358
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
In-line.
/Stefan
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
[mailto:owner-ietf-pkix@mail.imc.org]
> On Behalf Of Denis Pinkas
> Sent: den 23 december 2003 16:18
> To: Stefan Santesson
> Cc: ietf-pkix@imc.org
> Subject: Re: RFC3039bis last call ?
>
>
> > Denis,
> >
> > I have replied to these comments before and these were also
discussed at
> > the IETF meeting and concluded.
> >
> > Name:
> > ------
> > The scope is the same but it is just worded a bit different. This
> > profile has never limited itself to just Qualified Certificate, i.e.
> > this profile defines the framework that is considered useful for
> > Qualified Certificate but the use of the profile is not limited to
> > Qualified Certificates. It can be used to create or support also
other
> > type of certificates. This was also clearly stated in RFC 3039.
>
> "Qualified Certificate" has two meanings. Two meaning for the same
acronym
> is confusing. We should not perpetrate confusion.
The use of the term Qualified Certificates is well defined in RFC 3039.
>
> > The reason for the wording change in the abstract was that many
readers
> > had missed the fact that this profile can be used to support any
> > ID-certificate, qualified or not. Example of such use could be use
of
> > the bimetricInfo extension for attaching picture.
> >
> > The meeting, the WG chairs and the Security AD agreed that the name
of
> > the document should be kept. I don't feel strongly either way but I
> > respect that decision and think it is the best one.
>
> I believe that RFC 3039 should be kept as it is.
>
> If you believe that additions are neeed, then I have no objection in
> principle for a new document.
I guess we have to agree to disagree. We ARE in a process to update this
document. I'm open to hear any input from you in this process. If you
disagree to the process as such then this is an issue between you and WG
chairs.
>
> > Requirement from ETSI:
> > ----------------------
> > There is a need to harmonize development of ETSI TS 102 280 with RFC
> > 3039. This has also been expressed in circulated ETSI documents, but
> > there are also other reasons to update RFC 3039.
>
> This is wrong.
>
I know you think so, but do you have any arguments to present?
> There may be a need to revise ETSI TS 102 280, but there is no need to
> revise RFC 3039, as far as ETSI is concerned.
Revise TS 102 280?? It isn't written yet.
>
> > Replacement of RFC 3039:
> > ------------------------
> > As concluded at last IETF it is impossible to update RFC 3039 and
keep
> > RFC 3039. It would cause several extensions to be defined in
multiple
> > RFCs.
>
> If we keep RFC 3039 as it is and have a new document, I don't see what
the
> problem is. Please elaborate your argumentation.
RFC 3039 defines 2 new extensions and some new attributes. We can't
create e new document that is living in parallel that defines the same
extensions one more time.
>
> > Reference to RFC 3280
> > ---------------------
> > RFC 3039 is a profile of RFC 3280 so we reference it.
>
> We all know that the key usage section in RFC 3280 has a problem and
needs
> to be fixed.
>
> The text of RFC 3039 should stay as it is.
I know you think so, but why.
The only thing is said was that if NR is set it SHOULD be set
exclusively.
This statement has no context in RFC 3039 and is thus bad and prevents
deployment. This has however a context in TS 102280 where it is to be
found instead of here.
Note that RFC 3039 allows both encryption as well as DS to be set.
Note also that it is YOU who promotes a definition of the DS bit that
will force many CAs to issue certificates with both DS and NR set,
because that will be the only way to allow a single signing certificate
to be used for arbitrary signing operations, regardless of purpose.
I argue for a DS bit (according to RFC 3280) that has no limitations of
usage of DS, to allow an environment with a single certificate for
signing to have only DS set. Then we MAY be able to avoid NR+DS
certificates, which actually would be a good thing.
But as it is now, RFC 3039 have no context to say that this is an
invalid combination in general. We could though add a section in the
security considerations section highlighting threats that may arise due
to this combination.
>
> > If you have any problem with this that is an issue you have to take
up
> > with the WG chairs or Russ as AD. As far as I'm concerned RFC 3039
does
> > not define any meanings of the key usage bits and thus should not be
> > dependent on any resolution of that.
>
> The current text contains text which should not be deleted.
>
> > Finally there is nothing in any definition of Qualified Certificates
> > that prevents such certificates from being used for Authentication.
>
> ... which is precisely why the text on the key usage section should
be
> kept.
As I said, there is nothing in the old text that prevents or even
recommends against this.
>
> Denis
>
> > /Stefan
> >
> >
> >>-----Original Message-----
> >>From: owner-ietf-pkix@mail.imc.org
> >
> > [mailto:owner-ietf-pkix@mail.imc.org]
> >
> >>On Behalf Of Denis Pinkas
> >>Sent: den 4 december 2003 21:08
> >>To: ietf-pkix@imc.org
> >>Subject: RFC3039bis last call ?
> >>
> >>
> >>
> >>I probably missed the e-mail about an RFC3039bis last call, but
since
> >
> > it
> >
> >>is mentioned in the WG minutes that there will be a last call. In
case
> >>it is already going, I would like to reiterate that the concerns I
> >>raised before the Minneapolis meeting are still valid.
> >>
> >>In particular, I would like to reinsist on two points:
> >>
> >>RFC3039 states in the abstract:
> >>
> >>This document forms a certificate profile for Qualified
Certificates,
> >>based on RFC 2459, for use in the Internet. The term Qualified
> >>Certificate is used to describe a certificate with a certain
> >>qualified status within applicable governing law.
> >>
> >>RFC3039bis states in the abstract:
> >>
> >>This document forms a certificate profile, based on RFC 3280, for
> >>identity certificates issued to physical persons.
> >>
> >>It is clear from the abstract that the topic of the two documents
are
> >>different and that the new draft should be renamed: Identity
> >>Certificates Profile.
> >>
> >>As a consequence, this new draft is NOT a replacement for RFC 3039.
> >
> > One
> >
> >>argument has been that ETSI needed changes to RFC 3039. There is not
> >>such a requirement from ETSI.
> >>
> >>Another major issue is that RFC3039bis states:
> >>
> >>Key usage settings SHALL be set in accordance with RFC 3280
> >
> > definitions.
> >
> >>We know that the key usage bit section of RFC 3280 is going to be
> >>changed. However we still don't know what will be the new text.
> >>Discussions are going on within ISO SC6 both to redefine bit 0 in
> >
> > terms
> >
> >>of the security services it may support (instead of saying "all
> >
> > security
> >
> >>services except one security service"), and to rename bit 1. This
> >
> > means
> >
> >>that referencing RFC 3280 is fine, except for the section on the key
> >>usage bits.
> >>
> >>Qualified Certificates are to be used when a signer wants to commit
to
> >>the content of a document, not when a signer wants to authenticate.
As
> >>it is, the new draft would create confusion.
> >>
> >>Denis
> >>
> >>
> >>
> >
> >
> >
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNJUSib051352 for <ietf-pkix-bks@above.proper.com>; Tue, 23 Dec 2003 11:30:28 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBNJUSDV051351 for ietf-pkix-bks; Tue, 23 Dec 2003 11:30:28 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail-lul.microsoft.com (mail-lul.microsoft.com [212.157.154.44]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNJUPib051343 for <ietf-pkix@imc.org>; Tue, 23 Dec 2003 11:30:26 -0800 (PST) (envelope-from stefans@microsoft.com)
Received: from lul-imc-01.europe.corp.microsoft.com ([65.53.188.37]) by mail-lul.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 23 Dec 2003 20:30:24 +0100
Received: from 65.53.188.37 by lul-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 23 Dec 2003 20:30:24 +0100
Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by lul-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 23 Dec 2003 20:30:24 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5.7122.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: Summary RE: Last Call: Qualified Certificates
Date: Tue, 23 Dec 2003 19:29:50 -0000
Message-ID: <0C3042E92D8A714783E2C44AB9936E1D9EF6FD@EUR-MSG-03.europe.corp.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Summary RE: Last Call: Qualified Certificates
Thread-Index: AcPJdpD6a0UJOjrVTTqHNqmCTkH7hQAFBAeA
From: "Stefan Santesson" <stefans@microsoft.com>
To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Stefan Santesson" <stefans@microsoft.com>, "pkix" <ietf-pkix@imc.org>
X-OriginalArrivalTime: 23 Dec 2003 19:30:24.0617 (UTC) FILETIME=[365C6D90:01C3C98B]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hBNJUQib051346
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Great,
Then we agree to the point that we should keep RFC 3039 as it is with
regard to this extension.
I guess you are free to ask the WG chairs for permission to start a new
work item for those new extensions.
/Stefan
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
[mailto:owner-ietf-pkix@mail.imc.org]
> On Behalf Of Denis Pinkas
> Sent: den 23 december 2003 16:26
> To: Stefan Santesson; pkix
> Subject: Re: Summary RE: Last Call: Qualified Certificates
>
>
> Stefan,
>
> > Denis,
> >
> > I understand your request but I don't agree with your conclusion.
> >
> > I can see the possibilities with a scheme with more tight definition
of
> > criticality since it would enable the ability to force acceptance of
a
> > certain statement while another informative statement could be
ignored.
> >
> > However, I think the cost of providing that capability is too high
> > compared to both the benefits and the demand for it. And this is not
the
> > only extension where you have the same type of issue.
> >
> > Similar problem can be associated with:
> > - Subject and issuer alt name
> > - Certificate policies
> > - Extended Key usage
> >
> > All of these may contain multiple instances of OID defined
properties
> > where I may want to assign different "must recognize" properties.
> >
> > This is a generic limitation of X.509 extension structure and not
unique
> > for qcStataments.
>
> I do not agree with your interpretation.
>
> The main idea beyond the criticality bit is the following: either it
is
> critical and the RP must understand all the content of the extension,
or
> it
> is non critical and then the RP is free to ignore if it cannot
interpret
> it.
>
> The QCstatement extension does not allow a mixture on critical and non
> critical individual QCstatements.
>
> What I am requesting for is :
>
> 1 - to keep the QCStatement extension in RFC 3039 as it is and,
> 2 - to define in a new document (which does not superseed RFC 3039)
> two new extensions:
> a) one which is always critical to include critical
statements,
> and,
> b) one which is always non-critical to include non-critical
> statements.
>
> Denis
>
> > /Stefan
> >
> >
> >
> >>-----Original Message-----
> >>From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> >>Sent: den 22 december 2003 12:19
> >>To: Stefan Santesson
> >>Subject: Re: Summary RE: Last Call: Qualified Certificates
> >>
> >>Stefan,
> >>
> >>I have not yet seen your response to my comments.
> >>Here is an additional comment:
> >>
> >>RFC 3039 states :
> >>
> >>"3.2.5 Qualified Certificate Statements
> >>
> >>(...)
> >>
> >> This extension may be critical or non-critical. If the
extension
> >
> > is
> >
> >> critical, this means that all statements included in the
extension
> >> are regarded as critical.
> >>
> >> qcStatements EXTENSION ::= {
> >> SYNTAX QCStatements
> >> IDENTIFIED BY id-pe-qcStatements }
> >>
> >> id-pe-qcStatements OBJECT IDENTIFIER ::= { id-pe 3 }
> >>
> >> QCStatements ::= SEQUENCE OF QCStatement "
> >>
> >>
> >>Since at this time this extension has only be used for one
statement,
> >>there
> >>is no problem. However, in the future it is desirable to allow to
> >
> > include
> >
> >>one or more statements, some of them being critical and some other
> >
> > being
> >
> >>non-critical. This extension is unable to support this feature.
> >>
> >>It is impossible to redefine this extension with a new semantics so
> >>thisdefine a extension has to stay as it is, but there is a need to
> >
> > allow
> >
> >>this flexibility.
> >>
> >>There are two possibilities:
> >>
> >>1) define two extensions, one being always critical and the other
one
> >>being
> >>always non critical. All critical statements would be in the first
> >>extension
> >>while all non critical statements would be in the other one.
> >>
> >>2) define a new extension allowing to mix both critical and non
> >
> > critical
> >
> >>statements. In case this second option is followed, hereafter is how
> >
> > such
> >
> >>a
> >>new extension would look like:
> >>
> >>"Identity Certificate Statements
> >>
> >> This extension may be critical or non-critical. If the
extension
> >
> > is
> >
> >> critical, this means that every statement included in the
> >
> > extension
> >
> >>and
> >> individually marked critical MUST be understood.
> >>
> >> icStatements EXTENSION ::= {
> >> SYNTAX QCStatements
> >> IDENTIFIED BY id-pe-icStatements }
> >>
> >> id-pe-icStatements OBJECT IDENTIFIER ::= { id-pe 4 }
> >>
> >> ICStatements ::= SEQUENCE OF ICStatement "
> >>
> >> ICStatement ::= SEQUENCE {
> >> critical BOOLEAN DEFAULT FALSE
> >> statementId IC-STATEMENT.&Id({SupportedStatements}),
> >> statementInfo IC-STATEMENT.&Type
> >> ({SupportedStatements}{@statementId}) OPTIONAL }
> >>
> >> SupportedStatements IC-STATEMENT ::= { icStatement-1,...} "
> >>
> >>
> >>Once again, it makes sense to define a NEW RFC dedicated to
"Identity
> >>Certificates for physical persons", but it still does not make sense
> >
> > to
> >
> >>replace RFC 3039.
> >>
> >>Denis
> >
> >
> >
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNFxJib020375 for <ietf-pkix-bks@above.proper.com>; Tue, 23 Dec 2003 07:59:19 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBNFxJhL020373 for ietf-pkix-bks; Tue, 23 Dec 2003 07:59:19 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from aragorn.bbn.com ([128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNFxIib020336 for <ietf-pkix@imc.org>; Tue, 23 Dec 2003 07:59:18 -0800 (PST) (envelope-from kent@bbn.com)
Received: from [128.89.89.75] (dhcp89-089-075.bbn.com [128.89.89.75]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id hBNFwRM9004649; Tue, 23 Dec 2003 10:58:27 -0500 (EST)
Mime-Version: 1.0
X-Sender: kent@po2.bbn.com
Message-Id: <a06020401bc0e159e2196@[128.89.89.75]>
In-Reply-To: <3FE85E89.3060005@bull.net>
References: <0C3042E92D8A714783E2C44AB9936E1D9EF5E9@EUR-MSG-03.europe.corp.microsoft.c om> <3FE85E89.3060005@bull.net>
Date: Tue, 23 Dec 2003 10:55:54 -0500
To: Denis Pinkas <Denis.Pinkas@bull.net>
From: Stephen Kent <kent@bbn.com>
Subject: Re: Summary RE: Last Call: Qualified Certificates
Cc: Stefan Santesson <stefans@microsoft.com>, pkix <ietf-pkix@imc.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang)
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Denis,
I think the WG has endorsed revisions to 3039, not creation of a new
RFC. So, we can debate issues within the new document, but let's not
not debate whether the new document replaces 3039.
Steve
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNFQ2ib016323 for <ietf-pkix-bks@above.proper.com>; Tue, 23 Dec 2003 07:26:02 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBNFQ2fA016322 for ietf-pkix-bks; Tue, 23 Dec 2003 07:26:02 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNFQ1ib016306 for <ietf-pkix@imc.org>; Tue, 23 Dec 2003 07:26:01 -0800 (PST) (envelope-from Denis.Pinkas@bull.net)
Received: from clbull.frcl.bull.fr (IDENT:root@clbull.frcl.bull.fr [129.182.8.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA42918; Tue, 23 Dec 2003 16:33:01 +0100
Received: from bull.net (frcls4013.frcl.bull.fr [129.182.108.120]) by clbull.frcl.bull.fr (8.9.3/8.9.3) with ESMTP id RAA31199; Tue, 23 Dec 2003 17:20:40 +0100
Message-ID: <3FE85E89.3060005@bull.net>
Date: Tue, 23 Dec 2003 16:26:01 +0100
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Bull SA.
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en, fr
MIME-Version: 1.0
To: Stefan Santesson <stefans@microsoft.com>, pkix <ietf-pkix@imc.org>
Subject: Re: Summary RE: Last Call: Qualified Certificates
References: <0C3042E92D8A714783E2C44AB9936E1D9EF5E9@EUR-MSG-03.europe.corp.microsoft.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Stefan,
> Denis,
>
> I understand your request but I don't agree with your conclusion.
>
> I can see the possibilities with a scheme with more tight definition of
> criticality since it would enable the ability to force acceptance of a
> certain statement while another informative statement could be ignored.
>
> However, I think the cost of providing that capability is too high
> compared to both the benefits and the demand for it. And this is not the
> only extension where you have the same type of issue.
>
> Similar problem can be associated with:
> - Subject and issuer alt name
> - Certificate policies
> - Extended Key usage
>
> All of these may contain multiple instances of OID defined properties
> where I may want to assign different "must recognize" properties.
>
> This is a generic limitation of X.509 extension structure and not unique
> for qcStataments.
I do not agree with your interpretation.
The main idea beyond the criticality bit is the following: either it is
critical and the RP must understand all the content of the extension, or it
is non critical and then the RP is free to ignore if it cannot interpret it.
The QCstatement extension does not allow a mixture on critical and non
critical individual QCstatements.
What I am requesting for is :
1 - to keep the QCStatement extension in RFC 3039 as it is and,
2 - to define in a new document (which does not superseed RFC 3039)
two new extensions:
a) one which is always critical to include critical statements,
and,
b) one which is always non-critical to include non-critical
statements.
Denis
> /Stefan
>
>
>
>>-----Original Message-----
>>From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
>>Sent: den 22 december 2003 12:19
>>To: Stefan Santesson
>>Subject: Re: Summary RE: Last Call: Qualified Certificates
>>
>>Stefan,
>>
>>I have not yet seen your response to my comments.
>>Here is an additional comment:
>>
>>RFC 3039 states :
>>
>>"3.2.5 Qualified Certificate Statements
>>
>>(...)
>>
>> This extension may be critical or non-critical. If the extension
>
> is
>
>> critical, this means that all statements included in the extension
>> are regarded as critical.
>>
>> qcStatements EXTENSION ::= {
>> SYNTAX QCStatements
>> IDENTIFIED BY id-pe-qcStatements }
>>
>> id-pe-qcStatements OBJECT IDENTIFIER ::= { id-pe 3 }
>>
>> QCStatements ::= SEQUENCE OF QCStatement "
>>
>>
>>Since at this time this extension has only be used for one statement,
>>there
>>is no problem. However, in the future it is desirable to allow to
>
> include
>
>>one or more statements, some of them being critical and some other
>
> being
>
>>non-critical. This extension is unable to support this feature.
>>
>>It is impossible to redefine this extension with a new semantics so
>>thisdefine a extension has to stay as it is, but there is a need to
>
> allow
>
>>this flexibility.
>>
>>There are two possibilities:
>>
>>1) define two extensions, one being always critical and the other one
>>being
>>always non critical. All critical statements would be in the first
>>extension
>>while all non critical statements would be in the other one.
>>
>>2) define a new extension allowing to mix both critical and non
>
> critical
>
>>statements. In case this second option is followed, hereafter is how
>
> such
>
>>a
>>new extension would look like:
>>
>>"Identity Certificate Statements
>>
>> This extension may be critical or non-critical. If the extension
>
> is
>
>> critical, this means that every statement included in the
>
> extension
>
>>and
>> individually marked critical MUST be understood.
>>
>> icStatements EXTENSION ::= {
>> SYNTAX QCStatements
>> IDENTIFIED BY id-pe-icStatements }
>>
>> id-pe-icStatements OBJECT IDENTIFIER ::= { id-pe 4 }
>>
>> ICStatements ::= SEQUENCE OF ICStatement "
>>
>> ICStatement ::= SEQUENCE {
>> critical BOOLEAN DEFAULT FALSE
>> statementId IC-STATEMENT.&Id({SupportedStatements}),
>> statementInfo IC-STATEMENT.&Type
>> ({SupportedStatements}{@statementId}) OPTIONAL }
>>
>> SupportedStatements IC-STATEMENT ::= { icStatement-1,...} "
>>
>>
>>Once again, it makes sense to define a NEW RFC dedicated to "Identity
>>Certificates for physical persons", but it still does not make sense
>
> to
>
>>replace RFC 3039.
>>
>>Denis
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNFHgib015390 for <ietf-pkix-bks@above.proper.com>; Tue, 23 Dec 2003 07:17:42 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBNFHgqe015388 for ietf-pkix-bks; Tue, 23 Dec 2003 07:17:42 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNFHfib015375 for <ietf-pkix@imc.org>; Tue, 23 Dec 2003 07:17:41 -0800 (PST) (envelope-from Denis.Pinkas@bull.net)
Received: from clbull.frcl.bull.fr (IDENT:root@clbull.frcl.bull.fr [129.182.8.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA41100; Tue, 23 Dec 2003 16:24:40 +0100
Received: from bull.net (frcls4013.frcl.bull.fr [129.182.108.120]) by clbull.frcl.bull.fr (8.9.3/8.9.3) with ESMTP id RAA31171; Tue, 23 Dec 2003 17:12:20 +0100
Message-ID: <3FE85C94.4080704@bull.net>
Date: Tue, 23 Dec 2003 16:17:40 +0100
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Bull SA.
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en, fr
MIME-Version: 1.0
To: Stefan Santesson <stefans@microsoft.com>
CC: ietf-pkix@imc.org
Subject: Re: RFC3039bis last call ?
References: <0C3042E92D8A714783E2C44AB9936E1D9EF5D6@EUR-MSG-03.europe.corp.microsoft.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> Denis,
>
> I have replied to these comments before and these were also discussed at
> the IETF meeting and concluded.
>
> Name:
> ------
> The scope is the same but it is just worded a bit different. This
> profile has never limited itself to just Qualified Certificate, i.e.
> this profile defines the framework that is considered useful for
> Qualified Certificate but the use of the profile is not limited to
> Qualified Certificates. It can be used to create or support also other
> type of certificates. This was also clearly stated in RFC 3039.
"Qualified Certificate" has two meanings. Two meaning for the same acronym
is confusing. We should not perpetrate confusion.
> The reason for the wording change in the abstract was that many readers
> had missed the fact that this profile can be used to support any
> ID-certificate, qualified or not. Example of such use could be use of
> the bimetricInfo extension for attaching picture.
>
> The meeting, the WG chairs and the Security AD agreed that the name of
> the document should be kept. I don't feel strongly either way but I
> respect that decision and think it is the best one.
I believe that RFC 3039 should be kept as it is.
If you believe that additions are neeed, then I have no objection in
principle for a new document.
> Requirement from ETSI:
> ----------------------
> There is a need to harmonize development of ETSI TS 102 280 with RFC
> 3039. This has also been expressed in circulated ETSI documents, but
> there are also other reasons to update RFC 3039.
This is wrong.
There may be a need to revise ETSI TS 102 280, but there is no need to
revise RFC 3039, as far as ETSI is concerned.
> Replacement of RFC 3039:
> ------------------------
> As concluded at last IETF it is impossible to update RFC 3039 and keep
> RFC 3039. It would cause several extensions to be defined in multiple
> RFCs.
If we keep RFC 3039 as it is and have a new document, I don't see what the
problem is. Please elaborate your argumentation.
> Reference to RFC 3280
> ---------------------
> RFC 3039 is a profile of RFC 3280 so we reference it.
We all know that the key usage section in RFC 3280 has a problem and needs
to be fixed.
The text of RFC 3039 should stay as it is.
> If you have any problem with this that is an issue you have to take up
> with the WG chairs or Russ as AD. As far as I'm concerned RFC 3039 does
> not define any meanings of the key usage bits and thus should not be
> dependent on any resolution of that.
The current text contains text which should not be deleted.
> Finally there is nothing in any definition of Qualified Certificates
> that prevents such certificates from being used for Authentication.
... which is precisely why the text on the key usage section should be kept.
Denis
> /Stefan
>
>
>>-----Original Message-----
>>From: owner-ietf-pkix@mail.imc.org
>
> [mailto:owner-ietf-pkix@mail.imc.org]
>
>>On Behalf Of Denis Pinkas
>>Sent: den 4 december 2003 21:08
>>To: ietf-pkix@imc.org
>>Subject: RFC3039bis last call ?
>>
>>
>>
>>I probably missed the e-mail about an RFC3039bis last call, but since
>
> it
>
>>is mentioned in the WG minutes that there will be a last call. In case
>>it is already going, I would like to reiterate that the concerns I
>>raised before the Minneapolis meeting are still valid.
>>
>>In particular, I would like to reinsist on two points:
>>
>>RFC3039 states in the abstract:
>>
>>This document forms a certificate profile for Qualified Certificates,
>>based on RFC 2459, for use in the Internet. The term Qualified
>>Certificate is used to describe a certificate with a certain
>>qualified status within applicable governing law.
>>
>>RFC3039bis states in the abstract:
>>
>>This document forms a certificate profile, based on RFC 3280, for
>>identity certificates issued to physical persons.
>>
>>It is clear from the abstract that the topic of the two documents are
>>different and that the new draft should be renamed: Identity
>>Certificates Profile.
>>
>>As a consequence, this new draft is NOT a replacement for RFC 3039.
>
> One
>
>>argument has been that ETSI needed changes to RFC 3039. There is not
>>such a requirement from ETSI.
>>
>>Another major issue is that RFC3039bis states:
>>
>>Key usage settings SHALL be set in accordance with RFC 3280
>
> definitions.
>
>>We know that the key usage bit section of RFC 3280 is going to be
>>changed. However we still don't know what will be the new text.
>>Discussions are going on within ISO SC6 both to redefine bit 0 in
>
> terms
>
>>of the security services it may support (instead of saying "all
>
> security
>
>>services except one security service"), and to rename bit 1. This
>
> means
>
>>that referencing RFC 3280 is fine, except for the section on the key
>>usage bits.
>>
>>Qualified Certificates are to be used when a signer wants to commit to
>>the content of a document, not when a signer wants to authenticate. As
>>it is, the new draft would create confusion.
>>
>>Denis
>>
>>
>>
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNA2xib068018 for <ietf-pkix-bks@above.proper.com>; Tue, 23 Dec 2003 02:02:59 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBNA2xI8068017 for ietf-pkix-bks; Tue, 23 Dec 2003 02:02:59 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail-dub.microsoft.com (mail-dub.microsoft.com [213.199.128.160]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBNA2tib067988 for <ietf-pkix@imc.org>; Tue, 23 Dec 2003 02:02:56 -0800 (PST) (envelope-from stefans@microsoft.com)
Received: from dub-imc-01.europe.corp.microsoft.com ([65.53.196.35]) by mail-dub.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 23 Dec 2003 10:02:46 +0000
Received: from 65.53.196.35 by dub-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 23 Dec 2003 10:02:46 -0000
Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by dub-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 23 Dec 2003 10:02:46 +0000
X-MimeOLE: Produced By Microsoft Exchange V6.5.7122.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: RFC3039bis last call ?
Date: Tue, 23 Dec 2003 10:01:45 -0000
Message-ID: <0C3042E92D8A714783E2C44AB9936E1D9EF5D6@EUR-MSG-03.europe.corp.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: RFC3039bis last call ?
Thread-Index: AcO6r+1M+hUri19hR46Yubb7EavQlQOiNVOQ
From: "Stefan Santesson" <stefans@microsoft.com>
To: "Denis Pinkas" <Denis.Pinkas@bull.net>, <ietf-pkix@imc.org>
X-OriginalArrivalTime: 23 Dec 2003 10:02:46.0098 (UTC) FILETIME=[E9E6DB20:01C3C93B]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hBNA2vib068009
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Denis,
I have replied to these comments before and these were also discussed at
the IETF meeting and concluded.
Name:
------
The scope is the same but it is just worded a bit different. This
profile has never limited itself to just Qualified Certificate, i.e.
this profile defines the framework that is considered useful for
Qualified Certificate but the use of the profile is not limited to
Qualified Certificates. It can be used to create or support also other
type of certificates. This was also clearly stated in RFC 3039.
The reason for the wording change in the abstract was that many readers
had missed the fact that this profile can be used to support any
ID-certificate, qualified or not. Example of such use could be use of
the bimetricInfo extension for attaching picture.
The meeting, the WG chairs and the Security AD agreed that the name of
the document should be kept. I don't feel strongly either way but I
respect that decision and think it is the best one.
Requirement from ETSI:
----------------------
There is a need to harmonize development of ETSI TS 102 280 with RFC
3039. This has also been expressed in circulated ETSI documents, but
there are also other reasons to update RFC 3039.
Replacement of RFC 3039:
------------------------
As concluded at last IETF it is impossible to update RFC 3039 and keep
RFC 3039. It would cause several extensions to be defined in multiple
RFCs.
Reference to RFC 3280
---------------------
RFC 3039 is a profile of RFC 3280 so we reference it.
If you have any problem with this that is an issue you have to take up
with the WG chairs or Russ as AD. As far as I'm concerned RFC 3039 does
not define any meanings of the key usage bits and thus should not be
dependent on any resolution of that.
Finally there is nothing in any definition of Qualified Certificates
that prevents such certificates from being used for Authentication.
/Stefan
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
[mailto:owner-ietf-pkix@mail.imc.org]
> On Behalf Of Denis Pinkas
> Sent: den 4 december 2003 21:08
> To: ietf-pkix@imc.org
> Subject: RFC3039bis last call ?
>
>
>
> I probably missed the e-mail about an RFC3039bis last call, but since
it
> is mentioned in the WG minutes that there will be a last call. In case
> it is already going, I would like to reiterate that the concerns I
> raised before the Minneapolis meeting are still valid.
>
> In particular, I would like to reinsist on two points:
>
> RFC3039 states in the abstract:
>
> This document forms a certificate profile for Qualified Certificates,
> based on RFC 2459, for use in the Internet. The term Qualified
> Certificate is used to describe a certificate with a certain
> qualified status within applicable governing law.
>
> RFC3039bis states in the abstract:
>
> This document forms a certificate profile, based on RFC 3280, for
> identity certificates issued to physical persons.
>
> It is clear from the abstract that the topic of the two documents are
> different and that the new draft should be renamed: Identity
> Certificates Profile.
>
> As a consequence, this new draft is NOT a replacement for RFC 3039.
One
> argument has been that ETSI needed changes to RFC 3039. There is not
> such a requirement from ETSI.
>
> Another major issue is that RFC3039bis states:
>
> Key usage settings SHALL be set in accordance with RFC 3280
definitions.
>
> We know that the key usage bit section of RFC 3280 is going to be
> changed. However we still don't know what will be the new text.
> Discussions are going on within ISO SC6 both to redefine bit 0 in
terms
> of the security services it may support (instead of saying "all
security
> services except one security service"), and to rename bit 1. This
means
> that referencing RFC 3280 is fine, except for the section on the key
> usage bits.
>
> Qualified Certificates are to be used when a signer wants to commit to
> the content of a document, not when a signer wants to authenticate. As
> it is, the new draft would create confusion.
>
> Denis
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBJEejib053080 for <ietf-pkix-bks@above.proper.com>; Fri, 19 Dec 2003 06:40:45 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBJEejGP053079 for ietf-pkix-bks; Fri, 19 Dec 2003 06:40:45 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail-dub.microsoft.com (mail-dub.microsoft.com [213.199.128.160]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBJEehib053069 for <ietf-pkix@imc.org>; Fri, 19 Dec 2003 06:40:44 -0800 (PST) (envelope-from stefans@microsoft.com)
Received: from dub-imc-01.europe.corp.microsoft.com ([65.53.196.35]) by mail-dub.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 19 Dec 2003 14:40:39 +0000
Received: from 65.53.196.35 by dub-imc-01.europe.corp.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 19 Dec 2003 14:40:39 -0000
Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by dub-imc-01.europe.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 19 Dec 2003 14:40:39 +0000
X-MimeOLE: Produced By Microsoft Exchange V6.5.7122.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: Summary RE: Last Call: Qualified Certificates
Date: Fri, 19 Dec 2003 14:40:33 -0000
Message-ID: <0C3042E92D8A714783E2C44AB9936E1D9B6928@EUR-MSG-03.europe.corp.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Summary RE: Last Call: Qualified Certificates
Thread-Index: AcOpWeAvu40TVwStQ5q0olJdw3pUXAc3EhGQ
From: "Stefan Santesson" <stefans@microsoft.com>
To: <jimsch@exmsft.com>, "Tim Polk" <tim.polk@nist.gov>
Cc: <ietf-pkix@imc.org>
X-OriginalArrivalTime: 19 Dec 2003 14:40:39.0455 (UTC) FILETIME=[12583AF0:01C3C63E]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hBJEeiib053074
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I try to summarize the issues and their resolution to see if we all can
live with this. I exclude the typo remarks.
Issue 1: use of term "Private extensions"
Resolution: We will change and just talk about extensions
Issue 2: Exclude ASN.1 other than ASN.1 in 1988 syntax.
Resolution: We will keep the 1997 syntax as informative, as approved by
Russ.
Issue 3: New section stating changes from RFC 3039
Resolution: Section will be added
Issue 4: Defining granularity of Date of birth
Resolution: We conclude that the best solution would have been if we
just defined a raw text format from the beginning, independent of
GenerelizedTime. That is to late now though, since this attribute
already in use. The problem is that display of a date specified in this
format may be changed to another date due to adjustments for timezones.
The only time that will cause the same date display regardless of
timezone is 12.00.00 GMT. We will therefore recommend the time to be set
to 12.00.00 including second. We also recommend that clients parsing
this attribute should ignore any time data and display just the date
without any adjustment for local time zone.
Issue 5: countryOfResidence and countryOfCitizenship. Multi valued
attributes or Multipple occurance of single valued attributes or
requirement to include just 1 value in a certificate.
Resolution: We don't want to restrict to 1 country value for any of
these attributes. Neither do we want to forbid any variant to include
multiple countries. We do however want to RECOMMEND attribute values to
be repeated as multiple occurrences of single valued attributes, if more
than one value is to be included.
Issue 6: What is hashed in a graphic picture of biometric info?
Resolution: The whole file should be hashed. We will use the same
wording as the new logotype RFC but we will not enhance or change the
ASN.1 structure since this extension is being deployed.
Issue 7: Updating the qcStatement-1 for the new RFC
Resolution: Yes we should define a new OID for compliance with V2 of
this standard, which then also will help indicate the updated/clarified
semantics of the subject Directory attributes.
Issue 8: Optional absence of statementInfo of qcStatament for the
predefined statement
Resolution: We think this is syntactically defined in 3.2.5 but we are
willing to add a clarifying sentence in 3.2.5.1 as well.
Issue 9: Changing the pretty name of the ASN.1 module.
Resolution: We want to follow the praxis of other RFC:s in this area and
keep the name with a new OID. Why wouldn't that work for this standard
when it works for RFC 3280?
I hope this is OK for everyone
If so we will issue a new draft with these changes ASAP.
/Stefan
>
> 3. New section 1.1 is required to be added stating the differences
> between this document and 3039
>
> 4. Section 2, para 2:
> The text "where the certificate meet some qualification
> requirements" should be imported to either "certificates meet" or
> "certificate meets"
>
> 5. Section 2, bullet item 3: Suggest new text of
> "- Definition of usage for the key usage extension in Qualified
> Certificates.."
>
> 6. Section 3.2.1 - DateOfBirth SHOULD state the proper encoding to be
> used. I.E. are we looking for seconds, minutes or hours or just DATE
in
> the GeneralTime field?
>
> 7. Section 3.2.1 - countryOfResidence and countryOfCitizenship - If
you
> have multiple countrys to be listed, should this be a multi-value item
> or should there be two distinct attributes? (Alternatively should this
> be restricted back to a single attribute with a single value - i.e you
> can only list one of your countries of citizenship.)
>
> 8. Section 3.2.4 - This is something that I have no experence with.
If
> you look at a jpeg, bitmap or other type if image, who defines what is
> considred to be a label and what is considered to be the image data?
> What is done in this case about different sized images?
>
> 9. Section 3.2.5.1 - I would like to know the reason that
qcstatement-1
> has not been updated to a new OID. This is a new draft document with
> some different semantics than 3039. Are these changes all suffiently
> small that a new policy is not needed?
>
> 10. Sectin 3.2.5.1 - I have decided to put the predefined statement
into
> my QC. After reading this document I understand that what I want
> stearts as follows:
>
> EXTENSION { id-pe-qcStatements,
> { id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
> In this case I don't have asemanticsIdentifier created by the
document,
> so I must be incoluding the NameRegistrationAuthorities otion.
However
> I don't know if what goes here is the pkix working group name or some
> other value.
>
> 11. Sectin A.1 - I suggest changing the pretty name to
> PKIXqualified88-03 to distinquish from rfc3039.
>
>
>
> jim
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBIMMTib040103 for <ietf-pkix-bks@above.proper.com>; Thu, 18 Dec 2003 14:22:29 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBIMMTAj040102 for ietf-pkix-bks; Thu, 18 Dec 2003 14:22:29 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBIMMSib040097 for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 14:22:28 -0800 (PST) (envelope-from jimsch@nwlink.com)
Received: from ROMANS (ip237.132.dial-acs01.sea.iinet.com [209.20.132.237]) by smtp1.pacifier.net (Postfix) with ESMTP id 81FBA73B27; Thu, 18 Dec 2003 13:15:36 -0800 (PST)
Reply-To: <jimsch@exmsft.com>
From: "Jim Schaad" <jimsch@nwlink.com>
To: "'Nystrom, Magnus'" <magnus@rsasecurity.com>, <jimsch@exmsft.com>
Cc: <ietf-pkix@imc.org>, "'Stefan Santesson'" <stefans@microsoft.com>
Subject: RE: Last Call: Qualified Certificates
Date: Thu, 18 Dec 2003 13:19:10 -0800
Message-ID: <007801c3c5ac$949a1ac0$1400a8c0@augustcellars.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <Pine.WNT.4.58.0312180947510.888@mnystrom-lap>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Magnus,
My default assumption is that if you define a statementId and an
assoicated statementInfo, the statementInfo must be present for that
statementId unless otherwise documented in the definition of the
statementId. The text you cite below allows me to create a statementId
and either define the statementInfo as absent or optional.
jim
> -----Original Message-----
> From: Nystrom, Magnus [mailto:mnystrom@rsasecurity.com]
> Sent: Thursday, December 18, 2003 12:51 AM
> To: jimsch@exmsft.com
> Cc: ietf-pkix@imc.org; 'Stefan Santesson'
> Subject: RE: Last Call: Qualified Certificates
>
>
> Jim,
>
> The QCStatement.statementInfo component is optional for any
> and all statements. It is not specific for qcStatement-1, it
> is governed by the Type definition for QCStatement. Quoting
> from the text describing the QCStatement type: "Each
> statement SHALL include an object identifier for the
> statement and MAY also include optional qualifying data
> contained in the statementInfo parameter." Adding a special
> statement for qcStatement-1 would be confusing, IMO.
>
> -- Magnus
>
> On Thu, 18 Dec 2003, Jim Schaad wrote:
>
> > Magnus,
> >
> > This being the case, please add a textual statement that for
> > qcStatement-1, the parameters SemanticsInformation is optional.
> >
> > jim
> >
> > > -----Original Message-----
> > > From: Nystrom, Magnus [mailto:mnystrom@rsasecurity.com]
> > > Sent: Thursday, December 18, 2003 12:33 AM
> > > To: jimsch@exmsft.com
> > > Cc: ietf-pkix@imc.org; 'Stefan Santesson'
> > > Subject: RE: Last Call: Qualified Certificates
> > >
> > > Jim,
> > >
> > > Please find my reply below.
> > >
> > > On Wed, 17 Dec 2003, Jim Schaad wrote:
> > >
> > > > Magnus,
> > > >
> > > > Only one issue left....
> > > >
> > > > > -----Original Message-----
> > > > > From: owner-ietf-pkix@mail.imc.org
> > > > > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Nystrom,
> > > > > Magnus
> > > > >
> > > > > Jim,
> > > > >
> > > > > Thanks for continuing the discussion... Some replies below.
> > > > >
> > > > > On Wed, 17 Dec 2003, Jim Schaad wrote:
> > > > >
> > > > > > > -----Original Message-----
> > > > > > >
> > > > > > > Thanks for your review. I'll respond to a few of your
> > > comments
> > > > > > > here.
> > > > > > > > 10. Sectin 3.2.5.1 - I have decided to put the
> predefined
> > > > > > > > statement into my QC. After reading this document I
> > > > > > > > understand that what I want stearts as follows:
> > > > > > > >
> > > > > > > > EXTENSION { id-pe-qcStatements,
> > > > > > > > {
> id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
> > > > > > > > In this case I don't have asemanticsIdentifier
> > > created by the
> > > > > > > > document, so I must be incoluding the
> > > > > > > > NameRegistrationAuthorities otion. However I
> don't know
> > > > > > > > if what goes here is the pkix working group
> name or some
> > > > > > > > other value.
> > > > > > >
> > > > > > > I am not sure I understand your question Jim, but
> > > values for the
> > > > > > > nameRegistrationAuthorities component has nothing
> to do with
> > > > > > > PKIX. It is the OID for the authority responsible for the
> > > > > > > subject's name (or attributes of the subject's
> name) as it
> > > > > > > appears in the certificate. I thought this was clear from
> > > > > > > 3.2.5.1? Likewise for the semanticsIdentifier option
> > > - it is to
> > > > > > > be specified by/for that authority.
> > > > > >
> > > > > > LET ME QUOTE:
> > > > > >
> > > > > > -- This statement identifies conformance with syntax and
> > > > > > -- semantics defined in this Qualified
> Certificate profile
> > > > > > -- (Version 1). The SemanticsInformation may
> > > optionally contain
> > > > > > -- additional semantics information as specified.
> > > > > >
> > > > > > As I read this statement there should be an OID that
> > > > > > identifies this DOCUMENT as a name registration authority.
> > > > >
> > > > > No, that was not the intent - this document should
> not be a name
> > > > > registration authority.
> > > > >
> > > > > Note the syntax: A QCStatement is a SEQUENCE of a statementID
> > > > > component (an OID) and an optional statementInfo. For
> the object
> > > > > qcStatement-1, the statementInfo component is a value of type
> > > > > SemanticsInformation. The semantics of qcStatement-1
> is that the
> > > > > certificate has been issued in conformance with syntax
> > > and semantics
> > > > > identified in this document. In the case of
> qcStatement-1, the
> > > > > statementInfo component (which is of type
> > > SemanticsInformation) "MAY
> > > > > contain a semantics identifier and MAY identify one
> or more name
> > > > > registration authorities." ("MAY" since the components are
> > > > > optional).
> > > > >
> > > > > As stated in the document, the semanticsIdentifier
> component of
> > > > > a SemanticsInformation value contains an OID which defines
> > > semantics
> > > > > for certain attributes and names in basic certificate fields,
> > > > > and the nameRegistrationAuthorities component contains the
> > > name of one
> > > > > or more authorities responsible for the registration of
> > > attributes
> > > > > or names associated with the subject and the
> association between
> > > > > such an authority and present attributes MAY be defined by a
> > > > > semanticsIdentifier OID.
> > > > >
> > > > > > If I use the fields defined by this document and use
> > > the defined
> > > > > > OID in this document, then I need to be able to
> > > correction encode
> > > > > > this extension in my certificate without reference to
> > > an external
> > > > > > naming authority. If this is not the case then there is
> > > > > > absolutely no reason to have section 3.1 or 3.2.1,
> > > 3.2.2, 3.2.3 or
> > > > > > 3.2.4 as they are defining how these fields should be used.
> > > > > >
> > > > > > I need a way to refer to this document as either the
> > > > > > semanticsIdentifier or the nameRegistrationAuthority.
> > > > >
> > > > > As I see it, you shouldn't. The statementInfo component
> > > is optional.
> > > > > If all you want to say is that you're conformant with
> syntax and
> > > > > semantics of this document then you set the statementID to
> > > > > id-qcs-pkixQCSyntax-v1 and leave out the statementInfo
> > > component. If
> > > > > there is some well-known OID that defines semantics
> for a set of
> > > > > attributes and/or names used then include the statementInfo
> > > > > component, and set the semanticsIdentifier component. If you
> > > > > just want to name a registration authority then include the
> > > statementInfo
> > > > > component and set its nameRegistrationAuthority component. If
> > > > > you want to associate a name a registration authority with
> > > > > semantics for certain attributes then set both
> components of the
> > > > > SemanticsInformation.
> > > > >
> > > > > I have tried to capture our thinking above, but I may have
> > > > > missed something as we wrote this almost four years
> ago. Stefan,
> > > feel free
> > > > > to correct me if I got something wring.
> > > > >
> > > > > Did this help at all, Jim?
> > > >
> > > > This does and does not help. I can now understand how you
> > > think that
> > > > I should be encoding this extension. However in reviewing the
> > > > document I do not see any statements about the fact that
> > > the presence
> > > > of QCStatements being optional. This needs to be
> clarified in the
> > > > document.
> > >
> > > I think there is some confusion here. QCStatements is not
> optional.
> > > But each QCStatement has the syntax
> > >
> > > QCStatement ::= SEQUENCE {
> > > statementId QC-STATEMENT.&Id({SupportedStatements}),
> > > statementInfo QC-STATEMENT.&Type
> > > ({SupportedStatements}{@statementId}) OPTIONAL }
> > >
> > > (or in older syntax:
> > >
> > > QCStatement ::= SEQUENCE {
> > > statementId OBJECT IDENTIFIER,
> > > statementInfo ANY DEFINED BY statementId OPTIONAL}
> > > )
> > >
> > > I.e. the statementInfo component of each QCStatement value is
> > > OPTIONAL. So, if you use this extension, you can have a
> QCStatement
> > > with the statementId value set to the statement OID
> defined in the
> > > document, but you don't need to have a statementInfo component
> > > present.
> > >
> > > > The document does require that either statementInfo or
> > > statementId be
> > > > present within the QCStatement object however.
> > >
> > > (QCStatement is a type, not an object)
> > >
> > > No, it requires that either the semanticsIdentifier or the
> > > nameRegistrationAuthorities components (or both) be present in a
> > > value of type SemanticsInformation which is the syntax for the
> > > qcStatement-1 object. This should not be confused with the
> > > QCStatement type. If the statementId component of a QCStatement
> > > value has the value id-qcs-pkixQCSyntax-v1 then the statementInfo
> > > component is still optional, but if present it must have
> the syntax
> > > SemanticsInformation for which it holds that at least one of its
> > > components must be present.
> > >
> > > > Thus if QCStatements is not OPTIONAL (my reading of your above
> > > > statement) then a statement as to how to encode as using the
> > > > "conformance and semantics defined in this document" needs
> > > to be made.
> > >
> > > QCStatements is not OPTIONAL, but you don't need to populate
> > > individual QCStatement's statementInfo components, as described
> > > above.
> > >
> > > -- Magnus
> > >
> >
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBIKVAib034930 for <ietf-pkix-bks@above.proper.com>; Thu, 18 Dec 2003 12:31:10 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBIKVAbh034929 for ietf-pkix-bks; Thu, 18 Dec 2003 12:31:10 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBIKV9ib034923 for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 12:31:10 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA15222; Thu, 18 Dec 2003 15:31:04 -0500 (EST)
Message-Id: <200312182031.PAA15222@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-sha244-02.txt
Date: Thu, 18 Dec 2003 15:31:04 -0500
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : A 224-bit One-way Hash Function: SHA-224
Author(s) : R. Housley
Filename : draft-ietf-pkix-sha244-02.txt
Pages : 6
Date : 2003-12-18
This document specifies a 224-bit one-way hash function, called
SHA-224. A SHA-224 is based on SHA-256, but it uses an different
initial value and the result is truncated to 224 bits.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-sha244-02.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-pkix-sha244-02.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-pkix-sha244-02.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <2003-12-18142842.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-sha244-02.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-pkix-sha244-02.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <2003-12-18142842.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBIJnEib031949 for <ietf-pkix-bks@above.proper.com>; Thu, 18 Dec 2003 11:49:14 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBIJnEvQ031948 for ietf-pkix-bks; Thu, 18 Dec 2003 11:49:14 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from razorbill.mail.pas.earthlink.net (razorbill.mail.pas.earthlink.net [207.217.121.248]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBIJnEib031943 for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 11:49:14 -0800 (PST) (envelope-from hoytkesterson@earthlink.net)
Received: from vdsl-130-13-127-251.phnx.uswest.net ([130.13.127.251] helo=[192.168.2.7]) by razorbill.mail.pas.earthlink.net with asmtp (Exim 3.33 #1) id 1AX495-0005qn-00; Thu, 18 Dec 2003 11:49:15 -0800
Mime-Version: 1.0
X-Sender: hoytkesterson@earthlink.net@pop.earthlink.net
Message-Id: <a0601021ebc07ae7b7195@[192.168.2.7]>
In-Reply-To: <200312181657.hBIGv6r12714@chandon.edelweb.fr>
References: <200312181657.hBIGv6r12714@chandon.edelweb.fr>
Date: Thu, 18 Dec 2003 12:48:14 -0700
To: ietf-pkix@imc.org
From: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net>
Subject: Re: non repudiation
Cc: win-pca@pca.dfn.de
Content-Type: text/html; charset="us-ascii"
X-ELNK-Trace: 59f3edefb26af0321a6f9084d36cbc6474bf435c0eb9d478acf18c6dc3878fd991f4c20b2e9b4f1375b89bcadad4eb3b350badd9bab72f9c350badd9bab72f9c
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></style><title>Re: non repudiation</title></head><body>
<div>please note that the DTC states that the original identifier is
not considered invalid but is deprecated. so if the name is an issue,
it is not an error to change it in the modules used to define your
product.</div>
<div><br></div>
<div>i tried to come up with a way to assign different identifiers to
the same list but that seems not to be possible. if someone
comes up with a way to do it, i am more than willing to amend the DTC.
i had intended to post the DTCs a little later to avoid responding to
comments until after the holidays but it looks like that also is not
possible.i'll post several new items today</div>
<div><br></div>
<div>as for changing the name of the bit, much discussion, ballot
comment, and negotiation. this action was not taken lightly. if you
want to see some of the reasons, look at the us ballot comments
in<font face="Lucida Grande" size="-4" color="#000000">
ftp://ftp.bull.com/pub/OSIdirectory/Geneva2003Input/N12408SoVDTC6X509<span
></span>(4th).pdf</font></div>
<div><br></div>
<div>the ballot close date for the DTC is 12 march 2004. potential
ballot comments should go to your national representative. please
forgive me if i am not immediately responsive to comments and
questions until after the next week. i lost a lot of thanksgiving to
preparing this and other documents and i don't intend to lose
christmas</div>
<div><br></div>
<div> hoyt</div>
<div><br></div>
<div><br></div>
<div>At 17:57 +0100 12/18/03, Peter Sylvester wrote:</div>
<blockquote type="cite" cite>There is currently a new proposal to
change again the<br>
meaning of the key usage bit for non repudiation:<br>
<br>
<br>
http://www.pki-page.info/download/N12599.doc<br>
<br>
<br>
My opinion is that changing the name of a bit may<br>
create harm in ASN1 compiler generated structures<br>
used in all kinds of application, examples are<br>
CA software that uses the documented name of bit<br>
may/must be changed to support or not the new<br>
name. if the software is simply compiled with a new<br>
asn1 definition, this may have impacts to<br>
all kinds of scripts, profile definitions etc.<br>
<br>
The text itself says that whether or not the bit<br>
is named in the old or new way, the semantics<br>
is as defined in the proposal, in other words,<br>
why changing at all the name of a bit.<br>
<br>
Having that this does not mean that I have any<br>
particular comment concerning the semantics<br>
of that bit.<br>
<br>
<br>
<br>
Peter</blockquote>
<div><br></div>
</body>
</html>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBIGvHib024106 for <ietf-pkix-bks@above.proper.com>; Thu, 18 Dec 2003 08:57:17 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBIGvH3D024105 for ietf-pkix-bks; Thu, 18 Dec 2003 08:57:17 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBIGvEib024099 for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 08:57:15 -0800 (PST) (envelope-from Peter.Sylvester@EdelWeb.fr)
Received: from chandon.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id RAA02676; Thu, 18 Dec 2003 17:57:08 +0100 (MET)
Received: from chandon.edelweb.fr (chandon.edelweb.fr [193.51.14.162]) by edelweb.fr (nospam/1.7); Thu, 18 Dec 2003 17:57:08 +0100 (MET)
Received: (from peter@localhost) by chandon.edelweb.fr (8.11.7p1+Sun/8.11.7) id hBIGv6r12714; Thu, 18 Dec 2003 17:57:06 +0100 (MET)
Date: Thu, 18 Dec 2003 17:57:06 +0100 (MET)
From: Peter Sylvester <Peter.Sylvester@EdelWeb.fr>
Message-Id: <200312181657.hBIGv6r12714@chandon.edelweb.fr>
To: ietf-pkix@imc.org
Subject: non repudiation
Cc: win-pca@pca.dfn.de
X-Sun-Charset: US-ASCII
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
There is currently a new proposal to change again the
meaning of the key usage bit for non repudiation:
http://www.pki-page.info/download/N12599.doc
My opinion is that changing the name of a bit may
create harm in ASN1 compiler generated structures
used in all kinds of application, examples are
CA software that uses the documented name of bit
may/must be changed to support or not the new
name. if the software is simply compiled with a new
asn1 definition, this may have impacts to
all kinds of scripts, profile definitions etc.
The text itself says that whether or not the bit
is named in the old or new way, the semantics
is as defined in the proposal, in other words,
why changing at all the name of a bit.
Having that this does not mean that I have any
particular comment concerning the semantics
of that bit.
Peter
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBIE6Zib015280 for <ietf-pkix-bks@above.proper.com>; Thu, 18 Dec 2003 06:06:35 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBIE6ZoS015279 for ietf-pkix-bks; Thu, 18 Dec 2003 06:06:35 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id hBIE6Xib015274 for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 06:06:34 -0800 (PST) (envelope-from housley@vigilsec.com)
Received: (qmail 24744 invoked by uid 0); 18 Dec 2003 14:06:30 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (141.156.214.231) by woodstock.binhost.com with SMTP; 18 Dec 2003 14:06:30 -0000
Message-Id: <5.2.0.9.2.20031218085815.03bd53b8@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Thu, 18 Dec 2003 08:59:33 -0500
To: "Manger, James H" <James.H.Manger@team.telstra.com>, <ietf-pkix@imc.org>
From: Russ Housley <housley@vigilsec.com>
Subject: RE: WG Last Call: Additional Algorithms for RSA cryptography
In-Reply-To: <73388857A695D31197EF00508B08F29806EE19C5@ntmsg0131.corpmai l.telstra.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
James:
As you know, I generated an ASN.1 module as you suggest. My co-authors
have not accepted (or rejected) it yet.
I would prefer to stick to the same ASN.1 documents that are referenced by
the rest of the PKIX documents.
Russ
At 12:29 PM 12/18/2003 +1000, Manger, James H wrote:
>Are the ASN.1 values going to be reformatted (to include field names)?
>Is the reference to a withdrawn ASN.1 standard going to be changed?
>
>
>----------
>From: wpolk@nist.gov [mailto:wpolk@nist.gov]
>Sent: Wednesday, 17 December 2003 6:31 AM
>Subject: WG Last Call: Additional Algorithms for RSA cryptography
>
>This message initiates working group Last Call for "Additional Algorithms and
>Identifiers for RSA Cryptography". As a reminder, here is the Abstract:
>
> This document supplements RFC 3279. It describes the conventions
> for using the RSASSA-PSS signature algorithm, the RSAES-OAEP key
> transport algorithm and additional one-way hash functions with the
> PKCS #1 version 1.5 signature algorithm in the Internet X.509 Public
> Key Infrastructure (PKI). Encoding formats, algorithm identifiers,
> and parameter formats are specified.
>
>This is a three week Last Call. That means it will close sometime on or
>after
>January 9, 2004. The schedule has been padded with an additional week in
>light of the holidays.
>
>** Do not count on any further extension to Last Call!!! **
>
>I intend to close Last Call promptly on January 9, since an S/MIME WG
>document
>is blocked on this document.
>
>The URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
>
>
>
>
>
>----------
>From: Steven Legg [mailto:steven.legg@adacel.com.au]
>Sent: Thursday, 4 December 2003 3:04 PM
>
> > The changes you are claming as non-compliant are not required for the
> 1988 version.
>
>But they're not disallowed either. Why use a notation from 1988 which is
>deprecated by later editions of ASN.1 when there is alternative notation
>that is valid in 1988 and all later editions of ASN.1. ?
>
>----------
>From: Phillip H. Griffin [mailto:phil.griffin@asn-1.com]
>Sent: Friday, 5 December 2003 12:26 AM
>
>X.208 and X.209 are no longer merely deprecated. They have been withdrawn
>as international standards since last year.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI8phib076670 for <ietf-pkix-bks@above.proper.com>; Thu, 18 Dec 2003 00:51:43 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBI8pgN0076669 for ietf-pkix-bks; Thu, 18 Dec 2003 00:51:42 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI8pfib076656 for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 00:51:41 -0800 (PST) (envelope-from mnystrom@rsasecurity.com)
Received: from ebola.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with ESMTP; Thu, 18 Dec 2003 03:51:41 -0500
Received: from sdtihq24.securid.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id hBI8pW1i005177; Thu, 18 Dec 2003 03:51:33 -0500 (EST)
Received: from exrsa01.rsa.com (exrsa01.rsa.com [10.81.217.7]) by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id hBI8pd8F022352; Thu, 18 Dec 2003 03:51:39 -0500 (EST)
Received: by exrsa01.rsa.com with Internet Mail Service (5.5.2657.72) id <W4Q4973S>; Thu, 18 Dec 2003 00:51:39 -0800
Received: from mnystrom-lap (mpilcher-lap.na.rsa.net [10.3.9.2]) by exrsa01.rsa.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id W4Q4973R; Thu, 18 Dec 2003 00:51:36 -0800
From: "Nystrom, Magnus" <mnystrom@rsasecurity.com>
Reply-To: "Nystrom, Magnus" <magnus@rsasecurity.com>
To: jimsch@exmsft.com
Cc: ietf-pkix@imc.org, "'Stefan Santesson'" <stefans@microsoft.com>
Date: Thu, 18 Dec 2003 09:51:10 +0100 (W. Europe Standard Time)
Subject: RE: Last Call: Qualified Certificates
In-Reply-To: <006401c3c543$a469be60$1400a8c0@augustcellars.local>
Message-ID: <Pine.WNT.4.58.0312180947510.888@mnystrom-lap>
References: <006401c3c543$a469be60$1400a8c0@augustcellars.local>
X-X-Sender: mnystrom@exrsa01.rsa.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Jim,
The QCStatement.statementInfo component is optional for any and all
statements. It is not specific for qcStatement-1, it is governed by the
Type definition for QCStatement. Quoting from the text describing the
QCStatement type: "Each statement SHALL include an object identifier for
the statement and MAY also include optional qualifying data contained in
the statementInfo parameter." Adding a special statement for qcStatement-1
would be confusing, IMO.
-- Magnus
On Thu, 18 Dec 2003, Jim Schaad wrote:
> Magnus,
>
> This being the case, please add a textual statement that for
> qcStatement-1, the parameters SemanticsInformation is optional.
>
> jim
>
> > -----Original Message-----
> > From: Nystrom, Magnus [mailto:mnystrom@rsasecurity.com]
> > Sent: Thursday, December 18, 2003 12:33 AM
> > To: jimsch@exmsft.com
> > Cc: ietf-pkix@imc.org; 'Stefan Santesson'
> > Subject: RE: Last Call: Qualified Certificates
> >
> > Jim,
> >
> > Please find my reply below.
> >
> > On Wed, 17 Dec 2003, Jim Schaad wrote:
> >
> > > Magnus,
> > >
> > > Only one issue left....
> > >
> > > > -----Original Message-----
> > > > From: owner-ietf-pkix@mail.imc.org
> > > > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Nystrom, Magnus
> > > >
> > > > Jim,
> > > >
> > > > Thanks for continuing the discussion... Some replies below.
> > > >
> > > > On Wed, 17 Dec 2003, Jim Schaad wrote:
> > > >
> > > > > > -----Original Message-----
> > > > > >
> > > > > > Thanks for your review. I'll respond to a few of your
> > comments
> > > > > > here.
> > > > > > > 10. Sectin 3.2.5.1 - I have decided to put the predefined
> > > > > > > statement into my QC. After reading this document I
> > > > > > > understand that what I want stearts as follows:
> > > > > > >
> > > > > > > EXTENSION { id-pe-qcStatements,
> > > > > > > { id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
> > > > > > > In this case I don't have asemanticsIdentifier
> > created by the
> > > > > > > document, so I must be incoluding the
> > > > > > > NameRegistrationAuthorities otion. However I don't know if
> > > > > > > what goes here is the pkix working group name or some other
> > > > > > > value.
> > > > > >
> > > > > > I am not sure I understand your question Jim, but
> > values for the
> > > > > > nameRegistrationAuthorities component has nothing to do with
> > > > > > PKIX. It is the OID for the authority responsible for the
> > > > > > subject's name (or attributes of the subject's name) as it
> > > > > > appears in the certificate. I thought this was clear from
> > > > > > 3.2.5.1? Likewise for the semanticsIdentifier option
> > - it is to
> > > > > > be specified by/for that authority.
> > > > >
> > > > > LET ME QUOTE:
> > > > >
> > > > > -- This statement identifies conformance with syntax and
> > > > > -- semantics defined in this Qualified Certificate profile
> > > > > -- (Version 1). The SemanticsInformation may
> > optionally contain
> > > > > -- additional semantics information as specified.
> > > > >
> > > > > As I read this statement there should be an OID that identifies
> > > > > this DOCUMENT as a name registration authority.
> > > >
> > > > No, that was not the intent - this document should not be a name
> > > > registration authority.
> > > >
> > > > Note the syntax: A QCStatement is a SEQUENCE of a statementID
> > > > component (an OID) and an optional statementInfo. For the object
> > > > qcStatement-1, the statementInfo component is a value of type
> > > > SemanticsInformation. The semantics of qcStatement-1 is that the
> > > > certificate has been issued in conformance with syntax
> > and semantics
> > > > identified in this document. In the case of qcStatement-1, the
> > > > statementInfo component (which is of type
> > SemanticsInformation) "MAY
> > > > contain a semantics identifier and MAY identify one or more name
> > > > registration authorities." ("MAY" since the components are
> > > > optional).
> > > >
> > > > As stated in the document, the semanticsIdentifier component of a
> > > > SemanticsInformation value contains an OID which defines
> > semantics
> > > > for certain attributes and names in basic certificate fields, and
> > > > the nameRegistrationAuthorities component contains the
> > name of one
> > > > or more authorities responsible for the registration of
> > attributes
> > > > or names associated with the subject and the association between
> > > > such an authority and present attributes MAY be defined by a
> > > > semanticsIdentifier OID.
> > > >
> > > > > If I use the fields defined by this document and use
> > the defined
> > > > > OID in this document, then I need to be able to
> > correction encode
> > > > > this extension in my certificate without reference to
> > an external
> > > > > naming authority. If this is not the case then there is
> > > > > absolutely no reason to have section 3.1 or 3.2.1,
> > 3.2.2, 3.2.3 or
> > > > > 3.2.4 as they are defining how these fields should be used.
> > > > >
> > > > > I need a way to refer to this document as either the
> > > > > semanticsIdentifier or the nameRegistrationAuthority.
> > > >
> > > > As I see it, you shouldn't. The statementInfo component
> > is optional.
> > > > If all you want to say is that you're conformant with syntax and
> > > > semantics of this document then you set the statementID to
> > > > id-qcs-pkixQCSyntax-v1 and leave out the statementInfo
> > component. If
> > > > there is some well-known OID that defines semantics for a set of
> > > > attributes and/or names used then include the statementInfo
> > > > component, and set the semanticsIdentifier component. If you just
> > > > want to name a registration authority then include the
> > statementInfo
> > > > component and set its nameRegistrationAuthority component. If
> > > > you want to associate a name a registration authority with
> > > > semantics for certain attributes then set both components of
> > > > the SemanticsInformation.
> > > >
> > > > I have tried to capture our thinking above, but I may have missed
> > > > something as we wrote this almost four years ago. Stefan,
> > feel free
> > > > to correct me if I got something wring.
> > > >
> > > > Did this help at all, Jim?
> > >
> > > This does and does not help. I can now understand how you
> > think that
> > > I should be encoding this extension. However in reviewing the
> > > document I do not see any statements about the fact that
> > the presence
> > > of QCStatements being optional. This needs to be clarified in the
> > > document.
> >
> > I think there is some confusion here. QCStatements is not
> > optional. But each QCStatement has the syntax
> >
> > QCStatement ::= SEQUENCE {
> > statementId QC-STATEMENT.&Id({SupportedStatements}),
> > statementInfo QC-STATEMENT.&Type
> > ({SupportedStatements}{@statementId}) OPTIONAL }
> >
> > (or in older syntax:
> >
> > QCStatement ::= SEQUENCE {
> > statementId OBJECT IDENTIFIER,
> > statementInfo ANY DEFINED BY statementId OPTIONAL}
> > )
> >
> > I.e. the statementInfo component of each QCStatement value is
> > OPTIONAL. So, if you use this extension, you can have a
> > QCStatement with the statementId value set to the statement
> > OID defined in the document, but you don't need to have a
> > statementInfo component present.
> >
> > > The document does require that either statementInfo or
> > statementId be
> > > present within the QCStatement object however.
> >
> > (QCStatement is a type, not an object)
> >
> > No, it requires that either the semanticsIdentifier or the
> > nameRegistrationAuthorities components (or both) be present
> > in a value of type SemanticsInformation which is the syntax
> > for the qcStatement-1 object. This should not be confused
> > with the QCStatement type. If the statementId component of a
> > QCStatement value has the value id-qcs-pkixQCSyntax-v1 then
> > the statementInfo component is still optional, but if present
> > it must have the syntax SemanticsInformation for which it
> > holds that at least one of its components must be present.
> >
> > > Thus if QCStatements is not OPTIONAL (my reading of your above
> > > statement) then a statement as to how to encode as using the
> > > "conformance and semantics defined in this document" needs
> > to be made.
> >
> > QCStatements is not OPTIONAL, but you don't need to populate
> > individual QCStatement's statementInfo components, as described above.
> >
> > -- Magnus
> >
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI8iaib074254 for <ietf-pkix-bks@above.proper.com>; Thu, 18 Dec 2003 00:44:36 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBI8iaWm074252 for ietf-pkix-bks; Thu, 18 Dec 2003 00:44:36 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI8iXib074224 for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 00:44:36 -0800 (PST) (envelope-from jimsch@nwlink.com)
Received: from ROMANS (ip237.132.dial-acs01.sea.iinet.com [209.20.132.237]) by smtp1.pacifier.net (Postfix) with ESMTP id C610B716AF; Thu, 18 Dec 2003 00:44:25 -0800 (PST)
Reply-To: <jimsch@exmsft.com>
From: "Jim Schaad" <jimsch@nwlink.com>
To: "'Nystrom, Magnus'" <magnus@rsasecurity.com>
Cc: <ietf-pkix@imc.org>, "'Stefan Santesson'" <stefans@microsoft.com>
Subject: RE: Last Call: Qualified Certificates
Date: Thu, 18 Dec 2003 00:47:59 -0800
Message-ID: <006401c3c543$a469be60$1400a8c0@augustcellars.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <Pine.WNT.4.58.0312180905300.888@mnystrom-lap>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Magnus,
This being the case, please add a textual statement that for
qcStatement-1, the parameters SemanticsInformation is optional.
jim
> -----Original Message-----
> From: Nystrom, Magnus [mailto:mnystrom@rsasecurity.com]
> Sent: Thursday, December 18, 2003 12:33 AM
> To: jimsch@exmsft.com
> Cc: ietf-pkix@imc.org; 'Stefan Santesson'
> Subject: RE: Last Call: Qualified Certificates
>
>
> Jim,
>
> Please find my reply below.
>
> On Wed, 17 Dec 2003, Jim Schaad wrote:
>
> > Magnus,
> >
> > Only one issue left....
> >
> > > -----Original Message-----
> > > From: owner-ietf-pkix@mail.imc.org
> > > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Nystrom, Magnus
> > >
> > > Jim,
> > >
> > > Thanks for continuing the discussion... Some replies below.
> > >
> > > On Wed, 17 Dec 2003, Jim Schaad wrote:
> > >
> > > > > -----Original Message-----
> > > > >
> > > > > Thanks for your review. I'll respond to a few of your
> comments
> > > > > here.
> > > > > > 10. Sectin 3.2.5.1 - I have decided to put the predefined
> > > > > > statement into my QC. After reading this document I
> > > > > > understand that what I want stearts as follows:
> > > > > >
> > > > > > EXTENSION { id-pe-qcStatements,
> > > > > > { id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
> > > > > > In this case I don't have asemanticsIdentifier
> created by the
> > > > > > document, so I must be incoluding the
> > > > > > NameRegistrationAuthorities otion. However I don't know if
> > > > > > what goes here is the pkix working group name or some other
> > > > > > value.
> > > > >
> > > > > I am not sure I understand your question Jim, but
> values for the
> > > > > nameRegistrationAuthorities component has nothing to do with
> > > > > PKIX. It is the OID for the authority responsible for the
> > > > > subject's name (or attributes of the subject's name) as it
> > > > > appears in the certificate. I thought this was clear from
> > > > > 3.2.5.1? Likewise for the semanticsIdentifier option
> - it is to
> > > > > be specified by/for that authority.
> > > >
> > > > LET ME QUOTE:
> > > >
> > > > -- This statement identifies conformance with syntax and
> > > > -- semantics defined in this Qualified Certificate profile
> > > > -- (Version 1). The SemanticsInformation may
> optionally contain
> > > > -- additional semantics information as specified.
> > > >
> > > > As I read this statement there should be an OID that identifies
> > > > this DOCUMENT as a name registration authority.
> > >
> > > No, that was not the intent - this document should not be a name
> > > registration authority.
> > >
> > > Note the syntax: A QCStatement is a SEQUENCE of a statementID
> > > component (an OID) and an optional statementInfo. For the object
> > > qcStatement-1, the statementInfo component is a value of type
> > > SemanticsInformation. The semantics of qcStatement-1 is that the
> > > certificate has been issued in conformance with syntax
> and semantics
> > > identified in this document. In the case of qcStatement-1, the
> > > statementInfo component (which is of type
> SemanticsInformation) "MAY
> > > contain a semantics identifier and MAY identify one or more name
> > > registration authorities." ("MAY" since the components are
> > > optional).
> > >
> > > As stated in the document, the semanticsIdentifier component of a
> > > SemanticsInformation value contains an OID which defines
> semantics
> > > for certain attributes and names in basic certificate fields, and
> > > the nameRegistrationAuthorities component contains the
> name of one
> > > or more authorities responsible for the registration of
> attributes
> > > or names associated with the subject and the association between
> > > such an authority and present attributes MAY be defined by a
> > > semanticsIdentifier OID.
> > >
> > > > If I use the fields defined by this document and use
> the defined
> > > > OID in this document, then I need to be able to
> correction encode
> > > > this extension in my certificate without reference to
> an external
> > > > naming authority. If this is not the case then there is
> > > > absolutely no reason to have section 3.1 or 3.2.1,
> 3.2.2, 3.2.3 or
> > > > 3.2.4 as they are defining how these fields should be used.
> > > >
> > > > I need a way to refer to this document as either the
> > > > semanticsIdentifier or the nameRegistrationAuthority.
> > >
> > > As I see it, you shouldn't. The statementInfo component
> is optional.
> > > If all you want to say is that you're conformant with syntax and
> > > semantics of this document then you set the statementID to
> > > id-qcs-pkixQCSyntax-v1 and leave out the statementInfo
> component. If
> > > there is some well-known OID that defines semantics for a set of
> > > attributes and/or names used then include the statementInfo
> > > component, and set the semanticsIdentifier component. If you just
> > > want to name a registration authority then include the
> statementInfo
> > > component and set its nameRegistrationAuthority component. If
> > > you want to associate a name a registration authority with
> > > semantics for certain attributes then set both components of
> > > the SemanticsInformation.
> > >
> > > I have tried to capture our thinking above, but I may have missed
> > > something as we wrote this almost four years ago. Stefan,
> feel free
> > > to correct me if I got something wring.
> > >
> > > Did this help at all, Jim?
> >
> > This does and does not help. I can now understand how you
> think that
> > I should be encoding this extension. However in reviewing the
> > document I do not see any statements about the fact that
> the presence
> > of QCStatements being optional. This needs to be clarified in the
> > document.
>
> I think there is some confusion here. QCStatements is not
> optional. But each QCStatement has the syntax
>
> QCStatement ::= SEQUENCE {
> statementId QC-STATEMENT.&Id({SupportedStatements}),
> statementInfo QC-STATEMENT.&Type
> ({SupportedStatements}{@statementId}) OPTIONAL }
>
> (or in older syntax:
>
> QCStatement ::= SEQUENCE {
> statementId OBJECT IDENTIFIER,
> statementInfo ANY DEFINED BY statementId OPTIONAL}
> )
>
> I.e. the statementInfo component of each QCStatement value is
> OPTIONAL. So, if you use this extension, you can have a
> QCStatement with the statementId value set to the statement
> OID defined in the document, but you don't need to have a
> statementInfo component present.
>
> > The document does require that either statementInfo or
> statementId be
> > present within the QCStatement object however.
>
> (QCStatement is a type, not an object)
>
> No, it requires that either the semanticsIdentifier or the
> nameRegistrationAuthorities components (or both) be present
> in a value of type SemanticsInformation which is the syntax
> for the qcStatement-1 object. This should not be confused
> with the QCStatement type. If the statementId component of a
> QCStatement value has the value id-qcs-pkixQCSyntax-v1 then
> the statementInfo component is still optional, but if present
> it must have the syntax SemanticsInformation for which it
> holds that at least one of its components must be present.
>
> > Thus if QCStatements is not OPTIONAL (my reading of your above
> > statement) then a statement as to how to encode as using the
> > "conformance and semantics defined in this document" needs
> to be made.
>
> QCStatements is not OPTIONAL, but you don't need to populate
> individual QCStatement's statementInfo components, as described above.
>
> -- Magnus
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI8XDib070516 for <ietf-pkix-bks@above.proper.com>; Thu, 18 Dec 2003 00:33:13 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBI8XDAj070514 for ietf-pkix-bks; Thu, 18 Dec 2003 00:33:13 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI8XBib070501 for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 00:33:11 -0800 (PST) (envelope-from mnystrom@rsasecurity.com)
Received: from ebola.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with ESMTP; Thu, 18 Dec 2003 03:33:11 -0500
Received: from sdtihq24.securid.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id hBI8X21i004074; Thu, 18 Dec 2003 03:33:02 -0500 (EST)
Received: from exrsa01.rsa.com (exrsa01.rsa.com [10.81.217.7]) by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id hBI8X98F021677; Thu, 18 Dec 2003 03:33:09 -0500 (EST)
Received: by exrsa01.rsa.com with Internet Mail Service (5.5.2657.72) id <W4Q497NS>; Thu, 18 Dec 2003 00:33:09 -0800
Received: from MNYSTROM-LAP ([10.3.9.2]) by exrsa01.rsa.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id W4Q497NR; Thu, 18 Dec 2003 00:33:02 -0800
From: "Nystrom, Magnus" <mnystrom@rsasecurity.com>
Reply-To: "Nystrom, Magnus" <magnus@rsasecurity.com>
To: jimsch@exmsft.com
Cc: ietf-pkix@imc.org, "'Stefan Santesson'" <stefans@microsoft.com>
Date: Thu, 18 Dec 2003 09:32:37 +0100 (W. Europe Standard Time)
Subject: RE: Last Call: Qualified Certificates
In-Reply-To: <005601c3c51d$d9dcb730$1400a8c0@augustcellars.local>
Message-ID: <Pine.WNT.4.58.0312180905300.888@mnystrom-lap>
References: <005601c3c51d$d9dcb730$1400a8c0@augustcellars.local>
X-X-Sender: mnystrom@exrsa01.rsa.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Jim,
Please find my reply below.
On Wed, 17 Dec 2003, Jim Schaad wrote:
> Magnus,
>
> Only one issue left....
>
> > -----Original Message-----
> > From: owner-ietf-pkix@mail.imc.org
> > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Nystrom, Magnus
> >
> > Jim,
> >
> > Thanks for continuing the discussion... Some replies below.
> >
> > On Wed, 17 Dec 2003, Jim Schaad wrote:
> >
> > > > -----Original Message-----
> > > >
> > > > Thanks for your review. I'll respond to a few of your comments
> > > > here.
> > > > > 10. Sectin 3.2.5.1 - I have decided to put the predefined
> > > > > statement into my QC. After reading this document I understand
> > > > > that what I want stearts as follows:
> > > > >
> > > > > EXTENSION { id-pe-qcStatements,
> > > > > { id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
> > > > > In this case I don't have asemanticsIdentifier created by the
> > > > > document, so I must be incoluding the
> > > > > NameRegistrationAuthorities otion. However I don't know if what
> > > > > goes here is the pkix working group name or some other value.
> > > >
> > > > I am not sure I understand your question Jim, but values for the
> > > > nameRegistrationAuthorities component has nothing to do with PKIX.
> > > > It is the OID for the authority responsible for the subject's name
> > > > (or attributes of the subject's name) as it appears in the
> > > > certificate. I thought this was clear from 3.2.5.1? Likewise for
> > > > the semanticsIdentifier option - it is to be specified by/for that
> > > > authority.
> > >
> > > LET ME QUOTE:
> > >
> > > -- This statement identifies conformance with syntax and
> > > -- semantics defined in this Qualified Certificate profile
> > > -- (Version 1). The SemanticsInformation may optionally contain
> > > -- additional semantics information as specified.
> > >
> > > As I read this statement there should be an OID that identifies this
> > > DOCUMENT as a name registration authority.
> >
> > No, that was not the intent - this document should not be a name
> > registration authority.
> >
> > Note the syntax: A QCStatement is a SEQUENCE of a statementID
> > component (an OID) and an optional statementInfo. For the object
> > qcStatement-1, the statementInfo component is a value of type
> > SemanticsInformation. The semantics of qcStatement-1 is that the
> > certificate has been issued in conformance with syntax and semantics
> > identified in this document. In the case of qcStatement-1, the
> > statementInfo component (which is of type SemanticsInformation) "MAY
> > contain a semantics identifier and MAY identify one or more name
> > registration authorities." ("MAY" since the components are optional).
> >
> > As stated in the document, the semanticsIdentifier component of a
> > SemanticsInformation value contains an OID which defines semantics for
> > certain attributes and names in basic certificate fields, and the
> > nameRegistrationAuthorities component contains the name of one or more
> > authorities responsible for the registration of attributes or names
> > associated with the subject and the association between such an
> > authority and present attributes MAY be defined by a
> > semanticsIdentifier OID.
> >
> > > If I use the fields defined by this document and use the defined OID
> > > in this document, then I need to be able to correction encode this
> > > extension in my certificate without reference to an external naming
> > > authority. If this is not the case then there is absolutely no
> > > reason to have section 3.1 or 3.2.1, 3.2.2, 3.2.3 or 3.2.4 as they
> > > are defining how these fields should be used.
> > >
> > > I need a way to refer to this document as either the
> > > semanticsIdentifier or the nameRegistrationAuthority.
> >
> > As I see it, you shouldn't. The statementInfo component is
> > optional. If all you want to say is that you're conformant
> > with syntax and semantics of this document then you set the
> > statementID to id-qcs-pkixQCSyntax-v1 and leave out the
> > statementInfo component. If there is some well-known OID that
> > defines semantics for a set of attributes and/or names used
> > then include the statementInfo component, and set the
> > semanticsIdentifier component. If you just want to name a
> > registration authority then include the statementInfo
> > component and set its nameRegistrationAuthority component. If
> > you want to associate a name a registration authority with
> > semantics for certain attributes then set both components of
> > the SemanticsInformation.
> >
> > I have tried to capture our thinking above, but I may have
> > missed something as we wrote this almost four years ago.
> > Stefan, feel free to correct me if I got something wring.
> >
> > Did this help at all, Jim?
>
> This does and does not help. I can now understand how you think that I
> should be encoding this extension. However in reviewing the document I
> do not see any statements about the fact that the presence of
> QCStatements being optional. This needs to be clarified in the
> document.
I think there is some confusion here. QCStatements is not optional. But
each QCStatement has the syntax
QCStatement ::= SEQUENCE {
statementId QC-STATEMENT.&Id({SupportedStatements}),
statementInfo QC-STATEMENT.&Type
({SupportedStatements}{@statementId}) OPTIONAL }
(or in older syntax:
QCStatement ::= SEQUENCE {
statementId OBJECT IDENTIFIER,
statementInfo ANY DEFINED BY statementId OPTIONAL}
)
I.e. the statementInfo component of each QCStatement value is OPTIONAL.
So, if you use this extension, you can have a QCStatement with the
statementId value set to the statement OID defined in the document, but
you don't need to have a statementInfo component present.
> The document does require that either statementInfo or statementId be
> present within the QCStatement object however.
(QCStatement is a type, not an object)
No, it requires that either the semanticsIdentifier or the
nameRegistrationAuthorities components (or both) be present in a value of
type SemanticsInformation which is the syntax for the qcStatement-1
object. This should not be confused with the QCStatement type. If the
statementId component of a QCStatement value has the value
id-qcs-pkixQCSyntax-v1 then the statementInfo component is still optional,
but if present it must have the syntax SemanticsInformation for which it
holds that at least one of its components must be present.
> Thus if QCStatements is not OPTIONAL (my reading of your above
> statement) then a statement as to how to encode as using the
> "conformance and semantics defined in this document" needs to be made.
QCStatements is not OPTIONAL, but you don't need to populate individual
QCStatement's statementInfo components, as described above.
-- Magnus
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI4Dsib011735 for <ietf-pkix-bks@above.proper.com>; Wed, 17 Dec 2003 20:13:54 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBI4Ds2e011734 for ietf-pkix-bks; Wed, 17 Dec 2003 20:13:54 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.173]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI4Drib011729 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 20:13:53 -0800 (PST) (envelope-from jimsch@nwlink.com)
Received: from ROMANS (ip237.132.dial-acs01.sea.iinet.com [209.20.132.237]) by smtp3.pacifier.net (Postfix) with ESMTP id F3EFD6D9C1; Wed, 17 Dec 2003 20:13:54 -0800 (PST)
Reply-To: <jimsch@exmsft.com>
From: "Jim Schaad" <jimsch@nwlink.com>
To: "'Nystrom, Magnus'" <magnus@rsasecurity.com>
Cc: <ietf-pkix@imc.org>, "'Stefan Santesson'" <stefans@microsoft.com>
Subject: RE: Last Call: Qualified Certificates
Date: Wed, 17 Dec 2003 20:17:28 -0800
Message-ID: <005601c3c51d$d9dcb730$1400a8c0@augustcellars.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <Pine.WNT.4.58.0312172217550.1484@mnystrom-lap>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Magnus,
Only one issue left....
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Nystrom, Magnus
>
> Jim,
>
> Thanks for continuing the discussion... Some replies below.
>
> On Wed, 17 Dec 2003, Jim Schaad wrote:
>
> > > -----Original Message-----
> > >
> > > Thanks for your review. I'll respond to a few of your
> comments here.
> > > > 10. Sectin 3.2.5.1 - I have decided to put the predefined
> > > > statement into my QC. After reading this document I understand
> > > > that what I want stearts as follows:
> > > >
> > > > EXTENSION { id-pe-qcStatements,
> > > > { id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
> > > > In this case I don't have asemanticsIdentifier created by the
> > > > document, so I must be incoluding the
> NameRegistrationAuthorities
> > > > otion. However I don't know if what goes here is the
> pkix working
> > > > group name or some other value.
> > >
> > > I am not sure I understand your question Jim, but values for the
> > > nameRegistrationAuthorities component has nothing to do
> with PKIX.
> > > It is the OID for the authority responsible for the
> subject's name
> > > (or attributes of the subject's name) as it appears in the
> > > certificate. I thought this was clear from 3.2.5.1? Likewise for
> > > the semanticsIdentifier option - it is to be specified
> by/for that
> > > authority.
> >
> > LET ME QUOTE:
> >
> > -- This statement identifies conformance with syntax and
> > -- semantics defined in this Qualified Certificate profile
> > -- (Version 1). The SemanticsInformation may optionally contain
> > -- additional semantics information as specified.
> >
> > As I read this statement there should be an OID that
> identifies this
> > DOCUMENT as a name registration authority.
>
> No, that was not the intent - this document should not be a
> name registration authority.
>
> Note the syntax: A QCStatement is a SEQUENCE of a statementID
> component (an OID) and an optional statementInfo. For the
> object qcStatement-1, the statementInfo component is a value
> of type SemanticsInformation. The semantics of qcStatement-1
> is that the certificate has been issued in conformance with
> syntax and semantics identified in this document. In the case
> of qcStatement-1, the statementInfo component (which is of type
> SemanticsInformation) "MAY contain a semantics identifier and
> MAY identify one or more name registration authorities."
> ("MAY" since the components are optional).
>
> As stated in the document, the semanticsIdentifier component
> of a SemanticsInformation value contains an OID which defines
> semantics for certain attributes and names in basic
> certificate fields, and the nameRegistrationAuthorities
> component contains the name of one or more authorities
> responsible for the registration of attributes or names
> associated with the subject and the association between such
> an authority and present attributes MAY be defined by a
> semanticsIdentifier OID.
>
> > If I use the fields defined by this document and use the
> defined OID
> > in this document, then I need to be able to correction encode this
> > extension in my certificate without reference to an external naming
> > authority. If this is not the case then there is
> absolutely no reason
> > to have section 3.1 or 3.2.1, 3.2.2, 3.2.3 or 3.2.4 as they are
> > defining how these fields should be used.
> >
> > I need a way to refer to this document as either the
> > semanticsIdentifier or the nameRegistrationAuthority.
>
> As I see it, you shouldn't. The statementInfo component is
> optional. If all you want to say is that you're conformant
> with syntax and semantics of this document then you set the
> statementID to id-qcs-pkixQCSyntax-v1 and leave out the
> statementInfo component. If there is some well-known OID that
> defines semantics for a set of attributes and/or names used
> then include the statementInfo component, and set the
> semanticsIdentifier component. If you just want to name a
> registration authority then include the statementInfo
> component and set its nameRegistrationAuthority component. If
> you want to associate a name a registration authority with
> semantics for certain attributes then set both components of
> the SemanticsInformation.
>
> I have tried to capture our thinking above, but I may have
> missed something as we wrote this almost four years ago.
> Stefan, feel free to correct me if I got something wring.
>
> Did this help at all, Jim?
This does and does not help. I can now understand how you think that I
should be encoding this extension. However in reviewing the document I
do not see any statements about the fact that the presence of
QCStatements being optional. This needs to be clarified in the
document. The document does require that either statementInfo or
statementId be present within the QCStatement object however. Thus if
QCStatements is not OPTIONAL (my reading of your above statement) then a
statement as to how to encode as using the "conformance and semantics
defined in this document" needs to be made.
jim
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI49qib011580 for <ietf-pkix-bks@above.proper.com>; Wed, 17 Dec 2003 20:09:52 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBI49qmN011579 for ietf-pkix-bks; Wed, 17 Dec 2003 20:09:52 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI49pib011574 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 20:09:51 -0800 (PST) (envelope-from jimsch@nwlink.com)
Received: from ROMANS (ip237.132.dial-acs01.sea.iinet.com [209.20.132.237]) by smtp1.pacifier.net (Postfix) with ESMTP id B07C171255; Wed, 17 Dec 2003 20:09:36 -0800 (PST)
Reply-To: <jimsch@exmsft.com>
From: "Jim Schaad" <jimsch@nwlink.com>
To: "'Manger, James H'" <James.H.Manger@team.telstra.com>, <ietf-pkix@imc.org>
Subject: RE: WG Last Call: Additional Algorithms for RSA cryptography
Date: Wed, 17 Dec 2003 20:13:10 -0800
Message-ID: <005501c3c51d$3fdac050$1400a8c0@augustcellars.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <73388857A695D31197EF00508B08F29806EE19C5@ntmsg0131.corpmail.telstra.com.au>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
James,
We will be updating the ASN.1 to use the field names.
We will not be changing the reference to the ASN.1 standard. If you
believe this is an issue then it needs to be discussed by the IESG and
the Area Directors for the Security Area. They have not indicated that
this is a change that needs to be made.
jim
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Manger, James H
> Sent: Wednesday, December 17, 2003 6:29 PM
> To: ietf-pkix@imc.org
> Subject: RE: WG Last Call: Additional Algorithms for RSA cryptography
>
>
>
> Are the ASN.1 values going to be reformatted (to include
> field names)? Is the reference to a withdrawn ASN.1 standard
> going to be changed?
>
>
> ----------
> From: wpolk@nist.gov [mailto:wpolk@nist.gov]
> Sent: Wednesday, 17 December 2003 6:31 AM
> Subject: WG Last Call: Additional Algorithms for RSA cryptography
>
> This message initiates working group Last Call for
> "Additional Algorithms and
> Identifiers for RSA Cryptography". As a reminder, here is the
> Abstract:
>
> This document supplements RFC 3279. It describes the conventions
> for using the RSASSA-PSS signature algorithm, the RSAES-OAEP key
> transport algorithm and additional one-way hash functions with the
> PKCS #1 version 1.5 signature algorithm in the Internet
> X.509 Public
> Key Infrastructure (PKI). Encoding formats, algorithm
> identifiers,
> and parameter formats are specified.
>
> This is a three week Last Call. That means it will close
> sometime on or after
> January 9, 2004. The schedule has been padded with an
> additional week in
> light of the holidays.
>
> ** Do not count on any further extension to Last Call!!! **
>
> I intend to close Last Call promptly on January 9, since an
> S/MIME WG document
> is blocked on this document.
>
> The URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft->
ietf-pkix-rsa-pkalgs-01.txt
>
>
>
>
>
> ----------
> From: Steven Legg [mailto:steven.legg@adacel.com.au]
> Sent: Thursday, 4 December 2003 3:04 PM
>
> > The changes you are claming as non-compliant are not
> required for the
> > 1988 version.
>
> But they're not disallowed either. Why use a notation from
> 1988 which is deprecated by later editions of ASN.1 when
> there is alternative notation that is valid in 1988 and all
> later editions of ASN.1. ?
>
> ----------
> From: Phillip H. Griffin [mailto:phil.griffin@asn-1.com]
> Sent: Friday, 5 December 2003 12:26 AM
>
> X.208 and X.209 are no longer merely deprecated. They have
> been withdrawn as international standards since last year.
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI2Tdib007822 for <ietf-pkix-bks@above.proper.com>; Wed, 17 Dec 2003 18:29:39 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBI2Tdgu007821 for ietf-pkix-bks; Wed, 17 Dec 2003 18:29:39 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailbo.ntcif.telstra.com.au ([202.12.233.19]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI2Tcib007812 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 18:29:38 -0800 (PST) (envelope-from James.H.Manger@team.telstra.com)
Received: from mailai.ntcif.telstra.com.au (mailai.ntcif.telstra.com.au [202.12.162.17]) by mailbo.ntcif.telstra.com.au (Postfix) with ESMTP id 95ACB160DA for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 13:29:34 +1100 (EST)
Received: from mail.cdn.telstra.com.au (localhost [127.0.0.1]) by mailai.ntcif.telstra.com.au (Postfix) with ESMTP id 1AE7B12983 for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 13:29:34 +1100 (EST)
Received: from WSMSG0004.srv.dir.telstra.com (wsmsg0004.srv.dir.telstra.com [192.74.168.133]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id NAA00996 for <ietf-pkix@imc.org>; Thu, 18 Dec 2003 13:29:33 +1100 (EST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: WG Last Call: Additional Algorithms for RSA cryptography
Date: Thu, 18 Dec 2003 12:29:21 +1000
Message-ID: <73388857A695D31197EF00508B08F29806EE19C5@ntmsg0131.corpmail.telstra.com.au>
Thread-Topic: WG Last Call: Additional Algorithms for RSA cryptography
Thread-Index: AcPEHS2Cz/rATSSxSMCowOsZNGgVIAA8FjZA
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: <ietf-pkix@imc.org>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hBI2Tdib007817
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Are the ASN.1 values going to be reformatted (to include field names)?
Is the reference to a withdrawn ASN.1 standard going to be changed?
----------
From: wpolk@nist.gov [mailto:wpolk@nist.gov]
Sent: Wednesday, 17 December 2003 6:31 AM
Subject: WG Last Call: Additional Algorithms for RSA cryptography
This message initiates working group Last Call for "Additional Algorithms and
Identifiers for RSA Cryptography". As a reminder, here is the Abstract:
This document supplements RFC 3279. It describes the conventions
for using the RSASSA-PSS signature algorithm, the RSAES-OAEP key
transport algorithm and additional one-way hash functions with the
PKCS #1 version 1.5 signature algorithm in the Internet X.509 Public
Key Infrastructure (PKI). Encoding formats, algorithm identifiers,
and parameter formats are specified.
This is a three week Last Call. That means it will close sometime on or after
January 9, 2004. The schedule has been padded with an additional week in
light of the holidays.
** Do not count on any further extension to Last Call!!! **
I intend to close Last Call promptly on January 9, since an S/MIME WG document
is blocked on this document.
The URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
----------
From: Steven Legg [mailto:steven.legg@adacel.com.au]
Sent: Thursday, 4 December 2003 3:04 PM
> The changes you are claming as non-compliant are not required for the 1988 version.
But they're not disallowed either. Why use a notation from 1988 which is deprecated by later editions of ASN.1 when there is alternative notation that is valid in 1988 and all later editions of ASN.1. ?
----------
From: Phillip H. Griffin [mailto:phil.griffin@asn-1.com]
Sent: Friday, 5 December 2003 12:26 AM
X.208 and X.209 are no longer merely deprecated. They have been withdrawn as international standards since last year.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI0T4ib003234 for <ietf-pkix-bks@above.proper.com>; Wed, 17 Dec 2003 16:29:04 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBI0T4Ld003232 for ietf-pkix-bks; Wed, 17 Dec 2003 16:29:04 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBI0T3ib003227 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 16:29:03 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hBI0Sxn63713; Wed, 17 Dec 2003 17:28:59 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: "Nystrom, Magnus" <magnus@rsasecurity.com>, <jimsch@exmsft.com>
Cc: <ietf-pkix@imc.org>, "'Stefan Santesson'" <stefans@microsoft.com>
Subject: RE: Last Call: Qualified Certificates
Date: Wed, 17 Dec 2003 17:30:58 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDIEBCDGAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
In-Reply-To: <Pine.WNT.4.58.0312172217550.1484@mnystrom-lap>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> -----Original Message-----
> From: Nystrom, Magnus
> Sent: Wednesday, December 17, 2003 3:06 PM
>
> Jim Schaad wrote:
>
> > I understand that it is under the private
> > extensions arc. I belive that the way this
> > arc was named is not clear. IMHO by
> > publishing this extension in a public
> > document for public consumption it no longer
> > is a private extension. I see no advantage
> > to having the word private in this location.
>
> Well, it is not important for me. I just wanted to
> follow the example set by 2459/3280.
Magnus, Jim:
FWIW and in the spirit of Last Call, I agree with Jim. It seems
a rather innocuous point, but issues are made of such stuff. As
I see it, this is the PKIX/IETF standard means of expressing
this information in an X.509-based certificate. The fact that
its OID happens to be rooted off id-pe should not be taken as
invitation to revisit the addressed needs with a view towards a
"public" version.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBHM6eib098014 for <ietf-pkix-bks@above.proper.com>; Wed, 17 Dec 2003 14:06:40 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBHM6eXo098013 for ietf-pkix-bks; Wed, 17 Dec 2003 14:06:40 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBHM6dib098008 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 14:06:39 -0800 (PST) (envelope-from mnystrom@rsasecurity.com)
Received: from ebola.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with ESMTP; Wed, 17 Dec 2003 17:06:41 -0500
Received: from sdtihq24.securid.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id hBHM6W1i027481; Wed, 17 Dec 2003 17:06:33 -0500 (EST)
Received: from exrsa01.rsa.com (exrsa01.rsa.com [10.81.217.7]) by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id hBHM6d8F029920; Wed, 17 Dec 2003 17:06:39 -0500 (EST)
Received: by exrsa01.rsa.com with Internet Mail Service (5.5.2657.72) id <W4Q496JN>; Wed, 17 Dec 2003 14:06:39 -0800
Received: from MNYSTROM-LAP ([10.3.9.3]) by exrsa01.rsa.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id W4Q496JM; Wed, 17 Dec 2003 14:06:32 -0800
From: "Nystrom, Magnus" <mnystrom@rsasecurity.com>
Reply-To: "Nystrom, Magnus" <magnus@rsasecurity.com>
To: jimsch@exmsft.com
Cc: ietf-pkix@imc.org, "'Stefan Santesson'" <stefans@microsoft.com>
Date: Wed, 17 Dec 2003 23:06:06 +0100 (W. Europe Standard Time)
Subject: RE: Last Call: Qualified Certificates
In-Reply-To: <003a01c3c4d8$1c2ff1b0$1400a8c0@augustcellars.local>
Message-ID: <Pine.WNT.4.58.0312172217550.1484@mnystrom-lap>
References: <003a01c3c4d8$1c2ff1b0$1400a8c0@augustcellars.local>
X-X-Sender: mnystrom@exrsa01.rsa.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Jim,
Thanks for continuing the discussion... Some replies below.
On Wed, 17 Dec 2003, Jim Schaad wrote:
> > -----Original Message-----
> >
> > Thanks for your review. I'll respond to a few of your comments here.
> > Stefan will address the others.
> >
> > On November 12, Jim Schaad wrote:
> >
> > > Comments on this draft are as follows:
> > >
> > > 1. Section 1 para 3; I object to the phrase "private extensions".
> > > This document does not defined private extensions even if they exist
> > > in the id-pe arc. These are now public extensions. -- Remove the
> > > word private.
> >
> > No, we are using the branch id-pe which specifically is named "arc for
> > private certificate extensions" in RFC 3280. As I see it,
> > private/public refers to presence in X.509 or not. C.f. section 4.2.2
> > of RFC 3280, whose title even is "Private Internet Extensions"
> > (although the TOC in RFC 3280 lists another name).
>
> I understand that it is under the private extensions arc. I belive that
> the way this arc was named is not clear. IMHO by publishing this
> extension in a public document for public consumption it no longer is a
> private extension. I see no advantage to having the word private in
> this location.
Well, it is not important for me. I just wanted to follow the example set
by 2459/3280.
> > > 6. Section 3.2.1 - DateOfBirth SHOULD state the proper encoding to
> > > be used. I.E. are we looking for seconds, minutes or hours or just
> > > DATE in the GeneralTime field?
> >
> > I don't see a need to do this for interoperability reasons.
> > The GeneralizedTime ASN.1 type will always contain a date,
> > and optionally a time down to a precision as specified in ISO
> > 8601. Relying parties will need to parse the type anyway.
> > Some registration authorities may decide to use a more
> > precise measurement than others and I would not want to
> > preclude them from doing so.
>
> In order to do a DER encoding of a GeneralTime field, without other
> restraints being placed on this field, I think (but have not verified)
> that on ewould be required to specify the msecs thus leading to a date
> such as 196012170000000000Z for the DOB. Even cutting it off at the
> same level as dates in RFC3280 is an improvement.
No - ISO 8825-1 says that you can have any precision when DER-encoding
GeneralizedTime values, but seconds MUST be present (as must the "Z" for
UTC time). Trailing decimal zeros are always removed. I.e. an authority
which only uses dates will have values like:
19601217000000Z
Whereas an authority which does count seconds may have
19601217000022Z
But this would not be allowed:
19601217000022.0Z
Note that, in all cases, the string will consist of at least 15
characters. Any more than that an the authority uses fractional seconds
down to the precision allowed by ISO 8601. I still don't think this needs
to be specified further.
> > > 7. Section 3.2.1 - countryOfResidence and countryOfCitizenship - If
> > > you have multiple countrys to be listed, should this be a
> > > multi-value item or should there be two distinct attributes?
> > > (Alternatively should this be restricted back to a single attribute
> > > with a single value - i.e you can only list one of your countries of
> > > citizenship.)
> >
> > The attributes (seen as ASN.1 objects) themselves are multi-valued.
> > This follows from PKCS #9 v2.0 where they are fully defined and we
> > have a reference to PKCS #9 in the document about this. But this still
> > allows several distinct attributes each with a single (or multiple)
> > value (values). As the extension itself only is intended to carry
> > information from a directory about the subject of the certificate and
> > does not disallow multiple instances of the same attribute type it is
> > really up to the issuer and the way it stores information about the
> > subject to populate it. A conformant relying party that relies on
> > information provided in this extension will need to parse the complete
> > extension value anyway, so again I am not sure anything needs to be
> > done.
>
> This makes my code harder to implement as a RP. I now need to look for
> both multiple values and multiple fields. It is much simplier to only
> need to look for one (probably from ease of programing it would be
> multiple values).
Right, it is a little harder (but not particularly complex). On this one -
and also to answer Russ comment as to why I would like to allow both
variants - I am concerned about backwards-compatibility. 3039 has been out
for a couple of years now and both patterns may have been used.
> > > 10. Sectin 3.2.5.1 - I have decided to put the predefined statement
> > > into my QC. After reading this document I understand that what I
> > > want stearts as follows:
> > >
> > > EXTENSION { id-pe-qcStatements,
> > > { id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
> > > In this case I don't have asemanticsIdentifier created by the
> > > document, so I must be incoluding the NameRegistrationAuthorities
> > > otion. However I don't know if what goes here is the pkix working
> > > group name or some other value.
> >
> > I am not sure I understand your question Jim, but values for
> > the nameRegistrationAuthorities component has nothing to do
> > with PKIX. It is the OID for the authority responsible for
> > the subject's name (or attributes of the subject's name) as
> > it appears in the certificate. I thought this was clear from
> > 3.2.5.1? Likewise for the semanticsIdentifier option - it is
> > to be specified by/for that authority.
>
> LET ME QUOTE:
>
> -- This statement identifies conformance with syntax and
> -- semantics defined in this Qualified Certificate profile
> -- (Version 1). The SemanticsInformation may optionally contain
> -- additional semantics information as specified.
>
> As I read this statement there should be an OID that identifies this
> DOCUMENT as a name registration authority.
No, that was not the intent - this document should not be a name
registration authority.
Note the syntax: A QCStatement is a SEQUENCE of a statementID component
(an OID) and an optional statementInfo. For the object qcStatement-1, the
statementInfo component is a value of type SemanticsInformation. The
semantics of qcStatement-1 is that the certificate has been issued in
conformance with syntax and semantics identified in this document. In the
case of qcStatement-1, the statementInfo component (which is of type
SemanticsInformation) "MAY contain a semantics identifier and MAY identify
one or more name registration authorities." ("MAY" since the components
are optional).
As stated in the document, the semanticsIdentifier component of a
SemanticsInformation value contains an OID which defines semantics for
certain attributes and names in basic certificate fields, and the
nameRegistrationAuthorities component contains the name of one or more
authorities responsible for the registration of attributes or names
associated with the subject and the association between such an authority
and present attributes MAY be defined by a semanticsIdentifier OID.
> If I use the fields defined by this document and use the defined OID in
> this document, then I need to be able to correction encode this
> extension in my certificate without reference to an external naming
> authority. If this is not the case then there is absolutely no reason
> to have section 3.1 or 3.2.1, 3.2.2, 3.2.3 or 3.2.4 as they are defining
> how these fields should be used.
>
> I need a way to refer to this document as either the semanticsIdentifier
> or the nameRegistrationAuthority.
As I see it, you shouldn't. The statementInfo component is optional. If
all you want to say is that you're conformant with syntax and semantics of
this document then you set the statementID to id-qcs-pkixQCSyntax-v1 and
leave out the statementInfo component. If there is some well-known OID
that defines semantics for a set of attributes and/or names used then
include the statementInfo component, and set the semanticsIdentifier
component. If you just want to name a registration authority then include
the statementInfo component and set its nameRegistrationAuthority
component. If you want to associate a name a registration authority with
semantics for certain attributes then set both components of the
SemanticsInformation.
I have tried to capture our thinking above, but I may have missed
something as we wrote this almost four years ago. Stefan, feel free to
correct me if I got something wring.
Did this help at all, Jim?
-- Magnus
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBHJsgib092549 for <ietf-pkix-bks@above.proper.com>; Wed, 17 Dec 2003 11:54:42 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBHJsfcl092548 for ietf-pkix-bks; Wed, 17 Dec 2003 11:54:41 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBHJsfib092543 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 11:54:41 -0800 (PST) (envelope-from jimsch@nwlink.com)
Received: from ROMANS (ip237.132.dial-acs01.sea.iinet.com [209.20.132.237]) by smtp2.pacifier.net (Postfix) with ESMTP id 72AC96A481; Wed, 17 Dec 2003 11:54:41 -0800 (PST)
Reply-To: <jimsch@exmsft.com>
From: "Jim Schaad" <jimsch@nwlink.com>
To: "'Nystrom, Magnus'" <magnus@rsasecurity.com>, <ietf-pkix@imc.org>
Cc: "'Stefan Santesson'" <stefans@microsoft.com>
Subject: RE: Last Call: Qualified Certificates
Date: Wed, 17 Dec 2003 11:58:15 -0800
Message-ID: <003a01c3c4d8$1c2ff1b0$1400a8c0@augustcellars.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <Pine.WNT.4.58.0312171017100.1484@mnystrom-lap>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> -----Original Message-----
>
> Thanks for your review. I'll respond to a few of your
> comments here. Stefan will address the others.
>
> On November 12, Jim Schaad wrote:
>
> > Comments on this draft are as follows:
> >
> > 1. Section 1 para 3; I object to the phrase "private extensions".
> > This document does not defined private extensions even if
> they exist
> > in the id-pe arc. These are now public extensions. --
> Remove the word
> > private.
>
> No, we are using the branch id-pe which specifically is named
> "arc for private certificate extensions" in RFC 3280. As I
> see it, private/public refers to presence in X.509 or not.
> C.f. section 4.2.2 of RFC 3280, whose title even is "Private
> Internet Extensions" (although the TOC in RFC 3280 lists
> another name).
I understand that it is under the private extensions arc. I belive that
the way this arc was named is not clear. IMHO by publishing this
extension in a public document for public consumption it no longer is a
private extension. I see no advantage to having the word private in
this location.
>
> > 6. Section 3.2.1 - DateOfBirth SHOULD state the proper
> encoding to be
> > used. I.E. are we looking for seconds, minutes or hours or
> just DATE
> > in the GeneralTime field?
>
> I don't see a need to do this for interoperability reasons.
> The GeneralizedTime ASN.1 type will always contain a date,
> and optionally a time down to a precision as specified in ISO
> 8601. Relying parties will need to parse the type anyway.
> Some registration authorities may decide to use a more
> precise measurement than others and I would not want to
> preclude them from doing so.
In order to do a DER encoding of a GeneralTime field, without other
restraints being placed on this field, I think (but have not verified)
that on ewould be required to specify the msecs thus leading to a date
such as 196012170000000000Z for the DOB. Even cutting it off at the
same level as dates in RFC3280 is an improvement.
>
> > 7. Section 3.2.1 - countryOfResidence and
> countryOfCitizenship - If
> > you have multiple countrys to be listed, should this be a
> multi-value
> > item or should there be two distinct attributes?
> (Alternatively should
> > this be restricted back to a single attribute with a single value -
> > i.e you can only list one of your countries of citizenship.)
>
> The attributes (seen as ASN.1 objects) themselves are
> multi-valued. This follows from PKCS #9 v2.0 where they are
> fully defined and we have a reference to PKCS #9 in the
> document about this. But this still allows several distinct
> attributes each with a single (or multiple) value (values).
> As the extension itself only is intended to carry information
> from a directory about the subject of the certificate and
> does not disallow multiple instances of the same attribute
> type it is really up to the issuer and the way it stores
> information about the subject to populate it. A conformant
> relying party that relies on information provided in this
> extension will need to parse the complete extension value
> anyway, so again I am not sure anything needs to be done.
This makes my code harder to implement as a RP. I now need to look for
both multiple values and multiple fields. It is much simplier to only
need to look for one (probably from ease of programing it would be
multiple values).
> > 10. Sectin 3.2.5.1 - I have decided to put the predefined statement
> > into my QC. After reading this document I understand that
> what I want
> > stearts as follows:
> >
> > EXTENSION { id-pe-qcStatements,
> > { id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
> > In this case I don't have asemanticsIdentifier created by the
> > document, so I must be incoluding the NameRegistrationAuthorities
> > otion. However I don't know if what goes here is the pkix working
> > group name or some other value.
>
> I am not sure I understand your question Jim, but values for
> the nameRegistrationAuthorities component has nothing to do
> with PKIX. It is the OID for the authority responsible for
> the subject's name (or attributes of the subject's name) as
> it appears in the certificate. I thought this was clear from
> 3.2.5.1? Likewise for the semanticsIdentifier option - it is
> to be specified by/for that authority.
LET ME QUOTE:
-- This statement identifies conformance with syntax and
-- semantics defined in this Qualified Certificate profile
-- (Version 1). The SemanticsInformation may optionally contain
-- additional semantics information as specified.
As I read this statement there should be an OID that identifies this
DOCUMENT as a name registration authority. If I use the fields defined
by this document and use the defined OID in this document, then I need
to be able to correction encode this extension in my certificate without
reference to an external naming authority. If this is not the case then
there is absolutely no reason to have section 3.1 or 3.2.1, 3.2.2, 3.2.3
or 3.2.4 as they are defining how these fields should be used.
I need a way to refer to this document as either the semanticsIdentifier
or the nameRegistrationAuthority.
>
> > 11. Sectin A.1 - I suggest changing the pretty name to
> > PKIXqualified88-03 to distinquish from rfc3039.
>
> I don't quite see why? Normally you keep the module name but
> update the number (OID), and there are some reasons for this
> too. C.f. X.509's "AuthenticationFramework" module whose name
> has remained the same even though the module OID has changed
> over the years. I believe the same is true for
> "PKIX1Explicit88" too, for example.
>
> -- Magnus
>
jim
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBHGXJib082369 for <ietf-pkix-bks@above.proper.com>; Wed, 17 Dec 2003 08:33:19 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBHGXJrB082368 for ietf-pkix-bks; Wed, 17 Dec 2003 08:33:19 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from hplb.hpl.hp.com (hplb.hpl.hp.com [192.6.10.2]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBHGXHib082361 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 08:33:17 -0800 (PST) (envelope-from marco_casassa-mont@hp.com)
Received: from CASASSAM2 (casassamont-m-2.hpl.hp.com [15.144.26.171]) by hplb.hpl.hp.com (8.12.10/8.12.10) with ESMTP id hBHGTGFT017629 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 16:29:16 GMT
From: "Marco Casassa Mont" <marco_casassa-mont@hp.com>
To: <ietf-pkix@imc.org>
Subject: RE: IDPKC
Date: Wed, 17 Dec 2003 16:29:19 -0000
Message-ID: <004d01c3c4ba$ec48c8e0$ab1a900f@hpl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <PCEFJNAPLMIBHBMBCGJFKENPDLAA.marc.poulaud@i-solve.co.uk>
X-HPL-MailScanner-Information: Please contact the helpdesk for more information
X-HPL-MailScanner: Found to be clean
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Hi.
HP Labs in Bristol have been working on IDPKC for the last 2 years.
We call it identifier-based encryption (IBE). Please find links to HPL
documentation at the end of this e-mail.
HP Labs have a full working (and optimised) implementation of IBE
cryptographic libraries. We ran a trial based on this technology with
the NHS (the UK Health Care Service).
IBE (IDPKC) is a cryptographic schema. We believe it is more appropriate
to compare IBE with public key cryptography rather than PKI (e.g. a
public key infrastructure).
Keith Harrison is our lead researcher on IBE cryptography: he can
provide more detailed information. Marc, if you want to contact him,
please let me know.
Best Regards,
Marco Casassa Mont
---
1. *** HPL documents about IBE cryptography follow:
A. HPL-2003-25
Identity based authenticated key agreement protocols from pairings Liqun
Chen and Caroline Kudla
http://www.hpl.hp.com/techreports/2003/HPL-2003-25.html
B. HPL-2003-48
Multiple trusted authorities in identifier based cryptography from
pairings on elliptic curves Liqun Chen and Keith Harrison
http://www.hpl.hp.com/techreports/2003/HPL-2003-48.html
C. HPL-2003-18
Certification of public keys within an identity based system Liqun Chen,
Keith Harrison, Andrew Moss, David Soldera and Nigel Smart
http://www.hpl.hp.com/techreports/2003/HPL-2003-18.html
D. HPL-2003-17
Applications of multiple trust authorities in pairing based
cryptosystems Liqun Chen, Keith Harrison, David Soldera and Nigel Smart
http://www.hpl.hp.com/techreports/2003/HPL-2003-17.html
2. *** Information about the NHS trial can be found at:
A. A Flexible Role-based Secure Messaging Service: Exploiting IBE
Technology in a Health Care Trial
http://www.hpl.hp.com/research/papers/2003/messaging.html
http://www.hpl.hp.com/techreports/2003/HPL-2003-21.html
B. A presentation that goes into more detail about the trial and the
applied technology
http://www-uk.hpl.hp.com/people/mcm/Documents/Papers/TrustBus2003-RSM-mc
m.ppt
C. Another one that talks more about the "problem space":
The NHS as a Proving Ground for Cryptosystems
http://www.hpl.hp.com/techreports/2003/HPL-2003-203.html
3. *** Additional information about IBE applications can be found at: A.
HPL-2002-243 The HP Time Vault Service: Innovating the way confidential
information is disclosed, at the right time - Casassa Mont,
Marco; Harrison, Keith; Sadler, Martin
http://www.hpl.hp.com/techreports/2002/HPL-2002-243.html
B. HPL-2003-49
Towards Accountable Management of Identity and Privacy:
Sticky Policies and Enforceable Tracing Services - Casassa
Mont, Marco; Pearson, Siani; Bramhall, Pete
http://www.hpl.hp.com/techreports/2003/HPL-2003-49.html
C. HPL-2003-101
IBE Applied to Privacy and Identity Management - Casassa
Mont, Marco; Bramhall, Pete
http://www.hpl.hp.com/techreports/2003/HPL-2003-101.html
========================================================================
=
Marco Casassa Mont
Trusted Systems Laboratory +++++++++++++++++++++++++++
Hewlett-Packard Laboratories +++++++ _/ +++++++
Filton Road, Stoke Gifford +++++ _/ +++++
BRISTOL, BS34 8QZ, UK. ++++ _/_/_/ _/_/_/ ++++
+++ _/ _/ _/ _/ +++
Phone: +44 117 312 8794 (direct) ++++ _/ _/ _/_/_/ ++++
Telnet: 312 8794 +++++ _/ +++++
Fax: +44 117 312 9250 +++++++ _/ +++++++
Email: marco_casassa-mont@hp.com +++++++++++++++++++++++++++
========================================================================
=
External HomePage: http://www-uk.hpl.hp.com/people/mcm/
========================================================================
=
'All points of view are my own and not necessarily HP's as well'
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Marc Poulaud
> Sent: 16 December 2003 16:29
> To: ietf-pkix@imc.org
> Subject: IDPKC
>
>
> Hi,
>
> Appreciating this a PKI group, I wanted to know if there is
> any knowledge of, or experience in IDPKC vs PKI. My intention
> is not to start a religious war, but just understand if there
> is anything approaching a consensus view. Also, does anybody
> know of any real/serious implementations of IDPKC. I'll take
> private emails, if people feel it's off topic.
>
> Marc.
> iSolve Ltd.
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBHFjkib080067 for <ietf-pkix-bks@above.proper.com>; Wed, 17 Dec 2003 07:45:46 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBHFjk0I080065 for ietf-pkix-bks; Wed, 17 Dec 2003 07:45:46 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id hBHFjiib080060 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 07:45:45 -0800 (PST) (envelope-from housley@vigilsec.com)
Received: (qmail 3787 invoked by uid 0); 17 Dec 2003 15:45:41 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (141.156.165.217) by woodstock.binhost.com with SMTP; 17 Dec 2003 15:45:41 -0000
Message-Id: <5.2.0.9.2.20031217104339.046aabd0@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Wed, 17 Dec 2003 10:45:42 -0500
To: shimaoka@secom.ne.jp
From: Russ Housley <housley@vigilsec.com>
Subject: Re: DN Encoding by UTF8String
Cc: ietf-pkix@imc.org
In-Reply-To: <20031217014755.3EF8.SHIMAOKA@secom.ne.jp>
References: <5.1.0.14.2.20031215172358.0339f858@email.nist.gov> <20031215.124354.58479482.levitte@lp.se> <5.1.0.14.2.20031215172358.0339f858@email.nist.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
It is not clear that a son-of-rfc3280 is needed. I believe that an update
addressing this one aspect of the document can be generated much more
quickly than reopening the whole document. I believe that speedy
resolution is desirable for all concerned.
Russ
At 11:39 AM 12/17/2003 +0900, Masaki SHIMAOKA wrote:
>How will son of RFC3280 address this UTF8Sting issue which is described
>at clause 4.1.2.4 in RFC3280?
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBH9Jtib047240 for <ietf-pkix-bks@above.proper.com>; Wed, 17 Dec 2003 01:19:55 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBH9Jtlv047239 for ietf-pkix-bks; Wed, 17 Dec 2003 01:19:55 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBH9Jrib047226 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 01:19:54 -0800 (PST) (envelope-from mnystrom@rsasecurity.com)
Received: from ebola.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with ESMTP; Wed, 17 Dec 2003 04:19:54 -0500
Received: from sdtihq24.securid.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id hBH9Jj1i018558 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 04:19:45 -0500 (EST)
Received: from exna00.securitydynamics.com (exna00.securitydynamics.com [10.100.8.217]) by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id hBH9Jqsj012012 for <ietf-pkix@imc.org>; Wed, 17 Dec 2003 04:19:52 -0500 (EST)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2657.72) id <W335R1BX>; Wed, 17 Dec 2003 04:19:35 -0500
Received: from olsson-lap.eu.rsa.net (MNYSTROM-LAP [10.129.13.13]) by exrsa01.rsa.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id W4Q49ZWT; Wed, 17 Dec 2003 01:19:48 -0800
From: "Nystrom, Magnus" <mnystrom@rsasecurity.com>
Reply-To: "Nystrom, Magnus" <magnus@rsasecurity.com>
To: ietf-pkix@imc.org
Cc: Stefan Santesson <stefans@microsoft.com>
Date: Wed, 17 Dec 2003 10:19:24 +0100 (W. Europe Standard Time)
Subject: RE: Last Call: Qualified Certificates
Message-ID: <Pine.WNT.4.58.0312171017100.1484@mnystrom-lap>
X-X-Sender: mnystrom@exrsa01.rsa.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Jim,
Thanks for your review. I'll respond to a few of your comments here.
Stefan will address the others.
On November 12, Jim Schaad wrote:
> Comments on this draft are as follows:
>
> 1. Section 1 para 3; I object to the phrase "private extensions".
> This document does not defined private extensions even if they exist in
> the id-pe arc. These are now public extensions. -- Remove the word
> private.
No, we are using the branch id-pe which specifically is named "arc for
private certificate extensions" in RFC 3280. As I see it, private/public
refers to presence in X.509 or not. C.f. section 4.2.2 of RFC 3280,
whose title even is "Private Internet Extensions" (although the TOC in
RFC 3280 lists another name).
> 2. Section 1 para 3: Remove all references to 1993 ASN.1
Russ has approved to keeping it (but, as we already do, keep the 1988
syntax normative). It will be 1997 ASN.1 syntax, BTW.
> 6. Section 3.2.1 - DateOfBirth SHOULD state the proper encoding to be
> used. I.E. are we looking for seconds, minutes or hours or just DATE in
> the GeneralTime field?
I don't see a need to do this for interoperability reasons. The
GeneralizedTime ASN.1 type will always contain a date, and optionally
a time down to a precision as specified in ISO 8601. Relying parties
will need to parse the type anyway. Some registration authorities may
decide to use a more precise measurement than others and I would not
want to preclude them from doing so.
> 7. Section 3.2.1 - countryOfResidence and countryOfCitizenship - If you
> have multiple countrys to be listed, should this be a multi-value item
> or should there be two distinct attributes? (Alternatively should this
> be restricted back to a single attribute with a single value - i.e you
> can only list one of your countries of citizenship.)
The attributes (seen as ASN.1 objects) themselves are
multi-valued. This follows from PKCS #9 v2.0 where they are fully
defined and we have a reference to PKCS #9 in the document about
this. But this still allows several distinct attributes each with a
single (or multiple) value (values). As the extension itself only is
intended to carry information from a directory about the subject of
the certificate and does not disallow multiple instances of the same
attribute type it is really up to the issuer and the way it stores
information about the subject to populate it. A conformant relying
party that relies on information provided in this extension will need
to parse the complete extension value anyway, so again I am not sure
anything needs to be done.
> 9. Section 3.2.5.1 - I would like to know the reason that qcstatement-1
> has not been updated to a new OID. This is a new draft document with
> some different semantics than 3039. Are these changes all suffiently
> small that a new policy is not needed?
Thanks, we have discussed this and intend to assign a new OID.
> 10. Sectin 3.2.5.1 - I have decided to put the predefined statement into
> my QC. After reading this document I understand that what I want
> stearts as follows:
>
> EXTENSION { id-pe-qcStatements,
> { id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
> In this case I don't have asemanticsIdentifier created by the document,
> so I must be incoluding the NameRegistrationAuthorities otion. However
> I don't know if what goes here is the pkix working group name or some
> other value.
I am not sure I understand your question Jim, but values for the
nameRegistrationAuthorities component has nothing to do with PKIX. It is
the OID for the authority responsible for the subject's name (or
attributes of the subject's name) as it appears in the certificate. I
thought this was clear from 3.2.5.1? Likewise for the semanticsIdentifier
option - it is to be specified by/for that authority.
> 11. Sectin A.1 - I suggest changing the pretty name to
> PKIXqualified88-03 to distinquish from rfc3039.
I don't quite see why? Normally you keep the module name but update
the number (OID), and there are some reasons for this
too. C.f. X.509's "AuthenticationFramework" module whose name has
remained the same even though the module OID has changed over the
years. I believe the same is true for "PKIX1Explicit88" too, for
example.
-- Magnus
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBH2dnib067304 for <ietf-pkix-bks@above.proper.com>; Tue, 16 Dec 2003 18:39:49 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBH2dnM9067303 for ietf-pkix-bks; Tue, 16 Dec 2003 18:39:49 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from iscan02.secomtrust.net (iscan01.secomtrust.net [61.114.177.102]) by above.proper.com (8.12.10/8.12.8) with SMTP id hBH2dkib067297 for <ietf-pkix@imc.org>; Tue, 16 Dec 2003 18:39:47 -0800 (PST) (envelope-from shimaoka@secom.ne.jp)
Received: (qmail 21699 invoked by alias); 17 Dec 2003 02:39:47 -0000
Delivered-To: alias-map-ietf-pkix@imc.org@MAP
Received: (qmail 21681 invoked by alias); 17 Dec 2003 02:39:46 -0000
Received: from localhost (HELO mail.secomtrust.net) (127.0.0.1) by localhost with SMTP; 17 Dec 2003 02:39:46 -0000
Received: (qmail 13586 invoked from network); 17 Dec 2003 02:39:45 -0000
Received: from unknown (HELO ?172.30.5.54?) (172.30.5.54) by mail with SMTP; 17 Dec 2003 02:39:45 -0000
Date: Wed, 17 Dec 2003 11:39:48 +0900
From: Masaki SHIMAOKA <shimaoka@secom.ne.jp>
To: Tim Polk <tim.polk@nist.gov>
Subject: Re[2]: DN Encoding by UTF8String
Cc: Richard Levitte - VMS Whacker <levitte@lp.se>, pgut001@cs.auckland.ac.nz, ietf-pkix@imc.org, jmdesp@free.fr
In-Reply-To: <5.1.0.14.2.20031215172358.0339f858@email.nist.gov>
References: <20031215.124354.58479482.levitte@lp.se> <5.1.0.14.2.20031215172358.0339f858@email.nist.gov>
Message-Id: <20031217014755.3EF8.SHIMAOKA@secom.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.06.02
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Tim,
> meet." So we required, at a minimum, support for a straight binary
> comparison but we permit an implementation to do more...
> RFC 3280 is silent with respect to emailAddress. RFC 3280 requires space
> normalization and a case insensitive compare for PrintableString. For
> other types, a straight binary comparison is the minimum but more complex
> name comparison is permitted...
Basically I agree with your simple requirement as binary comparison, but
I do not prefer to permit other implementation.
When we have two implementations, one may make false-positive even
though other makes false-negative.
If we allow to some implementations, we MUST get to keep same result of
name-comparison.
Such my concept consents with your observation below, does not it?
> General observation #1: implementing additional name comparison should not
> create *new* problems.
> I don't think RFC 3280 is too much at odds with the OpenSSL implementation
> or Peter's guidance. However, I should note that name comparison for
> directory strings encoded in UTF8STRING is a task we have been directed to
> tackle by the IESG. As the name comparison work progresses in the IETF,
> the PKIX WG intends to have a document that describes the "right way" to
> perform such a comparison.
I am pleased that PKIX is tackling such work.
Now I have one question.
How will son of RFC3280 address this UTF8Sting issue which is described
at clause 4.1.2.4 in RFC3280?
Thanks,
-----
Masaki SHIMAOKA
SECOM Trust.net
System Engineering Dpt.
Tel: +81 422 91 8498 (ext.3605)
Fax: +81 422 45 0536
e-mail: shimaoka@secom.ne.jp
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBGLlqib056218 for <ietf-pkix-bks@above.proper.com>; Tue, 16 Dec 2003 13:47:52 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBGLlqwf056217 for ietf-pkix-bks; Tue, 16 Dec 2003 13:47:52 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from asgard.ietf.org (asgard.ietf.org [132.151.6.40]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBGLlpib056212 for <ietf-pkix@imc.org>; Tue, 16 Dec 2003 13:47:51 -0800 (PST) (envelope-from apache@asgard.ietf.org)
Received: from apache by asgard.ietf.org with local (Exim 4.14) id 1AWMr3-0001lu-PC; Tue, 16 Dec 2003 16:35:45 -0500
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce:;
Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>, <ietf-pkix@imc.org>
Subject: Protocol Action: 'Internet X.509 Public Key Infrastructure: Logotypes in X.509 certificates' to Proposed Standard
Message-Id: <E1AWMr3-0001lu-PC@asgard.ietf.org>
Date: Tue, 16 Dec 2003 16:35:45 -0500
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
The IESG has approved the following document:
- 'Internet X.509 Public Key Infrastructure: Logotypes in X.509 certificates '
<draft-ietf-pkix-logotypes-13.txt> as a Proposed Standard
This document is the product of the Public-Key Infrastructure (X.509) Working
Group.
The IESG contact persons are Steve Bellovin and Russ Housley.
Technical Summary
This document provides for a way to embed visual or audible logos within
X.509 certificates.
Working Group Summary
There was initially some controversy about whether or not these extensions
were reasonable. Eventually, the working group agreed that they were a good
ida.
Protocol Quality,
This specification has been reviewed for the IESG by Steve Bellovin.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBGK0aib051968 for <ietf-pkix-bks@above.proper.com>; Tue, 16 Dec 2003 12:00:36 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBGK0a0S051967 for ietf-pkix-bks; Tue, 16 Dec 2003 12:00:36 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ns.malpani.biz (adsl-63-194-89-166.dsl.snfc21.pacbell.net [63.194.89.166]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBGK0Zib051960 for <ietf-pkix@imc.org>; Tue, 16 Dec 2003 12:00:35 -0800 (PST) (envelope-from ambarish@malpani.biz)
Received: from ambarisht40 (ns.malpani.biz [192.168.25.5]) by ns.malpani.biz (8.12.9/8.12.9) with ESMTP id hBGJxvOD024481; Tue, 16 Dec 2003 11:59:57 -0800
From: "Ambarish Malpani" <ambarish@malpani.biz>
To: "'Marc Poulaud'" <marc.poulaud@i-solve.co.uk>, <ietf-pkix@imc.org>
Subject: RE: IDPKC
Date: Tue, 16 Dec 2003 11:58:33 -0800
Message-ID: <B04FB2812116384A87D2968369C086975CD4DA@fosters.cenzic.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <PCEFJNAPLMIBHBMBCGJFKENPDLAA.marc.poulaud@i-solve.co.uk>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
There is a company in the SF Bay Area that is developing
products around it - Voltage Security (www.voltage.com).
Regards,
Ambarish
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Marc Poulaud
> Sent: Tuesday, December 16, 2003 8:29 AM
> To: ietf-pkix@imc.org
> Subject: IDPKC
>
>
> Hi,
>
> Appreciating this a PKI group, I wanted to know if there is
> any knowledge of, or experience in IDPKC vs PKI. My intention
> is not to start a religious war, but just understand if there
> is anything approaching a consensus view. Also, does anybody
> know of any real/serious implementations of IDPKC. I'll take
> private emails, if people feel it's off topic.
>
> Marc.
> iSolve Ltd.
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBGJVAib050831 for <ietf-pkix-bks@above.proper.com>; Tue, 16 Dec 2003 11:31:10 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBGJVAOD050830 for ietf-pkix-bks; Tue, 16 Dec 2003 11:31:10 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from real2.localdomain (rimp1.nist.gov [129.6.16.226]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBGJV7ib050825 for <ietf-pkix@imc.org>; Tue, 16 Dec 2003 11:31:08 -0800 (PST) (envelope-from wpolk@nist.gov)
Received: from real2.localdomain (real2.localdomain [127.0.0.1]) by real2.localdomain (8.12.8/8.12.8) with ESMTP id hBGJUvqv008227; Tue, 16 Dec 2003 14:30:57 -0500
Received: (from apache@localhost) by real2.localdomain (8.12.8/8.12.8/Submit) id hBGJUuQc008225; Tue, 16 Dec 2003 14:30:56 -0500
Received: from 142.131.210.159 ([142.131.210.159]) by webmail.nist.gov (IMP) with HTTP for <wpolk@localhost>; Tue, 16 Dec 2003 14:30:56 -0500
Message-ID: <1071603056.3fdf5d701ec8b@webmail.nist.gov>
Date: Tue, 16 Dec 2003 14:30:56 -0500
From: wpolk@nist.gov
To: ietf-pkix@imc.org
Cc: "'Stephen Kent'" <kent@bbn.com>, jimsch@exmsft.com, Jim Schaad <jimsch@nwlink.com>, Russ Housley <housley@vigilsec.com>, Burt Kaliski <bkaliski@rsasecurity.com>
Subject: WG Last Call: Additional Algorithms for RSA cryptography
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.1
X-Originating-IP: 142.131.210.159
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This message initiates working group Last Call for "Additional Algorithms and
Identifiers for RSA Cryptography". As a reminder, here is the Abstract:
This document supplements RFC 3279. It describes the conventions
for using the RSASSA-PSS signature algorithm, the RSAES-OAEP key
transport algorithm and additional one-way hash functions with the
PKCS #1 version 1.5 signature algorithm in the Internet X.509 Public
Key Infrastructure (PKI). Encoding formats, algorithm identifiers,
and parameter formats are specified.
This is a three week Last Call. That means it will close sometime on or after
January 9, 2004. The schedule has been padded with an additional week in
light of the holidays.
** Do not count on any further extension to Last Call!!! **
I intend to close Last Call promptly on January 9, since an S/MIME WG document
is blocked on this document.
The URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
Thanks,
Tim Polk
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBGGTsib042996 for <ietf-pkix-bks@above.proper.com>; Tue, 16 Dec 2003 08:29:54 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBGGTsUr042995 for ietf-pkix-bks; Tue, 16 Dec 2003 08:29:54 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBGGTqib042986 for <ietf-pkix@imc.org>; Tue, 16 Dec 2003 08:29:53 -0800 (PST) (envelope-from marc.poulaud@i-solve.co.uk)
Received: from f67j40j ([213.106.136.69]) by mta03-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP id <20031216162942.NWWE14657.mta03-svc.ntlworld.com@f67j40j> for <ietf-pkix@imc.org>; Tue, 16 Dec 2003 16:29:42 +0000
From: "Marc Poulaud" <marc.poulaud@i-solve.co.uk>
To: <ietf-pkix@imc.org>
Subject: IDPKC
Date: Tue, 16 Dec 2003 16:29:19 -0000
MIME-Version: 1.0
Message-ID: <PCEFJNAPLMIBHBMBCGJFKENPDLAA.marc.poulaud@i-solve.co.uk>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Content-Type: multipart/signed; micalg=SHA1; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_009A_01C3C3F1.BE8CD0A0"
Importance: Normal
In-Reply-To: <20031216.004338.128194939.levitte@lp.se>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------=_NextPart_000_009A_01C3C3F1.BE8CD0A0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Hi,
Appreciating this a PKI group, I wanted to know if there is any knowledge
of, or experience in IDPKC vs PKI. My intention is not to start a
religious war, but just understand if there is anything approaching a
consensus view. Also, does anybody know of any real/serious
implementations of IDPKC. I'll take private emails, if people feel it's
off topic.
Marc.
iSolve Ltd.
------=_NextPart_000_009A_01C3C3F1.BE8CD0A0
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKNzCCAj0w
ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi
bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH
mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF
4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d
6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix
3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR
cZQwggNiMIICy6ADAgECAhAL2gsXwT+JjqsJdHq0zi4zMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNV
BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05ODA1MTIwMDAwMDBaFw0wODA1MTIy
MzU5NTlaMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1
c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv
cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ
bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQC7WkSKBBa7Vf0DeootlE8VeDa4DUqyb5xUv7zodyqdufBou5XZMUFweoFL
uUgTVi3HCOGEQqvAopKrRFyqQvCCDgLpL/vCO7u+yScKXbawNkIztW5UiE+HSr8Z2vkV6A+Hthzj
zMaajn9qJJLj/OBluqexfu/J2zdqyErICQbkmQIDAQABo4GwMIGtMA8GA1UdEwQIMAYBAf8CAQAw
RwYDVR0gBEAwPjA8BgtghkgBhvhFAQcBATAtMCsGCCsGAQUFBwIBFh93d3cudmVyaXNpZ24uY29t
L3JlcG9zaXRvcnkvUlBBMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29t
L3BjYTEuY3JsMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwDQYJKoZIhvcNAQECBQAD
gYEAAn2eb0VLOKC43ulTZCG85Ewrjx7+kkCs2Ao5aqEyISwHm6tZ/tJiGn1VOLA3c9z0B2ZjYr3h
U3BSh+eo2FLpWy2q4d7PrDFU1IsZyNgjqO8EKzJ9LBgcyHyJqC538kTRZQpNdLXu0xuSc3QuiTs1
E3LnQDGa07LEq+dWvovj+xUwggSMMIID9aADAgECAhAtlXDAy5i9knYT7IgJAnYKMA0GCSqGSIb3
DQEBBAUAMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1
c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv
cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ
bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMB4XDTAzMDkyOTAwMDAw
MFoXDTA0MTAwNjIzNTk1OVowggEaMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMW
VmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0
b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBO
b3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVs
bCBTZXJ2aWNlMRUwEwYDVQQDFAxNYXJjIFBvdWxhdWQxKTAnBgkqhkiG9w0BCQEWGm1hcmMucG91
bGF1ZEBpLXNvbHZlLmNvLnVrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBvykQe6DixFIm
woyNNcyuPw4BfYerTnR5n2Oz0dHqZm2/hAibGgMl2CQ0+nHbptHBKawRcpHmnUjHHKSE8QuqBkHn
y2w/hkbTOFMSSYheTDInnSsFHAFzgqgkEl29sgrnjTDeVWPTi3Oq3USCoFMJGEXIwgtptIMkfy1X
eITxjwIDAQABo4IBHDCCARgwCQYDVR0TBAIwADCBrAYDVR0gBIGkMIGhMIGeBgtghkgBhvhFAQcB
ATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggrBgEFBQcC
AjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29ycC4gYnkgcmVm
ZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wEQYJYIZIAYb4QgEBBAQDAgeAMBQGCmCG
SAGG+EUBBgcEBhYETm9uZTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnZlcmlzaWduLmNv
bS9jbGFzczEuY3JsMA0GCSqGSIb3DQEBBAUAA4GBACqNEGz/TyikJW9YzH0FIiHycPGhdzkpt20D
N+EGqqqornHRoNT1409BIp18aGktYiQnf9qMOCWbXCdOL2K18ISbDsufYxEDogOeIVq/WU63Bt0A
j0B8IR7PNp+Qsx/BxxNhya123Qd+vwOYvxS+AiFrgOQsXqdnySEODaeAje1ZMYIDVjCCA1ICAQEw
geEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
ZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBBIEluY29ycC4g
QnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAxIENBIEluZGl2
aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQCEC2VcMDLmL2SdhPsiAkCdgow
CQYFKw4DAhoFAKCCAcowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MDMxMjE2MTYyOTE0WjAjBgkqhkiG9w0BCQQxFgQUXhgSorWHE2AqfOobJKbZ6UIw/T8wdgYJKoZI
hvcNAQkPMWkwZzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwBwYFKw4DAgcw
DQYIKoZIhvcNAwICASgwBwYFKw4DAhowBwYFKw4DAhowCgYIKoZIhvcNAgUwCgYIKoZIhvcNAgUw
gfIGCSsGAQQBgjcQBDGB5DCB4TCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3Np
dG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWdu
IENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZAIQ
LZVwwMuYvZJ2E+yICQJ2CjANBgkqhkiG9w0BAQEFAASBgGAGPvjhNlkMkd1Q3AHATlk5QxkRRoO+
k8pjY+spYlyBa0L1kQ4EojlklDIgMugfQukAuZWC44CtEuGgJhnYxqYRjdPt4saIIlmX3U3XO4mV
v6RCsjNkFz2UiCAi+u76f/HbdI7ox9e81XY+GGcvky/sQHEMTQ822/1r7BYA7F7zAAAAAAAA
------=_NextPart_000_009A_01C3C3F1.BE8CD0A0--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBG1L5ib028248 for <ietf-pkix-bks@above.proper.com>; Mon, 15 Dec 2003 17:21:05 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBG1L5Sc028247 for ietf-pkix-bks; Mon, 15 Dec 2003 17:21:05 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from anchor-post-31.mail.demon.net (anchor-post-31.mail.demon.net [194.217.242.89]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBG1L3ib028241 for <ietf-pkix@imc.org>; Mon, 15 Dec 2003 17:21:03 -0800 (PST) (envelope-from shenson@drh-consultancy.co.uk)
Received: from drh-consultancy.demon.co.uk ([80.177.30.10] helo=drh-consultancy.co.uk) by anchor-post-31.mail.demon.net with esmtp (Exim 3.35 #1) id 1AW3tW-000G5S-0V for ietf-pkix@imc.org; Tue, 16 Dec 2003 01:21:03 +0000
Message-ID: <3FDE5E0E.1020703@drh-consultancy.co.uk>
Date: Tue, 16 Dec 2003 01:21:18 +0000
From: Dr Stephen Henson <shenson@drh-consultancy.co.uk>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: DN Encoding by UTF8String
References: <200312151122.hBFBM9P15024@cs.auckland.ac.nz> <20031216.004338.128194939.levitte@lp.se>
In-Reply-To: <20031216.004338.128194939.levitte@lp.se>
X-Enigmail-Version: 0.76.7.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Since this partly relates to OpenSSLs ASN1 handling I feel compelled to
reply :-)
Richard Levitte - VMS Whacker wrote:
> In message <200312151122.hBFBM9P15024@cs.auckland.ac.nz> on Tue, 16 Dec 2003 00:22:09 +1300, pgut001@cs.auckland.ac.nz (Peter Gutmann) said:
>
> pgut001> Hmm, I don't know if it's a good idea to encourage this sort
> pgut001> of behaviour (that is, apps that generate certs that require
> pgut001> custom code in order to work). Some years ago (after I
> pgut001> snapped out of my X.520 delusion and switched to memcmp()) a
> pgut001> vendor complained that cryptlib was failing to find a cert
> pgut001> with a canonicalised name. I told them to try the same thing
> pgut001> with Netscape and MSIE, and fairly soon afterwards (within a
> pgut001> matter of days, I think) they had a service release out that
> pgut001> didn't try and modify names any more.
>
> I just figured out a specific example where you might need to use
> X.520 comparison rules (or at least the rules outlined by RFC3280).
> At least with OpenSSL, it's possible to restrict what certificates
> 'openssl ca' can issue by configuring some parts of the requested
> subject in the CSR match the same parts of the subject in the signing
> CA certificate. So to take Tim's example with 'C=MX' vs. 'C=mx', a CA
> that is only allowed to issue certificates with C=MX, and does the
> same kind of enforcement OpenSSL can do, it would have to be able to
> match the country code regardless of case (and provided an encoding
> where the case-insensitive matching rule applies). I don't really see
> a way out of the possibility of this happening.
>
Whilst that is true, OpenSSL's normal handling of DNs in the X509_NAME
structure will preserve the original encoding. SSLeay did this also.
This effectively means that when a DN is copied when a certificate is
issued the encoding is preserved between the CAs subject name and the
issued certificates issuer name.
I've only ever come across two obscure certificates (other than in test
suites) where two matching DNs did not have the same encoding.
IIRC one was a PrintableString case variation which would fit the
RFC3280 comparison rules. The other changed the string type from
PrintableString to T61 which would require the X520 comparison. Both
were horribly broken in that they were supposed to be valid CA
certificate but they didn't include a basicConstraints extension.
I'd be interested to know how common these (i.e. matching DNs with
different encodings) are and how many people have come across them.
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson@drh-consultancy.co.uk, PGP key: via homepage.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFNi1ib024364 for <ietf-pkix-bks@above.proper.com>; Mon, 15 Dec 2003 15:44:01 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBFNi1s0024363 for ietf-pkix-bks; Mon, 15 Dec 2003 15:44:01 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from nic.lp.se (nic.lp.se [213.212.3.208]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFNhxib024358 for <ietf-pkix@imc.org>; Mon, 15 Dec 2003 15:44:00 -0800 (PST) (envelope-from levitte@lp.se)
Received: from localhost (127.0.0.1) by nic.lp.se (MX V5.3 VnHj) with ESMTP; Tue, 16 Dec 2003 00:43:40 +0100
Date: Tue, 16 Dec 2003 00:43:38 +0100 (CET)
Message-ID: <20031216.004338.128194939.levitte@lp.se>
To: pgut001@cs.auckland.ac.nz
CC: ietf-pkix@imc.org, jmdesp@free.fr
Subject: Re: DN Encoding by UTF8String
From: Richard Levitte - VMS Whacker <levitte@lp.se>
In-Reply-To: <200312151122.hBFBM9P15024@cs.auckland.ac.nz>
References: <200312151122.hBFBM9P15024@cs.auckland.ac.nz>
X-URL: http://www.lp.se/
X-Waved: dead chicken, GNU emacs 21.3.1, Mew version 4.0.60
X-Mew: See http://www.mew.org/
X-Mailer: Mew version 4.0.60 on Emacs 21.3.1 / Mule 5.0 (SAKAKI)
MIME-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
In message <200312151122.hBFBM9P15024@cs.auckland.ac.nz> on Tue, 16 Dec 2003 00:22:09 +1300, pgut001@cs.auckland.ac.nz (Peter Gutmann) said:
pgut001> Hmm, I don't know if it's a good idea to encourage this sort
pgut001> of behaviour (that is, apps that generate certs that require
pgut001> custom code in order to work). Some years ago (after I
pgut001> snapped out of my X.520 delusion and switched to memcmp()) a
pgut001> vendor complained that cryptlib was failing to find a cert
pgut001> with a canonicalised name. I told them to try the same thing
pgut001> with Netscape and MSIE, and fairly soon afterwards (within a
pgut001> matter of days, I think) they had a service release out that
pgut001> didn't try and modify names any more.
I just figured out a specific example where you might need to use
X.520 comparison rules (or at least the rules outlined by RFC3280).
At least with OpenSSL, it's possible to restrict what certificates
'openssl ca' can issue by configuring some parts of the requested
subject in the CSR match the same parts of the subject in the signing
CA certificate. So to take Tim's example with 'C=MX' vs. 'C=mx', a CA
that is only allowed to issue certificates with C=MX, and does the
same kind of enforcement OpenSSL can do, it would have to be able to
match the country code regardless of case (and provided an encoding
where the case-insensitive matching rule applies). I don't really see
a way out of the possibility of this happening.
Of course, there's the thought that it's better with a few false
negatives than a few false positives, as Tim pointed out...
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!
--
Richard Levitte | http://richard.levitte.org/ | Tunnlandsv. 3
Levitte Programming | http://www.lp.se/ | S-168 36 Bromma
T: +46-708-26 53 44 | | SWEDEN
"Price, performance, quality... choose the two you like"
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFNGBib023611 for <ietf-pkix-bks@above.proper.com>; Mon, 15 Dec 2003 15:16:11 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBFNGBM6023610 for ietf-pkix-bks; Mon, 15 Dec 2003 15:16:11 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFNG8ib023602 for <ietf-pkix@imc.org>; Mon, 15 Dec 2003 15:16:08 -0800 (PST) (envelope-from tim.polk@nist.gov)
Received: from krdp8.nist.gov (krdp8.ncsl.nist.gov [129.6.54.113]) by postmark.nist.gov (8.12.5/8.12.5) with ESMTP id hBFNFUjP021447; Mon, 15 Dec 2003 18:15:31 -0500 (EST)
Message-Id: <5.1.0.14.2.20031215172358.0339f858@email.nist.gov>
X-Sender: wpolk@email.nist.gov
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 15 Dec 2003 18:15:48 -0500
To: Richard Levitte - VMS Whacker <levitte@lp.se>, pgut001@cs.auckland.ac.nz
From: Tim Polk <tim.polk@nist.gov>
Subject: Re: DN Encoding by UTF8String
Cc: ietf-pkix@imc.org, jmdesp@free.fr
In-Reply-To: <20031215.124354.58479482.levitte@lp.se>
References: <200312151122.hBFBM9P15024@cs.auckland.ac.nz> <200312151122.hBFBM9P15024@cs.auckland.ac.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Name comparison is definitely a thorny problem. The name comparison rules
in RFC 2459 and 3280 were an attempt to establish a reasonable bar that
current implementations already met, or could easily meet.
2459 and 3280 require white space compression and case-insensitive match
for PrintableString because client implementations already met this
standard. It is also very easy - strings never get longer and a single
pass is all one ever needs to prepare for the comparison. (In fact you
could probably compare in a single pass, normalizing as you go!)
This functionality is expected to be present, and is reflected by the
content of existing certificates. For example, the country code is
sometimes uppercase and sometimes lower case. Implementations that only
performed case sensitive matching would not interpret "C=mx" and "C=MX" as
equivalent.
On the other hand, normalization for more complex character sets is fraught
with danger. Strings can actually grow during this process, several passes
may be required, etc... Name comparison for these character sets was *not*
"a reasonable bar that current implementations already met, or could easily
meet." So we required, at a minimum, support for a straight binary
comparison but we permit an implementation to do more...
Some specific comments:
Peter noted:
> I found out very quickly that one thing you never, ever do is
> change the DN encoding once it's been created by the
> originator
Basically, I would agree. This is reflected by the RFC 3280 requirement
that the encoding of an established CA's name be preserved when issuing CA
certs. Depending upon clients to perform string normalization accurately
and consistently is risky. No matter what they do (or don't) implement,
preserving the encoding should provide dependable results.
Richard stated:
> OpenSSL provides a limit set of rules for comparing DNs: it does
> space normalization and a case insensitive compare for PrintableString,
> and case insensitive comparison for IA5String if the attribute type is
> emailAddress from pkcs#9. For all other strings, a straight memcmp()
> is done. Would you say we're going overkill?
RFC 3280 is silent with respect to emailAddress. RFC 3280 requires space
normalization and a case insensitive compare for PrintableString. For
other types, a straight binary comparison is the minimum but more complex
name comparison is permitted...
General observation #1: implementing additional name comparison should not
create *new* problems. I see three cases. Case 1: If the two strings
match for binary comparison, then they will match afterwards. (However,
you may get the blue screen of death if the strings grow beyond the
expected size and overwrite something it shouldn't!) Case 2: Consider two
strings that are a theoretical match but were encoded in different binary
forms - if the name comparison rules detect the match, that's great; if not
well you didn't make the situation worse. Case 3: Only if two
theoretically different string get munged by the normalization process and
become inappropriately equivalent would you have a real problem. Case 3
failure seems the less likely than case 2, in my opinion...
General Observation #2: False positives are more dangerous than false
negatives... the one place name comparison can result in name
constraints. An inappropriate match for permitted subtrees could result in
a false positive. An inappropriate non-match for excluded subtrees could
result in a false positive. If you buy my theory that case 2 failure is
more likely than case 3, that says you should use permitted subtrees where
ever possible. It also says that for either type of constraint, you should
respect the encoding of the attributes by the issuer.
I don't think RFC 3280 is too much at odds with the OpenSSL implementation
or Peter's guidance. However, I should note that name comparison for
directory strings encoded in UTF8STRING is a task we have been directed to
tackle by the IESG. As the name comparison work progresses in the IETF,
the PKIX WG intends to have a document that describes the "right way" to
perform such a comparison.
Thanks,
Tim Polk
At 12:43 PM 12/15/2003 +0100, Richard Levitte - VMS Whacker wrote:
>In message <200312151122.hBFBM9P15024@cs.auckland.ac.nz> on Tue, 16 Dec
>2003 00:22:09 +1300, pgut001@cs.auckland.ac.nz (Peter Gutmann) said:
>
>pgut001> Richard Levitte - VMS Whacker <levitte@lp.se> writes:
>pgut001>
>pgut001> >OpenSSL provides a limit set of rules for comparing DNs: it
>pgut001> >does space normalization and a case insensitive compare for
>pgut001> >PrintableString, and case insensitive comparison for
>pgut001> >IA5String if the attribute type is emailAddress from pkcs#9.
>pgut001> >For all other strings, a straight memcmp() is done. Would
>pgut001> >you say we're going overkill?
>pgut001>
>pgut001> Hmm, I don't know if it's a good idea to encourage this sort
>pgut001> of behaviour (that is, apps that generate certs that require
>pgut001> custom code in order to work). Some years ago (after I
>pgut001> snapped out of my X.520 delusion and switched to memcmp()) a
>pgut001> vendor complained that cryptlib was failing to find a cert
>pgut001> with a canonicalised name. I told them to try the same thing
>pgut001> with Netscape and MSIE, and fairly soon afterwards (within a
>pgut001> matter of days, I think) they had a service release out that
>pgut001> didn't try and modify names any more.
>pgut001>
>pgut001> If cryptlib had still been using the X.520 comparison at that
>pgut001> time, they might have gone ahead and deployed a product that
>pgut001> failed in the field once it was exposed to other
>pgut001> implementations. Better to be strict and let darwinism do
>pgut001> its work. If Netscape had been less lenient about accepting
>pgut001> all kinds of broken HTML, it wouldn't have encouraged the
>pgut001> spread of apps that generate the broken HTML.
>
>I understand your thoughts, and I agree that following the KISS
>principle (does anyone need that explained?) is tempting. However,
>I'd say that your comparison between non-compliance with X.520
>comparison rules and Netscape's boken HTML is flawed. On one hand,
>from the point of view of X.520, MSIE and Netscape are broken since
>they don't follow the rules, and that's what you want to encourage.
>On the other hand, Netscape's acceptance of some HTML was also broken
>from the point of view of HTML, and you seem to want to discourage
>that. The conclusion is that you support breaking the rules in some
>cases, while not in others. That doesn't seem very consistent to
>me...
>
>Now from the point of view of "this makes sense", I can understand
>your views, but I have to ask "from whose point of view?" Is everyone
>accepting Peter Gutmann as an authority? I can accept that if that's
>the common rule :-).
>
>pgut001> >I'm not sure about that, since those special cases were
>pgut001> >added fairly recently, after we got some user complaint, and
>pgut001> >possibly after I had a run with the NIST PKI test bunch...
>pgut001>
>pgut001> Are those test certs representative of real-world usage
>pgut001> though?
>
>Considering it's NIST we're talking about, I wouldn't be surprised if
>there are some US gov. examples behind those tests...
>
>-----
>Please consider sponsoring my work on free software.
>See http://www.free.lp.se/sponsoring.html for details.
>You don't have to be rich, a $10 donation is appreciated!
>
>--
>Richard Levitte | http://richard.levitte.org/ | Tunnlandsv. 3
>Levitte Programming | http://www.lp.se/ | S-168 36 Bromma
>T: +46-708-26 53 44 | | SWEDEN
> "Price, performance, quality... choose the two you like"
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFHu9ib008773 for <ietf-pkix-bks@above.proper.com>; Mon, 15 Dec 2003 09:56:09 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBFHu9rA008772 for ietf-pkix-bks; Mon, 15 Dec 2003 09:56:09 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from pigeon.verisign.com (pigeon.verisign.com [65.205.251.71]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFHu6ib008763 for <ietf-pkix@imc.org>; Mon, 15 Dec 2003 09:56:08 -0800 (PST) (envelope-from alex@verisign.com)
Received: from mou1wnexc01.vcorp.ad.vrsn.com (verisign.com [65.205.251.53]) by pigeon.verisign.com (8.12.10/) with ESMTP id hBFHu7G5023906; Mon, 15 Dec 2003 09:56:07 -0800 (PST)
Received: by mou1wnexc01.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <Y50BZK22>; Mon, 15 Dec 2003 09:56:07 -0800
Message-ID: <F5678115F458B4458C227F0EC02691BB02BA85D7@mou1wnexm04.vcorp.ad.vrsn.com>
From: "Deacon, Alex" <alex@verisign.com>
To: "'Michael Myers'" <mmyers@fastq.com>, "Deacon, Alex" <alex@verisign.com>, Tom Gindin <tgindin@us.ibm.com>
Cc: ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Mon, 15 Dec 2003 09:56:04 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Mike,
> -----Original Message-----
> From: Michael Myers [mailto:mmyers@fastq.com]
> Sent: Monday, December 15, 2003 9:54 AM
> To: Deacon, Alex; Tom Gindin
> Cc: ietf-pkix@imc.org
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
> > -----Original Message-----
> > From: Deacon, Alex [mailto:alex@verisign.com]
> > Sent: Monday, December 15, 2003 10:21 AM
> >
> > As I mentioned earlier, it will be important to
> > clarify this case as clients using piggybacked
> > OCSPResponses (such as those implementing the TLS
> > extension) may receive a response that contains a
> > nonce (the one the server generated) event though
> > they did not send one.
>
> Alex,
>
> To be clear, are you referring to server-unilateral nonces?
No.
>
> Or to the fact that a TLS server may have in cache a nonced
> response (retained as a consequence of a prior nonced
> request) that it sends back in the TLS handshake even though
> the TLS client did not supply a nonce in its embedded OCSP request?
Yes...this is what I was referring to.
Alex
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFHqHib008427 for <ietf-pkix-bks@above.proper.com>; Mon, 15 Dec 2003 09:52:17 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBFHqHjg008426 for ietf-pkix-bks; Mon, 15 Dec 2003 09:52:17 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFHqGib008420 for <ietf-pkix@imc.org>; Mon, 15 Dec 2003 09:52:16 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hBFHqDn25304; Mon, 15 Dec 2003 10:52:13 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: "Deacon, Alex" <alex@verisign.com>, "Tom Gindin" <tgindin@us.ibm.com>
Cc: <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Mon, 15 Dec 2003 10:54:10 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDEEANDGAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: <F5678115F458B4458C227F0EC02691BB02BA85D3@mou1wnexm04.vcorp.ad.vrsn.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> -----Original Message-----
> From: Deacon, Alex [mailto:alex@verisign.com]
> Sent: Monday, December 15, 2003 10:21 AM
>
> As I mentioned earlier, it will be important to
> clarify this case as clients using piggybacked
> OCSPResponses (such as those implementing the TLS
> extension) may receive a response that contains a
> nonce (the one the server generated) event though
> they did not send one.
Alex,
To be clear, are you referring to server-unilateral nonces?
Or to the fact that a TLS server may have in cache a nonced
response (retained as a consequence of a prior nonced request)
that it sends back in the TLS handshake even though the TLS
client did not supply a nonce in its embedded OCSP request?
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFHL1ib006231 for <ietf-pkix-bks@above.proper.com>; Mon, 15 Dec 2003 09:21:01 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBFHL1dC006230 for ietf-pkix-bks; Mon, 15 Dec 2003 09:21:01 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from pigeon.verisign.com (pigeon.verisign.com [65.205.251.71]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFHL1ib006225 for <ietf-pkix@imc.org>; Mon, 15 Dec 2003 09:21:01 -0800 (PST) (envelope-from alex@verisign.com)
Received: from mou1wnexc01.vcorp.ad.vrsn.com (verisign.com [65.205.251.53]) by pigeon.verisign.com (8.12.10/) with ESMTP id hBFHL1G5015616; Mon, 15 Dec 2003 09:21:01 -0800 (PST)
Received: by mou1wnexc01.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <Y50BZHQ5>; Mon, 15 Dec 2003 09:21:01 -0800
Message-ID: <F5678115F458B4458C227F0EC02691BB02BA85D3@mou1wnexm04.vcorp.ad.vrsn.com>
From: "Deacon, Alex" <alex@verisign.com>
To: "'Michael Myers'" <mmyers@fastq.com>, Tom Gindin <tgindin@us.ibm.com>
Cc: ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Mon, 15 Dec 2003 09:20:48 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Mike,
> -----Original Message-----
> From: Michael Myers [mailto:mmyers@fastq.com]
[snip]
>
> Tom,
>
> We may be saying the same thing:
>
> if( req->sent_nonce != rsp->rcvd_nonce )
> fail( BADNONCE )
> else
> proceed( rsp );
>
> The more interesting question along these lines is the one
> regarding Florian's server-unilateral nonces. I.e. a client
> receives a nonce extension in the response even though the
> client didn't provide a nonce extension in its request.
> While I'm not yet convinced of this practice's security
> value, I see no reason to preclude it in our forthcoming
> clarification regarding nonces.
As I mentioned earlier, it will be important to clarify this case as clients
using piggybacked OCSPResponses (such as those implementing the TLS
extension) may receive a response that contains a nonce (the one the server
generated) eventhough they did not send one.
Alex
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFBi8ib090881 for <ietf-pkix-bks@above.proper.com>; Mon, 15 Dec 2003 03:44:08 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBFBi8Km090880 for ietf-pkix-bks; Mon, 15 Dec 2003 03:44:08 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from nic.lp.se (nic.lp.se [213.212.3.208]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFBi4ib090874 for <ietf-pkix@imc.org>; Mon, 15 Dec 2003 03:44:06 -0800 (PST) (envelope-from levitte@lp.se)
Received: from localhost (127.0.0.1) by nic.lp.se (MX V5.3 VnHj) with ESMTP; Mon, 15 Dec 2003 12:43:57 +0100
Date: Mon, 15 Dec 2003 12:43:54 +0100 (CET)
Message-ID: <20031215.124354.58479482.levitte@lp.se>
To: pgut001@cs.auckland.ac.nz
CC: ietf-pkix@imc.org, jmdesp@free.fr
Subject: Re: DN Encoding by UTF8String
From: Richard Levitte - VMS Whacker <levitte@lp.se>
In-Reply-To: <200312151122.hBFBM9P15024@cs.auckland.ac.nz>
References: <200312151122.hBFBM9P15024@cs.auckland.ac.nz>
X-URL: http://www.lp.se/
X-Waved: dead chicken, GNU emacs 21.3.1, Mew version 4.0.60
X-Mew: See http://www.mew.org/
X-Mailer: Mew version 4.0.60 on Emacs 21.3.1 / Mule 5.0 (SAKAKI)
MIME-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
In message <200312151122.hBFBM9P15024@cs.auckland.ac.nz> on Tue, 16 Dec 2003 00:22:09 +1300, pgut001@cs.auckland.ac.nz (Peter Gutmann) said:
pgut001> Richard Levitte - VMS Whacker <levitte@lp.se> writes:
pgut001>
pgut001> >OpenSSL provides a limit set of rules for comparing DNs: it
pgut001> >does space normalization and a case insensitive compare for
pgut001> >PrintableString, and case insensitive comparison for
pgut001> >IA5String if the attribute type is emailAddress from pkcs#9.
pgut001> >For all other strings, a straight memcmp() is done. Would
pgut001> >you say we're going overkill?
pgut001>
pgut001> Hmm, I don't know if it's a good idea to encourage this sort
pgut001> of behaviour (that is, apps that generate certs that require
pgut001> custom code in order to work). Some years ago (after I
pgut001> snapped out of my X.520 delusion and switched to memcmp()) a
pgut001> vendor complained that cryptlib was failing to find a cert
pgut001> with a canonicalised name. I told them to try the same thing
pgut001> with Netscape and MSIE, and fairly soon afterwards (within a
pgut001> matter of days, I think) they had a service release out that
pgut001> didn't try and modify names any more.
pgut001>
pgut001> If cryptlib had still been using the X.520 comparison at that
pgut001> time, they might have gone ahead and deployed a product that
pgut001> failed in the field once it was exposed to other
pgut001> implementations. Better to be strict and let darwinism do
pgut001> its work. If Netscape had been less lenient about accepting
pgut001> all kinds of broken HTML, it wouldn't have encouraged the
pgut001> spread of apps that generate the broken HTML.
I understand your thoughts, and I agree that following the KISS
principle (does anyone need that explained?) is tempting. However,
I'd say that your comparison between non-compliance with X.520
comparison rules and Netscape's boken HTML is flawed. On one hand,
from the point of view of X.520, MSIE and Netscape are broken since
they don't follow the rules, and that's what you want to encourage.
On the other hand, Netscape's acceptance of some HTML was also broken
from the point of view of HTML, and you seem to want to discourage
that. The conclusion is that you support breaking the rules in some
cases, while not in others. That doesn't seem very consistent to
me...
Now from the point of view of "this makes sense", I can understand
your views, but I have to ask "from whose point of view?" Is everyone
accepting Peter Gutmann as an authority? I can accept that if that's
the common rule :-).
pgut001> >I'm not sure about that, since those special cases were
pgut001> >added fairly recently, after we got some user complaint, and
pgut001> >possibly after I had a run with the NIST PKI test bunch...
pgut001>
pgut001> Are those test certs representative of real-world usage
pgut001> though?
Considering it's NIST we're talking about, I wouldn't be surprised if
there are some US gov. examples behind those tests...
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!
--
Richard Levitte | http://richard.levitte.org/ | Tunnlandsv. 3
Levitte Programming | http://www.lp.se/ | S-168 36 Bromma
T: +46-708-26 53 44 | | SWEDEN
"Price, performance, quality... choose the two you like"
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFBMFib090106 for <ietf-pkix-bks@above.proper.com>; Mon, 15 Dec 2003 03:22:15 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBFBMFdl090105 for ietf-pkix-bks; Mon, 15 Dec 2003 03:22:15 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFBMBib090087 for <ietf-pkix@imc.org>; Mon, 15 Dec 2003 03:22:14 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id A28FB34096; Tue, 16 Dec 2003 00:21:21 +1300 (NZDT)
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id hBFBM9P15024; Tue, 16 Dec 2003 00:22:09 +1300
Date: Tue, 16 Dec 2003 00:22:09 +1300
Message-Id: <200312151122.hBFBM9P15024@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: levitte@lp.se, pgut001@cs.auckland.ac.nz
Subject: Re: DN Encoding by UTF8String
Cc: ietf-pkix@imc.org, jmdesp@free.fr
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Richard Levitte - VMS Whacker <levitte@lp.se> writes:
>OpenSSL provides a limit set of rules for comparing DNs: it does space
>normalization and a case insensitive compare for PrintableString, and case
>insensitive comparison for IA5String if the attribute type is emailAddress
>from pkcs#9. For all other strings, a straight memcmp() is done. Would you
>say we're going overkill?
Hmm, I don't know if it's a good idea to encourage this sort of behaviour
(that is, apps that generate certs that require custom code in order to work).
Some years ago (after I snapped out of my X.520 delusion and switched to
memcmp()) a vendor complained that cryptlib was failing to find a cert with a
canonicalised name. I told them to try the same thing with Netscape and MSIE,
and fairly soon afterwards (within a matter of days, I think) they had a
service release out that didn't try and modify names any more.
If cryptlib had still been using the X.520 comparison at that time, they might
have gone ahead and deployed a product that failed in the field once it was
exposed to other implementations. Better to be strict and let darwinism do
its work. If Netscape had been less lenient about accepting all kinds of
broken HTML, it wouldn't have encouraged the spread of apps that generate the
broken HTML.
>I'm not sure about that, since those special cases were added fairly
>recently, after we got some user complaint, and possibly after I had a run
>with the NIST PKI test bunch...
Are those test certs representative of real-world usage though? There's a
danger of adding all sorts of special-case complexity that nothing (except
some artificial test vectors) ever exercise, which then comes back to bite you
later when there's some exploitable problem in there. That's why I eventually
removed the X.520 comparison code, it's so complex (and complex in a system-
specific way, since you're dependant on different levels of i18n support on
different systems) that it'd be pretty much impossible to ever guarantee it
worked as required. Guaranteeing the behaviour of memcmp() is much easier.
You could always enable a NIST-test-vector mode that uses ad-hoc fixups, and a
normal-use mode that uses memcmp(). In other words, make it explicit to the
user, through having to enable it via a #define or use a configure option,
that what they're doing is likely to cause problems down the track.
Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFA33ib083709 for <ietf-pkix-bks@above.proper.com>; Mon, 15 Dec 2003 02:03:03 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBFA33an083708 for ietf-pkix-bks; Mon, 15 Dec 2003 02:03:03 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from nic.lp.se (nic.lp.se [213.212.3.208]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBFA31ib083671 for <ietf-pkix@imc.org>; Mon, 15 Dec 2003 02:03:01 -0800 (PST) (envelope-from levitte@lp.se)
Received: from localhost (127.0.0.1) by nic.lp.se (MX V5.3 VnHj) with ESMTP; Mon, 15 Dec 2003 11:02:42 +0100
Date: Mon, 15 Dec 2003 11:02:40 +0100 (CET)
Message-ID: <20031215.110240.126696488.levitte@lp.se>
To: pgut001@cs.auckland.ac.nz
CC: ietf-pkix@imc.org, jmdesp@free.fr
Subject: Re: DN Encoding by UTF8String
From: Richard Levitte - VMS Whacker <levitte@lp.se>
In-Reply-To: <200312150736.hBF7aLJ14015@cs.auckland.ac.nz>
References: <200312150736.hBF7aLJ14015@cs.auckland.ac.nz>
X-URL: http://www.lp.se/
X-Waved: dead chicken, GNU emacs 21.3.1, Mew version 4.0.60
X-Mew: See http://www.mew.org/
X-Mailer: Mew version 4.0.60 on Emacs 21.3.1 / Mule 5.0 (SAKAKI)
MIME-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
In message <200312150736.hBF7aLJ14015@cs.auckland.ac.nz> on Mon, 15 Dec 2003 20:36:21 +1300, pgut001@cs.auckland.ac.nz (Peter Gutmann) said:
pgut001> subsequent users use memcpy() to "re-encode" the original
pgut001> DN, and memcpy() to compare it;
I doubt that :-).
pgut001> In my early naivete about the real state of X.500 I actually
pgut001> tried to implement the X.520 name comparison rules some years
pgut001> ago (that's how the Style Guide entry on this came about). I
pgut001> found out very quickly that one thing you never, ever do is
pgut001> change the DN encoding once it's been created by the
pgut001> originator (I originally stored the DN in canoncalised form,
pgut001> and had to change my code to cache the original DN so I could
pgut001> "encode" it with memcpy()). A year or two after changing the
pgut001> encoding to memcpy() I #ifdef'd out the full DN comparison
pgut001> and replaced it with a memcmp() of the encoded form. A year
pgut001> or two after that, I removed the X.520 comparison code
pgut001> entirely. All it was was a potential source of trouble
pgut001> anyway, it was far too complex to rely on. I haven't had any
pgut001> trouble since I switched to memcpy()/memcmp(), and it's been
pgut001> used in some really odd environments with all sorts of
pgut001> non-European character sets (cryptlib seems to be quite
pgut001> popular in Asia for some reason, possibly because it really
pgut001> goes out of its way to handle i18n, which means the i18n
pgut001> support got a lot of stress-testing). In fact, exactly
pgut001> *because* of memcpy()/memcmp() it will work with absolutely
pgut001> anything: BMPString, T61String, T61String that's actually an
pgut001> 8859-1String, floating diacritics (how much other software
pgut001> can handle those?), UTFString, string types not even dreamed
pgut001> up yet.
Hmm. OpenSSL provides a limit set of rules for comparing DNs: it does
space normalization and a case insensitive compare for PrintableString,
and case insensitive comparison for IA5String if the attribute type is
emailAddress from pkcs#9. For all other strings, a straight memcmp()
is done. Would you say we're going overkill? I'm not sure about
that, since those special cases were added fairly recently, after we
got some user complaint, and possibly after I had a run with the NIST
PKI test bunch...
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!
--
Richard Levitte | http://richard.levitte.org/ | Tunnlandsv. 3
Levitte Programming | http://www.lp.se/ | S-168 36 Bromma
T: +46-708-26 53 44 | | SWEDEN
"Price, performance, quality... choose the two you like"
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBF7aQib038021 for <ietf-pkix-bks@above.proper.com>; Sun, 14 Dec 2003 23:36:26 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBF7aQdt038019 for ietf-pkix-bks; Sun, 14 Dec 2003 23:36:26 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBF7aMib037993 for <ietf-pkix@imc.org>; Sun, 14 Dec 2003 23:36:25 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id BA25434015; Mon, 15 Dec 2003 20:35:34 +1300 (NZDT)
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id hBF7aLJ14015; Mon, 15 Dec 2003 20:36:21 +1300
Date: Mon, 15 Dec 2003 20:36:21 +1300
Message-Id: <200312150736.hBF7aLJ14015@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: ietf-pkix@imc.org, jmdesp@free.fr
Subject: Re: DN Encoding by UTF8String
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Jean-Marc Desperrier <jmdesp@free.fr> writes:
>The problem is *not* for the low level crypto API to support UTF8String.
>Basically all API around do that.
Only newer ones do. Some (e.g. Netscape 4.x) will not just fail to process
the string but actually crash the application when they encounter a
UTF8String.
>There's is detailled information about how memcpy() to encode and memcmp() to
>compare don't work as soon as anything more complex than printablestring is
>involved.
Why not? The encoding rules are:
DN originator (e.g. client generating a cert request) encodes the DN in any
way they see fit;
subsequent users use memcpy() to "re-encode" the original DN, and memcpy()
to compare it;
OK, that doesn't work for something odd like a directory lookup, but for
normal cert usage where all you care about is locating a cert or checking for
equality based on a DN, it's fine.
>And don't work also if you take into account anything from the full x520
>comparison rules.
... which don't work in practice (see the X.509 Style Guide), so it's not
really relevant.
>But this kind of comparaison being prevalent in application, the only
>solution to avoid problem is for the CA to normalize strictly every name
>before emitting certificates.
How well do you think that'll work in the presence of implementations that use
memcpy() and memcmp()? Have you ever tried generating a cert request from
(say) IE and sending it to a CA that "strictly normalizes" the DN before
returning it?
(To save you the effort if you haven't done this, it'll be rejected by the
client. I'm just using IE as a common, easy-to-get-to example here, you can
see the same thing with other software when you fiddle with DN encodings.
Try signing an S/MIME message with the DN in the SignerInfo canonicalised to
not match the cert DN).
In my early naivete about the real state of X.500 I actually tried to
implement the X.520 name comparison rules some years ago (that's how the Style
Guide entry on this came about). I found out very quickly that one thing you
never, ever do is change the DN encoding once it's been created by the
originator (I originally stored the DN in canoncalised form, and had to change
my code to cache the original DN so I could "encode" it with memcpy()). A
year or two after changing the encoding to memcpy() I #ifdef'd out the full DN
comparison and replaced it with a memcmp() of the encoded form. A year or two
after that, I removed the X.520 comparison code entirely. All it was was a
potential source of trouble anyway, it was far too complex to rely on. I
haven't had any trouble since I switched to memcpy()/memcmp(), and it's been
used in some really odd environments with all sorts of non-European character
sets (cryptlib seems to be quite popular in Asia for some reason, possibly
because it really goes out of its way to handle i18n, which means the i18n
support got a lot of stress-testing). In fact, exactly *because* of memcpy()
/memcmp() it will work with absolutely anything: BMPString, T61String,
T61String that's actually an 8859-1String, floating diacritics (how much other
software can handle those?), UTFString, string types not even dreamed up yet.
Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBD02nib031922 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 16:02:49 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBD02nJY031921 for ietf-pkix-bks; Fri, 12 Dec 2003 16:02:49 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBD02mib031916 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 16:02:48 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hBD02gn06195; Fri, 12 Dec 2003 17:02:42 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: "Tom Gindin" <tgindin@us.ibm.com>
Cc: <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 12 Dec 2003 17:04:44 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDMEAKDGAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: <OF55915183.02C4F555-ON85256DFA.007DF7F2-85256DFA.007E20DF@us.ibm.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> -----Original Message-----
> From: Tom Gindin
> Sent: Friday, December 12, 2003 3:58 PM
>
> Mike:
>
> While we're on this subject, do we need to
> include that a client "MUST" reject a response
> containing a nonce which does not match the
> request?
Tom,
We may be saying the same thing:
if( req->sent_nonce != rsp->rcvd_nonce )
fail( BADNONCE )
else
proceed( rsp );
The more interesting question along these lines is the one
regarding Florian's server-unilateral nonces. I.e. a client
receives a nonce extension in the response even though the
client didn't provide a nonce extension in its request. While
I'm not yet convinced of this practice's security value, I see
no reason to preclude it in our forthcoming clarification
regarding nonces.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCMw0ib029175 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 14:58:00 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBCMw06B029174 for ietf-pkix-bks; Fri, 12 Dec 2003 14:58:00 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from e2.ny.us.ibm.com (e2.ny.us.ibm.com [32.97.182.102]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCMvwib029165 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 14:57:58 -0800 (PST) (envelope-from tgindin@us.ibm.com)
Received: from northrelay04.pok.ibm.com (northrelay04.pok.ibm.com [9.56.224.206]) by e2.ny.us.ibm.com (8.12.10/8.12.2) with ESMTP id hBCMvmd6294770; Fri, 12 Dec 2003 17:57:48 -0500
Received: from d01ml062.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by northrelay04.pok.ibm.com (8.12.9/NCO/VER6.6) with ESMTP id hBCMvklh112662; Fri, 12 Dec 2003 17:57:47 -0500
To: "Michael Myers" <mmyers@fastq.com>
Cc: ietf-pkix@imc.org
MIME-Version: 1.0
Subject: Re: DISCUSS: MUST reject in OCSPv1
X-Mailer: Lotus Notes Release 5.0.11 July 24, 2002
From: Tom Gindin <tgindin@us.ibm.com>
Message-ID: <OF55915183.02C4F555-ON85256DFA.007DF7F2-85256DFA.007E20DF@us.ibm.com>
Date: Fri, 12 Dec 2003 17:57:45 -0500
X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 6.0.2CF2 IGS_HF11|December 1, 2003) at 12/12/2003 17:57:47, Serialize complete at 12/12/2003 17:57:47
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Mike:
While we're on this subject, do we need to include that a client
"MUST" reject a response containing a nonce which does not match the
request?
Tom Gindin
"Michael Myers" <mmyers@fastq.com>
Sent by: owner-ietf-pkix@mail.imc.org
12/11/2003 11:01 PM
To: <ietf-pkix@imc.org>
cc:
Subject: DISCUSS: MUST reject in OCSPv1
-----Original Message-----
From: Carlisle Adams
Sent: Tuesday, December 09, 2003 12:00 PM
To: Michael Myers
Subject: Re: MUST reject in OCSPv1
Hi Mike,
[. . .] you may forward the content of this message to the list
if you
wish.
It's pretty clear to me that clients use a nonce when they want
to guarantee
a fresh response from the other end (the nonce is returned in a
signed
message). If the client doesn't care about freshness, it has no
reason to
use the nonce since that is the ONLY purpose that the nonce
serves.
So, if a client puts a nonce in its request, the server MUST
return it in
the response. If the responder requirement is softened to a
SHOULD, then
the client requirement has to be strengthened to "if the
response comes back
without the client's nonce included, the client MUST reject the
message".
Again, if the client doesn't care about freshness, then it MUST
NOT put a
nonce in the request. If it does put a nonce in the request,
then a
response without it MUST NOT be acceptable. This only makes
sense: if you
explicitly ask for a security service on a response
(confidentiality,
authenticity, integrity, freshness, whatever) and the response
shows up
without it, this must be unacceptable. I don't care so much
whether the
behavioral requirement is on the client or on the responder
(although I
would prefer it to be on the responder), but the result must be
that the
request has not been completed.
Carlisle.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCMiEib027905 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 14:44:14 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBCMiEEQ027904 for ietf-pkix-bks; Fri, 12 Dec 2003 14:44:14 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from e5.ny.us.ibm.com (e5.ny.us.ibm.com [32.97.182.105]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCMiCib027899 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 14:44:12 -0800 (PST) (envelope-from tgindin@us.ibm.com)
Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e5.ny.us.ibm.com (8.12.10/8.12.2) with ESMTP id hBCMi09n433292; Fri, 12 Dec 2003 17:44:00 -0500
Received: from d01ml062.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by northrelay02.pok.ibm.com (8.12.9/NCO/VER6.6) with ESMTP id hBCMhxlT216946; Fri, 12 Dec 2003 17:44:00 -0500
To: <ietf-pkix@imc.org>
Cc: "Michael Myers" <mmyers@fastq.com>
MIME-Version: 1.0
Subject: Re: POLL: MUST reject in OCSPv1
X-Mailer: Lotus Notes Release 5.0.11 July 24, 2002
From: Tom Gindin <tgindin@us.ibm.com>
Message-ID: <OFBDD6F48B.4D47E6E7-ON85256DFA.007CCE6C-85256DFA.007CDDEF@us.ibm.com>
Date: Fri, 12 Dec 2003 17:43:58 -0500
X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 6.0.2CF2 IGS_HF11|December 1, 2003) at 12/12/2003 17:43:59, Serialize complete at 12/12/2003 17:43:59
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
AGREE. I don't care very much about whether point 4 becomes a
SHOULD or not, as long as the client MUST reject a bad response. Given
that MUST in point 3, the difference between the nonceSupported and
nonceUnsupported proposed extensions doesn't really matter.
Tom Gindin
"Michael Myers" <mmyers@fastq.com>
Sent by: owner-ietf-pkix@mail.imc.org
12/08/2003 01:46 PM
To: <ietf-pkix@imc.org>
cc: "Carlisle Adams" <cadams@site.uottawa.ca>
Subject: POLL: MUST reject in OCSPv1
All,
OK, so let's take a full-up poll on what we were looking at a
couple of weeks ago to see where we stand today. Please respond
with either YES or NO. Take discussions to the DISCUSS thread.
This approach preserves installed base functionality and yet
enables a clear and technically complete resolution of the
various perspectives.
To date, on the related DISCUSS thread, six have voiced
agreement to this path forward and two disagree. From that
record:
AGREE
-----
David Engberg, Corestreet
Florian Oelmaier, Sytrust
Ambarish Malpani, Cenzic
Marc Branchaud, RSA
Miguel Rodriguez, SeguriDATA
Frank Balluffi, Deutsche Bank
DISAGREE
--------
Ryan Hurst, Microsoft
Alex Deacon, VeriSign
PROPOSED
--------
The proposed resolution is as follows:
1. Cycle v1 as Proposed Standard. It was well
on its way to Draft but we'll pull it back.
2. Define nonceUnsupported extension subject
to the following semantics.
3. Clients that send a nonce:
a. MUST reject a non-nonced response if
that response includes either the value
"good" or "revoked" AND it fails to
include the nonceUnsupported extension;
b. Else, if such response includes the
nonceUnsupported extension, clients
MAY accept the response subject to the
advice in the Security Considerations
section of this document.
4. Conversely, if a server receives a nonced
request but is unable to incorporate the
nonce in its response, the server MUST
include the nonceUnsupported extension.
We now have clearance to cycle v1 at Proposed so that's no
longer a predicate.
Thank you for your continued patience as we work towards
resolving this issue.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCIOvib017938 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 10:24:57 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBCIOvT9017937 for ietf-pkix-bks; Fri, 12 Dec 2003 10:24:57 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-ft5.fr.colt.net (smtp-ft5.fr.colt.net [213.41.78.204]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCIOuib017930 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 10:24:56 -0800 (PST) (envelope-from jmdesp@free.fr)
Received: from free.fr (host.106.92.68.195.rev.coltfrance.com [195.68.92.106]) by smtp-ft5.fr.colt.net with ESMTP id hBCIOlZ03025 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 19:24:52 +0100
Message-ID: <3FDA0833.9040408@free.fr>
Date: Fri, 12 Dec 2003 19:25:55 +0100
From: Jean-Marc Desperrier <jmdesp@free.fr>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031125
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: DN Encoding by UTF8String
References: <200312120952.hBC9qkv20566@cs.auckland.ac.nz> <3FD9BA34.3000103@drh-consultancy.co.uk>
In-Reply-To: <3FD9BA34.3000103@drh-consultancy.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Dr Stephen Henson wrote:
> Peter Gutmann wrote:
>
>> What we'd really need here is an indication from vendors of how far
>> UTF-8
>> support goes (or doesn't go) in their products, to determine whether
>> it's safe
>> to switch it on yet. The most important one would be Microsoft I
>> guess. I'll
>> start the ball rolling by saying that any version of cryptlib that
>> handles
>> certs will process UTF-8, although none will produce it (at least in
>> a DN) for
>> the reason given above.
>
> I'll add that the latest releases of OpenSSL (0.9.7c) can handle UTF8
> strings in certificates too.
I had sent a message earlier on this list resuming the situation for
this as I see it from the major implementations around.
I also did send a message some time ago to the list raising the same
issue as Shimaoka, that went completely unanswered.
I'm happy there's a more reaction now.
The problem is *not* for the low level crypto API to support UTF8String.
Basically all API around do that.
All the i18n related problems in the actual implementations are added
between that layer and the UI layer.
And even the best API can not prevent the implementer to screw the i18n
implementation.
The japanese document about PKI interoperability also has a long list of
horror stories at this, but also many other levels.
There's is detailled information about how memcpy() to encode and
memcmp() to compare don't work as soon as anything more complex than
printablestring is involved. And don't work also if you take into
account anything from the full x520 comparison rules.
But this kind of comparaison being prevalent in application, the only
solution to avoid problem is for the CA to normalize strictly every name
before emitting certificates.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCHW3ib016152 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 09:32:03 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBCHW3JB016151 for ietf-pkix-bks; Fri, 12 Dec 2003 09:32:03 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-ft6.fr.colt.net (smtp-ft6.fr.colt.net [213.41.78.205]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCHW1ib016140 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 09:32:02 -0800 (PST) (envelope-from jmdesp@free.fr)
Received: from free.fr (host.106.92.68.195.rev.coltfrance.com [195.68.92.106]) by smtp-ft6.fr.colt.net with ESMTP id hBCHVx422115 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 18:31:59 +0100
Message-ID: <3FD9FBD2.2010601@free.fr>
Date: Fri, 12 Dec 2003 18:33:06 +0100
From: Jean-Marc Desperrier <jmdesp@free.fr>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031125
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: Web-PKI Keygen/Certreq Questions
References: <200312121137.hBCBbwQ21091@cs.auckland.ac.nz>
In-Reply-To: <200312121137.hBCBbwQ21091@cs.auckland.ac.nz>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Peter Gutmann wrote:
>Jean-Marc Desperrier <jmdesp@free.fr> writes:
>
>>Have a look at the way CRMF format key request generation are used inside
>>Netscape 7/Mozilla.
>>
>>
>That's a special case because CRMF was designed to handle this situation.
>
>
Yes, but I think James was waiting for the correct solution to this
problem, and it's not to try to customize pkcs#10.
In the direction where I pointed him, he can find an actual
implementation of the mechanism and the source code, so it should make
it easy to understand how it really works.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCHS0ib016033 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 09:28:00 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBCHS07T016032 for ietf-pkix-bks; Fri, 12 Dec 2003 09:28:00 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCHRxib016026 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 09:27:59 -0800 (PST) (envelope-from blake@brutesquadlabs.com)
Received: from DEXTER ([192.168.0.6]) by brutesquadlabs.com with ESMTP ; Fri, 12 Dec 2003 09:27:53 -0800
From: "Blake Ramsdell" <blake@brutesquadlabs.com>
To: "'Peter Gutmann'" <pgut001@cs.auckland.ac.nz>, <harald@Alvestrand.no>, <shimaoka@secom.ne.jp>
Cc: <housley@vigilsec.com>, <ietf-pkix@imc.org>
Subject: RE: Re[2]: DN Encoding by UTF8String
Date: Fri, 12 Dec 2003 09:27:53 -0800
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARMPfbnbp50SwK3EZjypY2MKAAAAQAAAACoD/kbQis0Goz0Z+KJZpBAEAAAAA@brutesquadlabs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
In-Reply-To: <200312120952.hBC9qkv20566@cs.auckland.ac.nz>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Peter Gutmann
> Sent: Friday, December 12, 2003 1:53 AM
> To: harald@Alvestrand.no; shimaoka@secom.ne.jp
> Cc: housley@vigilsec.com; ietf-pkix@imc.org
> Subject: Re: Re[2]: DN Encoding by UTF8String
>
> What we'd really need here is an indication from vendors of
> how far UTF-8
> support goes (or doesn't go) in their products, to determine
> whether it's safe
> to switch it on yet. The most important one would be
> Microsoft I guess. I'll
> start the ball rolling by saying that any version of cryptlib
> that handles
> certs will process UTF-8, although none will produce it (at
> least in a DN) for
> the reason given above.
>
> Anyone else?
My understanding is that J2SE 1.4.2 supports it. Not sure about earlier
versions.
Blake
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCDiYib006699 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 05:44:34 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBCDiY9q006698 for ietf-pkix-bks; Fri, 12 Dec 2003 05:44:34 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from nic.lp.se (nic.lp.se [213.212.3.208]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCDiWib006693 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 05:44:33 -0800 (PST) (envelope-from levitte@lp.se)
Received: from localhost (127.0.0.1) by nic.lp.se (MX V5.3 VnHj) with ESMTP; Fri, 12 Dec 2003 14:44:03 +0100
Date: Fri, 12 Dec 2003 14:44:02 +0100 (CET)
Message-ID: <20031212.144402.120346278.levitte@lp.se>
To: pgut001@cs.auckland.ac.nz
CC: harald@Alvestrand.no, shimaoka@secom.ne.jp, housley@vigilsec.com, ietf-pkix@imc.org
Subject: Re: DN Encoding by UTF8String
From: Richard Levitte - VMS Whacker <levitte@lp.se>
In-Reply-To: <200312120952.hBC9qkv20566@cs.auckland.ac.nz>
References: <200312120952.hBC9qkv20566@cs.auckland.ac.nz>
X-URL: http://www.lp.se/
X-Waved: dead chicken, GNU emacs 21.3.1, Mew version 4.0.60
X-Mew: See http://www.mew.org/
X-Mailer: Mew version 4.0.60 on Emacs 21.3.1 / Mule 5.0 (SAKAKI)
MIME-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
In message <200312120952.hBC9qkv20566@cs.auckland.ac.nz> on Fri, 12 Dec 2003 22:52:46 +1300, pgut001@cs.auckland.ac.nz (Peter Gutmann) said:
pgut001> (and then there's the all-important 0.000001% of the user
pgut001> base still using Netscape 4.x, which will crash if it hits a
pgut001> UTF-8 string).
Personally, I'd say that's the perfect reason to use UTF-8.
Supporting Netscape 4 has become HARD lately (and that's a discussion
for a completely different forum).
pgut001> It's like the IPv6 upgrade, the first backbone provider to
pgut001> switch to it is going to trigger every IPv6 bug in every
pgut001> implementation every created, so no-one wants to be the
pgut001> guinea pig.
*ahem* Actually, it's happening as we speak. KTH (The Royal Institute
of Technology in Stockholm) and SUNET (Swedish University NETwork,
which also holds much of the swedish Internet infrastructure) are
going IPv6 native (I think they're almost done). So if there are bugs
to be triggered, now is the time :-).
pgut001> What we'd really need here is an indication from vendors of
pgut001> how far UTF-8 support goes (or doesn't go) in their products,
pgut001> to determine whether it's safe to switch it on yet. The most
pgut001> important one would be Microsoft I guess. I'll start the
pgut001> ball rolling by saying that any version of cryptlib that
pgut001> handles certs will process UTF-8, although none will produce
pgut001> it (at least in a DN) for the reason given above.
OpenSSL handles UTF-8 fine (at least last I checked), and can produce
UTF-8 DNs as well (it's all part of the configuration file).
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!
--
Richard Levitte | http://richard.levitte.org/ | Tunnlandsv. 3
Levitte Programming | http://www.lp.se/ | S-168 36 Bromma
T: +46-708-26 53 44 | | SWEDEN
"Price, performance, quality... choose the two you like"
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCCqnib004794 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 04:52:49 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBCCqmIw004793 for ietf-pkix-bks; Fri, 12 Dec 2003 04:52:48 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from anchor-post-33.mail.demon.net (anchor-post-33.mail.demon.net [194.217.242.91]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCCqkib004788 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 04:52:47 -0800 (PST) (envelope-from shenson@drh-consultancy.co.uk)
Received: from drh-consultancy.demon.co.uk ([80.177.30.10] helo=drh-consultancy.co.uk) by anchor-post-33.mail.demon.net with esmtp (Exim 3.35 #1) id 1AUmmi-000Kho-0X for ietf-pkix@imc.org; Fri, 12 Dec 2003 12:52:45 +0000
Message-ID: <3FD9BA34.3000103@drh-consultancy.co.uk>
Date: Fri, 12 Dec 2003 12:53:08 +0000
From: Dr Stephen Henson <shenson@drh-consultancy.co.uk>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: DN Encoding by UTF8String
References: <200312120952.hBC9qkv20566@cs.auckland.ac.nz>
In-Reply-To: <200312120952.hBC9qkv20566@cs.auckland.ac.nz>
X-Enigmail-Version: 0.76.7.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Peter Gutmann wrote:
>
> What we'd really need here is an indication from vendors of how far UTF-8
> support goes (or doesn't go) in their products, to determine whether it's safe
> to switch it on yet. The most important one would be Microsoft I guess. I'll
> start the ball rolling by saying that any version of cryptlib that handles
> certs will process UTF-8, although none will produce it (at least in a DN) for
> the reason given above.
>
I'll add that the latest releases of OpenSSL (0.9.7c) can handle UTF8
strings in certificates too.
It can also generate certificates containing UTF8Strings by means of a
configuration file option, but this is not set by default.
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson@drh-consultancy.co.uk, PGP key: via homepage.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCBc1ib000273 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 03:38:01 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBCBc12S000272 for ietf-pkix-bks; Fri, 12 Dec 2003 03:38:01 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCBc0ib000267 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 03:38:00 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id 6C3FC3400E; Sat, 13 Dec 2003 00:37:19 +1300 (NZDT)
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id hBCBbwQ21091; Sat, 13 Dec 2003 00:37:58 +1300
Date: Sat, 13 Dec 2003 00:37:58 +1300
Message-Id: <200312121137.hBCBbwQ21091@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: ietf-pkix@imc.org, jmdesp@free.fr
Subject: Re: Web-PKI Keygen/Certreq Questions
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Jean-Marc Desperrier <jmdesp@free.fr> writes:
>Have a look at the way CRMF format key request generation are used inside
>Netscape 7/Mozilla.
That's a special case because CRMF was designed to handle this situation.
However, most apps (based on traffic in crypto newsgroups/mailing lists) are
still using PKCS #10, which wasn't (it dates back to X.509v1, so you can't
really blame it for that).
Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCB6Eib099186 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 03:06:14 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBCB6EJ0099185 for ietf-pkix-bks; Fri, 12 Dec 2003 03:06:14 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from fw.chttl.com.tw (gate.chttl.com.tw [202.39.157.254]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCB6Bib099166 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 03:06:12 -0800 (PST) (envelope-from wcwang@cht.com.tw)
Received: from ms21.chttl.com.tw (ms21 [10.144.2.121]) by fw.chttl.com.tw (8.12.10/8.12.10) with ESMTP id hBCB5jKM015036; Fri, 12 Dec 2003 19:05:45 +0800
Received: (from root@localhost) by ms21.chttl.com.tw (8.12.10/8.12.10) id hBCB5emX027118; Fri, 12 Dec 2003 19:05:40 +0800
Received: from wcwang ([10.144.133.79]) by ms21.chttl.com.tw (8.12.10/8.12.10) with SMTP id hBCB5cPc027047; Fri, 12 Dec 2003 19:05:38 +0800
Message-ID: <039a01c3c09f$a2bbb710$4f85900a@wcwang>
From: "Wen-Cheng Wang" <wcwang@cht.com.tw>
To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <harald@alvestrand.no>, <shimaoka@secom.ne.jp>
Cc: <housley@vigilsec.com>, <ietf-pkix@imc.org>
References: <200312120952.hBC9qkv20566@cs.auckland.ac.nz>
Subject: Re: Re[2]: DN Encoding by UTF8String
Date: Fri, 12 Dec 2003 19:03:55 +0800
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.10 - (http://pldaniels.com/inflex/)
Content-Type: text/plain; charset="big5"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Peter Gutmann" <pgut001@cs.auckland.ac.nz> writes:
>
> Masaki SHIMAOKA <shimaoka@secom.ne.jp> writes:
>
> >Basically I agree with you, we MUST move to UTF-8 soon. But, still now we are
> >facing to some issues about UTF8string, e.g., name comparison rule, and it
> >seems that hard to solve yet them. AFAIK, there will be a little PKI
> >applications who are compliant with the transition to UTF-8.
>
> It's not really name comparison rules, the de facto profile of using only
> memcpy() to encode and memcmp() to compare works pretty well at the moment.
> The real problem is that a number of legacy apps don't support UTF-8, and
> people are reluctant to move to it because of that (and then there's the all-
> important 0.000001% of the user base still using Netscape 4.x, which will
> crash if it hits a UTF-8 string). It's like the IPv6 upgrade, the first
> backbone provider to switch to it is going to trigger every IPv6 bug in every
> implementation every created, so no-one wants to be the guinea pig.
>
> What we'd really need here is an indication from vendors of how far UTF-8
> support goes (or doesn't go) in their products, to determine whether it's safe
> to switch it on yet. The most important one would be Microsoft I guess. I'll
> start the ball rolling by saying that any version of cryptlib that handles
> certs will process UTF-8, although none will produce it (at least in a DN) for
> the reason given above.
>
> Anyone else?
>
In Taiwan GPKI (Government PKI), we have already adopted UTF8string in DN
since 2002. We have to use UTF8string because our GPKI CP stipulates
that the DN must contains the offical registered name of the subscriber and
the name is of course in Chinese. One exception is that we do not use
UTF8string for Common Name in SSL certificates because IE (even IE6) running
on Windows 95/98/NT does not support UTF8string.
Wen-Cheng Wang
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCAw7ib098051 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 02:58:07 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBCAw7mx098050 for ietf-pkix-bks; Fri, 12 Dec 2003 02:58:07 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-ft5.fr.colt.net (smtp-ft5.fr.colt.net [213.41.78.204]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBCAw5ib098044 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 02:58:06 -0800 (PST) (envelope-from jmdesp@free.fr)
Received: from free.fr (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft5.fr.colt.net with ESMTP id hBCAvtZ13384 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 11:58:01 +0100
Message-ID: <3FD99F77.2090001@free.fr>
Date: Fri, 12 Dec 2003 11:59:03 +0100
From: Jean-Marc Desperrier <jmdesp@free.fr>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031125
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: Web-PKI Keygen/Certreq Questions
References: <200312120728.hBC7SD820013@cs.auckland.ac.nz>
In-Reply-To: <200312120728.hBC7SD820013@cs.auckland.ac.nz>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Peter Gutmann wrote:
>"James Jing" <jjing@securenet.com.au> writes:
>
>
>Yup, that's a problem with systems that enforce access/usage controls on
>crypto keys, it makes it impossible to generate PKCS #10 requests if the
>controls are in place. For example cryptlib employs strict key usage/access
>controls, so in theory you couldn't create a PKCS #10 request, or create one
>for an encryption-only key. The workaround was to add a dynamic ACL check
>(that is, not a hardcoded rule in the kernel but a callback where object-type-
>specific code can provide additional information to the kernel) that allowed
>special-case use for PKCS #10:
>
>
>>Are there any solutions addressing such a problem already?
>>
>>
There is. Have a look at the way CRMF format key request generation are
used inside Netscape 7/Mozilla.
The solution implemented enables in several different use case to
authentify an encryption only key without ever requiring them to sign.
Not many PKI can interface with that the way it's required, but at least
SUN or AOL's CMS can.
It's efficient and it's 100% standard compliant.
The only one dubious aspect is the use of raw CRMF requests in the
exchange instead of encapsulating them inside CMP or CMC.
Dump PKCS#10. It wasn't designed to handle this, but CRMF was.
Well some vendor hasn't realized yet, still using only PKCS#10 inside
it's CMC request in the 2003 version of it's tools.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBC9qoib090886 for <ietf-pkix-bks@above.proper.com>; Fri, 12 Dec 2003 01:52:50 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBC9qonj090884 for ietf-pkix-bks; Fri, 12 Dec 2003 01:52:50 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBC9qmib090869 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 01:52:48 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id C6EB134056; Fri, 12 Dec 2003 22:52:09 +1300 (NZDT)
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id hBC9qkv20566; Fri, 12 Dec 2003 22:52:46 +1300
Date: Fri, 12 Dec 2003 22:52:46 +1300
Message-Id: <200312120952.hBC9qkv20566@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: harald@Alvestrand.no, shimaoka@secom.ne.jp
Subject: Re: Re[2]: DN Encoding by UTF8String
Cc: housley@vigilsec.com, ietf-pkix@imc.org
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Masaki SHIMAOKA <shimaoka@secom.ne.jp> writes:
>Basically I agree with you, we MUST move to UTF-8 soon. But, still now we are
>facing to some issues about UTF8string, e.g., name comparison rule, and it
>seems that hard to solve yet them. AFAIK, there will be a little PKI
>applications who are compliant with the transition to UTF-8.
It's not really name comparison rules, the de facto profile of using only
memcpy() to encode and memcmp() to compare works pretty well at the moment.
The real problem is that a number of legacy apps don't support UTF-8, and
people are reluctant to move to it because of that (and then there's the all-
important 0.000001% of the user base still using Netscape 4.x, which will
crash if it hits a UTF-8 string). It's like the IPv6 upgrade, the first
backbone provider to switch to it is going to trigger every IPv6 bug in every
implementation every created, so no-one wants to be the guinea pig.
What we'd really need here is an indication from vendors of how far UTF-8
support goes (or doesn't go) in their products, to determine whether it's safe
to switch it on yet. The most important one would be Microsoft I guess. I'll
start the ball rolling by saying that any version of cryptlib that handles
certs will process UTF-8, although none will produce it (at least in a DN) for
the reason given above.
Anyone else?
Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBC7SLib046985 for <ietf-pkix-bks@above.proper.com>; Thu, 11 Dec 2003 23:28:21 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBC7SLnf046984 for ietf-pkix-bks; Thu, 11 Dec 2003 23:28:21 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBC7SEib046967 for <ietf-pkix@imc.org>; Thu, 11 Dec 2003 23:28:17 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id 0A1163400C; Fri, 12 Dec 2003 20:27:36 +1300 (NZDT)
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id hBC7SD820013; Fri, 12 Dec 2003 20:28:13 +1300
Date: Fri, 12 Dec 2003 20:28:13 +1300
Message-Id: <200312120728.hBC7SD820013@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: ietf-pkix@imc.org, jjing@securenet.com.au
Subject: RE: Web-PKI Keygen/Certreq Questions
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
"James Jing" <jjing@securenet.com.au> writes:
>There is an interesting problem with proof-of-possesion in the key generation
>message which we came across lately. If someone is having another look at it,
>it would be nice if it can be addressed.
>
>The problem is if key-gen is performed on behalf of the end user, we need to
>ensure that nobody can use the private key thus generated. However, PKCS#10
>requires a signature using this newly generated key. The key container (smart
>card) is unable to know that this is for PKCS#10, since it only signs a
>digest. Therefore we are in a catch-22. If we disallow signing, then we
>cannot create the PKCS#10 message. If we do, we don't know that we signed a
>PKCS#10.
Yup, that's a problem with systems that enforce access/usage controls on
crypto keys, it makes it impossible to generate PKCS #10 requests if the
controls are in place. For example cryptlib employs strict key usage/access
controls, so in theory you couldn't create a PKCS #10 request, or create one
for an encryption-only key. The workaround was to add a dynamic ACL check
(that is, not a hardcoded rule in the kernel but a callback where object-type-
specific code can provide additional information to the kernel) that allowed
special-case use for PKCS #10:
/* PKCS #10 cert requests are special-case objects in that the key they
contain is usable only for signature checking of the self-signature
on the object (it can't be used for general-purpose usages, which
would make it equivalent to a trusted self-signed cert). This is
problematic because the keyUsage may indicate that the key is valid
for other things as well, or not valid for signature checking. To
get around this, we indicate that the key has a single trusted usage,
signature checking, and disallow any other usage regardless of what
the keyUsage says. The actual keyUsage usage is only valid once the
request has been converted into a cert */
>Are there any solutions addressing such a problem already?
Most apps don't seem to enforce usage controls (for example there was one case
where a CA was using an encryption-only cert for signing messages, and in ~2
years of interop testing with PKI vendors no-one noticed; Windows allows
usage-X-only certs to be used for usage Y as well because it's less confusing
for the user to have a single cert that can do everything; a national smart
card project in Europe didn't realise that the keys they were putting on the
card weren't valid for encryption because nothing enforced the restrictions,
etc etc (there's a long list of these, those are off the top of my head)), so
it's not really a problem in general.
Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBC4kEib010096 for <ietf-pkix-bks@above.proper.com>; Thu, 11 Dec 2003 20:46:14 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBC4kET6010095 for ietf-pkix-bks; Thu, 11 Dec 2003 20:46:14 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from figg.securenet.com.au (ns2.isecure.com.au [202.125.4.72]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBC4kAib010066 for <ietf-pkix@imc.org>; Thu, 11 Dec 2003 20:46:13 -0800 (PST) (envelope-from jjing@securenet.com.au)
Received: from iron.securenet.com.au (iron.isecure.com.au [202.125.4.94] (may be forged)) by figg.securenet.com.au (8.12.3/8.12.3/Debian-6.6) with ESMTP id hBC4jxN5024971 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 15:45:59 +1100
Received: (from uucp@localhost) by iron.securenet.com.au (8.12.6/8.12.6) id hBC4jxKm006411 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 15:45:59 +1100 (EST)
Received: from nodnsquery(10.11.3.10) by iron.securenet.com.au via csmap (V6.0) id srcAAAlWaqHm; Fri, 12 Dec 03 15:45:59 +1100
Received: from atlas.securenet.com.au (localhost [127.0.0.1]) by gibbons.securenet.com.au (8.12.3/8.12.3/Debian-7woody) with ESMTP id hBC4jw7j006080 for <ietf-pkix@imc.org>; Fri, 12 Dec 2003 15:45:59 +1100
Received: from AMALTHEA.securenet.com.au ([192.168.100.30]) by atlas.securenet.com.au with Microsoft SMTPSVC(5.0.2195.4905); Fri, 12 Dec 2003 15:43:58 +1100
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Subject: RE: Web-PKI Keygen/Certreq Questions
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Fri, 12 Dec 2003 15:45:51 +1100
Message-ID: <85DA9C6C3DD8C74F8A8611815C635F8D415243@AMALTHEA.securenet.com.au>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Web-PKI Keygen/Certreq Questions
Thread-Index: AcO1oCHAi2lelxxhT8+QOHPVjmdsPwKyJakA
From: "James Jing" <jjing@securenet.com.au>
To: <ietf-pkix@imc.org>
X-OriginalArrivalTime: 12 Dec 2003 04:43:58.0125 (UTC) FILETIME=[8E328DD0:01C3C06A]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hBC4kDib010090
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
There is an interesting problem with proof-of-possesion in the key generation message which we came across lately. If someone is having another look at it, it would be nice if it can be addressed.
The problem is if key-gen is performed on behalf of the end user, we need to ensure that nobody can use the private key thus generated. However, PKCS#10 requires a signature using this newly generated key. The key container (smart card) is unable to know that this is for PKCS#10, since it only signs a digest. Therefore we are in a catch-22. If we disallow signing, then we cannot create the PKCS#10 message. If we do, we don't know that we signed a PKCS#10.
Are there any solutions addressing such a problem already?
This catch-22 can be broken, for example, if the PKCS#10 signature is unique to PKCS#10, such as allowing the card to add some salt, pad it to the digest and then re-digest it before signing. Something like that will ensure that the key in the initial state cannot be abused by any intermediary.
James
-----Original Message-----
From: David P. Kemp [mailto:dpkemp@missi.ncsc.mil]
Sent: Thursday, 27 November 2003 3:59 AM
Cc: ietf-pkix@imc.org
Subject: Re: Web-PKI Keygen/Certreq Questions
Hopefully the consortium is planning to construct its solution by
profiling: a) attributes to be included in RFC 2797 messages and b)
transport of those messages over http, rather than inventing something
from scratch.
Dave
Anders Rundgren wrote:
> Just to set the record straight: Another consortium has indeed
> [also] found the existings keygen/certreq mechanisms largely
> inferior and will publish a draft solution in a couple of months
> or so. I just talked to one of the architects, and he confirmed that
> it will support the kind of stuff that most of the proprietary solutions
> already do, such as key-container co-signing, passphrase policy
> control, and multi-key generation.
>
> /a
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBC3xCib008487 for <ietf-pkix-bks@above.proper.com>; Thu, 11 Dec 2003 19:59:12 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBC3xClG008486 for ietf-pkix-bks; Thu, 11 Dec 2003 19:59:12 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBC3xBib008478 for <ietf-pkix@imc.org>; Thu, 11 Dec 2003 19:59:11 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hBC3xEn37144 for <ietf-pkix@imc.org>; Thu, 11 Dec 2003 20:59:14 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: <ietf-pkix@imc.org>
Subject: DISCUSS: MUST reject in OCSPv1
Date: Thu, 11 Dec 2003 21:01:14 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDCEAHDGAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: <3FD629AD.9090602@free.fr>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
-----Original Message-----
From: Carlisle Adams
Sent: Tuesday, December 09, 2003 12:00 PM
To: Michael Myers
Subject: Re: MUST reject in OCSPv1
Hi Mike,
[. . .] you may forward the content of this message to the list
if you
wish.
It's pretty clear to me that clients use a nonce when they want
to guarantee
a fresh response from the other end (the nonce is returned in a
signed
message). If the client doesn't care about freshness, it has no
reason to
use the nonce since that is the ONLY purpose that the nonce
serves.
So, if a client puts a nonce in its request, the server MUST
return it in
the response. If the responder requirement is softened to a
SHOULD, then
the client requirement has to be strengthened to "if the
response comes back
without the client's nonce included, the client MUST reject the
message".
Again, if the client doesn't care about freshness, then it MUST
NOT put a
nonce in the request. If it does put a nonce in the request,
then a
response without it MUST NOT be acceptable. This only makes
sense: if you
explicitly ask for a security service on a response
(confidentiality,
authenticity, integrity, freshness, whatever) and the response
shows up
without it, this must be unacceptable. I don't care so much
whether the
behavioral requirement is on the client or on the responder
(although I
would prefer it to be on the responder), but the result must be
that the
request has not been completed.
Carlisle.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBALwZib062284 for <ietf-pkix-bks@above.proper.com>; Wed, 10 Dec 2003 13:58:35 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBALwZq8062283 for ietf-pkix-bks; Wed, 10 Dec 2003 13:58:35 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBALwXib062278 for <ietf-pkix@imc.org>; Wed, 10 Dec 2003 13:58:34 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from inet-vrs-04.redmond.corp.microsoft.com ([157.54.8.149]) by mail4.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 10 Dec 2003 13:59:00 -0800
Received: from 157.54.6.150 by inet-vrs-04.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 10 Dec 2003 13:58:36 -0800
Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 10 Dec 2003 13:58:24 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 10 Dec 2003 13:58:28 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Wed, 10 Dec 2003 13:58:28 -0800
Received: mail.windows.microsoft.com 157.54.12.84 from 157.54.0.155 157.54.0.155 via HTTP with MS-WebStorage 6.5.7122
Received: 157.54.0.155 157.54.0.155 from 157.54.1.69 157.54.1.69 via HTTP with MS-WebStorage 6.5.7122
Subject: RE: Cached OCSP responses vs. single entry CRLs
MIME-Version: 1.0
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
In-Reply-To: <004501c3bf21$76361e30$aa67020a@hq.orionsec.com>
References: <061891A2-1490-4A4A-A63E-EA25AB58BD3B@mimectl>, <004501c3bf21$76361e30$aa67020a@hq.orionsec.com>
To: Santosh Chokhani <chokhani@orionsec.com>, <ietf-pkix@imc.org>
Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary"
Thread-Topic: Cached OCSP responses vs. single entry CRLs
Thread-Index: AcO/aMG8VaKHTX6LTQu14jfayV30ow==
Message-ID: <F789EBB9-A679-4B85-A7A5-747B0FE4619B@mimectl>
X-Mailer: Microsoft Outlook Web Access 6.5.7122.0
X-MimeCtl: Produced By Microsoft Exchange V6.5.7122.0
Date: Wed, 10 Dec 2003 13:58:34 -0800
X-OriginalArrivalTime: 10 Dec 2003 21:58:28.0728 (UTC) FILETIME=[BE556F80:01C3BF68]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0046_01C3BEF7.8D601630"
------=_NextPart_000_0046_01C3BEF7.8D601630
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sure, if the client supports paritioned CRLs and most deployed clients MSFT=
or otherwise do not; ttp issues want to service as many possible relying p=
arties as possible since this is often a significant factor a subscriber ta=
kes into consideration when choosing a ttp.
Ryan
From: Santosh Chokhani
Sent: Wed 12/10/2003 5:28 AM
To: ietf-pkix@imc.org
Subject: RE: Cached OCSP responses vs. single entry CRLs
Ryan:
Assuming the CA and the client software are working properly, there will be=
one DP (URL) in the CDP and that will point to the proper partition. The =
client will get the CRL from that URL. The DP in the IDP of the CRL will b=
e matched to the DP in the CDP of certificate and all will be well.
If there is a glitch on the network or active adversary, then these won't m=
atch, but in those circumstances there are innumerable (albeit finite) way =
to cause denial of service, CRL partitioning notwithstanding.
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On=
Behalf Of Ryan M. Hurst
Sent: Tuesday, December 09, 2003 10:02 PM
To: Jean-Marc Desperrier; ietf-pkix@imc.org
Subject: RE: Cached OCSP responses vs. single entry CRLs
I have seen engines that do not deal with extension criticality in CRLs, so=
me of the java implementations I have seen in-fact; these would trust these=
partial CRLs as a full CRL. Now I know folks will say thats a bad implemen=
tation, and I am not arguing that what these clients have done is right but=
its yet another example of how CRLs fail in this area due to the history o=
f implementations out there.
Another example is where the client does properly deal with critical extens=
ions in the CRL, in this case almost all implementations I have seen would =
show the CRL as bad and fail validation (as it should), I dont know of one =
that would try the next URL in the CDP to see if it was the full CRL. And e=
ven if it did thats extra data to be downloaded to discover its not the rig=
th CRL.
Ryan
From: Jean-Marc Desperrier
Sent: Tue 12/9/2003 12:19 PM
To: ietf-pkix@imc.org
Subject: Re: Cached OCSP responses vs. single entry CRLs
Ryan M. Hurst wrote:
>[...] there is not way to tell from a CDP if the
>data on the other end represents a partitioned CRL or a full one.
> =20
>
But then clean client should check the content of the IDP extension=20
after getting the CRL and check it's distribution point matches the=20
distribution field of the CDP, and if not refuse the CRL, and supposedly=20
try the next crldp inside the cert.
RFC3280 6.3.3 (b)(2)(i)
I'm a bit sceptic it really works, but if the CRL's IDP is marked=20
critical as it should, maybe a good number of client will duly reject=20
the CRL when they can not support that case.
------=_NextPart_000_0046_01C3BEF7.8D601630
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD><TITLE>Message</TITLE></HEAD>
<BODY>
<DIV id=3DidOWAReplyText73816 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Sure, if the cli=
ent supports paritioned CRLs and most deployed clients MSFT or otherwise do=
not; ttp issues want to service as many possible relying parties as possib=
le since this is often a significant factor a subscriber takes into conside=
ration when choosing a ttp.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Ryan</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Santosh Chokhani<BR><B>Sent:</B> =
Wed 12/10/2003 5:28 AM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</B> R=
E: Cached OCSP responses vs. single entry CRLs<BR></FONT><BR></DIV>
<DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D005212413-10=
122003>Ryan:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D005212413-10=
122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D005212413-10=
122003>Assuming the CA and the client software are working properly, there =
will be one DP (URL) in the CDP and that will point to the proper partition=
. The client will get the CRL from that URL. The DP in the IDP =
of the CRL will be matched to the DP in the CDP of certificate and all will=
be well.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D005212413-10=
122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D005212413-10=
122003>If there is a glitch on the network or active adversary, then these =
won't match, but in those circumstances there are innumerable (albeit finit=
e) way to cause denial of service, CRL partitioning notwithstanding.</SPAN>=
</FONT></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B> owner-ie=
tf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] <B>On Behalf Of =
</B>Ryan M. Hurst<BR><B>Sent:</B> Tuesday, December 09, 2003 10:02 PM<BR><B=
>To:</B> Jean-Marc Desperrier; ietf-pkix@imc.org<BR><B>Subject:</B> RE: Cac=
hed OCSP responses vs. single entry CRLs<BR><BR></FONT></DIV>
<DIV id=3DidOWAReplyText39006 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>I have seen engi=
nes that do not deal with extension criticality in CRLs, some of the java i=
mplementations I have seen in-fact; these would trust these partial CRLs as=
a full CRL. Now I know folks will say thats a bad implementation, and I am=
not arguing that what these clients have done is right but its yet another=
example of how CRLs fail in this area due to the history of implementation=
s out there.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Another example is where the cli=
ent does properly deal with critical extensions in the CRL, in this ca=
se almost all implementations I have seen would show th=
e CRL as bad and fail validation (as it should), I dont know of one that wo=
uld try the next URL in the CDP to see if it was the full CRL. And even if =
it did thats extra data to be downloaded to discover its not the rigth CRL.=
</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Ryan</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Jean-Marc Desperrier<BR><B>Sent:<=
/B> Tue 12/9/2003 12:19 PM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</=
B> Re: Cached OCSP responses vs. single entry CRLs<BR></FONT><BR></DIV>
<DIV><PRE style=3D"WORD-WRAP: break-word">Ryan M. Hurst wrote:
>[...] there is not way to tell from a CDP if the
>data on the other end represents a partitioned CRL or a full one.
> =20
>
But then clean client should check the content of the IDP extension=20
after getting the CRL and check it's distribution point matches the=20
distribution field of the CDP, and if not refuse the CRL, and supposedly=20
try the next crldp inside the cert.
RFC3280 6.3.3 (b)(2)(i)
I'm a bit sceptic it really works, but if the CRL's IDP is marked=20
critical as it should, maybe a good number of client will duly reject=20
the CRL when they can not support that case.
</PRE></DIV></BLOCKQUOTE></DIV></BODY></HTML>
------=_NextPart_000_0046_01C3BEF7.8D601630--
--------------InterScan_NT_MIME_Boundary--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBAJfWib055941 for <ietf-pkix-bks@above.proper.com>; Wed, 10 Dec 2003 11:41:32 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBAJfW8s055940 for ietf-pkix-bks; Wed, 10 Dec 2003 11:41:32 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from s-utl01-lanoc.stsn.com (p11.n-lapop01.stsn.com [12.129.240.11]) by above.proper.com (8.12.10/8.12.8) with SMTP id hBAJfVic055935 for <ietf-pkix@imc.org>; Wed, 10 Dec 2003 11:41:31 -0800 (PST) (envelope-from chokhani@orionsec.com)
Received: (from wchokhani [10.2.103.170]) by s-utl01-lanoc.stsn.com (SAVSMTP 3.1.0.29) with SMTP id M2003121011411315853 for <ietf-pkix@imc.org>; Wed, 10 Dec 2003 11:41:13 -0800
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Wed, 10 Dec 2003 14:41:27 -0500
Message-ID: <006801c3bf55$9a3b9fb0$aa67020a@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
Importance: Normal
In-Reply-To: <3FD74682.20703@stroeder.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hBAJfVib055936
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Michael:
The standard requires the IDP to be critical and not the CRLDP. If a client
does not process CRLDP, it will have to rely on a CRL.
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On
Behalf Of Michael Ströder
Sent: Wednesday, December 10, 2003 11:15 AM
To: Jean-Marc Desperrier
Cc: ietf-pkix@imc.org
Subject: Re: Cached OCSP responses vs. single entry CRLs
Jean-Marc Desperrier wrote:
>
> I'm a bit sceptic it really works,
So am I.
> but if the CRL's IDP is marked
> critical as it should, maybe a good number of client will duly reject
> the CRL when they can not support that case.
I saw at least one widely-deployed software of a major vendor simply crash
when CRL IDP was marked critical.
Ciao, Michael.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBAHIAib049885 for <ietf-pkix-bks@above.proper.com>; Wed, 10 Dec 2003 09:18:10 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBAHIAHR049884 for ietf-pkix-bks; Wed, 10 Dec 2003 09:18:10 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from sigurd.x509.com ([199.175.155.2]) by above.proper.com (8.12.10/8.12.8) with SMTP id hBAHI8ib049878 for <ietf-pkix@imc.org>; Wed, 10 Dec 2003 09:18:08 -0800 (PST) (envelope-from marcnarc@rsasecurity.com)
Received: from nebula.x509.com by sigurd.x509.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 10 Dec 2003 17:18:10 UT
Received: from crack.x509.com (localhost [127.0.0.1]) by nebula.x509.com (8.12.10/NULL) with ESMTP id hBAHDw6L025308 for <ietf-pkix@imc.org>; Wed, 10 Dec 2003 09:13:58 -0800 (PST)
Received: from exvan01.x509.com (exvan01.x509.com [10.9.22.50]) by crack.x509.com (8.12.10/8.12.10) with ESMTP id hBAHI8Y0007609 for <ietf-pkix@imc.org>; Wed, 10 Dec 2003 09:18:09 -0800 (PST)
Received: from rsasecurity.com (mbranchaud2.eng.x509.com [10.7.33.48]) by exvan01.x509.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id VQFWJCTA; Wed, 10 Dec 2003 09:27:07 -0800
Message-ID: <3FD752DB.5070001@rsasecurity.com>
Date: Wed, 10 Dec 2003 09:07:39 -0800
X-Sybari-Trust: 52b771ef 7ddcb5bc fa431d80 00000139
From: Marc Branchaud <marcnarc@rsasecurity.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031110
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: OCSP in TLS handshake
References: <F5678115F458B4458C227F0EC02691BB02BA857F@mou1wnexm04.vcorp.ad.vrsn.com> <3FD60747.7070801@rsasecurity.com>
In-Reply-To: <3FD60747.7070801@rsasecurity.com>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070804020701030109090807"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a cryptographically signed message in MIME format.
--------------ms070804020701030109090807
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Marc Branchaud wrote:
>
> In that case, you're not talking about a real OCSP client
Turns out the TLS client can generate a nonce that the TLS server would
forward to the OCSP server.
Mea culpa.
M.
--------------ms070804020701030109090807
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISqTCC
AtcwggJAoAMCAQICEFgUQCxch7Sxp7XFFauIqpwwDQYJKoZIhvcNAQEFBQAwbDEaMBgGA1UE
ChMRUlNBIFNlY3VyaXR5IEluYy4xHjAcBgNVBAMTFVJTQSBQdWJsaWMgUm9vdCBDQSB2MTEu
MCwGCSqGSIb3DQEJARYfcnNha2VvbnJvb3RzaWduQHJzYXNlY3VyaXR5LmNvbTAeFw0wMjA5
MDYxNDEzNTJaFw0wNzA5MDYxNDEzNTJaMIGCMRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5j
LjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMRYwFAYDVQQDEw1SU0EgQ29ycG9yYXRlMRAwDgYD
VQQHEwdCZWRmb3JkMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQswCQYDVQQGEwJVUzCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqnOw876lPpMTkSqrqzpEON/609PDLEhmWX4tkC19
AHneDaoetL277GtYYXBCggP2E+s66MN1ccWXyApfWjCZkIHepPC08NVI1JRcbViW3kwLzDD2
w5T9QJcyL5V1pN/LQdxahM56TiLeXlPiJekdmTdJoo+5Pw4bQU+MxTqURk8CAwEAAaNjMGEw
HwYDVR0jBBgwFoAU9UwxelEDPyzXi5eZb6hxkKt4PZswHQYDVR0OBBYEFO2RCGt0t1lKkvah
HSJwJp8KrxaSMA8GA1UdEwQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
BQUAA4GBAHiSe1a79hnPr16PuBwUTBWbuNQ4GJNsyfrCXzAswIT2A2WtGZ1Hp1jEAWi9OfAX
IYAdy52Jyv9N87wAEbLUgVmsFEIlYM5mi6ag7YIRGp8JP5UhLAN9O5YHrR9FsrGK4WmSl3sY
W1qAPOXubFcfhTgUDIYzM30izZBP4nwO07FpMIIC+DCCAmGgAwIBAgIQeuiOriTayCwjwpmR
gmdIUjANBgkqhkiG9w0BAQUFADCBgjEaMBgGA1UEChMRUlNBIFNlY3VyaXR5IEluYy4xFTAT
BgNVBAsTDEtDQSBTZXJ2aWNlczEWMBQGA1UEAxMNUlNBIENvcnBvcmF0ZTEQMA4GA1UEBxMH
QmVkZm9yZDEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDIwOTIz
MTkxMzAzWhcNMDYwOTIzMTUxMzAzWjCBjDEaMBgGA1UEChMRUlNBIFNlY3VyaXR5IEluYy4x
FTATBgNVBAsTDEtDQSBTZXJ2aWNlczEgMB4GA1UEAxMXUlNBIENsYXNzIDIgUGVyc29uYWwg
Q0ExEDAOBgNVBAcTB0JlZGZvcmQxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxCzAJBgNVBAYT
AlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkR9yiabyRo6+NwC3Sl8wPuUiBD3rP
sENNjXvzSbTAyXA8pDDndnlAa1nLUhSMgvn8g1sYMd0Bp+C1/mI5PFUZ8jukUK95yt+TK26L
hM/M5RUq/EINdDDdWzg9je498K6oGfyWR6ETSJbIrDe5qQcLCABs9E2gVKb7Z/FwFo3C9QID
AQABo2MwYTAPBgNVHRMECDAGAQH/AgECMA4GA1UdDwEB/wQEAwIBhjAfBgNVHSMEGDAWgBTt
kQhrdLdZSpL2oR0icCafCq8WkjAdBgNVHQ4EFgQUxpPuxqX+41WOz4ojH+6Y3iHyn6cwDQYJ
KoZIhvcNAQEFBQADgYEAcdRHBjq8GfdDoutUTJPtSzQd7XsdsQh2KBbu8utl92VQHuI0J5wc
Rc817G8YbmTtCt/xqAzrr6k7fdaoDBr/kBuVHA5FEJ94foPgrOlbT3zdziMATXh5ESSDLMx6
p8ITIsTJNmwszIG5P9AAKJCW48gu1ZZmLXhFbHcYJGf99pwwggMFMIICbqADAgECAhEAvhyf
0s21hKaAc2Nm1WX4LTANBgkqhkiG9w0BAQUFADCBuzEkMCIGA1UEBxMbVmFsaUNlcnQgVmFs
aWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwgSW5jLjE1MDMGA1UECxMsVmFs
aUNlcnQgQ2xhc3MgMyBQb2xpY3kgVmFsaWRhdGlvbiBBdXRob3JpdHkxITAfBgNVBAMTGGh0
dHA6Ly93d3cudmFsaWNlcnQuY29tLzEgMB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5j
b20wHhcNMDIwNDMwMTUzMDE5WhcNMTkwNDMwMDkyMTU1WjBsMRowGAYDVQQKExFSU0EgU2Vj
dXJpdHkgSW5jLjEeMBwGA1UEAxMVUlNBIFB1YmxpYyBSb290IENBIHYxMS4wLAYJKoZIhvcN
AQkBFh9yc2FrZW9ucm9vdHNpZ25AcnNhc2VjdXJpdHkuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQC0dSVa2EQ740GxqiIKsHATT4f8XYwUU23pzRe5W6IVpt4jkwDWkgnvTcP6
M8PD4OfK6Imal4hAH/c3K/dUIH7YyQZRGAE5Y27G5klZYKidcFlrfautgVES170MLKFmJqym
2FWAfVOibXatRcw7B0S+mP9404jID/MaIpRXkH5JjwIDAQABo1cwVTAMBgNVHRMEBTADAQH/
MA4GA1UdDwEB/wQEAwIBhjAWBgNVHSAEDzANMAsGCSqGSIb3DQUGATAdBgNVHQ4EFgQU9Uwx
elEDPyzXi5eZb6hxkKt4PZswDQYJKoZIhvcNAQEFBQADgYEAKsviXBc1FeBT2hIwyWuGwnPZ
J9ctjrsO7NbVLjsx/EYclFFGwo+pphiwdUTml9yd7fXzfk0D+7LOs9ZA5xhiHVrGusV4OW4i
7hx2KVILkYlcXCN5tDltKwa5+BkGUuvZdyAoIhpyf61h7uKCFguhaJ+VOiNB4DPtsmxI+KxO
E6YwggTYMIIEQaADAgECAhBgzHl9dAoZGu0JMqXovSgdMA0GCSqGSIb3DQEBBQUAMIGMMRow
GAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMSAwHgYD
VQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEWMBQGA1UE
CBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDMwNzA3MjMwODEzWhcNMDQwNzA3
MjMwODEzWjCBvjETMBEGCgmSJomT8ixkARkWA2NvbTEbMBkGCgmSJomT8ixkARkWC3JzYXNl
Y3VyaXR5MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEWMBQGA1UECxMNTm9ydGggQW1l
cmljYTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFzAVBgNVBAMTDk1hcmMgQnJhbmNoYXVkMScw
JQYJKoZIhvcNAQkBFhhtYXJjbmFyY0Byc2FzZWN1cml0eS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDg2xoRr+a/dtnuFG+oTHa+tGtzeObFazNhYV2iSLNED4fHRu86
tknBYFgXggcHW5gsyjfkCtVMzP2tCivmbJgvISo36vsCsmAJH6LRnJf8HsvfmWZaD9tzhDpL
QVsBHr88J0ZMdVniRc7MQoYeu/3hYtUBeGO9bGA6T8vTrnXYonnFtVoTqE62SFqPZZk7HpCS
X1n+dM3zSym2ylMFYE14nukF4I9vAhsQVzk3QNpghmzGj8uoEy9xpf3k0o5+neneAGvcSkwo
r1mH5tSqhrEQaZp7vuSA2bvXaZEnjZzZiTpPDzs1oMpn3guzYhU7wMKz6xvwvgEYyAAV+P5n
FWM/AgMBAAGjggGBMIIBfTCBkgYDVR0gBIGKMIGHMIGEBgkqhkiG9w0FBwIwdzAuBggrBgEF
BQcCARYiaHR0cDovL2NhLnJzYXNlY3VyaXR5LmNvbS9DUFMuaHRtbDBFBggrBgEFBQcCAjA5
MBgWEVJTQSBTZWN1cml0eSBJbmMuMAMCAQEaHUNQUyBJbmNvcnBvcmF0ZWQgYnkgcmVmZXJl
bmNlMCkGA1UdJQQiMCAGCisGAQQBgjcUAgIGCCsGAQUFBwMCBggrBgEFBQcDBDAjBgNVHREE
HDAagRhtYXJjbmFyY0Byc2FzZWN1cml0eS5jb20wDgYDVR0PAQH/BAQDAgeAMEYGA1UdHwQ/
MD0wO6A5oDeGNWh0dHA6Ly9jcmwucnNhc2VjdXJpdHkuY29tOjgwL1JTQUNsYXNzMlBlcnNv
bmFsQ0EuY3JsMB8GA1UdIwQYMBaAFMaT7sal/uNVjs+KIx/umN4h8p+nMB0GA1UdDgQWBBQ1
yQ/UrvKb563LjzHqJzBzrZp/ejANBgkqhkiG9w0BAQUFAAOBgQCV82oGGnglQQzklKg/wKhy
evNeJ6FNBZFhLlmZRNlKgqvPFmBcxygfBGpHqIhsHcrt2/AjhJuzAj7UdW1vTVCY5MkZw8P9
6+J6aTc3bNlGbk0jvcvVgDhmM4xYJLwMZKEw92HlRhfuMnj7ah9DTqbKSewmyAyOc+FLpGfd
lu6CgTCCBOkwggRSoAMCAQICEQDqxAXqre9Mr+FeYw3+MQhsMA0GCSqGSIb3DQEBBQUAMIGM
MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMSAw
HgYDVQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEWMBQG
A1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDMwNzA3MjMwODI4WhcNMDQw
NzA3MjMwODEzWjCBwjETMBEGCgmSJomT8ixkARkWA2NvbTEbMBkGCgmSJomT8ixkARkWC3Jz
YXNlY3VyaXR5MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEWMBQGA1UECxMNTm9ydGgg
QW1lcmljYTEUMBIGA1UECxMLRW5naW5lZXJpbmcxGzAZBgNVBAMTEk1hcmMgQnJhbmNoYXVk
LUVuYzEnMCUGCSqGSIb3DQEJARYYbWFyY25hcmNAcnNhc2VjdXJpdHkuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBjNaHTwtCXpdJg+iDxYMkWjuZIF0ic2fRLymZe+
BnZYWPnik0dFmTulx+V8slsLEtBllcc5o1yfIYfeHPinwRxv86kCUSlgfGGXKjJZaIeURgbo
bUbIfDTPlvRUZuiZvTR4C8tEY88Lle66n62B7wjUvDbiwK4EjzlXOkjpcYXLH7FbaFaRLDBB
PlFD5ydDRhQ67t6fjUeS7p7o/l/VHmPC5LFLXZkjEhjGd5pknbQIAbUGACL5UET85NUFPowD
3F47g0GCKEnuOsk2Ra+WHu7honhIxqmOwGnu85V6tW5xscf4dTofWZONQeaD3gSxv8+hcfKN
k9cwjpnUG2xGzwIDAQABo4IBjTCCAYkwNQYDVR0lBC4wLAYKKwYBBAGCNxQCAgYIKwYBBQUH
AwIGCCsGAQUFBwMEBgorBgEEAYI3CgMEMIGSBgNVHSAEgYowgYcwgYQGCSqGSIb3DQUHAjB3
MC4GCCsGAQUFBwIBFiJodHRwOi8vY2EucnNhc2VjdXJpdHkuY29tL0NQUy5odG1sMEUGCCsG
AQUFBwICMDkwGBYRUlNBIFNlY3VyaXR5IEluYy4wAwIBARodQ1BTIEluY29ycG9yYXRlZCBi
eSByZWZlcmVuY2UwIwYDVR0RBBwwGoEYbWFyY25hcmNAcnNhc2VjdXJpdHkuY29tMEYGA1Ud
HwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwucnNhc2VjdXJpdHkuY29tOjgwL1JTQUNsYXNzMlBl
cnNvbmFsQ0EuY3JsMB8GA1UdIwQYMBaAFMaT7sal/uNVjs+KIx/umN4h8p+nMB0GA1UdDgQW
BBT/OiMCyY8CPnNBySW1ijJOYhj7ejAOBgNVHQ8BAf8EBAMCAzgwDQYJKoZIhvcNAQEFBQAD
gYEAlchAObA9eVmeiLu0nTU985Fch6v+EZKodUhZUN7dILgd05HorHN9jxBH6XI4/b9ZVvub
Pkpicdc112YbcLYTD2NumVksyNDI7fDaqiszgk1zluXtZJ+HsCt+GIAKCDfOVLECclpGyizq
VjZFEK4Pt9FxPGTnUJEvIKJcAQ24EvgxggPsMIID6AIBATCBoTCBjDEaMBgGA1UEChMRUlNB
IFNlY3VyaXR5IEluYy4xFTATBgNVBAsTDEtDQSBTZXJ2aWNlczEgMB4GA1UEAxMXUlNBIENs
YXNzIDIgUGVyc29uYWwgQ0ExEDAOBgNVBAcTB0JlZGZvcmQxFjAUBgNVBAgTDU1hc3NhY2h1
c2V0dHMxCzAJBgNVBAYTAlVTAhBgzHl9dAoZGu0JMqXovSgdMAkGBSsOAwIaBQCgggIfMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTIxMDE3MDczOVow
IwYJKoZIhvcNAQkEMRYEFA2f5LYXe6gF0FQX7r1WhUffpozBMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIGzBgkrBgEEAYI3EAQxgaUwgaIwgYwxGjAYBgNVBAoTEVJTQSBTZWN1
cml0eSBJbmMuMRUwEwYDVQQLEwxLQ0EgU2VydmljZXMxIDAeBgNVBAMTF1JTQSBDbGFzcyAy
IFBlcnNvbmFsIENBMRAwDgYDVQQHEwdCZWRmb3JkMRYwFAYDVQQIEw1NYXNzYWNodXNldHRz
MQswCQYDVQQGEwJVUwIRAOrEBeqt70yv4V5jDf4xCGwwgbUGCyqGSIb3DQEJEAILMYGloIGi
MIGMMRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2Vz
MSAwHgYDVQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEW
MBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMCEQDqxAXqre9Mr+FeYw3+MQhs
MA0GCSqGSIb3DQEBAQUABIIBABwmLxOH59WOCznMvVp6YP5VdIBbxUNtfa66yTqGwt+GC04c
hySVzzJuDCKcgeUxokevKtWjd088ANaIRlSxVjza4ha8HbhCVGC6TWS4GpLNODB4mMUiDBC3
M7NiEboGP2PLVFm9QrnPW+jf/g5YSyTCU32AnOYoPlzpMou5zUTsFRhbCIQRcHK2DlHxFLgY
8oLueRNLdnOt0Wd6PdoisF4My/gJz8GPYE/xau8ePBIrV/yxALeq/gEKIBVfD0G0reygIHR7
wwJjjSfIa9hSzIh//RBi5tMb2ceKC2oRoPyvZyXWEQx3QN1Oe/N81gDvm7FCIcc0MKnOk39n
wkaPNc0AAAAAAAA=
--------------ms070804020701030109090807--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBAGFCib045066 for <ietf-pkix-bks@above.proper.com>; Wed, 10 Dec 2003 08:15:12 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBAGFC9d045065 for ietf-pkix-bks; Wed, 10 Dec 2003 08:15:12 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from nb2.stroeder.com (krl9-d9bb4cbb.pool.mediaWays.net [217.187.76.187]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBAGFAib045049 for <ietf-pkix@imc.org>; Wed, 10 Dec 2003 08:15:11 -0800 (PST) (envelope-from michael@stroeder.com)
Received: from localhost (localhost [127.0.0.1]) by nb2.stroeder.com (Postfix) with ESMTP id 6CB4B9D506; Wed, 10 Dec 2003 17:14:59 +0100 (CET)
Received: from stroeder.com (localhost [127.0.0.1]) by nb2.stroeder.com (Postfix) with ESMTP id 92CA36BCAD; Wed, 10 Dec 2003 17:14:58 +0100 (CET)
Message-ID: <3FD74682.20703@stroeder.com>
Date: Wed, 10 Dec 2003 17:14:58 +0100
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007
X-Accept-Language: de-de, de, en-us, en
MIME-Version: 1.0
To: Jean-Marc Desperrier <jmdesp@free.fr>
Cc: ietf-pkix@imc.org
Subject: Re: Cached OCSP responses vs. single entry CRLs
References: <DDE1793D7266AD488BB4F5E8D38EACB8041BC86D@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com> <3FD62E65.3060706@free.fr>
In-Reply-To: <3FD62E65.3060706@free.fr>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS 0.3.12pre8
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Jean-Marc Desperrier wrote:
>
> I'm a bit sceptic it really works,
So am I.
> but if the CRL's IDP is marked
> critical as it should, maybe a good number of client will duly reject
> the CRL when they can not support that case.
I saw at least one widely-deployed software of a major vendor simply crash
when CRL IDP was marked critical.
Ciao, Michael.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBADSQib036345 for <ietf-pkix-bks@above.proper.com>; Wed, 10 Dec 2003 05:28:26 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBADSQ6l036344 for ietf-pkix-bks; Wed, 10 Dec 2003 05:28:26 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from s-utl01-lanoc.stsn.com (p11.n-lapop01.stsn.com [12.129.240.11]) by above.proper.com (8.12.10/8.12.8) with SMTP id hBADSPic036339 for <ietf-pkix@imc.org>; Wed, 10 Dec 2003 05:28:25 -0800 (PST) (envelope-from chokhani@orionsec.com)
Received: (from wchokhani [10.2.103.170]) by s-utl01-lanoc.stsn.com (SAVSMTP 3.1.0.29) with SMTP id M2003121005280410770 for <ietf-pkix@imc.org>; Wed, 10 Dec 2003 05:28:04 -0800
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Wed, 10 Dec 2003 08:28:13 -0500
Message-ID: <004501c3bf21$76361e30$aa67020a@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0046_01C3BEF7.8D601630"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
Importance: Normal
In-Reply-To: <061891A2-1490-4A4A-A63E-EA25AB58BD3B@mimectl>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------=_NextPart_000_0046_01C3BEF7.8D601630
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Ryan:
=20
Assuming the CA and the client software are working properly, there will =
be
one DP (URL) in the CDP and that will point to the proper partition. =
The
client will get the CRL from that URL. The DP in the IDP of the CRL =
will be
matched to the DP in the CDP of certificate and all will be well.
=20
If there is a glitch on the network or active adversary, then these =
won't
match, but in those circumstances there are innumerable (albeit finite) =
way
to cause denial of service, CRL partitioning notwithstanding.
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] =
On
Behalf Of Ryan M. Hurst
Sent: Tuesday, December 09, 2003 10:02 PM
To: Jean-Marc Desperrier; ietf-pkix@imc.org
Subject: RE: Cached OCSP responses vs. single entry CRLs
I have seen engines that do not deal with extension criticality in CRLs,
some of the java implementations I have seen in-fact; these would trust
these partial CRLs as a full CRL. Now I know folks will say thats a bad
implementation, and I am not arguing that what these clients have done =
is
right but its yet another example of how CRLs fail in this area due to =
the
history of implementations out there.
=20
Another example is where the client does properly deal with critical
extensions in the CRL, in this case almost all implementations I have =
seen
would show the CRL as bad and fail validation (as it should), I dont =
know of
one that would try the next URL in the CDP to see if it was the full =
CRL.
And even if it did thats extra data to be downloaded to discover its not =
the
rigth CRL.
=20
Ryan
_____ =20
From: Jean-Marc Desperrier
Sent: Tue 12/9/2003 12:19 PM
To: ietf-pkix@imc.org
Subject: Re: Cached OCSP responses vs. single entry CRLs
Ryan M. Hurst wrote:
>[...] there is not way to tell from a CDP if the
>data on the other end represents a partitioned CRL or a full one.
> =20
>
But then clean client should check the content of the IDP extension=20
after getting the CRL and check it's distribution point matches the=20
distribution field of the CDP, and if not refuse the CRL, and supposedly =
try the next crldp inside the cert.
RFC3280 6.3.3 (b)(2)(i)
I'm a bit sceptic it really works, but if the CRL's IDP is marked=20
critical as it should, maybe a good number of client will duly reject=20
the CRL when they can not support that case.
------=_NextPart_000_0046_01C3BEF7.8D601630
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>
<META content=3D"MSHTML 6.00.2800.1276" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D005212413-10122003>Ryan:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D005212413-10122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D005212413-10122003>Assuming the CA and the client software are =
working=20
properly, there will be one DP (URL) in the CDP and that will point to =
the=20
proper partition. The client will get the CRL from that URL. =
The DP=20
in the IDP of the CRL will be matched to the DP in the CDP of =
certificate and=20
all will be well.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D005212413-10122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN =
class=3D005212413-10122003>If=20
there is a glitch on the network or active adversary, then these won't =
match,=20
but in those circumstances there are innumerable (albeit finite) way to =
cause=20
denial of service, CRL partitioning notwithstanding.</SPAN></FONT></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] =
<B>On=20
Behalf Of </B>Ryan M. Hurst<BR><B>Sent:</B> Tuesday, December 09, 2003 =
10:02=20
PM<BR><B>To:</B> Jean-Marc Desperrier; =
ietf-pkix@imc.org<BR><B>Subject:</B>=20
RE: Cached OCSP responses vs. single entry CRLs<BR><BR></FONT></DIV>
<DIV id=3DidOWAReplyText39006 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>I have seen =
engines that do=20
not deal with extension criticality in CRLs, some of the java =
implementations=20
I have seen in-fact; these would trust these partial CRLs as a full =
CRL. Now I=20
know folks will say thats a bad implementation, and I am not arguing =
that what=20
these clients have done is right but its yet another example of how =
CRLs fail=20
in this area due to the history of implementations out =
there.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Another example is where =
the client does=20
properly deal with critical extensions in the CRL, in this=20
case almost all implementations I have seen would =
show the=20
CRL as bad and fail validation (as it should), I dont know of one that =
would=20
try the next URL in the CDP to see if it was the full CRL. And even if =
it did=20
thats extra data to be downloaded to discover its not the rigth=20
CRL.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Ryan</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Jean-Marc =
Desperrier<BR><B>Sent:</B> Tue=20
12/9/2003 12:19 PM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</B> =
Re:=20
Cached OCSP responses vs. single entry CRLs<BR></FONT><BR></DIV>
<DIV><PRE style=3D"WORD-WRAP: break-word">Ryan M. Hurst wrote:
>[...] there is not way to tell from a CDP if the
>data on the other end represents a partitioned CRL or a full one.
> =20
>
But then clean client should check the content of the IDP extension=20
after getting the CRL and check it's distribution point matches the=20
distribution field of the CDP, and if not refuse the CRL, and supposedly =
try the next crldp inside the cert.
RFC3280 6.3.3 (b)(2)(i)
I'm a bit sceptic it really works, but if the CRL's IDP is marked=20
critical as it should, maybe a good number of client will duly reject=20
the CRL when they can not support that case.
</PRE></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0046_01C3BEF7.8D601630--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBA4jaib039052 for <ietf-pkix-bks@above.proper.com>; Tue, 9 Dec 2003 20:45:36 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBA4jaNi039051 for ietf-pkix-bks; Tue, 9 Dec 2003 20:45:36 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from s-utl01-lanoc.stsn.com (p11.n-lapop01.stsn.com [12.129.240.11]) by above.proper.com (8.12.10/8.12.8) with SMTP id hBA4jaic039046 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 20:45:36 -0800 (PST) (envelope-from chokhani@orionsec.com)
Received: (from wchokhani [10.2.103.170]) by s-utl01-lanoc.stsn.com (SAVSMTP 3.1.0.29) with SMTP id M2003120920452108854 for <ietf-pkix@imc.org>; Tue, 09 Dec 2003 20:45:21 -0800
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Tue, 9 Dec 2003 23:45:32 -0500
Message-ID: <000101c3bed8$71e4f6b0$aa67020a@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
Importance: Normal
In-Reply-To: <3FD629AD.9090602@free.fr>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hBA4jaib039047
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Jean-Marc:
To match the DP in the IDP in CRL, you need to match the DP in CDP in the
certificate. cRLIssuer field needs to come in to play only if there is an
indirect CRL issuer.
If the client does not know how to process a critical extension (which IDP
is) and still uses a PKI object (certificate or CRL), I am sure lots of
other things can go wrong. Just look at some of the other vulnerabilities
identified and corrected over the last few months.
As to lack of client side support, when did that became a basis for putting
out yet another standard and requiring yet another client side plug-in. I
am sure adding IDP processing to certificate and CRL processing is lot
easier than defining and adding an OCSP client.
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On
Behalf Of Jean-Marc Desperrier
Sent: Tuesday, December 09, 2003 3:00 PM
To: ietf-pkix@imc.org
Subject: Re: Cached OCSP responses vs. single entry CRLs
From: Carl Wallace
> The responses regarding lack of client side support are somewhat
> strange.
> It is not possible that deployed client-side support for
> partitioned CRLs is
> less than deployed client-side support for the yet-to-be-defined
> solution
> for cached OCSP.
>
Santosh Chokhani wrote:
> The client concern does not seem to cut the mustard since Carl's
> argument is that we do not seem to have a standard for nonceless
> client, let alone capability. For the partitioned CRL, we have
> well-defined standard.
>
> As to the response size, I am sure that a partitioned CRL (one CRL for
> each certificate) will be less than 400 bytes you cited. I think
> partitioning CRL for individual certificate has plusses in terms of
> standard and removing the need for client. It also has directory
> related plusses in terms of replication.
>
> I think its minuses are in terms of CA's ability to support it (or
> requiring delegated CRL issuer, i.e., Indirect CRL Issuer Model) and
> may be addition and management of entries under the CA branch for the
> CRL partitions.
You are missing a major minus of partitioning CRL that many/most client
don't support partitioned CRL, but worst do not properly recognize the
cRLIssuer part of the CRLDP, and will not be able to match it to the IDP
inside the crl, so they can be pushed to trust a partionned CRL for a
cert it doesn't apply too.
*That* is the concern for lack of client side support. In the current
state of things, partionned CRL is very probably a security hazard for
many clients.
Meanwhile using cached OCSP without any of the addition discussed here
is not a problem as long as the client is configured not to require a nonce.
The proposed OCSP change is an optimization, not absolutly required.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBA31fib035129 for <ietf-pkix-bks@above.proper.com>; Tue, 9 Dec 2003 19:01:41 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hBA31fD4035128 for ietf-pkix-bks; Tue, 9 Dec 2003 19:01:41 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hBA31eib035119 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 19:01:40 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from mail6.microsoft.com ([157.54.6.196]) by mail1.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 9 Dec 2003 19:00:50 -0800
Received: from inet-vrs-06.redmond.corp.microsoft.com ([157.54.6.181]) by mail6.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Tue, 9 Dec 2003 19:01:46 -0800
Received: from 157.54.8.155 by inet-vrs-06.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 09 Dec 2003 19:01:19 -0800
Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 9 Dec 2003 19:01:26 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 9 Dec 2003 19:01:15 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Tue, 9 Dec 2003 19:00:31 -0800
Received: mail.windows.microsoft.com 157.54.12.84 from 157.54.0.155 157.54.0.155 via HTTP with MS-WebStorage 6.5.7122
Received: 157.54.0.155 157.54.0.155 from 157.54.1.69 157.54.1.69 via HTTP with MS-WebStorage 6.5.7122
MIME-Version: 1.0
Subject: RE: Cached OCSP responses vs. single entry CRLs
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
In-Reply-To: <3FD62E65.3060706@free.fr>
References: <DDE1793D7266AD488BB4F5E8D38EACB8041BC86D@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>, <3FD62E65.3060706@free.fr>
To: Jean-Marc Desperrier <jmdesp@free.fr>, <ietf-pkix@imc.org>
Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary"
Thread-Topic: Cached OCSP responses vs. single entry CRLs
Thread-Index: AcO+ye7KUVEgoPigRNekqedjOacxaw==
Message-ID: <061891A2-1490-4A4A-A63E-EA25AB58BD3B@mimectl>
X-Mailer: Microsoft Outlook Web Access 6.5.7122.0
X-MimeCtl: Produced By Microsoft Exchange V6.5.7122.0
Date: Tue, 9 Dec 2003 19:01:40 -0800
X-OriginalArrivalTime: 10 Dec 2003 03:00:31.0725 (UTC) FILETIME=[C61191D0:01C3BEC9]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
boundary="_495B11F8-C7AB-4592-9668-D86D43FDBC2C_"
--_495B11F8-C7AB-4592-9668-D86D43FDBC2C_
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
I have seen engines that do not deal with extension criticality in CRLs, so=
me of the java implementations I have seen in-fact; these would trust these=
partial CRLs as a full CRL. Now I know folks will say thats a bad implemen=
tation, and I am not arguing that what these clients have done is right but=
its yet another example of how CRLs fail in this area due to the history o=
f implementations out there.
Another example is where the client does properly deal with critical extens=
ions in the CRL, in this case almost all implementations I have seen would =
show the CRL as bad and fail validation (as it should), I dont know of one =
that would try the next URL in the CDP to see if it was the full CRL. And e=
ven if it did thats extra data to be downloaded to discover its not the rig=
th CRL.
Ryan
From: Jean-Marc Desperrier
Sent: Tue 12/9/2003 12:19 PM
To: ietf-pkix@imc.org
Subject: Re: Cached OCSP responses vs. single entry CRLs
Ryan M. Hurst wrote:
>[...] there is not way to tell from a CDP if the
>data on the other end represents a partitioned CRL or a full one.
> =20
>
But then clean client should check the content of the IDP extension=20
after getting the CRL and check it's distribution point matches the=20
distribution field of the CDP, and if not refuse the CRL, and supposedly=20
try the next crldp inside the cert.
RFC3280 6.3.3 (b)(2)(i)
I'm a bit sceptic it really works, but if the CRL's IDP is marked=20
critical as it should, maybe a good number of client will duly reject=20
the CRL when they can not support that case.
--_495B11F8-C7AB-4592-9668-D86D43FDBC2C_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD>
<BODY>
<DIV id=3DidOWAReplyText39006 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>I have seen engi=
nes that do not deal with extension criticality in CRLs, some of the java i=
mplementations I have seen in-fact; these would trust these partial CRLs as=
a full CRL. Now I know folks will say thats a bad implementation, and I am=
not arguing that what these clients have done is right but its yet another=
example of how CRLs fail in this area due to the history of implementation=
s out there.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Another example is where the cli=
ent does properly deal with critical extensions in the CRL, in this ca=
se almost all implementations I have seen would show th=
e CRL as bad and fail validation (as it should), I dont know of one that wo=
uld try the next URL in the CDP to see if it was the full CRL. And even if =
it did thats extra data to be downloaded to discover its not the rigth CRL.=
</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Ryan</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Jean-Marc Desperrier<BR><B>Sent:<=
/B> Tue 12/9/2003 12:19 PM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</=
B> Re: Cached OCSP responses vs. single entry CRLs<BR></FONT><BR></DIV>
<DIV><PRE style=3D"WORD-WRAP: break-word">Ryan M. Hurst wrote:
>[...] there is not way to tell from a CDP if the
>data on the other end represents a partitioned CRL or a full one.
> =20
>
But then clean client should check the content of the IDP extension=20
after getting the CRL and check it's distribution point matches the=20
distribution field of the CDP, and if not refuse the CRL, and supposedly=20
try the next crldp inside the cert.
RFC3280 6.3.3 (b)(2)(i)
I'm a bit sceptic it really works, but if the CRL's IDP is marked=20
critical as it should, maybe a good number of client will duly reject=20
the CRL when they can not support that case.
</PRE></DIV></BODY></HTML>
--_495B11F8-C7AB-4592-9668-D86D43FDBC2C_--
--------------InterScan_NT_MIME_Boundary--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB9NJiib028041 for <ietf-pkix-bks@above.proper.com>; Tue, 9 Dec 2003 15:19:44 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB9NJiGm028040 for ietf-pkix-bks; Tue, 9 Dec 2003 15:19:44 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB9NJhib028034 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 15:19:44 -0800 (PST) (envelope-from cwallace@orionsec.com)
Received: from wcwallace ([141.156.44.86]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id hB9NJioO026020; Tue, 9 Dec 2003 18:19:44 -0500
From: "Carl Wallace" <cwallace@orionsec.com>
To: "'Jean-Marc Desperrier'" <jmdesp@free.fr>, <ietf-pkix@imc.org>
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Tue, 9 Dec 2003 18:19:44 -0500
Message-ID: <000001c3beaa$ee0bbbd0$6401a8c0@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: <3FD629AD.9090602@free.fr>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Jean-Marc
> Desperrier
> Subject: Re: Cached OCSP responses vs. single entry CRLs
>
> You are missing a major minus of partitioning CRL that
> many/most client
> don't support partitioned CRL, but worst do not properly
> recognize the
> cRLIssuer part of the CRLDP, and will not be able to match it
> to the IDP
> inside the crl, so they can be pushed to trust a partionned CRL for a
> cert it doesn't apply too.
> *That* is the concern for lack of client side support. In the current
> state of things, partionned CRL is very probably a security
> hazard for
> many clients.
>
> Meanwhile using cached OCSP without any of the addition
> discussed here
> is not a problem as long as the client is configured not to
> require a nonce. The proposed OCSP change is an optimization,
> not absolutly required.
>
As you pointed out in a subsequent post, a client that doesn't support
partitioned CRLs should choke on a critical IDP and (possibly) be unable to
determine the revocation status of the certificate in question. This is
similar to an OCSP client that uses nonces when interacting with a caching
OCSP responder. Faulty implementations are a different matter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB9KIpib019349 for <ietf-pkix-bks@above.proper.com>; Tue, 9 Dec 2003 12:18:51 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB9KIpiw019348 for ietf-pkix-bks; Tue, 9 Dec 2003 12:18:51 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-ft2.fr.colt.net (smtp-ft2.fr.colt.net [213.41.78.26]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB9KInib019334 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 12:18:49 -0800 (PST) (envelope-from jmdesp@free.fr)
Received: from free.fr (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft2.fr.colt.net with ESMTP id hB9KIfn14787 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 21:18:46 +0100
Message-ID: <3FD62E65.3060706@free.fr>
Date: Tue, 09 Dec 2003 21:19:49 +0100
From: Jean-Marc Desperrier <jmdesp@free.fr>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031125
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: Cached OCSP responses vs. single entry CRLs
References: <DDE1793D7266AD488BB4F5E8D38EACB8041BC86D@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
In-Reply-To: <DDE1793D7266AD488BB4F5E8D38EACB8041BC86D@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Ryan M. Hurst wrote:
>[...] there is not way to tell from a CDP if the
>data on the other end represents a partitioned CRL or a full one.
>
>
But then clean client should check the content of the IDP extension
after getting the CRL and check it's distribution point matches the
distribution field of the CDP, and if not refuse the CRL, and supposedly
try the next crldp inside the cert.
RFC3280 6.3.3 (b)(2)(i)
I'm a bit sceptic it really works, but if the CRL's IDP is marked
critical as it should, maybe a good number of client will duly reject
the CRL when they can not support that case.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB9Jwgib018201 for <ietf-pkix-bks@above.proper.com>; Tue, 9 Dec 2003 11:58:42 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB9Jwgxi018200 for ietf-pkix-bks; Tue, 9 Dec 2003 11:58:42 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-ft5.fr.colt.net (smtp-ft5.fr.colt.net [213.41.78.204]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB9Jweib018192 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 11:58:41 -0800 (PST) (envelope-from jmdesp@free.fr)
Received: from free.fr (host.104.92.68.195.rev.coltfrance.com [195.68.92.104]) by smtp-ft5.fr.colt.net with ESMTP id hB9JwWZ09858 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 20:58:37 +0100
Message-ID: <3FD629AD.9090602@free.fr>
Date: Tue, 09 Dec 2003 20:59:41 +0100
From: Jean-Marc Desperrier <jmdesp@free.fr>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031125
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: Cached OCSP responses vs. single entry CRLs
References: <004a01c3bddf$a4a72540$9e00a8c0@hq.orionsec.com>
In-Reply-To: <004a01c3bddf$a4a72540$9e00a8c0@hq.orionsec.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
From: Carl Wallace
> The responses regarding lack of client side support are somewhat
> strange.
> It is not possible that deployed client-side support for
> partitioned CRLs is
> less than deployed client-side support for the yet-to-be-defined
> solution
> for cached OCSP.
>
Santosh Chokhani wrote:
> The client concern does not seem to cut the mustard since Carl's
> argument is that we do not seem to have a standard for nonceless
> client, let alone capability. For the partitioned CRL, we have
> well-defined standard.
>
> As to the response size, I am sure that a partitioned CRL (one CRL for
> each certificate) will be less than 400 bytes you cited.
> I think partitioning CRL for individual certificate has plusses in
> terms of standard and removing the need for client. It also has
> directory related plusses in terms of replication.
>
> I think its minuses are in terms of CA's ability to support it (or
> requiring delegated CRL issuer, i.e., Indirect CRL Issuer Model) and
> may be addition and management of entries under the CA branch for the
> CRL partitions.
You are missing a major minus of partitioning CRL that many/most client
don't support partitioned CRL, but worst do not properly recognize the
cRLIssuer part of the CRLDP, and will not be able to match it to the IDP
inside the crl, so they can be pushed to trust a partionned CRL for a
cert it doesn't apply too.
*That* is the concern for lack of client side support. In the current
state of things, partionned CRL is very probably a security hazard for
many clients.
Meanwhile using cached OCSP without any of the addition discussed here
is not a problem as long as the client is configured not to require a nonce.
The proposed OCSP change is an optimization, not absolutly required.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB9HhNib011535 for <ietf-pkix-bks@above.proper.com>; Tue, 9 Dec 2003 09:43:23 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB9HhNHr011534 for ietf-pkix-bks; Tue, 9 Dec 2003 09:43:23 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from sigurd.x509.com ([199.175.155.2]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB9HhKib011527 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 09:43:22 -0800 (PST) (envelope-from marcnarc@rsasecurity.com)
Received: from nebula.x509.com by sigurd.x509.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 9 Dec 2003 17:43:22 UT
Received: from crack.x509.com (localhost [127.0.0.1]) by nebula.x509.com (8.12.10/NULL) with ESMTP id hB9HdB6L008481 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 09:39:11 -0800 (PST)
Received: from exvan01.x509.com (exvan01.x509.com [10.9.22.50]) by crack.x509.com (8.12.10/8.12.10) with ESMTP id hB9HhKY0009096 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 09:43:20 -0800 (PST)
Received: from rsasecurity.com (mbranchaud2.eng.x509.com [10.7.33.48]) by exvan01.x509.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id VQFW260C; Tue, 9 Dec 2003 09:52:18 -0800
Message-ID: <3FD60747.7070801@rsasecurity.com>
Date: Tue, 09 Dec 2003 09:32:55 -0800
X-Sybari-Trust: 37b98aa9 7ddcb5bc fa431d80 00000139
From: Marc Branchaud <marcnarc@rsasecurity.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031110
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: OCSP in TLS handshake
References: <F5678115F458B4458C227F0EC02691BB02BA857F@mou1wnexm04.vcorp.ad.vrsn.com>
In-Reply-To: <F5678115F458B4458C227F0EC02691BB02BA857F@mou1wnexm04.vcorp.ad.vrsn.com>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070106080909070505070600"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a cryptographically signed message in MIME format.
--------------ms070106080909070505070600
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Deacon, Alex wrote:
> nonceUnsupported does not preclude the use of OCSP responses in the TLS
> handshake. My concern was ensuring what ever new text is added to v1
> does not preclude this use case. In particular a client that receives
> an ocsp response that includes a nonce in a handshake must not reject
> the response because it contains a nonce it didn't generate.
Thanks, Alex.
In that case, you're not talking about a real OCSP client: the TLS
client doesn't perform the OCSP protocol. You say that the (TLS) client
shouldn't reject the response because of the nonce it didn't generate.
I agree, but the client never generated an OCSP request, so there was
never even an opportunity to generate a nonce. It seems almost obvious
that the nonce is irrelevant to the TLS client (when the response comes
from the TLS server embedded in the TLS handshake).
I think it's wrong to equate this TLS client with a regular OCSP client.
Instead of trying to twiddle the OCSP spec to address these sorts of
issues, I suggest that these (and whatever other) rules be gathered into
a more general "Offline Processing of OCSP Responses" document. This
could be a separate I-D, or a new section in the OCSP (v2?) spec.
M.
--------------ms070106080909070505070600
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISqTCC
AtcwggJAoAMCAQICEFgUQCxch7Sxp7XFFauIqpwwDQYJKoZIhvcNAQEFBQAwbDEaMBgGA1UE
ChMRUlNBIFNlY3VyaXR5IEluYy4xHjAcBgNVBAMTFVJTQSBQdWJsaWMgUm9vdCBDQSB2MTEu
MCwGCSqGSIb3DQEJARYfcnNha2VvbnJvb3RzaWduQHJzYXNlY3VyaXR5LmNvbTAeFw0wMjA5
MDYxNDEzNTJaFw0wNzA5MDYxNDEzNTJaMIGCMRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5j
LjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMRYwFAYDVQQDEw1SU0EgQ29ycG9yYXRlMRAwDgYD
VQQHEwdCZWRmb3JkMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQswCQYDVQQGEwJVUzCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqnOw876lPpMTkSqrqzpEON/609PDLEhmWX4tkC19
AHneDaoetL277GtYYXBCggP2E+s66MN1ccWXyApfWjCZkIHepPC08NVI1JRcbViW3kwLzDD2
w5T9QJcyL5V1pN/LQdxahM56TiLeXlPiJekdmTdJoo+5Pw4bQU+MxTqURk8CAwEAAaNjMGEw
HwYDVR0jBBgwFoAU9UwxelEDPyzXi5eZb6hxkKt4PZswHQYDVR0OBBYEFO2RCGt0t1lKkvah
HSJwJp8KrxaSMA8GA1UdEwQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
BQUAA4GBAHiSe1a79hnPr16PuBwUTBWbuNQ4GJNsyfrCXzAswIT2A2WtGZ1Hp1jEAWi9OfAX
IYAdy52Jyv9N87wAEbLUgVmsFEIlYM5mi6ag7YIRGp8JP5UhLAN9O5YHrR9FsrGK4WmSl3sY
W1qAPOXubFcfhTgUDIYzM30izZBP4nwO07FpMIIC+DCCAmGgAwIBAgIQeuiOriTayCwjwpmR
gmdIUjANBgkqhkiG9w0BAQUFADCBgjEaMBgGA1UEChMRUlNBIFNlY3VyaXR5IEluYy4xFTAT
BgNVBAsTDEtDQSBTZXJ2aWNlczEWMBQGA1UEAxMNUlNBIENvcnBvcmF0ZTEQMA4GA1UEBxMH
QmVkZm9yZDEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDIwOTIz
MTkxMzAzWhcNMDYwOTIzMTUxMzAzWjCBjDEaMBgGA1UEChMRUlNBIFNlY3VyaXR5IEluYy4x
FTATBgNVBAsTDEtDQSBTZXJ2aWNlczEgMB4GA1UEAxMXUlNBIENsYXNzIDIgUGVyc29uYWwg
Q0ExEDAOBgNVBAcTB0JlZGZvcmQxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxCzAJBgNVBAYT
AlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkR9yiabyRo6+NwC3Sl8wPuUiBD3rP
sENNjXvzSbTAyXA8pDDndnlAa1nLUhSMgvn8g1sYMd0Bp+C1/mI5PFUZ8jukUK95yt+TK26L
hM/M5RUq/EINdDDdWzg9je498K6oGfyWR6ETSJbIrDe5qQcLCABs9E2gVKb7Z/FwFo3C9QID
AQABo2MwYTAPBgNVHRMECDAGAQH/AgECMA4GA1UdDwEB/wQEAwIBhjAfBgNVHSMEGDAWgBTt
kQhrdLdZSpL2oR0icCafCq8WkjAdBgNVHQ4EFgQUxpPuxqX+41WOz4ojH+6Y3iHyn6cwDQYJ
KoZIhvcNAQEFBQADgYEAcdRHBjq8GfdDoutUTJPtSzQd7XsdsQh2KBbu8utl92VQHuI0J5wc
Rc817G8YbmTtCt/xqAzrr6k7fdaoDBr/kBuVHA5FEJ94foPgrOlbT3zdziMATXh5ESSDLMx6
p8ITIsTJNmwszIG5P9AAKJCW48gu1ZZmLXhFbHcYJGf99pwwggMFMIICbqADAgECAhEAvhyf
0s21hKaAc2Nm1WX4LTANBgkqhkiG9w0BAQUFADCBuzEkMCIGA1UEBxMbVmFsaUNlcnQgVmFs
aWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwgSW5jLjE1MDMGA1UECxMsVmFs
aUNlcnQgQ2xhc3MgMyBQb2xpY3kgVmFsaWRhdGlvbiBBdXRob3JpdHkxITAfBgNVBAMTGGh0
dHA6Ly93d3cudmFsaWNlcnQuY29tLzEgMB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5j
b20wHhcNMDIwNDMwMTUzMDE5WhcNMTkwNDMwMDkyMTU1WjBsMRowGAYDVQQKExFSU0EgU2Vj
dXJpdHkgSW5jLjEeMBwGA1UEAxMVUlNBIFB1YmxpYyBSb290IENBIHYxMS4wLAYJKoZIhvcN
AQkBFh9yc2FrZW9ucm9vdHNpZ25AcnNhc2VjdXJpdHkuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQC0dSVa2EQ740GxqiIKsHATT4f8XYwUU23pzRe5W6IVpt4jkwDWkgnvTcP6
M8PD4OfK6Imal4hAH/c3K/dUIH7YyQZRGAE5Y27G5klZYKidcFlrfautgVES170MLKFmJqym
2FWAfVOibXatRcw7B0S+mP9404jID/MaIpRXkH5JjwIDAQABo1cwVTAMBgNVHRMEBTADAQH/
MA4GA1UdDwEB/wQEAwIBhjAWBgNVHSAEDzANMAsGCSqGSIb3DQUGATAdBgNVHQ4EFgQU9Uwx
elEDPyzXi5eZb6hxkKt4PZswDQYJKoZIhvcNAQEFBQADgYEAKsviXBc1FeBT2hIwyWuGwnPZ
J9ctjrsO7NbVLjsx/EYclFFGwo+pphiwdUTml9yd7fXzfk0D+7LOs9ZA5xhiHVrGusV4OW4i
7hx2KVILkYlcXCN5tDltKwa5+BkGUuvZdyAoIhpyf61h7uKCFguhaJ+VOiNB4DPtsmxI+KxO
E6YwggTYMIIEQaADAgECAhBgzHl9dAoZGu0JMqXovSgdMA0GCSqGSIb3DQEBBQUAMIGMMRow
GAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMSAwHgYD
VQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEWMBQGA1UE
CBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDMwNzA3MjMwODEzWhcNMDQwNzA3
MjMwODEzWjCBvjETMBEGCgmSJomT8ixkARkWA2NvbTEbMBkGCgmSJomT8ixkARkWC3JzYXNl
Y3VyaXR5MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEWMBQGA1UECxMNTm9ydGggQW1l
cmljYTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFzAVBgNVBAMTDk1hcmMgQnJhbmNoYXVkMScw
JQYJKoZIhvcNAQkBFhhtYXJjbmFyY0Byc2FzZWN1cml0eS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDg2xoRr+a/dtnuFG+oTHa+tGtzeObFazNhYV2iSLNED4fHRu86
tknBYFgXggcHW5gsyjfkCtVMzP2tCivmbJgvISo36vsCsmAJH6LRnJf8HsvfmWZaD9tzhDpL
QVsBHr88J0ZMdVniRc7MQoYeu/3hYtUBeGO9bGA6T8vTrnXYonnFtVoTqE62SFqPZZk7HpCS
X1n+dM3zSym2ylMFYE14nukF4I9vAhsQVzk3QNpghmzGj8uoEy9xpf3k0o5+neneAGvcSkwo
r1mH5tSqhrEQaZp7vuSA2bvXaZEnjZzZiTpPDzs1oMpn3guzYhU7wMKz6xvwvgEYyAAV+P5n
FWM/AgMBAAGjggGBMIIBfTCBkgYDVR0gBIGKMIGHMIGEBgkqhkiG9w0FBwIwdzAuBggrBgEF
BQcCARYiaHR0cDovL2NhLnJzYXNlY3VyaXR5LmNvbS9DUFMuaHRtbDBFBggrBgEFBQcCAjA5
MBgWEVJTQSBTZWN1cml0eSBJbmMuMAMCAQEaHUNQUyBJbmNvcnBvcmF0ZWQgYnkgcmVmZXJl
bmNlMCkGA1UdJQQiMCAGCisGAQQBgjcUAgIGCCsGAQUFBwMCBggrBgEFBQcDBDAjBgNVHREE
HDAagRhtYXJjbmFyY0Byc2FzZWN1cml0eS5jb20wDgYDVR0PAQH/BAQDAgeAMEYGA1UdHwQ/
MD0wO6A5oDeGNWh0dHA6Ly9jcmwucnNhc2VjdXJpdHkuY29tOjgwL1JTQUNsYXNzMlBlcnNv
bmFsQ0EuY3JsMB8GA1UdIwQYMBaAFMaT7sal/uNVjs+KIx/umN4h8p+nMB0GA1UdDgQWBBQ1
yQ/UrvKb563LjzHqJzBzrZp/ejANBgkqhkiG9w0BAQUFAAOBgQCV82oGGnglQQzklKg/wKhy
evNeJ6FNBZFhLlmZRNlKgqvPFmBcxygfBGpHqIhsHcrt2/AjhJuzAj7UdW1vTVCY5MkZw8P9
6+J6aTc3bNlGbk0jvcvVgDhmM4xYJLwMZKEw92HlRhfuMnj7ah9DTqbKSewmyAyOc+FLpGfd
lu6CgTCCBOkwggRSoAMCAQICEQDqxAXqre9Mr+FeYw3+MQhsMA0GCSqGSIb3DQEBBQUAMIGM
MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMSAw
HgYDVQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEWMBQG
A1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDMwNzA3MjMwODI4WhcNMDQw
NzA3MjMwODEzWjCBwjETMBEGCgmSJomT8ixkARkWA2NvbTEbMBkGCgmSJomT8ixkARkWC3Jz
YXNlY3VyaXR5MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEWMBQGA1UECxMNTm9ydGgg
QW1lcmljYTEUMBIGA1UECxMLRW5naW5lZXJpbmcxGzAZBgNVBAMTEk1hcmMgQnJhbmNoYXVk
LUVuYzEnMCUGCSqGSIb3DQEJARYYbWFyY25hcmNAcnNhc2VjdXJpdHkuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBjNaHTwtCXpdJg+iDxYMkWjuZIF0ic2fRLymZe+
BnZYWPnik0dFmTulx+V8slsLEtBllcc5o1yfIYfeHPinwRxv86kCUSlgfGGXKjJZaIeURgbo
bUbIfDTPlvRUZuiZvTR4C8tEY88Lle66n62B7wjUvDbiwK4EjzlXOkjpcYXLH7FbaFaRLDBB
PlFD5ydDRhQ67t6fjUeS7p7o/l/VHmPC5LFLXZkjEhjGd5pknbQIAbUGACL5UET85NUFPowD
3F47g0GCKEnuOsk2Ra+WHu7honhIxqmOwGnu85V6tW5xscf4dTofWZONQeaD3gSxv8+hcfKN
k9cwjpnUG2xGzwIDAQABo4IBjTCCAYkwNQYDVR0lBC4wLAYKKwYBBAGCNxQCAgYIKwYBBQUH
AwIGCCsGAQUFBwMEBgorBgEEAYI3CgMEMIGSBgNVHSAEgYowgYcwgYQGCSqGSIb3DQUHAjB3
MC4GCCsGAQUFBwIBFiJodHRwOi8vY2EucnNhc2VjdXJpdHkuY29tL0NQUy5odG1sMEUGCCsG
AQUFBwICMDkwGBYRUlNBIFNlY3VyaXR5IEluYy4wAwIBARodQ1BTIEluY29ycG9yYXRlZCBi
eSByZWZlcmVuY2UwIwYDVR0RBBwwGoEYbWFyY25hcmNAcnNhc2VjdXJpdHkuY29tMEYGA1Ud
HwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwucnNhc2VjdXJpdHkuY29tOjgwL1JTQUNsYXNzMlBl
cnNvbmFsQ0EuY3JsMB8GA1UdIwQYMBaAFMaT7sal/uNVjs+KIx/umN4h8p+nMB0GA1UdDgQW
BBT/OiMCyY8CPnNBySW1ijJOYhj7ejAOBgNVHQ8BAf8EBAMCAzgwDQYJKoZIhvcNAQEFBQAD
gYEAlchAObA9eVmeiLu0nTU985Fch6v+EZKodUhZUN7dILgd05HorHN9jxBH6XI4/b9ZVvub
Pkpicdc112YbcLYTD2NumVksyNDI7fDaqiszgk1zluXtZJ+HsCt+GIAKCDfOVLECclpGyizq
VjZFEK4Pt9FxPGTnUJEvIKJcAQ24EvgxggPsMIID6AIBATCBoTCBjDEaMBgGA1UEChMRUlNB
IFNlY3VyaXR5IEluYy4xFTATBgNVBAsTDEtDQSBTZXJ2aWNlczEgMB4GA1UEAxMXUlNBIENs
YXNzIDIgUGVyc29uYWwgQ0ExEDAOBgNVBAcTB0JlZGZvcmQxFjAUBgNVBAgTDU1hc3NhY2h1
c2V0dHMxCzAJBgNVBAYTAlVTAhBgzHl9dAoZGu0JMqXovSgdMAkGBSsOAwIaBQCgggIfMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTIwOTE3MzI1NVow
IwYJKoZIhvcNAQkEMRYEFFTlgT1xhku6u8aO31uLEdun4dA7MFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIGzBgkrBgEEAYI3EAQxgaUwgaIwgYwxGjAYBgNVBAoTEVJTQSBTZWN1
cml0eSBJbmMuMRUwEwYDVQQLEwxLQ0EgU2VydmljZXMxIDAeBgNVBAMTF1JTQSBDbGFzcyAy
IFBlcnNvbmFsIENBMRAwDgYDVQQHEwdCZWRmb3JkMRYwFAYDVQQIEw1NYXNzYWNodXNldHRz
MQswCQYDVQQGEwJVUwIRAOrEBeqt70yv4V5jDf4xCGwwgbUGCyqGSIb3DQEJEAILMYGloIGi
MIGMMRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2Vz
MSAwHgYDVQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEW
MBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMCEQDqxAXqre9Mr+FeYw3+MQhs
MA0GCSqGSIb3DQEBAQUABIIBALQTwoo/I92GLrPC7bmKFeMat5w3JyljN3eBa30s9dooPYMF
I9HWsGOtdij82pEhiA5epBco0+11kt3P4+jiNC4qXiNfIDA65TpCKSScMxo8pBAAGKOv/pVZ
mtzBGxuKfpHmhXR0iSPheZa3+SarZ+lsmQBfiQnKDO7JU81yfm+OK13bKK+AkBnROhkT1ub/
k3qms8u2IZcWh+E97l2wTdqH4P7K+cTD8FHYb9qN103IenNVFxIlvfpPZ+nKA5Y3hDQ5Ofm5
lVZew2iPjANyxxErmRUzwch6ZqOg6huVSKpB24I7yad75u/meuD3XI7cXYzgaKPrTtM1iu0q
IL2th0YAAAAAAAA=
--------------ms070106080909070505070600--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB9HLbib010615 for <ietf-pkix-bks@above.proper.com>; Tue, 9 Dec 2003 09:21:37 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB9HLbXJ010614 for ietf-pkix-bks; Tue, 9 Dec 2003 09:21:37 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB9HLbib010608 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 09:21:37 -0800 (PST) (envelope-from alex@verisign.com)
Received: from MOU1WNEXC03.vcorp.ad.vrsn.com (mailer3.verisign.com [65.205.251.55]) by peacock.verisign.com (8.12.10/) with ESMTP id hB9HLbd3025998 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 09:21:37 -0800 (PST)
Received: by mou1wnexc03.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <XLQFP7PD>; Tue, 9 Dec 2003 09:21:37 -0800
Message-ID: <F5678115F458B4458C227F0EC02691BB02BA857F@mou1wnexm04.vcorp.ad.vrsn.com>
From: "Deacon, Alex" <alex@verisign.com>
To: "'Marc Branchaud'" <marcnarc@rsasecurity.com>, ietf-pkix@imc.org
Subject: RE: OCSP in TLS handshake
Date: Tue, 9 Dec 2003 09:21:37 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_0032_01C3BE35.D867A0C0"; micalg=SHA1
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------=_NextPart_000_0032_01C3BE35.D867A0C0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
nonceUnsupported does not preclude the use of OCSP responses in the TLS
handshake. My concern was ensuring what ever new text is added to v1
does not preclude this use case. In particular a client that receives
an ocsp response that includes a nonce in a handshake must not reject
the response because it contains a nonce it didn't generate.
Alex
> -----Original Message-----
> From: Marc Branchaud [mailto:marcnarc@rsasecurity.com]
> Sent: Monday, December 08, 2003 3:59 PM
> To: ietf-pkix@imc.org
> Subject: Re: OCSP in TLS handshake
>
>
> Marc Branchaud wrote:
> >
> > I'm not trying to be obtuse here (it actually takes very little
> > effort),
> > but I really need a patient explanation of why nonceUnsupported
> > precludes the use of OCSP responses in the TLS handshake.
>
> OK, I'd settle for an impatient explanation...
>
> M.
>
------=_NextPart_000_0032_01C3BE35.D867A0C0
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINXzCCAj0w
ggGmAhEAulrJTAU7ktantt9O0FOSDTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVibGljIFByaW1hcnkgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMDQwMTA3MjM1OTU5WjBfMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVi
bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBALZai6MNaiODgGvPOYf0IRMzBkwlou1VEpfFp4C5+oPBIKD6LxUNfKFga355LPoGDzqu
9htvsdL/LyhSX4N9S8R6t/hmH4BU/LfCjllKFFdG0ZqTvkGRA7sVgJNc6+fMCGw/PrNK/P9LbCPV
UIImRBmOI8Nx6hkkRwSedb/IpgAfAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAtgAfk1ekB6dAzmVA
P1Ve7e/6VEmlMNYhfGGH7oOTC7+0M/KYrJ8Gv06ozhSBTMsETljDz1/ufNeab8tBird/gbj/hGHG
J0NlHQzssQAK3Ruku8d4ICiyot02lS7hVE+/YLl3aBGZI+jqUuiqAE5nTruQtUWbRuuOFu/EM1sz
PdUwggNDMIICrKADAgECAhAffl/nA9Hgv5kg3GuJDUsEMA0GCSqGSIb3DQEBBAUAMF8xCzAJBgNV
BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTAyMjUwMDAwMDBaFw0wNDAxMDUy
MzU5NTlaMIGtMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1
c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93
d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTEmMCQGA1UEAxMdVmVyaVNpZ24gQ2xhc3MgMiBQ
ZXJzb25uZWwgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKcEbA+icrdKBi741yksNJ2C
vEiRSses+en8uVl4sVXAU1ixz28WO8FJ1cv0bszhzMu1xy5OiKo06bbQW3w+FVc04Ri8/931r2dZ
IArlPeqIikDSmokTKam21dunfuHnNyST/ZR0TXrkMm1M6FwWl6/dktlmihRm5OpaA6g9X/sLAgMB
AAGjgbAwga0wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMi5j
cmwwEQYJYIZIAYb4QgEBBAQDAgEGMEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEF
BQcCARYfaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rcjAPBgNVHRMECDAGAQH/AgEBMAsG
A1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQB59xXN6GhRWWv8qaa94B77vPQ/kN/n+u3kVPdh
PVSLBrqXMloeqyzur3Orx13TP4/0zstOSGCiqGC2ON6gpvePKegRrMw5dlA83TlsC/Fa/QhUdt0W
bPcxcLi/CPfJJgaO37svGbG2uLToPEjoJ7GXKSBXA5ybZ/p9QMQ4fxiqmjCCA8AwggMpoAMCAQIC
EErIAANjYdQVAxbxhjabt80wDQYJKoZIhvcNAQEFBQAwga0xFzAVBgNVBAoTDlZlcmlTaWduLCBJ
bmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUkwRwYDVQQLE0BVc2UgaXMgc3Vi
amVjdCB0byB0ZXJtcyBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWtyIChjKTk5MSYw
JAYDVQQDEx1WZXJpU2lnbiBDbGFzcyAyIFBlcnNvbm5lbCBDQTAeFw05OTAyMjUwMDAwMDBaFw0w
OTAyMjMyMzU5NTlaMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
Z24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0
cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UEAxMcVmVyaVNpZ24gQ2xh
c3MgMiBFbXBsb3llZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwIrRh2Gi6jADVWsI
NvCX+hpUNSQf6H2dyMNz09hG9ZEt2TjtlNewJnMq3pdQTf8iHL1wAJgMWCqxpHKPpbn3LXxg47Xf
6X1OISFh1fw7VMmkCZy7IvmiunBhT4ZGov0FZOwKP6ZYdle7FnNEfPClDZfAbKbxYwglsQQXlaCN
/n8CAwEAAaOB3zCB3DApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMS0xMTgw
EQYJYIZIAYb4QgEBBAQDAgEGMA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMEQGA1UdIAQ9
MDswOQYLYIZIAYb4RQEHFwIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
L3JwYTA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9WU0NsYXNzMklu
dC5jcmwwDQYJKoZIhvcNAQEFBQADgYEANhj9M2DWF9MEtdhUX1Ia5ZIIKPSiQNrDW4wahpfvrqIV
/mzEzi/IAcozvvJ5WDOXl5JFcFpOKB3d98GIThuHVwI9kyXZfk5yNYlJF7O5dy9tDvmkiCXBznZz
ZWkFk3fn/ZOWGDhNWGx6nejSm+jQ24n9ScJ1BAOXpdSWgdgjQfAwggQPMIIDeKADAgECAhAzLr9g
Nl/Alm5BwDUqJfjZMA0GCSqGSIb3DQEBBAUAMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEf
MB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3Qg
dG8gdGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UE
AxMcVmVyaVNpZ24gQ2xhc3MgMiBFbXBsb3llZSBDQTAeFw0wMzAyMjQwMDAwMDBaFw0wNDAyMjQy
MzU5NTlaMGUxETAPBgNVBAoTCFZFUklTSUdOMQswCQYDVQQLEwJIUTETMBEGA1UEAxMKUmVjaXBp
ZW50czEuMCwGA1UEAxMlQURlYWNvbiAoRGVhY29uIEFsZXgsIFZlcmlTaWduLCBJbmMuKTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzx3sCPaQpHpxCg1L2vrDWdm9vpNny7aftpAvzfcCcjYn
EFPjODoBoEzqqTadrgD6YehNArWIWBf7STGJfQApFpSxCU5OWECQc+2Ti825B06KhAye00epJwgH
ByGqsDHGK7A+FlkpmqWybsLm2Q5kqdrv9gNFRw2oMRhsA6Ztx5sCAwEAAaOCAXYwggFyMAkGA1Ud
EwQCMAAwWQYDVR0fBFIwUDBOoEygSoZIaHR0cDovL29uc2l0ZWNybC52ZXJpc2lnbi5jb20vVmVy
aVNpZ25JbmNFeGNoYW5nZUVtcGxveWVlcy9MYXRlc3RDUkwuY3JsMAsGA1UdDwQEAwIFoDAcBgNV
HREEFTATgRFhbGV4QHZlcmlzaWduLmNvbTCBrAYDVR0gBIGkMIGhMIGeBgtghkgBhvhFAQcBATCB
jjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggrBgEFBQcCAjBW
MBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJl
bmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wEQYJYIZIAYb4QgEBBAQDAgeAMB0GA1UdJQQW
MBQGCCsGAQUFBwMEBggrBgEFBQcDAjANBgkqhkiG9w0BAQQFAAOBgQCD7anMuD4hgW1JGGSf+6Rf
25ZGkg2fjkCC8eh4XpTd5cQOhi+nQ1eUSxiU8r3UZJN1LQ5F9bkGj5G+hCQd+0mKvByk/l2Nwq34
/zZ9jraFBm60xDBF8FI2TfOCwlx6NsQR6xYdTl8IsvUx9oy0J8YBPFZLN3z2Q/JtLf07g/4mojGC
A88wggPLAgEBMIHBMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
Z24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0
cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UEAxMcVmVyaVNpZ24gQ2xh
c3MgMiBFbXBsb3llZSBDQQIQMy6/YDZfwJZuQcA1KiX42TAJBgUrDgMCGgUAoIICYzAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMzEyMDkxNzIxMzZaMCMGCSqGSIb3
DQEJBDEWBBQy0ea5spSCdfys4ym7dcUQshEUuzBYBgkqhkiG9w0BCQ8xSzBJMAoGCCqGSIb3DQMH
MAcGBSsOAwIaMA4GCCqGSIb3DQMCAgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAKBggqhkiG
9w0CBTCB0gYJKwYBBAGCNxAEMYHEMIHBMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0G
A1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8g
dGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UEAxMc
VmVyaVNpZ24gQ2xhc3MgMiBFbXBsb3llZSBDQQIQMy6/YDZfwJZuQcA1KiX42TCB1AYLKoZIhvcN
AQkQAgsxgcSggcEwgawxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
biBUcnVzdCBOZXR3b3JrMUkwRwYDVQQLE0BVc2UgaXMgc3ViamVjdCB0byB0ZXJtcyBhdCBodHRw
czovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWtyIChjKTk5MSUwIwYDVQQDExxWZXJpU2lnbiBDbGFz
cyAyIEVtcGxveWVlIENBAhAzLr9gNl/Alm5BwDUqJfjZMA0GCSqGSIb3DQEBAQUABIGAyBe6KJAD
m+eKUVc7sgUxooP92x75binjFipKGaezU91eqAxUs3TD2/8fo2lv0eUxn9GrfCRP1N/FvQkVZ/u1
mYvDiUocIA0Gc5/+nIh9OCb6rOdkaD2/NZGmRMmWkhaZMyym0K84JbtDQCL5Vdxo/kA6ge5t3+9v
/aASnnEN6xQAAAAAAAA=
------=_NextPart_000_0032_01C3BE35.D867A0C0--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB92MXib098486 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 18:22:33 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB92MWI7098485 for ietf-pkix-bks; Mon, 8 Dec 2003 18:22:32 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB92MVib098478 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 18:22:31 -0800 (PST) (envelope-from kent@bbn.com)
Received: from [10.84.130.244] (ramblo.bbn.com [128.33.0.51]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id hB92MF7o006105; Mon, 8 Dec 2003 21:22:15 -0500 (EST)
Mime-Version: 1.0
X-Sender: kent@localhost
Message-Id: <p06010201bbfaa7eadcc2@[128.89.89.75]>
In-Reply-To: <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL>
References: <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL>
Date: Mon, 8 Dec 2003 21:21:18 -0500
To: <liaquat.khan@ascertia.com>
From: Stephen Kent <kent@bbn.com>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Cc: "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, "'David Engberg'" <dave@corestreet.com>, <ietf-pkix@imc.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang)
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
At 6:54 +0000 12/5/03, Liaquat Khan wrote:
>Ryan,
>
>We also agree with your viewpoint, particular the point about a nonce
>being a matter for local client policy.
>
>In the various OCSP clients we have, the option of whether to include
>nonce or not in the request message is left to local policy (i.e. the
>administrator can configure whether or not nonce is included in the
>request message).
Yes, a client decides whether to include a nonce, or not. But, we
need the standard to clearly indicate what the client will do with a
response, when a nonce is included in a request. This is fundamental
to the definition of the protocol.
>If the administrator decides nonces are necessary (to prevent replays)
>then he/she will select these and our OCSP clients will include these in
>the requests. Now if an OCSP response is received back without a nonce
>it will be rejected by our OCSP clients.
that is an appropriate thing for the client to do, and is consistent
with the "MUST reject" clarification that Russ articulated at the WG
meeting.
>=On the other hand, if the administrator feels nonces are not required
>(to allow for cached responses) then he/she will not select to include
>one in outgoing responses.
right.
>The situation "we would like to have nonces in OCSP requests as default,
>but if the server legitimately doesn't support nonces we are happy to
>forgo nonces or we will generate a fresh request without a nonce" is not
>that common in my opinion. If such a case does exist, local policy will
>probably be also happy to choose to not include a nonce in the OCSP
>request message in the first place.
>
>Regards,
>Liaquat
>
the hard part in all of this is how the client knows what the server
is capable of doing, which seems not to be part of the discussion
above.
Steve
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB90kqib095001 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 16:46:52 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB90kq2v095000 for ietf-pkix-bks; Mon, 8 Dec 2003 16:46:52 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from iscan02.secomtrust.net (iscan01.secomtrust.net [61.114.177.102]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB90koib094995 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 16:46:50 -0800 (PST) (envelope-from shimaoka@secom.ne.jp)
Received: (qmail 23832 invoked by alias); 9 Dec 2003 00:46:51 -0000
Delivered-To: alias-map-ietf-pkix@imc.org@MAP
Received: (qmail 23816 invoked by alias); 9 Dec 2003 00:46:50 -0000
Received: from localhost (HELO mail.secomtrust.net) (127.0.0.1) by localhost with SMTP; 9 Dec 2003 00:46:50 -0000
Received: (qmail 17976 invoked from network); 9 Dec 2003 00:46:50 -0000
Received: from unknown (HELO ?172.30.5.54?) (172.30.5.54) by mail with SMTP; 9 Dec 2003 00:46:50 -0000
Date: Tue, 09 Dec 2003 09:47:43 +0900
From: Masaki SHIMAOKA <shimaoka@secom.ne.jp>
To: Harald Tveit Alvestrand <harald@alvestrand.no>
Subject: Re[2]: DN Encoding by UTF8String
Cc: Russ Housley <housley@vigilsec.com>, ietf-pkix@imc.org
In-Reply-To: <194813577.1070841119@localhost>
References: <5.2.0.9.2.20031206131718.03d11d70@mail.binhost.com> <194813577.1070841119@localhost>
Message-Id: <20031209005925.C7D2.SHIMAOKA@secom.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.06.02
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Harald,
Thanks for your comment.
> Sooner or later, the industry, IMHO, will have to embrace UTF-8 fully;
> supporting the mess we've created for ourselves forever is not in the best
> long term interest of the network.
Basically I agree with you, we MUST move to UTF-8 soon.
But, still now we are facing to some issues about UTF8string, e.g., name
comparison rule, and it seems that hard to solve yet them.
AFAIK, there will be a little PKI applications who are compliant with
the transition to UTF-8.
> As far as I know, there will be nobody coming to punish people issuing
> non-UTF-8 certificates after Jan 1, 2004 that contain non-UTF8 encoding.
I believe it;)
> And people will violate the standards to keep their legacy applications
> running; that is how networks have always operated.
While we cannot solve or address the UTF8String issues, I think such
violations are unavoidable.
> But IMHO, they should be ashamed of themselves when they do so, and strive
> towards eliminating the need for doing so as soon as possible. Not because
> I say so, but because it's for the long term good of the Internet.
Sure.
To achieve the transition to UTF8 shortly, we should break the UTF8
issues, then the transition to UTF-8 is the next.
Which do you think should do first?
And one question to authors:
Do you have some plan to update the description in clause 4.1.2.4 of son
of RFC3280?
Regards,
shima
On Sun, 07 Dec 2003 23:51:59 -0800
Harald Tveit Alvestrand <harald@alvestrand.no> wrote:
> I must admit that I am not surprised.....
>
> The encodings supported by older applications are many and various, but
> nearly all of them share one of two properties:
>
> - They are US-ASCII compatible
> - When using non-US-ASCII characters, they are violating the X.509
> standards that they claim conformance to
>
> If declaring that a number of applications are violating the IETF
> standards, and not just the ITU standards, on January 1, 2004 will help
> bring that day closer, I'm all for it.
>
> Sooner or later, the industry, IMHO, will have to embrace UTF-8 fully;
> supporting the mess we've created for ourselves forever is not in the best
> long term interest of the network.
>
> As far as I know, there will be nobody coming to punish people issuing
> non-UTF-8 certificates after Jan 1, 2004 that contain non-UTF8 encoding.
> And people will violate the standards to keep their legacy applications
> running; that is how networks have always operated.
>
> But IMHO, they should be ashamed of themselves when they do so, and strive
> towards eliminating the need for doing so as soon as possible. Not because
> I say so, but because it's for the long term good of the Internet.
>
> My opinion.
>
> Harald Alvestrand
>
>
> --On 6. desember 2003 13:29 -0500 Russ Housley <housley@vigilsec.com> wrote:
>
> > This was added to RFC 2459, and retained in RFC 3280, based on comments
> > from Harald Alvestrand. As most of the recipients know, Harald is the
> > Chair of the IETF, and a member of the IESG. Tim Polk spent a lot of
> > time on this issue, negotiating the exact words with Harald and any
> > others. The desire is for certificate issuers to embrace international
> > character sets.
> >
> > Beyond this recap of the history, I will let Harald speak for himself.
> >
> > Russ
> >
> >
> > ----------------------- Original Message -----------------------
> > From: Masaki SHIMAOKA <shimaoka@secom.ne.jp>
> > To: Tim Polk <tim.polk@nist.gov>, Stephen Kent <kent@bbn.com>,
> > rhousley@rsasecurity.com, wford@verisign.com, dsolo@alum.mit.edu
> > Date: Fri, 05 Dec 2003 16:09:10 +0900
> > Subject: DN Encoding by UTF8String
> >
> > Dear Authors and WG Chairs,
> >
> > RFC3280 mentioned that "all certificates issued after Dec 31, 2003 MUST
> > use UTF8String encoding".
> >
> > However, it seems that some applications do not yet support UTF8String
> > respectably and the detail of name comparison rule does not consider
> > UTF8String sufficiently.
> >
> > Therefore, existing CAs using except UTF8String for DN encoding SHOULD
> > do the following actions until solving these UTF8String problem.
> >
> > An encoding for issuer field of the certificates issued after 2004
> > SHOULD be same as an encoding for subject field of CA certificate
> > already issued.
> >
> > Is this correct?
> >
> > Of course, when the UTF8String problem solves, all certificates
> > issuedMUST use UTF8String encoding.
> > I worry that some confused CAs issue wrong certificates using UTF8String
> > encoding forcibly, even though the CA had used another encoding till now.
> >
> > Best regards,
> > -----
> > Masaki SHIMAOKA
> >
> > SECOM Trust.net
> > System Engineering Dpt.
> > Tel: +81 422 91 8498 (ext.3605)
> > Fax: +81 422 45 0536
> > e-mail: shimaoka@secom.ne.jp
> >
> >
> >
>
>
>
>
-----
Masaki SHIMAOKA
SECOM Trust.net
System Engineering Dpt.
Tel: +81 422 91 8498 (ext.3605)
Fax: +81 422 45 0536
e-mail: shimaoka@secom.ne.jp
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB908tib093706 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 16:08:55 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB908tx8093705 for ietf-pkix-bks; Mon, 8 Dec 2003 16:08:55 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from sigurd.x509.com ([199.175.155.2]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB908rib093700 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 16:08:54 -0800 (PST) (envelope-from marcnarc@rsasecurity.com)
Received: from nebula.x509.com by sigurd.x509.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 9 Dec 2003 00:08:56 UT
Received: from crack.x509.com (localhost [127.0.0.1]) by nebula.x509.com (8.12.10/NULL) with ESMTP id hB904k6L026537 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 16:04:46 -0800 (PST)
Received: from exvan01.x509.com (exvan01.x509.com [10.9.22.50]) by crack.x509.com (8.12.10/8.12.10) with ESMTP id hB908sY0025331 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 16:08:54 -0800 (PST)
Received: from rsasecurity.com (mbranchaud2.eng.x509.com [10.7.33.48]) by exvan01.x509.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id VQFW25CP; Mon, 8 Dec 2003 16:17:51 -0800
Message-ID: <3FD51028.5020401@rsasecurity.com>
Date: Mon, 08 Dec 2003 15:58:32 -0800
X-Sybari-Trust: 1e45ccf9 64c784fd 8329c9bc 00000139
From: Marc Branchaud <marcnarc@rsasecurity.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031110
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: OCSP in TLS handshake
References: <3FCCDF1F.7050502@rsasecurity.com>
In-Reply-To: <3FCCDF1F.7050502@rsasecurity.com>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040306020106010305050005"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a cryptographically signed message in MIME format.
--------------ms040306020106010305050005
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Marc Branchaud wrote:
>
> I'm not trying to be obtuse here (it actually takes very little effort),
> but I really need a patient explanation of why nonceUnsupported
> precludes the use of OCSP responses in the TLS handshake.
OK, I'd settle for an impatient explanation...
M.
--------------ms040306020106010305050005
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISqTCC
AtcwggJAoAMCAQICEFgUQCxch7Sxp7XFFauIqpwwDQYJKoZIhvcNAQEFBQAwbDEaMBgGA1UE
ChMRUlNBIFNlY3VyaXR5IEluYy4xHjAcBgNVBAMTFVJTQSBQdWJsaWMgUm9vdCBDQSB2MTEu
MCwGCSqGSIb3DQEJARYfcnNha2VvbnJvb3RzaWduQHJzYXNlY3VyaXR5LmNvbTAeFw0wMjA5
MDYxNDEzNTJaFw0wNzA5MDYxNDEzNTJaMIGCMRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5j
LjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMRYwFAYDVQQDEw1SU0EgQ29ycG9yYXRlMRAwDgYD
VQQHEwdCZWRmb3JkMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQswCQYDVQQGEwJVUzCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqnOw876lPpMTkSqrqzpEON/609PDLEhmWX4tkC19
AHneDaoetL277GtYYXBCggP2E+s66MN1ccWXyApfWjCZkIHepPC08NVI1JRcbViW3kwLzDD2
w5T9QJcyL5V1pN/LQdxahM56TiLeXlPiJekdmTdJoo+5Pw4bQU+MxTqURk8CAwEAAaNjMGEw
HwYDVR0jBBgwFoAU9UwxelEDPyzXi5eZb6hxkKt4PZswHQYDVR0OBBYEFO2RCGt0t1lKkvah
HSJwJp8KrxaSMA8GA1UdEwQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
BQUAA4GBAHiSe1a79hnPr16PuBwUTBWbuNQ4GJNsyfrCXzAswIT2A2WtGZ1Hp1jEAWi9OfAX
IYAdy52Jyv9N87wAEbLUgVmsFEIlYM5mi6ag7YIRGp8JP5UhLAN9O5YHrR9FsrGK4WmSl3sY
W1qAPOXubFcfhTgUDIYzM30izZBP4nwO07FpMIIC+DCCAmGgAwIBAgIQeuiOriTayCwjwpmR
gmdIUjANBgkqhkiG9w0BAQUFADCBgjEaMBgGA1UEChMRUlNBIFNlY3VyaXR5IEluYy4xFTAT
BgNVBAsTDEtDQSBTZXJ2aWNlczEWMBQGA1UEAxMNUlNBIENvcnBvcmF0ZTEQMA4GA1UEBxMH
QmVkZm9yZDEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDIwOTIz
MTkxMzAzWhcNMDYwOTIzMTUxMzAzWjCBjDEaMBgGA1UEChMRUlNBIFNlY3VyaXR5IEluYy4x
FTATBgNVBAsTDEtDQSBTZXJ2aWNlczEgMB4GA1UEAxMXUlNBIENsYXNzIDIgUGVyc29uYWwg
Q0ExEDAOBgNVBAcTB0JlZGZvcmQxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxCzAJBgNVBAYT
AlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkR9yiabyRo6+NwC3Sl8wPuUiBD3rP
sENNjXvzSbTAyXA8pDDndnlAa1nLUhSMgvn8g1sYMd0Bp+C1/mI5PFUZ8jukUK95yt+TK26L
hM/M5RUq/EINdDDdWzg9je498K6oGfyWR6ETSJbIrDe5qQcLCABs9E2gVKb7Z/FwFo3C9QID
AQABo2MwYTAPBgNVHRMECDAGAQH/AgECMA4GA1UdDwEB/wQEAwIBhjAfBgNVHSMEGDAWgBTt
kQhrdLdZSpL2oR0icCafCq8WkjAdBgNVHQ4EFgQUxpPuxqX+41WOz4ojH+6Y3iHyn6cwDQYJ
KoZIhvcNAQEFBQADgYEAcdRHBjq8GfdDoutUTJPtSzQd7XsdsQh2KBbu8utl92VQHuI0J5wc
Rc817G8YbmTtCt/xqAzrr6k7fdaoDBr/kBuVHA5FEJ94foPgrOlbT3zdziMATXh5ESSDLMx6
p8ITIsTJNmwszIG5P9AAKJCW48gu1ZZmLXhFbHcYJGf99pwwggMFMIICbqADAgECAhEAvhyf
0s21hKaAc2Nm1WX4LTANBgkqhkiG9w0BAQUFADCBuzEkMCIGA1UEBxMbVmFsaUNlcnQgVmFs
aWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwgSW5jLjE1MDMGA1UECxMsVmFs
aUNlcnQgQ2xhc3MgMyBQb2xpY3kgVmFsaWRhdGlvbiBBdXRob3JpdHkxITAfBgNVBAMTGGh0
dHA6Ly93d3cudmFsaWNlcnQuY29tLzEgMB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5j
b20wHhcNMDIwNDMwMTUzMDE5WhcNMTkwNDMwMDkyMTU1WjBsMRowGAYDVQQKExFSU0EgU2Vj
dXJpdHkgSW5jLjEeMBwGA1UEAxMVUlNBIFB1YmxpYyBSb290IENBIHYxMS4wLAYJKoZIhvcN
AQkBFh9yc2FrZW9ucm9vdHNpZ25AcnNhc2VjdXJpdHkuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQC0dSVa2EQ740GxqiIKsHATT4f8XYwUU23pzRe5W6IVpt4jkwDWkgnvTcP6
M8PD4OfK6Imal4hAH/c3K/dUIH7YyQZRGAE5Y27G5klZYKidcFlrfautgVES170MLKFmJqym
2FWAfVOibXatRcw7B0S+mP9404jID/MaIpRXkH5JjwIDAQABo1cwVTAMBgNVHRMEBTADAQH/
MA4GA1UdDwEB/wQEAwIBhjAWBgNVHSAEDzANMAsGCSqGSIb3DQUGATAdBgNVHQ4EFgQU9Uwx
elEDPyzXi5eZb6hxkKt4PZswDQYJKoZIhvcNAQEFBQADgYEAKsviXBc1FeBT2hIwyWuGwnPZ
J9ctjrsO7NbVLjsx/EYclFFGwo+pphiwdUTml9yd7fXzfk0D+7LOs9ZA5xhiHVrGusV4OW4i
7hx2KVILkYlcXCN5tDltKwa5+BkGUuvZdyAoIhpyf61h7uKCFguhaJ+VOiNB4DPtsmxI+KxO
E6YwggTYMIIEQaADAgECAhBgzHl9dAoZGu0JMqXovSgdMA0GCSqGSIb3DQEBBQUAMIGMMRow
GAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMSAwHgYD
VQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEWMBQGA1UE
CBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDMwNzA3MjMwODEzWhcNMDQwNzA3
MjMwODEzWjCBvjETMBEGCgmSJomT8ixkARkWA2NvbTEbMBkGCgmSJomT8ixkARkWC3JzYXNl
Y3VyaXR5MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEWMBQGA1UECxMNTm9ydGggQW1l
cmljYTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFzAVBgNVBAMTDk1hcmMgQnJhbmNoYXVkMScw
JQYJKoZIhvcNAQkBFhhtYXJjbmFyY0Byc2FzZWN1cml0eS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDg2xoRr+a/dtnuFG+oTHa+tGtzeObFazNhYV2iSLNED4fHRu86
tknBYFgXggcHW5gsyjfkCtVMzP2tCivmbJgvISo36vsCsmAJH6LRnJf8HsvfmWZaD9tzhDpL
QVsBHr88J0ZMdVniRc7MQoYeu/3hYtUBeGO9bGA6T8vTrnXYonnFtVoTqE62SFqPZZk7HpCS
X1n+dM3zSym2ylMFYE14nukF4I9vAhsQVzk3QNpghmzGj8uoEy9xpf3k0o5+neneAGvcSkwo
r1mH5tSqhrEQaZp7vuSA2bvXaZEnjZzZiTpPDzs1oMpn3guzYhU7wMKz6xvwvgEYyAAV+P5n
FWM/AgMBAAGjggGBMIIBfTCBkgYDVR0gBIGKMIGHMIGEBgkqhkiG9w0FBwIwdzAuBggrBgEF
BQcCARYiaHR0cDovL2NhLnJzYXNlY3VyaXR5LmNvbS9DUFMuaHRtbDBFBggrBgEFBQcCAjA5
MBgWEVJTQSBTZWN1cml0eSBJbmMuMAMCAQEaHUNQUyBJbmNvcnBvcmF0ZWQgYnkgcmVmZXJl
bmNlMCkGA1UdJQQiMCAGCisGAQQBgjcUAgIGCCsGAQUFBwMCBggrBgEFBQcDBDAjBgNVHREE
HDAagRhtYXJjbmFyY0Byc2FzZWN1cml0eS5jb20wDgYDVR0PAQH/BAQDAgeAMEYGA1UdHwQ/
MD0wO6A5oDeGNWh0dHA6Ly9jcmwucnNhc2VjdXJpdHkuY29tOjgwL1JTQUNsYXNzMlBlcnNv
bmFsQ0EuY3JsMB8GA1UdIwQYMBaAFMaT7sal/uNVjs+KIx/umN4h8p+nMB0GA1UdDgQWBBQ1
yQ/UrvKb563LjzHqJzBzrZp/ejANBgkqhkiG9w0BAQUFAAOBgQCV82oGGnglQQzklKg/wKhy
evNeJ6FNBZFhLlmZRNlKgqvPFmBcxygfBGpHqIhsHcrt2/AjhJuzAj7UdW1vTVCY5MkZw8P9
6+J6aTc3bNlGbk0jvcvVgDhmM4xYJLwMZKEw92HlRhfuMnj7ah9DTqbKSewmyAyOc+FLpGfd
lu6CgTCCBOkwggRSoAMCAQICEQDqxAXqre9Mr+FeYw3+MQhsMA0GCSqGSIb3DQEBBQUAMIGM
MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMSAw
HgYDVQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEWMBQG
A1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDMwNzA3MjMwODI4WhcNMDQw
NzA3MjMwODEzWjCBwjETMBEGCgmSJomT8ixkARkWA2NvbTEbMBkGCgmSJomT8ixkARkWC3Jz
YXNlY3VyaXR5MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEWMBQGA1UECxMNTm9ydGgg
QW1lcmljYTEUMBIGA1UECxMLRW5naW5lZXJpbmcxGzAZBgNVBAMTEk1hcmMgQnJhbmNoYXVk
LUVuYzEnMCUGCSqGSIb3DQEJARYYbWFyY25hcmNAcnNhc2VjdXJpdHkuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBjNaHTwtCXpdJg+iDxYMkWjuZIF0ic2fRLymZe+
BnZYWPnik0dFmTulx+V8slsLEtBllcc5o1yfIYfeHPinwRxv86kCUSlgfGGXKjJZaIeURgbo
bUbIfDTPlvRUZuiZvTR4C8tEY88Lle66n62B7wjUvDbiwK4EjzlXOkjpcYXLH7FbaFaRLDBB
PlFD5ydDRhQ67t6fjUeS7p7o/l/VHmPC5LFLXZkjEhjGd5pknbQIAbUGACL5UET85NUFPowD
3F47g0GCKEnuOsk2Ra+WHu7honhIxqmOwGnu85V6tW5xscf4dTofWZONQeaD3gSxv8+hcfKN
k9cwjpnUG2xGzwIDAQABo4IBjTCCAYkwNQYDVR0lBC4wLAYKKwYBBAGCNxQCAgYIKwYBBQUH
AwIGCCsGAQUFBwMEBgorBgEEAYI3CgMEMIGSBgNVHSAEgYowgYcwgYQGCSqGSIb3DQUHAjB3
MC4GCCsGAQUFBwIBFiJodHRwOi8vY2EucnNhc2VjdXJpdHkuY29tL0NQUy5odG1sMEUGCCsG
AQUFBwICMDkwGBYRUlNBIFNlY3VyaXR5IEluYy4wAwIBARodQ1BTIEluY29ycG9yYXRlZCBi
eSByZWZlcmVuY2UwIwYDVR0RBBwwGoEYbWFyY25hcmNAcnNhc2VjdXJpdHkuY29tMEYGA1Ud
HwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwucnNhc2VjdXJpdHkuY29tOjgwL1JTQUNsYXNzMlBl
cnNvbmFsQ0EuY3JsMB8GA1UdIwQYMBaAFMaT7sal/uNVjs+KIx/umN4h8p+nMB0GA1UdDgQW
BBT/OiMCyY8CPnNBySW1ijJOYhj7ejAOBgNVHQ8BAf8EBAMCAzgwDQYJKoZIhvcNAQEFBQAD
gYEAlchAObA9eVmeiLu0nTU985Fch6v+EZKodUhZUN7dILgd05HorHN9jxBH6XI4/b9ZVvub
Pkpicdc112YbcLYTD2NumVksyNDI7fDaqiszgk1zluXtZJ+HsCt+GIAKCDfOVLECclpGyizq
VjZFEK4Pt9FxPGTnUJEvIKJcAQ24EvgxggPsMIID6AIBATCBoTCBjDEaMBgGA1UEChMRUlNB
IFNlY3VyaXR5IEluYy4xFTATBgNVBAsTDEtDQSBTZXJ2aWNlczEgMB4GA1UEAxMXUlNBIENs
YXNzIDIgUGVyc29uYWwgQ0ExEDAOBgNVBAcTB0JlZGZvcmQxFjAUBgNVBAgTDU1hc3NhY2h1
c2V0dHMxCzAJBgNVBAYTAlVTAhBgzHl9dAoZGu0JMqXovSgdMAkGBSsOAwIaBQCgggIfMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTIwODIzNTgzMlow
IwYJKoZIhvcNAQkEMRYEFPXXusxTmWE2BOabLIW45rWnBQJxMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIGzBgkrBgEEAYI3EAQxgaUwgaIwgYwxGjAYBgNVBAoTEVJTQSBTZWN1
cml0eSBJbmMuMRUwEwYDVQQLEwxLQ0EgU2VydmljZXMxIDAeBgNVBAMTF1JTQSBDbGFzcyAy
IFBlcnNvbmFsIENBMRAwDgYDVQQHEwdCZWRmb3JkMRYwFAYDVQQIEw1NYXNzYWNodXNldHRz
MQswCQYDVQQGEwJVUwIRAOrEBeqt70yv4V5jDf4xCGwwgbUGCyqGSIb3DQEJEAILMYGloIGi
MIGMMRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2Vz
MSAwHgYDVQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEW
MBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMCEQDqxAXqre9Mr+FeYw3+MQhs
MA0GCSqGSIb3DQEBAQUABIIBACx17CnmPpmosbsxCmLIhVtwXTrMWhQrBXjaBrLLxNPFF2ve
LR1wFLJbDU03QhqvHm8L7N8NIYELbme7xgY55/Kr98H4/W0Mcx6neoqXQ0hMET+e7ZfmC+8b
7186+wMpXow/lhX9QTHCucgFbRdfGslsoXmmcX/Ei+7POv0qxD15IjyYGPAuQav4/6CZUoCm
xJJ5fed0cUoIk16F03bltsX11DpAAdpQByd3BPi7fjiKTJlRD5nmtmWoMXfI0OPKYvB/Trf1
wn85dklxiv8wTz3p1Ci84vMmV/hNOkpkOShz3l/fO4Mqfz+XxShx64W/xIPAdm4wCNPKx8cF
Ywn1sZwAAAAAAAA=
--------------ms040306020106010305050005--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8N4Wib091241 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 15:04:32 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8N4WCf091240 for ietf-pkix-bks; Mon, 8 Dec 2003 15:04:32 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8N4Vib091235 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 15:04:31 -0800 (PST) (envelope-from chokhani@orionsec.com)
Received: from wchokhani (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id hB8N4XoO012653 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 18:04:33 -0500
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Mon, 8 Dec 2003 18:04:28 -0500
Message-ID: <004a01c3bddf$a4a72540$9e00a8c0@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_004B_01C3BDB5.BBD11D40"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: <DDE1793D7266AD488BB4F5E8D38EACB85054AB@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------=_NextPart_000_004B_01C3BDB5.BBD11D40
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Ryan:
=20
The client concern does not seem to cut the mustard since Carl's =
argument is
that we do not seem to have a standard for nonceless client, let alone
capability. For the partitioned CRL, we have well-defined standard.
=20
As to the response size, I am sure that a partitioned CRL (one CRL for =
each
certificate) will be less than 400 bytes you cited.
=20
I think partitioning CRL for individual certificate has plusses in terms =
of
standard and removing the need for client. It also has directory =
related
plusses in terms of replication.
=20
I think its minuses are in terms of CA's ability to support it (or =
requiring
delegated CRL issuer, i.e., Indirect CRL Issuer Model) and may be =
addition
and management of entries under the CA branch for the CRL partitions.
=20
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] =
On
Behalf Of Ryan M. Hurst
Sent: Monday, December 08, 2003 3:05 PM
To: Carl Wallace; Deacon, Alex; ietf-pkix@imc.org
Subject: RE: Cached OCSP responses vs. single entry CRLs
Carl - These are just a few of the reasons, as for your question =
consider
the scenario of a issuer having to support mixed version/heterogeneous
environments.=20
=20
Although more recent Microsoft clients support partitioned CRLs, that =
does
not mean the ones before this concept existed do, what about clients =
based
on open source implementations, or ones running on other operating =
systems
that do not have support for this concept?=20
=20
TTPs still need to provide their subscribers and their relying parties =
with
revocation information without having to require subscribers to have
different profiled certificates for communication with different
constituents. Today if a CDP pointed to a partitioned CRL these clients
lacking support for this concept would not be able to validate the CDP.
=20
The use of OCSP gets around this issue, as long as we do not introduce =
any
breaking changes into the protocol (and don't forget the RFC did allow =
for
the pre-production concept explicitly).
=20
Beyond the deployability concepts above, OCSP has a number of other =
benefits
as well that make it a very natural fit (400 byte responses for =
example);
also considering there are vendors with products that deal with these
concepts available today OCSP really is the natural solution.=20
=20
Ryan
_____ =20
From: Carl Wallace [mailto:cwallace@orionsec.com]
Sent: Mon 12/8/2003 5:39 AM
To: 'Deacon, Alex'; Ryan M. Hurst; ietf-pkix@imc.org
Subject: RE: Cached OCSP responses vs. single entry CRLs
Response to following two comments below...
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Deacon, Alex
> Sent: Friday, December 05, 2003 7:05 PM
> Subject: RE: Cached OCSP responses vs. single entry CRLs
>
> We looked into this. The problem is that client support for
> "crl partitioning" (in this case a partition by individual
> serial number) is just about non-existant.
>
> Alex
>
> From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]
> Sent: Friday, December 05, 2003 6:30 PM
> Subject: RE: Cached OCSP responses vs. single entry CRLs
>
> Carl there are a number of reasons, one of the most
> significant being backwards compatibility; many existing
> client implementations do not support partitioned CRLs and
> there is not way to tell from a CDP if the data on the other
> end represents a partitioned CRL or a full one.
>
> Additionally there are commercial OCSP responders out there
> that support this concept, yet very few CAs support the use
> of portioned CRLs to that granularity.
>
> Ryan
The responses regarding lack of client side support are somewhat =
strange.
It is not possible that deployed client-side support for partitioned =
CRLs is
less than deployed client-side support for the yet-to-be-defined =
solution
for cached OCSP.=20
On the other side of the transaction, what is the protocol used to =
populate
the responders that serve pre-produced responses? Is this something =
that
would need to be standardized too? There are already standards-based =
means
of replicating directories.
------=_NextPart_000_004B_01C3BDB5.BBD11D40
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>
<META content=3D"MSHTML 6.00.2800.1276" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D269275922-08122003>Ryan:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D269275922-08122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN =
class=3D269275922-08122003>The=20
client concern does not seem to cut the mustard since Carl's argument is =
that we=20
do not seem to have a standard for nonceless client, let alone =
capability. =20
For the partitioned CRL, we have well-defined =
standard.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D269275922-08122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN =
class=3D269275922-08122003>As to=20
the response size, I am sure that a partitioned CRL (one CRL for each=20
certificate) will be less than 400 bytes you cited.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D269275922-08122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN =
class=3D269275922-08122003>I=20
think partitioning CRL for individual certificate has plusses in terms =
of=20
standard and removing the need for client. It also has directory =
related=20
plusses in terms of replication.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D269275922-08122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN =
class=3D269275922-08122003>I=20
think its minuses are in terms of CA's ability to support it (or =
requiring=20
delegated CRL issuer, i.e., Indirect CRL Issuer Model) and may be =
addition and=20
management of entries under the CA branch for the CRL=20
partitions.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D269275922-08122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D269275922-08122003></SPAN></FONT>
<DIV></DIV><FONT face=3DTahoma><FONT size=3D2>-----Original=20
Message-----<BR><B>From:</B> owner-ietf-pkix@mail.imc.org=20
[mailto:owner-ietf-pkix@mail.imc.org] <B>On Behalf Of </B>Ryan M.=20
Hurst<BR><B>Sent:</B> Monday, December 08, 2003 3:05 PM<BR><B>To:</B> =
Carl=20
Wallace; Deacon, Alex; ietf-pkix@imc.org<BR><B>Subject:</B> RE: Cached =
OCSP=20
responses vs. single entry CRLs<BR><BR></FONT></FONT></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV id=3DidOWAReplyText33265 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Carl - =
These are just a few=20
of the reasons, as for your question consider the scenario of a issuer =
having=20
to support mixed version/heterogeneous environments. </FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 =
size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Although =
more=20
recent Microsoft clients support partitioned CRLs, that does =
not=20
mean the ones before this concept existed do, what about clients based =
on open=20
source implementations, or ones running on other operating systems =
that do not=20
have support for this concept? </FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>TTPs still =
need to provide=20
their subscribers and their relying parties with revocation =
information=20
without having to require subscribers to have different profiled =
certificates=20
for communication with different constituents. Today if a CDP pointed =
to a=20
partitioned CRL these clients lacking support for this concept would =
not be=20
able to validate the CDP.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>The use of OCSP gets around =
this issue,=20
as long as we do not introduce any breaking changes into the protocol =
(and=20
don't forget the RFC did allow for the pre-production concept=20
explicitly).</FONT></DIV></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT><FONT face=3DArial=20
size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Beyond =
the deployability concepts=20
above, OCSP has a number of other benefits as well that make it a=20
very natural fit (400 byte responses for example); =
also considering=20
there are vendors with products that deal with these concepts =
available=20
today OCSP really is the natural solution. </FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 =
size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 =
size=3D2>Ryan</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Carl Wallace=20
[mailto:cwallace@orionsec.com]<BR><B>Sent:</B> Mon 12/8/2003 5:39=20
AM<BR><B>To:</B> 'Deacon, Alex'; Ryan M. Hurst;=20
ietf-pkix@imc.org<BR><B>Subject:</B> RE: Cached OCSP responses vs. =
single=20
entry CRLs<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=3D2>Response to following two comments =
below...<BR><BR>> From:=20
owner-ietf-pkix@mail.imc.org<BR>> [<A=20
=
href=3D"mailto:owner-ietf-pkix@mail.imc.org">mailto:owner-ietf-pkix@mail.=
imc.org</A>]=20
On Behalf Of Deacon, Alex<BR>> Sent: Friday, December 05, 2003 7:05 =
PM<BR>> Subject: RE: Cached OCSP responses vs. single entry=20
CRLs<BR>><BR>> We looked into this. The problem is that =
client=20
support for<BR>> "crl partitioning" (in this case a partition by=20
individual<BR>> serial number) is just about =
non-existant.<BR>><BR>>=20
Alex<BR>><BR><BR>> From: Ryan M. Hurst [<A=20
=
href=3D"mailto:rmh@windows.microsoft.com">mailto:rmh@windows.microsoft.co=
m</A>]<BR>>=20
Sent: Friday, December 05, 2003 6:30 PM<BR>> Subject: RE: Cached =
OCSP=20
responses vs. single entry CRLs<BR>><BR>> Carl there are a =
number of=20
reasons, one of the most<BR>> significant being backwards =
compatibility;=20
many existing<BR>> client implementations do not support =
partitioned CRLs=20
and<BR>> there is not way to tell from a CDP if the data on the=20
other<BR>> end represents a partitioned CRL or a full =
one.<BR>><BR>>=20
Additionally there are commercial OCSP responders out there<BR>> =
that=20
support this concept, yet very few CAs support the use<BR>> of =
portioned=20
CRLs to that granularity.<BR>><BR>> Ryan<BR><BR>The responses =
regarding=20
lack of client side support are somewhat strange.<BR>It is not =
possible that=20
deployed client-side support for partitioned CRLs is<BR>less than =
deployed=20
client-side support for the yet-to-be-defined solution<BR>for cached=20
OCSP. <BR><BR>On the other side of the transaction, what is the =
protocol=20
used to populate<BR>the responders that serve pre-produced =
responses? Is=20
this something that<BR>would need to be standardized too? There =
are=20
already standards-based means<BR>of replicating=20
directories.<BR><BR><BR></FONT></P></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_004B_01C3BDB5.BBD11D40--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8MuZib090600 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 14:56:35 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8MuZ1L090599 for ietf-pkix-bks; Mon, 8 Dec 2003 14:56:35 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailao.vtcif.telstra.com.au (mailao.vtcif.telstra.com.au [202.12.144.17]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8MuXib090587 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 14:56:34 -0800 (PST) (envelope-from James.H.Manger@team.telstra.com)
Received: from mailbi.vtcif.telstra.com.au (mailbi.vtcif.telstra.com.au [202.12.142.19]) by mailao.vtcif.telstra.com.au (Postfix) with ESMTP id 3929E25B49 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 09:56:28 +1100 (EST)
Received: from mail.cdn.telstra.com.au (localhost [127.0.0.1]) by mailbi.vtcif.telstra.com.au (Postfix) with ESMTP id 999B522883 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 09:56:27 +1100 (EST)
Received: from WSMSG0004.srv.dir.telstra.com (wsmsg0004.srv.dir.telstra.com [192.74.168.133]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id JAA12586 for <ietf-pkix@imc.org>; Tue, 9 Dec 2003 09:56:27 +1100 (EST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: POLL: MUST reject in OCSPv1
Date: Tue, 9 Dec 2003 08:56:11 +1000
Message-ID: <73388857A695D31197EF00508B08F29806EE19B8@ntmsg0131.corpmail.telstra.com.au>
Thread-Topic: POLL: MUST reject in OCSPv1
Thread-Index: AcO92FaEZYKQNVnDTXGqUveRl6QNdgABR/YA
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: <ietf-pkix@imc.org>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB8MuYib090595
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
AGREE
P.S. Terry, #4 does not really require a server to recognize a particular extension. Regardless of any extensions in a request, a caching server can simply always include the nonceUnsupported extension.
I would support SHOULD (or MUST) in #4. Using SHOULD means existing caching servers are not made non-compliant, which (I think) was Ryan's main concern.
> 4. Conversely, if a server receives a nonced
> request but is unable to incorporate the
> nonce in its response, the server MUST
> include the nonceUnsupported extension.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8MGwib089345 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 14:16:58 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8MGw2f089344 for ietf-pkix-bks; Mon, 8 Dec 2003 14:16:58 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from imo-d04.mx.aol.com (imo-d04.mx.aol.com [205.188.157.36]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8MGuib089327 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 14:16:57 -0800 (PST) (envelope-from THayes0993@aol.com)
Received: from THayes0993@aol.com by imo-d04.mx.aol.com (mail_out_v36_r1.1.) id 6.70.35e6b4f5 (16086); Mon, 8 Dec 2003 17:16:08 -0500 (EST)
Received: from pc655301.nscp.aoltw.net (h-10-169-149-63.nscp.aoltw.net [10.169.149.63]) by air-id10.mx.aol.com (v97.8) with ESMTP id MAILINID103-3ed63fd4f82725b; Mon, 08 Dec 2003 17:16:08 -0500
Date: Mon, 8 Dec 2003 14:16:23 -0800
From: "Terry Hayes" <thayes0993@aol.com>
Subject: RE: POLL: MUST reject in OCSPv1
To: mmyers@fastq.com
cc: ietf-pkix@imc.org
In-Reply-To: <EOEGJNFMMIBDKGFONJJDOEPODFAA.mmyers@fastq.com>
Message-ID: <3FD4F837.80903@aol.com>
References: <EOEGJNFMMIBDKGFONJJDOEPODFAA.mmyers@fastq.com>
X-Mailer: AOL Communicator (20031113.4 Win)
Organization: AOL
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
X-AOL-IP: 10.169.149.63
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Correct! I would vote YES if #4 was SHOULD.
Terry Hayes
Michael Myers wrote on 12/8/2003, 12:42 PM:
>
> > From: Terry Hayes [mailto:thayes0993@aol.com]
> >
> > . . .
> >
> > If you remove item 4 from the proposed resolution
> > (or change it to allow the server to include the
> > extension), then I change my "vote" to YES.
>
>
> Terry,
>
> To be clear, if #4 was SHOULD include nonceUnsupported extension
> vs. MUST, you'd vote YES, correct?
>
> Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8Kuqib075481 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 12:56:52 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8KuqlT075480 for ietf-pkix-bks; Mon, 8 Dec 2003 12:56:52 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8Kupib075474 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 12:56:51 -0800 (PST) (envelope-from chokhani@orionsec.com)
Received: from wchokhani (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id hB8KuqoO022755 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 15:56:53 -0500
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: RE: POLL: MUST reject in OCSPv1
Date: Mon, 8 Dec 2003 15:56:47 -0500
Message-ID: <001b01c3bdcd$ced58170$9e00a8c0@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: <EOEGJNFMMIBDKGFONJJDGEPNDFAA.mmyers@fastq.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB8Kuqib075475
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
AGREE
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On
Behalf Of Michael Myers
Sent: Monday, December 08, 2003 1:46 PM
To: ietf-pkix@imc.org
Cc: Carlisle Adams
Subject: POLL: MUST reject in OCSPv1
All,
OK, so let's take a full-up poll on what we were looking at a couple of
weeks ago to see where we stand today. Please respond with either YES or
NO. Take discussions to the DISCUSS thread.
This approach preserves installed base functionality and yet enables a clear
and technically complete resolution of the various perspectives.
To date, on the related DISCUSS thread, six have voiced agreement to this
path forward and two disagree. From that
record:
AGREE
-----
David Engberg, Corestreet
Florian Oelmaier, Sytrust
Ambarish Malpani, Cenzic
Marc Branchaud, RSA
Miguel Rodriguez, SeguriDATA
Frank Balluffi, Deutsche Bank
DISAGREE
--------
Ryan Hurst, Microsoft
Alex Deacon, VeriSign
PROPOSED
--------
The proposed resolution is as follows:
1. Cycle v1 as Proposed Standard. It was well
on its way to Draft but we'll pull it back.
2. Define nonceUnsupported extension subject
to the following semantics.
3. Clients that send a nonce:
a. MUST reject a non-nonced response if
that response includes either the value
"good" or "revoked" AND it fails to
include the nonceUnsupported extension;
b. Else, if such response includes the
nonceUnsupported extension, clients
MAY accept the response subject to the
advice in the Security Considerations
section of this document.
4. Conversely, if a server receives a nonced
request but is unable to incorporate the
nonce in its response, the server MUST
include the nonceUnsupported extension.
We now have clearance to cycle v1 at Proposed so that's no longer a
predicate.
Thank you for your continued patience as we work towards resolving this
issue.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8KeAib071986 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 12:40:10 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8KeAnU071985 for ietf-pkix-bks; Mon, 8 Dec 2003 12:40:10 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8Ke8ib071979 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 12:40:08 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hB8KdxA41555; Mon, 8 Dec 2003 13:39:59 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: "Terry Hayes" <thayes0993@aol.com>
Cc: <ietf-pkix@imc.org>
Subject: RE: POLL: MUST reject in OCSPv1
Date: Mon, 8 Dec 2003 13:42:01 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDOEPODFAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
In-Reply-To: <3FD4DF32.9030308@aol.com>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> From: Terry Hayes [mailto:thayes0993@aol.com]
>
> . . .
>
> If you remove item 4 from the proposed resolution
> (or change it to allow the server to include the
> extension), then I change my "vote" to YES.
Terry,
To be clear, if #4 was SHOULD include nonceUnsupported extension
vs. MUST, you'd vote YES, correct?
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8KTdib070146 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 12:29:39 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8KTdYP070145 for ietf-pkix-bks; Mon, 8 Dec 2003 12:29:39 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from imo-d06.mx.aol.com (imo-d06.mx.aol.com [205.188.157.38]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8KTbib070121 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 12:29:37 -0800 (PST) (envelope-from THayes0993@aol.com)
Received: from THayes0993@aol.com by imo-d06.mx.aol.com (mail_out_v36_r1.1.) id 6.25.41e09160 (16098); Mon, 8 Dec 2003 15:29:23 -0500 (EST)
Received: from pc655301.nscp.aoltw.net (h-10-169-149-63.nscp.aoltw.net [10.169.149.63]) by air-id11.mx.aol.com (v97.8) with ESMTP id MAILINID112-3ee23fd4df219f; Mon, 08 Dec 2003 15:29:23 -0500
Date: Mon, 8 Dec 2003 12:29:38 -0800
From: "Terry Hayes" <thayes0993@aol.com>
Subject: Re: POLL: MUST reject in OCSPv1
To: mmyers@fastq.com
cc: ietf-pkix@imc.org, cadams@site.uottawa.ca
In-Reply-To: <EOEGJNFMMIBDKGFONJJDGEPNDFAA.mmyers@fastq.com>
Message-ID: <3FD4DF32.9030308@aol.com>
References: <EOEGJNFMMIBDKGFONJJDGEPNDFAA.mmyers@fastq.com>
X-Mailer: AOL Communicator (20031113.4 Win)
Organization: AOL
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
X-AOL-IP: 10.169.149.63
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
NO
As I have said many times previously, requiring the server to recognize a particular extension is incompatible with the current OCSP protocol definition. If you remove item 4 from the proposed resolution (or change it to allow the server to include the extension), then I change my "vote" to YES.
Terry Hayes
Michael Myers wrote on 12/8/2003, 10:46 AM:
>
> All,
>
> OK, so let's take a full-up poll on what we were looking at a
> couple of weeks ago to see where we stand today. Please respond
> with either YES or NO. Take discussions to the DISCUSS thread.
>
> This approach preserves installed base functionality and yet
> enables a clear and technically complete resolution of the
> various perspectives.
>
> To date, on the related DISCUSS thread, six have voiced
> agreement to this path forward and two disagree. From that
> record:
>
> AGREE
> -----
> David Engberg, Corestreet
> Florian Oelmaier, Sytrust
> Ambarish Malpani, Cenzic
> Marc Branchaud, RSA
> Miguel Rodriguez, SeguriDATA
> Frank Balluffi, Deutsche Bank
>
> DISAGREE
> --------
> Ryan Hurst, Microsoft
> Alex Deacon, VeriSign
>
>
> PROPOSED
> --------
> The proposed resolution is as follows:
>
> 1. Cycle v1 as Proposed Standard. It was well
> on its way to Draft but we'll pull it back.
>
> 2. Define nonceUnsupported extension subject
> to the following semantics.
>
> 3. Clients that send a nonce:
>
> a. MUST reject a non-nonced response if
> that response includes either the value
> "good" or "revoked" AND it fails to
> include the nonceUnsupported extension;
>
> b. Else, if such response includes the
> nonceUnsupported extension, clients
> MAY accept the response subject to the
> advice in the Security Considerations
> section of this document.
>
> 4. Conversely, if a server receives a nonced
> request but is unable to incorporate the
> nonce in its response, the server MUST
> include the nonceUnsupported extension.
>
> We now have clearance to cycle v1 at Proposed so that's no
> longer a predicate.
>
> Thank you for your continued patience as we work towards
> resolving this issue.
>
> Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8KPgib069261 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 12:25:42 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8KPgi2069259 for ietf-pkix-bks; Mon, 8 Dec 2003 12:25:42 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8KPfib069220 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 12:25:41 -0800 (PST) (envelope-from kent@bbn.com)
Received: from [128.89.89.75] (dhcp89-089-075.bbn.com [128.89.89.75]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id hB8KPZ7o019236; Mon, 8 Dec 2003 15:25:36 -0500 (EST)
Mime-Version: 1.0
X-Sender: kent@po2.bbn.com
Message-Id: <p06010215bbfa8ac4ef4c@[128.89.89.75]>
In-Reply-To: <200312051418.hB5EIvU06718@cs.auckland.ac.nz>
References: <200312051418.hB5EIvU06718@cs.auckland.ac.nz>
Date: Mon, 8 Dec 2003 15:24:34 -0500
To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
From: Stephen Kent <kent@bbn.com>
Subject: Re: Certificate Policy Standardization
Cc: pgut001@cs.auckland.ac.nz, ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang)
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
At 3:18 +1300 12/6/03, Peter Gutmann wrote:
>Stephen Kent <kent@bbn.com> writes:
>
>>Citing the critique from the Counterpane analysis of Ipsec and IKE from 5
>>years ago is a nice touch, but you should be aware that the non-IKE
>>criticisms were largely refuted in messages on the IPsec list.
>
>Well that's a marvellous strawman you've demolished there, but you still
>haven't addressed the original point I made, which is that without a
>rationale, without explanations of difficult-to-understand points, a complex
>standard is in trouble. In fact you've pretty much agreed with my comments:
I doubt that :-)
>
> Unfortunately, the folks who performed the analysis were not protocol
> experts. They made assertions of what was wrong and how it should be fixed,
> and in most instances THEY were wrong.
What we have here is an example of knowledgeable people in one area,
critiquing a document in an area that is not within their expertise.
Most IETF standards are written for developers, not for end users,
system administrators, etc.
>Without a rationale and implementation notes to guide them, there was no way
>they could understand the spec, so they ended up analysing something that was
>different from whatever it was the spec was trying to describe. What was
>refuted was the analysis of the way Bruce thought IPsec worked, not the fact
>that the spec is confusing, ambiguous, and contradictory.
Nonsense! The example that prompted my response was the failure of MS
implementors to do what the standard clearly stated, and what
essentially ALL other implementors DID manage to get right. Why the
MS guys failed here is open for debate. But the aspect of IPsec (not
IKE) that they got wrong was not ambiguous, and it followed the
practice that is used in essentially ALL other access control list
systems for 25+ years. Also, as I noted in my initial response, most
of the Counterpane criticisms were related to IKE, not to IPsec per
se.
>Your comments do however raise one question: If (as you say) the intent wasn't
>to create an IPsec for dummies, who exactly is the target audience? It's not
>the average person, it's not techies and sysadmins, it's not cryptographers,
>it's not security researchers, just who *was* this written for anyway? Your
>first message implied that the only people capable of understanding IPsec are
>people who already understand IPsec before they start. So the target audience
>for the IPsec spec is "Anyone who's spent the last 5-10 years on the IPsec
>list"? What happens when an outsider has to implement IPsec? (Well, I think
>that's obvious from real-world experience with IPsec deployment when 2 or more
>different vendors are involved). Is everyone who needs a technical question
>on IPsec answered expected to track down IPsec list members and ask them, like
>I did recently when I needed an answer to a simple yes/no question? What
>happens when the last person who was involved in the IPsec design process
>retires and there's no-one left to ask about all the stuff the spec doesn't
>tell you?
As I noted above, IETF standards are written for developers. Other
authors typically write books for users, sys admins, CIOs, etc.
>To get back to the original point about including explanations and
>implementation guidance in specs, a spec is difficult now and downright
>dangerous in the future when there's no-one left to explain all the bits the
>authors never bothered writing down. Consider as a nice counterexample the
>DNS SRV spec. It starts with the usual MUST/SHOULD/MAY stuff. All the
>features are clearly explained (not just "It does X" but "It does X because
>Y"). There's advice for administrators. There's pseudocode for certain
>processes that people might find confusing. There's a complete worked example
>(I cut & pasted it into a zone file for testing). You can implement it
>straight out of the spec in about half an hour (OK, it's nowhere near as
>complex as IPsec), and it works the first time. With every server I could
>find (and that's definitely nothing like IPsec).
>
>The reason why it did that is because the authors didn't start by deciding
>"We're not going to write a DNS for dummies", but because they wrote a spec
>for implementors and users, which is why anyone can pick it up and write a
>fully functional, interoperable DNS SRV implementation from it. Can you do
>that with IPsec, or PKIX?
2782 seems to be a well written RFC, but it is far from typical. In
fact, it is very unusual in this respect. If the IESG wants all RFCs
to be of this form, then they can require a different style of
documents. However, the trend has not been to call for this style of
writing, and that's not suprising, since not other standards body
writes documents in this way either.
So, what's the bottom line? Could IPsec be better documented, yes. Is
it a bad spec, no, not compared to most others in the IETF, ANSI,
IEEE, and ITU realms. Did the implementors who screwed up the SPD
management interface for MS products do so because RFC 2401 does not
provide rationale for the ordering requirement? Possible, but
unlikely, since so many others managed to get this right, and without
recourse to the authors or the mailing list.
Steve
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8KNqib068147 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 12:23:52 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8KNqE6068146 for ietf-pkix-bks; Mon, 8 Dec 2003 12:23:52 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8KNpib068131 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 12:23:51 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA29378; Mon, 8 Dec 2003 15:23:37 -0500 (EST)
Message-Id: <200312082023.PAA29378@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-sha244-01.txt
Date: Mon, 08 Dec 2003 15:23:37 -0500
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : A 224-bit One-way Hash Function: SHA-224
Author(s) : R. Housley
Filename : draft-ietf-pkix-sha244-01.txt
Pages : 6
Date : 2003-12-8
This document specifies a 224-bit one-way hash function, called
SHA-224. A SHA-224 has value is simply the truncation of the SHA-256
hash value. SHA-256 is the 256-bit one-way hash function specified
by the National Institute of Standards and Technology (NIST).
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-sha244-01.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-pkix-sha244-01.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-pkix-sha244-01.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <2003-12-8152054.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-sha244-01.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-pkix-sha244-01.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <2003-12-8152054.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8K4uib064209 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 12:04:56 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8K4uRp064208 for ietf-pkix-bks; Mon, 8 Dec 2003 12:04:56 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8K4tib064202 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 12:04:55 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from mail6.microsoft.com ([157.54.6.196]) by mail4.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 8 Dec 2003 12:04:48 -0800
Received: from inet-vrs-06.redmond.corp.microsoft.com ([157.54.6.181]) by mail6.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Mon, 8 Dec 2003 12:04:12 -0800
Received: from 157.54.8.109 by inet-vrs-06.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 08 Dec 2003 12:05:00 -0800
Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 8 Dec 2003 12:04:19 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 8 Dec 2003 12:04:39 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Mon, 8 Dec 2003 12:04:33 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.7122.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary"
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Mon, 8 Dec 2003 12:04:46 -0800
Message-ID: <DDE1793D7266AD488BB4F5E8D38EACB85054AB@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Cached OCSP responses vs. single entry CRLs
thread-index: AcO9kLtE6c0GOA2vRaW+GKL6F8KkswANBFDu
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
To: "Carl Wallace" <cwallace@orionsec.com>, "Deacon, Alex" <alex@verisign.com>, <ietf-pkix@imc.org>
X-OriginalArrivalTime: 08 Dec 2003 20:04:33.0512 (UTC) FILETIME=[7F66BE80:01C3BDC6]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C3BDC6.8760B952"
------_=_NextPart_001_01C3BDC6.8760B952
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Carl - These are just a few of the reasons, as for your question =
consider the scenario of a issuer having to support mixed =
version/heterogeneous environments.=20
=20
Although more recent Microsoft clients support partitioned CRLs, that =
does not mean the ones before this concept existed do, what about =
clients based on open source implementations, or ones running on other =
operating systems that do not have support for this concept?=20
=20
TTPs still need to provide their subscribers and their relying parties =
with revocation information without having to require subscribers to =
have different profiled certificates for communication with different =
constituents. Today if a CDP pointed to a partitioned CRL these clients =
lacking support for this concept would not be able to validate the CDP.
=20
The use of OCSP gets around this issue, as long as we do not introduce =
any breaking changes into the protocol (and don't forget the RFC did =
allow for the pre-production concept explicitly).
=20
Beyond the deployability concepts above, OCSP has a number of other =
benefits as well that make it a very natural fit (400 byte responses for =
example); also considering there are vendors with products that deal =
with these concepts available today OCSP really is the natural solution. =
=20
Ryan
________________________________
From: Carl Wallace [mailto:cwallace@orionsec.com]
Sent: Mon 12/8/2003 5:39 AM
To: 'Deacon, Alex'; Ryan M. Hurst; ietf-pkix@imc.org
Subject: RE: Cached OCSP responses vs. single entry CRLs
Response to following two comments below...
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Deacon, Alex
> Sent: Friday, December 05, 2003 7:05 PM
> Subject: RE: Cached OCSP responses vs. single entry CRLs
>
> We looked into this. The problem is that client support for
> "crl partitioning" (in this case a partition by individual
> serial number) is just about non-existant.
>
> Alex
>
> From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]
> Sent: Friday, December 05, 2003 6:30 PM
> Subject: RE: Cached OCSP responses vs. single entry CRLs
>
> Carl there are a number of reasons, one of the most
> significant being backwards compatibility; many existing
> client implementations do not support partitioned CRLs and
> there is not way to tell from a CDP if the data on the other
> end represents a partitioned CRL or a full one.
>
> Additionally there are commercial OCSP responders out there
> that support this concept, yet very few CAs support the use
> of portioned CRLs to that granularity.
>
> Ryan
The responses regarding lack of client side support are somewhat =
strange.
It is not possible that deployed client-side support for partitioned =
CRLs is
less than deployed client-side support for the yet-to-be-defined =
solution
for cached OCSP.=20
On the other side of the transaction, what is the protocol used to =
populate
the responders that serve pre-produced responses? Is this something =
that
would need to be standardized too? There are already standards-based =
means
of replicating directories.
------_=_NextPart_001_01C3BDC6.8760B952
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">=0A=
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">=0A=
<HTML>=0A=
<HEAD>=0A=
=0A=
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7122.0">=0A=
<TITLE>RE: Cached OCSP responses vs. single entry CRLs</TITLE>=0A=
</HEAD>=0A=
<BODY>=0A=
<DIV id=3DidOWAReplyText33265 dir=3Dltr>=0A=
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Carl - These =
are just a few =0A=
of the reasons, as for your question consider the scenario of a issuer =
having to =0A=
support mixed version/heterogeneous environments. </FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 =
size=3D2></FONT> </DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Although more =0A=
recent Microsoft clients support partitioned CRLs, that does =
not mean =0A=
the ones before this concept existed do, what about clients based on =
open source =0A=
implementations, or ones running on other operating systems that do not =
have =0A=
support for this concept? </FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>TTPs still =
need to provide =0A=
their subscribers and their relying parties with revocation =
information =0A=
without having to require subscribers to have different profiled =
certificates =0A=
for communication with different constituents. Today if a CDP pointed to =
a =0A=
partitioned CRL these clients lacking support for this concept would not =
be able =0A=
to validate the CDP.</FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>=0A=
<DIV dir=3Dltr>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>The use of OCSP gets around =
this issue, as =0A=
long as we do not introduce any breaking changes into the protocol (and =
don't =0A=
forget the RFC did allow for the pre-production concept =0A=
explicitly).</FONT></DIV></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT><FONT face=3DArial =0A=
size=3D2></FONT> </DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Beyond the deployability =
concepts =0A=
above, OCSP has a number of other benefits as well that make it a =0A=
very natural fit (400 byte responses for example); =
also considering =0A=
there are vendors with products that deal with these concepts =
available =0A=
today OCSP really is the natural solution. </FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 =
size=3D2></FONT> </DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 =
size=3D2>Ryan</FONT></DIV></DIV>=0A=
<DIV dir=3Dltr><BR>=0A=
<HR tabIndex=3D-1>=0A=
<FONT face=3DTahoma size=3D2><B>From:</B> Carl Wallace =0A=
[mailto:cwallace@orionsec.com]<BR><B>Sent:</B> Mon 12/8/2003 5:39 =0A=
AM<BR><B>To:</B> 'Deacon, Alex'; Ryan M. Hurst; =0A=
ietf-pkix@imc.org<BR><B>Subject:</B> RE: Cached OCSP responses vs. =
single entry =0A=
CRLs<BR></FONT><BR></DIV>=0A=
<DIV>=0A=
<P><FONT size=3D2>Response to following two comments =
below...<BR><BR>> From: =0A=
owner-ietf-pkix@mail.imc.org<BR>> [<A =0A=
href=3D"mailto:owner-ietf-pkix@mail.imc.org">mailto:owner-ietf-pkix@mail.=
imc.org</A>] =0A=
On Behalf Of Deacon, Alex<BR>> Sent: Friday, December 05, 2003 7:05 =0A=
PM<BR>> Subject: RE: Cached OCSP responses vs. single entry =0A=
CRLs<BR>><BR>> We looked into this. The problem is that =
client =0A=
support for<BR>> "crl partitioning" (in this case a partition by =0A=
individual<BR>> serial number) is just about =
non-existant.<BR>><BR>> =0A=
Alex<BR>><BR><BR>> From: Ryan M. Hurst [<A =0A=
href=3D"mailto:rmh@windows.microsoft.com">mailto:rmh@windows.microsoft.co=
m</A>]<BR>> =0A=
Sent: Friday, December 05, 2003 6:30 PM<BR>> Subject: RE: Cached OCSP =0A=
responses vs. single entry CRLs<BR>><BR>> Carl there are a number =
of =0A=
reasons, one of the most<BR>> significant being backwards =
compatibility; many =0A=
existing<BR>> client implementations do not support partitioned CRLs =0A=
and<BR>> there is not way to tell from a CDP if the data on the =
other<BR>> =0A=
end represents a partitioned CRL or a full one.<BR>><BR>> =
Additionally =0A=
there are commercial OCSP responders out there<BR>> that support this =0A=
concept, yet very few CAs support the use<BR>> of portioned CRLs to =
that =0A=
granularity.<BR>><BR>> Ryan<BR><BR>The responses regarding lack of =
client =0A=
side support are somewhat strange.<BR>It is not possible that deployed =0A=
client-side support for partitioned CRLs is<BR>less than deployed =
client-side =0A=
support for the yet-to-be-defined solution<BR>for cached =
OCSP. <BR><BR>On =0A=
the other side of the transaction, what is the protocol used to =
populate<BR>the =0A=
responders that serve pre-produced responses? Is this something =0A=
that<BR>would need to be standardized too? There are already =0A=
standards-based means<BR>of replicating =0A=
directories.<BR><BR><BR></FONT></P></DIV>=0A=
=0A=
</BODY>=0A=
</HTML>
------_=_NextPart_001_01C3BDC6.8760B952--
--------------InterScan_NT_MIME_Boundary--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8Ii1ib043611 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 10:44:01 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8Ii1iq043610 for ietf-pkix-bks; Mon, 8 Dec 2003 10:44:01 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8Ihxib043594 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 10:43:59 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hB8Ii1A33541; Mon, 8 Dec 2003 11:44:01 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: <ietf-pkix@imc.org>
Cc: "Carlisle Adams" <cadams@site.uottawa.ca>
Subject: POLL: MUST reject in OCSPv1
Date: Mon, 8 Dec 2003 11:46:03 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDGEPNDFAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
In-Reply-To: <EOEGJNFMMIBDKGFONJJDAEMKDFAA.mmyers@fastq.com>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
All,
OK, so let's take a full-up poll on what we were looking at a
couple of weeks ago to see where we stand today. Please respond
with either YES or NO. Take discussions to the DISCUSS thread.
This approach preserves installed base functionality and yet
enables a clear and technically complete resolution of the
various perspectives.
To date, on the related DISCUSS thread, six have voiced
agreement to this path forward and two disagree. From that
record:
AGREE
-----
David Engberg, Corestreet
Florian Oelmaier, Sytrust
Ambarish Malpani, Cenzic
Marc Branchaud, RSA
Miguel Rodriguez, SeguriDATA
Frank Balluffi, Deutsche Bank
DISAGREE
--------
Ryan Hurst, Microsoft
Alex Deacon, VeriSign
PROPOSED
--------
The proposed resolution is as follows:
1. Cycle v1 as Proposed Standard. It was well
on its way to Draft but we'll pull it back.
2. Define nonceUnsupported extension subject
to the following semantics.
3. Clients that send a nonce:
a. MUST reject a non-nonced response if
that response includes either the value
"good" or "revoked" AND it fails to
include the nonceUnsupported extension;
b. Else, if such response includes the
nonceUnsupported extension, clients
MAY accept the response subject to the
advice in the Security Considerations
section of this document.
4. Conversely, if a server receives a nonced
request but is unable to incorporate the
nonce in its response, the server MUST
include the nonceUnsupported extension.
We now have clearance to cycle v1 at Proposed so that's no
longer a predicate.
Thank you for your continued patience as we work towards
resolving this issue.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8HHkib011763 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 09:17:46 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8HHkUr011762 for ietf-pkix-bks; Mon, 8 Dec 2003 09:17:46 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8HHkib011757 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 09:17:46 -0800 (PST) (envelope-from alex@verisign.com)
Received: from MOU1WNEXC03.vcorp.ad.vrsn.com (mailer3.verisign.com [65.205.251.55]) by peacock.verisign.com (8.12.10/) with ESMTP id hB8HHk2u009737; Mon, 8 Dec 2003 09:17:46 -0800 (PST)
Received: by mou1wnexc03.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <XLQFNPQ8>; Mon, 8 Dec 2003 09:17:46 -0800
Message-ID: <F5678115F458B4458C227F0EC02691BB02BA856B@mou1wnexm04.vcorp.ad.vrsn.com>
From: "Deacon, Alex" <alex@verisign.com>
To: "'Michael Myers'" <mmyers@fastq.com>, "Deacon, Alex" <alex@verisign.com>, "Ryan M. Hurst" <rmh@windows.microsoft.com>, ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Mon, 8 Dec 2003 09:17:45 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Mike,
Clearly education and interop testing is a large part of the solution (and
one we have spent some time doing).
As for your blunt statement, the issue is when the non-normative statement
"The nonce cryptographically binds a request and a response to prevent
replay attacks." is read in the broader context of the normative statements
regarding extension support, things start to crumble.
Alex
> -----Original Message-----
> From: Michael Myers [mailto:mmyers@fastq.com]
> Sent: Friday, December 05, 2003 5:22 PM
> To: Deacon, Alex; Ryan M. Hurst; ietf-pkix@imc.org
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
>
> Alex,
>
> Comments embedded below.
>
> Mike
>
> > -----Original Message-----
> > From: Deacon, Alex [mailto:alex@verisign.com]
> > Sent: Friday, December 05, 2003 4:59 PM
> > To: 'Michael Myers'; Ryan M. Hurst; ietf-pkix@imc.org
> > Subject: RE: DISCUSS: MUST reject in OCSPv1
> >
> >
> >
> > If I could be ensured that every OCSP client used to
> > hit ocsp.verisign.com would not include a nonce,
> > then I would have no problem with a MUST reject.
>
> Well, that probably won't happen in the given target
> environment. But what you can do is tell them they shouldn't
> while still providing them the full value of your OCSP
> services. Given a sufficiently reliable clue, they probably
> won't do so again.
>
> > However because this environment receives requests
> > from a heterogeneous population of clients over
> > which we have no administrative control (to
> > paraphrase an earlier email of yours), there will
> > undoubtedly be cases where cert validation will
> > fail....not because the cert has been revoked, but
> > because the response does not include a nonce.
>
> Not necessarily. Be up front about it. Tell them you don't
> support nonces. Let them decide IAW local security policy
> whether to fail path validation process. Give them a clue.
>
> > I believe that clients should have the ability to
> > make up their own mind (local policy) in determining
> > if they should reject or accept such a response.
>
> But to make that decision, they must be able to differentiate
> between a server/service that chooses not to support nonces
> and one that is willing to but which service is being blocked
> by an attacker.
>
> > A MUST reject would not allow for this or force a
> > client to not be compliant with the spec.
>
> Apologies in advance for being so blunt about this, but
> Section 4.4.1 of RFC 2560 opens with the sentence "The nonce
> cryptographically binds a request and a response to prevent
> replay attacks." I remain curious how disregard of a
> client's nonce nonetheless achieves this intended effect. I
> further note that RFC 3546 (TLS) defers to this precise
> section regarding nonces.
>
>
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8FgDib080978 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 07:42:13 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8FgDEB080977 for ietf-pkix-bks; Mon, 8 Dec 2003 07:42:13 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8FgCib080941 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 07:42:12 -0800 (PST) (envelope-from harald@alvestrand.no)
Received: from halvestr-w2k1 (localhost.localdomain [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id B622E61B96; Mon, 8 Dec 2003 16:42:10 +0100 (CET)
Date: Sun, 07 Dec 2003 23:51:59 -0800
From: Harald Tveit Alvestrand <harald@alvestrand.no>
To: Russ Housley <housley@vigilsec.com>, shimaoka@secom.ne.jp, ietf-pkix@imc.org
Subject: Re: DN Encoding by UTF8String
Message-ID: <194813577.1070841119@localhost>
In-Reply-To: <5.2.0.9.2.20031206131718.03d11d70@mail.binhost.com>
References: <5.2.0.9.2.20031206131718.03d11d70@mail.binhost.com>
X-Mailer: Mulberry/3.1.0 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I must admit that I am not surprised.....
The encodings supported by older applications are many and various, but
nearly all of them share one of two properties:
- They are US-ASCII compatible
- When using non-US-ASCII characters, they are violating the X.509
standards that they claim conformance to
If declaring that a number of applications are violating the IETF
standards, and not just the ITU standards, on January 1, 2004 will help
bring that day closer, I'm all for it.
Sooner or later, the industry, IMHO, will have to embrace UTF-8 fully;
supporting the mess we've created for ourselves forever is not in the best
long term interest of the network.
As far as I know, there will be nobody coming to punish people issuing
non-UTF-8 certificates after Jan 1, 2004 that contain non-UTF8 encoding.
And people will violate the standards to keep their legacy applications
running; that is how networks have always operated.
But IMHO, they should be ashamed of themselves when they do so, and strive
towards eliminating the need for doing so as soon as possible. Not because
I say so, but because it's for the long term good of the Internet.
My opinion.
Harald Alvestrand
--On 6. desember 2003 13:29 -0500 Russ Housley <housley@vigilsec.com> wrote:
> This was added to RFC 2459, and retained in RFC 3280, based on comments
> from Harald Alvestrand. As most of the recipients know, Harald is the
> Chair of the IETF, and a member of the IESG. Tim Polk spent a lot of
> time on this issue, negotiating the exact words with Harald and any
> others. The desire is for certificate issuers to embrace international
> character sets.
>
> Beyond this recap of the history, I will let Harald speak for himself.
>
> Russ
>
>
> ----------------------- Original Message -----------------------
> From: Masaki SHIMAOKA <shimaoka@secom.ne.jp>
> To: Tim Polk <tim.polk@nist.gov>, Stephen Kent <kent@bbn.com>,
> rhousley@rsasecurity.com, wford@verisign.com, dsolo@alum.mit.edu
> Date: Fri, 05 Dec 2003 16:09:10 +0900
> Subject: DN Encoding by UTF8String
>
> Dear Authors and WG Chairs,
>
> RFC3280 mentioned that "all certificates issued after Dec 31, 2003 MUST
> use UTF8String encoding".
>
> However, it seems that some applications do not yet support UTF8String
> respectably and the detail of name comparison rule does not consider
> UTF8String sufficiently.
>
> Therefore, existing CAs using except UTF8String for DN encoding SHOULD
> do the following actions until solving these UTF8String problem.
>
> An encoding for issuer field of the certificates issued after 2004
> SHOULD be same as an encoding for subject field of CA certificate
> already issued.
>
> Is this correct?
>
> Of course, when the UTF8String problem solves, all certificates
> issuedMUST use UTF8String encoding.
> I worry that some confused CAs issue wrong certificates using UTF8String
> encoding forcibly, even though the CA had used another encoding till now.
>
> Best regards,
> -----
> Masaki SHIMAOKA
>
> SECOM Trust.net
> System Engineering Dpt.
> Tel: +81 422 91 8498 (ext.3605)
> Fax: +81 422 45 0536
> e-mail: shimaoka@secom.ne.jp
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8FT3ib079289 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 07:29:03 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8FT26l079288 for ietf-pkix-bks; Mon, 8 Dec 2003 07:29:03 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8FT1ib079276 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 07:29:02 -0800 (PST) (envelope-from cwallace@orionsec.com)
Received: from wcwallace (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id hB8FT0oO011730; Mon, 8 Dec 2003 10:29:00 -0500
From: "Carl Wallace" <cwallace@orionsec.com>
To: "'David Engberg'" <dengberg@corestreet.com>
Cc: "'Deacon, Alex'" <alex@verisign.com>, "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, <ietf-pkix@imc.org>
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Mon, 8 Dec 2003 10:28:55 -0500
Message-ID: <000701c3bda0$01491690$9a00a8c0@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: <3FD490E8.6030804@corestreet.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB8FT2ib079282
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> From: David Engberg [mailto:dengberg@corestreet.com]
> Subject: Re: Cached OCSP responses vs. single entry CRLs
>
> In terms of how an implementation produces and distributes
> pre-generated OCSP responses, there are a large number of mechanisms to do
this
> (pushing, pulling, rsync, fedex CD-ROMs, etc.). None of these are
> visible to the relying parties, so I don't think there needs
> to be any mandatory implementation in an RFC.
>
That it is not visible to relying parties does not necessarily remove a need
for standardization. It's easy to see where non-standardization of the
means of replication would lock folks into a particular vendor's solution.
For what it's worth, I'm not lobbying for additional standardization efforts
in that area. The point is that there exist today ample standards to deploy
a solution that is more or less functionally equivalent to "cached OCSP" or
"nonce not supported OCSP".
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8Ettib071581 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 06:55:55 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8Ettc1071580 for ietf-pkix-bks; Mon, 8 Dec 2003 06:55:55 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from the-humungus.corestreet.com ([68.162.232.130]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8Etsib071534 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 06:55:54 -0800 (PST) (envelope-from dengberg@corestreet.com)
Received: from corestreet.com (engberg.corestreet.com [192.168.2.87]) by the-humungus.corestreet.com (8.12.8/8.12.8) with ESMTP id hB8EtZxH029490; Mon, 8 Dec 2003 09:55:35 -0500
Message-ID: <3FD490E8.6030804@corestreet.com>
Date: Mon, 08 Dec 2003 09:55:36 -0500
From: David Engberg <dengberg@corestreet.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Carl Wallace <cwallace@orionsec.com>
CC: "'Deacon, Alex'" <alex@verisign.com>, "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, ietf-pkix@imc.org
Subject: Re: Cached OCSP responses vs. single entry CRLs
References: <000e01c3bd90$b3a967f0$9a00a8c0@hq.orionsec.com>
In-Reply-To: <000e01c3bd90$b3a967f0$9a00a8c0@hq.orionsec.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
"Cached OCSP" is just OCSP. The standard defines the binary message
formats between a client and some server, and includes specific language
around pre-generation. Any HTTP server that implements the protocol is
OCSP. There is an optional extension (nonce) in the protocol that a
caching-only server will currently ignore, but this is also in
compliance with the current spec (i.e. without the proposed MUST language).
There are dozens applications (like Netscape) that natively support
OCSP, as well as a fair number of appliances (Cisco VPN) and devices
(RIM Blackberry). Implementing OCSP typically requires no change in the
CA or certificate issuance.
In terms of how an implementation produces and distributes pre-generated
OCSP responses, there are a large number of mechanisms to do this
(pushing, pulling, rsync, fedex CD-ROMs, etc.). None of these are
visible to the relying parties, so I don't think there needs to be any
mandatory implementation in an RFC.
Carl Wallace wrote:
> The responses regarding lack of client side support are somewhat strange.
> It is not possible that deployed client-side support for partitioned CRLs is
> less than deployed client-side support for the yet-to-be-defined solution
> for cached OCSP.
>
> On the other side of the transaction, what is the protocol used to populate
> the responders that serve pre-produced responses? Is this something that
> would need to be standardized too? There are already standards-based means
> of replicating directories.
>
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8DdTib046103 for <ietf-pkix-bks@above.proper.com>; Mon, 8 Dec 2003 05:39:29 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB8DdTDw046102 for ietf-pkix-bks; Mon, 8 Dec 2003 05:39:29 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB8DdSib046087 for <ietf-pkix@imc.org>; Mon, 8 Dec 2003 05:39:28 -0800 (PST) (envelope-from cwallace@orionsec.com)
Received: from wcwallace (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id hB8DdRoO025353; Mon, 8 Dec 2003 08:39:28 -0500
From: "Carl Wallace" <cwallace@orionsec.com>
To: "'Deacon, Alex'" <alex@verisign.com>, "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, <ietf-pkix@imc.org>
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Mon, 8 Dec 2003 08:39:22 -0500
Message-ID: <000e01c3bd90$b3a967f0$9a00a8c0@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <F5678115F458B4458C227F0EC02691BB02BA8568@mou1wnexm04.vcorp.ad.vrsn.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB8DdSib046098
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Response to following two comments below...
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Deacon, Alex
> Sent: Friday, December 05, 2003 7:05 PM
> Subject: RE: Cached OCSP responses vs. single entry CRLs
>
> We looked into this. The problem is that client support for
> "crl partitioning" (in this case a partition by individual
> serial number) is just about non-existant.
>
> Alex
>
> From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]
> Sent: Friday, December 05, 2003 6:30 PM
> Subject: RE: Cached OCSP responses vs. single entry CRLs
>
> Carl there are a number of reasons, one of the most
> significant being backwards compatibility; many existing
> client implementations do not support partitioned CRLs and
> there is not way to tell from a CDP if the data on the other
> end represents a partitioned CRL or a full one.
>
> Additionally there are commercial OCSP responders out there
> that support this concept, yet very few CAs support the use
> of portioned CRLs to that granularity.
>
> Ryan
The responses regarding lack of client side support are somewhat strange.
It is not possible that deployed client-side support for partitioned CRLs is
less than deployed client-side support for the yet-to-be-defined solution
for cached OCSP.
On the other side of the transaction, what is the protocol used to populate
the responders that serve pre-produced responses? Is this something that
would need to be standardized too? There are already standards-based means
of replicating directories.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB84K2ib068902 for <ietf-pkix-bks@above.proper.com>; Sun, 7 Dec 2003 20:20:02 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB84K2qq068901 for ietf-pkix-bks; Sun, 7 Dec 2003 20:20:02 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB84K0ib068873 for <ietf-pkix@imc.org>; Sun, 7 Dec 2003 20:20:00 -0800 (PST) (envelope-from housley@vigilsec.com)
Received: (qmail 17146 invoked by uid 0); 8 Dec 2003 04:19:37 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (12.104.90.162) by woodstock.binhost.com with SMTP; 8 Dec 2003 04:19:37 -0000
Message-Id: <5.2.0.9.2.20031206131718.03d11d70@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Sat, 06 Dec 2003 13:29:28 -0500
To: shimaoka@secom.ne.jp, ietf-pkix@imc.org
From: Russ Housley <housley@vigilsec.com>
Subject: Re: DN Encoding by UTF8String
Cc: harald@alvestrand.no
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This was added to RFC 2459, and retained in RFC 3280, based on comments
from Harald Alvestrand. As most of the recipients know, Harald is the
Chair of the IETF, and a member of the IESG. Tim Polk spent a lot of time
on this issue, negotiating the exact words with Harald and any others. The
desire is for certificate issuers to embrace international character sets.
Beyond this recap of the history, I will let Harald speak for himself.
Russ
----------------------- Original Message -----------------------
From: Masaki SHIMAOKA <shimaoka@secom.ne.jp>
To: Tim Polk <tim.polk@nist.gov>, Stephen Kent <kent@bbn.com>,
rhousley@rsasecurity.com, wford@verisign.com, dsolo@alum.mit.edu
Date: Fri, 05 Dec 2003 16:09:10 +0900
Subject: DN Encoding by UTF8String
Dear Authors and WG Chairs,
RFC3280 mentioned that "all certificates issued after Dec 31, 2003 MUST
use UTF8String encoding".
However, it seems that some applications do not yet support UTF8String
respectably and the detail of name comparison rule does not consider
UTF8String sufficiently.
Therefore, existing CAs using except UTF8String for DN encoding SHOULD
do the following actions until solving these UTF8String problem.
An encoding for issuer field of the certificates issued after 2004
SHOULD be same as an encoding for subject field of CA certificate
already issued.
Is this correct?
Of course, when the UTF8String problem solves, all certificates
issuedMUST use UTF8String encoding.
I worry that some confused CAs issue wrong certificates using UTF8String
encoding forcibly, even though the CA had used another encoding till now.
Best regards,
-----
Masaki SHIMAOKA
SECOM Trust.net
System Engineering Dpt.
Tel: +81 422 91 8498 (ext.3605)
Fax: +81 422 45 0536
e-mail: shimaoka@secom.ne.jp
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB74iuib022504 for <ietf-pkix-bks@above.proper.com>; Sat, 6 Dec 2003 20:44:56 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB74iuHC022503 for ietf-pkix-bks; Sat, 6 Dec 2003 20:44:56 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB74itib022498 for <ietf-pkix@imc.org>; Sat, 6 Dec 2003 20:44:55 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id C678B34078; Sun, 7 Dec 2003 17:44:34 +1300 (NZDT)
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id hB74isL23080; Sun, 7 Dec 2003 17:44:54 +1300
Date: Sun, 7 Dec 2003 17:44:54 +1300
Message-Id: <200312070444.hB74isL23080@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: hnn@hansnilsson.se, ietf-pkix@imc.org
Subject: RE: Certificate Policy Standardization
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
"Hans Nilsson" <hnn@hansnilsson.se> writes:
>Very funny, as usual, Peter. However, let me just spoil your joke a bit.
It wasn't a joke (maybe you missed the recent discussion, in which case you
may want to check the list archives for earlier posts). That was a
business/legal analysis of how to best use and apply cert policies.
>>The reason why this is approach is used is that if you changed your OID when
>>your policy changes, you'd have to re-issue all your certs, which no-one
>>wants to do.
>
>Why re-issue?? Old certs with old policy-OID are still fine and valid, but
>from now on the CA just issues new certs according to its new policy, with
>new OID.
No, I think you're confusing the cert with a rent-controlled apartment there.
The T&C for use don't continue to be whatever they were in 1949 when you first
got the thing, they change over time, appropriate cert use is defined by
whatever the T&C currently are, and the cert policy extension tells the user
where they can find the T&C online, just like any (non-cert-based)
alternative. The intent of the legal analysis was to determine the
appropriate way to use the cert policy (from a business/legal perspective),
and that was to treat it as a standard T&C arrangement.
Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB73x7ib021094 for <ietf-pkix-bks@above.proper.com>; Sat, 6 Dec 2003 19:59:07 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB73x7cv021093 for ietf-pkix-bks; Sat, 6 Dec 2003 19:59:07 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ns.malpani.biz (adsl-63-194-89-166.dsl.snfc21.pacbell.net [63.194.89.166]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB73x7ib021087 for <ietf-pkix@imc.org>; Sat, 6 Dec 2003 19:59:07 -0800 (PST) (envelope-from ambarish@malpani.biz)
Received: from ambarisht40 (ns.malpani.biz [192.168.25.5]) by ns.malpani.biz (8.12.9/8.12.9) with ESMTP id hB73wvOD001889; Sat, 6 Dec 2003 19:58:58 -0800
From: "Ambarish Malpani" <ambarish@malpani.biz>
To: "'Michael Myers'" <mmyers@fastq.com>, "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Sat, 6 Dec 2003 19:57:52 -0800
Message-ID: <B04FB2812116384A87D2968369C08697524E34@fosters.cenzic.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <EOEGJNFMMIBDKGFONJJDEEPCDFAA.mmyers@fastq.com>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Can we break this discussion up into two parts (and maybe even
have a couple of straw polls)?
1. When a server sees a nonce in a request, should the spec
require a server to include the nonce in the response or
return an error (as recommended by Russ) or should the spec
recommend the server include the nonce (as requested by Ryan,
Alex and David and maybe Florian).
2. Does there need to be a way of a server to indicate to a
client that it doesn't support nonces. If there does, I
assume everybody agrees that the way should be a secure
way.
Does this help clarify the issues?
Regards,
Ambarish
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Michael Myers
> Sent: Friday, December 05, 2003 10:47 AM
> To: Ryan M. Hurst; ietf-pkix@imc.org
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
>
>
> > From: Ryan M. Hurst
> > Sent: Friday, December 05, 2003 10:57 AM
> >
> > [rmh]As I said, I am willing to accept the
> > must reject if that means that others will
> > drop the idea of adding breaking changes to
> > the v1 protocol.
>
> So now we've come full circle. A plain MUST reject is where
> we got started and which principle Russ affirmed in
> Minneapolis. I'm curious what others think.
>
> Mike
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB6MEqib010885 for <ietf-pkix-bks@above.proper.com>; Sat, 6 Dec 2003 14:14:52 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB6MEqjB010883 for ietf-pkix-bks; Sat, 6 Dec 2003 14:14:52 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB6MElib010861 for <ietf-pkix@imc.org>; Sat, 6 Dec 2003 14:14:48 -0800 (PST) (envelope-from oelmaier@sytrust.com)
Received: from fwd10.aul.t-online.de by mailout09.sul.t-online.com with smtp id 1ASkhM-00063V-06; Sat, 06 Dec 2003 23:14:48 +0100
Received: from hagen (TtP7YsZDQeGuyQzTOXJlj5u5+xVI5-V0XecSus6gDLM79h7KxH4sEq@[80.128.90.202]) by fmrl10.sul.t-online.com with esmtp id 1ASkh5-1sBzH60; Sat, 6 Dec 2003 23:14:31 +0100
From: "Florian Oelmaier" <oelmaier@sytrust.com>
To: "'Peter Sylvester'" <Peter.Sylvester@EdelWeb.fr>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Sat, 6 Dec 2003 23:14:29 +0100
Organization: SyTrust
Message-ID: <00b501c3bc46$52009b90$4228a8c0@hagen>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <200312041125.hB4BPYO10465@chandon.edelweb.fr>
X-Seen: false
X-ID: TtP7YsZDQeGuyQzTOXJlj5u5+xVI5-V0XecSus6gDLM79h7KxH4sEq@t-dialin.net
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> > OCSPNonce ::= CHOICE {
> > nonceValue OCTET STRING,
> > unsupported NULL }
>
> Another way may be
>
> nonceValue OCTET STRING OPTIONAL -- unsupported if omitted.
>
Hehe. Nice one. Server-generated nonces :) I like that idea. Thats
exactly what CertControl does right now.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB61rRib082049 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 17:53:27 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB61rRuR082048 for ietf-pkix-bks; Fri, 5 Dec 2003 17:53:27 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ns.malpani.biz (adsl-63-194-89-166.dsl.snfc21.pacbell.net [63.194.89.166]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB61rQib082041 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 17:53:26 -0800 (PST) (envelope-from ambarish@malpani.biz)
Received: from ambarisht40 (ns.malpani.biz [192.168.25.5]) by ns.malpani.biz (8.12.9/8.12.9) with ESMTP id hB61rD2B026931; Fri, 5 Dec 2003 17:53:13 -0800
From: "Ambarish Malpani" <ambarish@malpani.biz>
To: <liaquat.khan@ascertia.com>, "'David Engberg'" <dave@corestreet.com>
Cc: "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 17:52:08 -0800
Message-ID: <B04FB2812116384A87D2968369C08697524E2F@fosters.cenzic.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
In-Reply-To: <003501c3bb2d$65ca8740$e8a47ad5@LiaquatDELL>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I agree completely with Liaquat.
Ambarish
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Liaquat Khan
> Sent: Friday, December 05, 2003 4:43 AM
> To: 'David Engberg'
> Cc: 'Ryan M. Hurst'; 'Florian Oelmaier'; ietf-pkix@imc.org
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
>
> It's interesting what you say about "one-size-fits-all". My
> view is you have to look at things from the RPs point of
> view, i.e. as a relying party, I only care what's best for
> me. Therefore either nonces are important to me or they are
> not (I don't particularly care whether OCSP responder's
> support them or not).
>
> Therefore from a RP perspective a single security policy is
> probably want you do want. Also from a security perspective,
> you don't want to make special cases unless you think that
> communication between that particular server is secure
> against such threats and hence the protection is not required.
>
> I think it is sufficient to make OCSP clients configurable on
> whether to include a nonce or not (since the protocol already
> identifies it as an optional item) and then leave it up the
> local administrator to define what suits them according to
> their local security policy. I should add though that if you
> include a nonce in the request you MUST reject a response if
> it doesn't include a nonce (or a correct one).
>
> Regards,
> LK
>
>
> -----Original Message-----
> From: David Engberg [mailto:dave@corestreet.com]
> Sent: 05 December 2003 12:15
> To: liaquat.khan@ascertia.com
> Cc: 'Ryan M. Hurst'; 'Florian Oelmaier'; ietf-pkix@imc.org
> Subject: Re: DISCUSS: MUST reject in OCSPv1
>
>
> I agree that this is not a current problem that many people
> are seeing,
> because current OCSP use is primarily limited to small "internal"
> deployments where a one-size-fits-all security policy isn't an issue.
> If I'm only ever hitting one OCSP responder, a "require
> nonces from all
>
> servers" policy may be fine.
>
> On the other hand, when people start using OCSP for real-world
> interoperability, the nonce-related options in all existing
> clients will
>
> likely be too limited. For example, if ACME Amalgamated
> installs CAPI
> clients for its internal PKI users that are configured to "require
> nonces from every server," this client will immediately act
> up when apps
>
> try to verify SSL certs from Verisign if Verisign were to deploy a
> cache-based infrastructure.
>
> Without a spec refinement to handle the broader interopability case,
> most people will probably just turn off nonce support across
> the board
> rather than trying to reconcile their internal PKI with external ones
> that they interoperate with. Since I think nonces are
> actually negative
>
> for security on balance, I'm fine with this result, but I don't think
> this is the desired goal of everyone involved.
>
>
> Liaquat Khan wrote:
>
> >The situation "we would like to have nonces in OCSP requests as
> default,
> >but if the server legitimately doesn't support nonces we are
> happy to
> >forgo nonces or we will generate a fresh request without a nonce" is
> not
> >that common in my opinion. If such a case does exist, local policy
> will
> >probably be also happy to choose to not include a nonce in the OCSP
> >request message in the first place.
> >
> >
> >
>
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB61KHib080395 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 17:20:17 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB61KHvS080394 for ietf-pkix-bks; Fri, 5 Dec 2003 17:20:17 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB61KGib080389 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 17:20:16 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hB61KHA32336; Fri, 5 Dec 2003 18:20:17 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: "Deacon, Alex" <alex@verisign.com>, "Ryan M. Hurst" <rmh@windows.microsoft.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 18:22:21 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDMEPGDFAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: <F5678115F458B4458C227F0EC02691BB02BA8567@mou1wnexm04.vcorp.ad.vrsn.com>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Alex,
Comments embedded below.
Mike
> -----Original Message-----
> From: Deacon, Alex [mailto:alex@verisign.com]
> Sent: Friday, December 05, 2003 4:59 PM
> To: 'Michael Myers'; Ryan M. Hurst; ietf-pkix@imc.org
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
>
> If I could be ensured that every OCSP client used to
> hit ocsp.verisign.com would not include a nonce,
> then I would have no problem with a MUST reject.
Well, that probably won't happen in the given target
environment. But what you can do is tell them they shouldn't
while still providing them the full value of your OCSP services.
Given a sufficiently reliable clue, they probably won't do so
again.
> However because this environment receives requests
> from a heterogeneous population of clients over
> which we have no administrative control (to
> paraphrase an earlier email of yours), there will
> undoubtedly be cases where cert validation will
> fail....not because the cert has been revoked, but
> because the response does not include a nonce.
Not necessarily. Be up front about it. Tell them you don't
support nonces. Let them decide IAW local security policy
whether to fail path validation process. Give them a clue.
> I believe that clients should have the ability to
> make up their own mind (local policy) in determining
> if they should reject or accept such a response.
But to make that decision, they must be able to differentiate
between a server/service that chooses not to support nonces and
one that is willing to but which service is being blocked by an
attacker.
> A MUST reject would not allow for this or force a
> client to not be compliant with the spec.
Apologies in advance for being so blunt about this, but Section
4.4.1 of RFC 2560 opens with the sentence "The nonce
cryptographically binds a request and a response to prevent
replay attacks." I remain curious how disregard of a client's
nonce nonetheless achieves this intended effect. I further note
that RFC 3546 (TLS) defers to this precise section regarding
nonces.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB61Bpib079868 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 17:11:51 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB61BpLs079867 for ietf-pkix-bks; Fri, 5 Dec 2003 17:11:51 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB61Boib079858 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 17:11:50 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id CCCAF34003; Sat, 6 Dec 2003 14:11:32 +1300 (NZDT)
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id hB61Bqc09578; Sat, 6 Dec 2003 14:11:52 +1300
Date: Sat, 6 Dec 2003 14:11:52 +1300
Message-Id: <200312060111.hB61Bqc09578@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cwallace@orionsec.com, ietf-pkix@imc.org
Subject: Re: Cached OCSP responses vs. single entry CRLs
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
"Carl Wallace" <cwallace@orionsec.com> writes:
>Why use OCSP to convey pre-produced revocation information in the way that's
>being discussed? Why not use single entry CRLs? The functionality is
>similar and they could be propagated using existing technology (e.g.
>directories, 3280 compliant path processing clients, etc.).
Shhhh!!! You're not supposed to ask that question.
Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB604jib077117 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 16:04:45 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB604jo8077116 for ietf-pkix-bks; Fri, 5 Dec 2003 16:04:45 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB604iib077111 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 16:04:44 -0800 (PST) (envelope-from alex@verisign.com)
Received: from MOU1WNEXC03.vcorp.ad.vrsn.com (mailer3.verisign.com [65.205.251.55]) by peacock.verisign.com (8.12.10/) with ESMTP id hB604kW5028037; Fri, 5 Dec 2003 16:04:46 -0800 (PST)
Received: by mou1wnexc03.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <XLQFJKZH>; Fri, 5 Dec 2003 16:04:46 -0800
Message-ID: <F5678115F458B4458C227F0EC02691BB02BA8568@mou1wnexm04.vcorp.ad.vrsn.com>
From: "Deacon, Alex" <alex@verisign.com>
To: "'Carl Wallace'" <cwallace@orionsec.com>, ietf-pkix@imc.org
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Fri, 5 Dec 2003 16:04:46 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
We looked into this. The problem is that client support for "crl
partitioning" (in this case a partition by individual serial number) is just
about non-existant.
Alex
> -----Original Message-----
> From: Carl Wallace [mailto:cwallace@orionsec.com]
> Sent: Friday, December 05, 2003 1:09 PM
> To: ietf-pkix@imc.org
> Subject: Cached OCSP responses vs. single entry CRLs
>
>
>
> Why use OCSP to convey pre-produced revocation information in
> the way that's being discussed? Why not use single entry
> CRLs? The functionality is similar and they could be
> propagated using existing technology (e.g. directories, 3280
> compliant path processing clients, etc.).
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Nwlib076767 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 15:58:47 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5NwlXE076766 for ietf-pkix-bks; Fri, 5 Dec 2003 15:58:47 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Nwlib076761 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 15:58:47 -0800 (PST) (envelope-from alex@verisign.com)
Received: from MOU1WNEXC03.vcorp.ad.vrsn.com (mailer3.verisign.com [65.205.251.55]) by peacock.verisign.com (8.12.10/) with ESMTP id hB5NwmW5026810; Fri, 5 Dec 2003 15:58:48 -0800 (PST)
Received: by mou1wnexc03.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <XLQFJKQN>; Fri, 5 Dec 2003 15:58:48 -0800
Message-ID: <F5678115F458B4458C227F0EC02691BB02BA8567@mou1wnexm04.vcorp.ad.vrsn.com>
From: "Deacon, Alex" <alex@verisign.com>
To: "'Michael Myers'" <mmyers@fastq.com>, "Ryan M. Hurst" <rmh@windows.microsoft.com>, ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 15:58:47 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
If I could be ensured that every OCSP client used to hit ocsp.verisign.com
would not include a nonce, then I would have no problem with a MUST reject.
However because this environment receives requests from a heterogeneous
population of clients over which we have no administrative control (to
paraphrase an earlier email of yours), there will undoubtedly be cases where
cert validation will fail....not because the cert has been revoked, but
because the response does not include a nonce.
I believe that clients should have the ability to make up their own mind
(local policy) in determining if they should reject or accept such a
response. A MUST reject would not allow for this or force a client to not
be compliant with the spec.
Alex
> -----Original Message-----
> From: Michael Myers [mailto:mmyers@fastq.com]
> Sent: Friday, December 05, 2003 10:47 AM
> To: Ryan M. Hurst; ietf-pkix@imc.org
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
>
>
> > From: Ryan M. Hurst
> > Sent: Friday, December 05, 2003 10:57 AM
> >
> > [rmh]As I said, I am willing to accept the
> > must reject if that means that others will
> > drop the idea of adding breaking changes to
> > the v1 protocol.
>
> So now we've come full circle. A plain MUST reject is where
> we got started and which principle Russ affirmed in
> Minneapolis. I'm curious what others think.
>
> Mike
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Nk3ib076276 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 15:46:03 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5Nk3IB076275 for ietf-pkix-bks; Fri, 5 Dec 2003 15:46:03 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail2.microsoft.com (mail2.microsoft.com [131.107.3.124]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Nk2ib076269 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 15:46:02 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from INET-VRS-02.redmond.corp.microsoft.com ([157.54.8.110]) by mail2.microsoft.com with Microsoft SMTPSVC(6.0.3790.1041); Fri, 5 Dec 2003 15:45:53 -0800
Received: from 157.54.5.25 by INET-VRS-02.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 05 Dec 2003 15:30:41 -0800
Received: from RED-IMC-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-03.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 15:29:51 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by RED-IMC-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 15:29:23 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Fri, 5 Dec 2003 15:29:27 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.7122.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Fri, 5 Dec 2003 15:30:21 -0800
Message-ID: <DDE1793D7266AD488BB4F5E8D38EACB8041BC86D@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Cached OCSP responses vs. single entry CRLs
thread-index: AcO7hP1o5LzWA0tlTu2VJOU0Avl1CgAAjQfA
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
To: "Carl Wallace" <cwallace@orionsec.com>, <ietf-pkix@imc.org>
X-OriginalArrivalTime: 05 Dec 2003 23:29:27.0920 (UTC) FILETIME=[A0334700:01C3BB87]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB5Nk2ib076271
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Carl there are a number of reasons, one of the most significant being
backwards compatibility; many existing client implementations do not
support partitioned CRLs and there is not way to tell from a CDP if the
data on the other end represents a partitioned CRL or a full one.
Additionally there are commercial OCSP responders out there that support
this concept, yet very few CAs support the use of portioned CRLs to that
granularity.
Ryan
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Carl Wallace
Sent: Friday, December 05, 2003 1:09 PM
To: ietf-pkix@imc.org
Subject: Cached OCSP responses vs. single entry CRLs
Why use OCSP to convey pre-produced revocation information in the way
that's
being discussed? Why not use single entry CRLs? The functionality is
similar and they could be propagated using existing technology (e.g.
directories, 3280 compliant path processing clients, etc.).
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5MRMib072307 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 14:27:22 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5MRMiC072306 for ietf-pkix-bks; Fri, 5 Dec 2003 14:27:22 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5MRLib072279 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 14:27:21 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from mail5.microsoft.com ([157.54.6.156]) by mail4.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 14:27:23 -0800
Received: from inet-vrs-05.redmond.corp.microsoft.com ([157.54.6.157]) by mail5.microsoft.com with Microsoft SMTPSVC(6.0.3790.1039); Fri, 5 Dec 2003 14:27:25 -0800
Received: from 157.54.5.25 by inet-vrs-05.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 05 Dec 2003 14:27:17 -0800
Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-03.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 14:26:34 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 14:29:04 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Fri, 5 Dec 2003 14:26:10 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.7122.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 14:27:22 -0800
Message-ID: <DDE1793D7266AD488BB4F5E8D38EACB8041BC71E@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: DISCUSS: MUST reject in OCSPv1
thread-index: AcO7cU1ZyzGswbJfTKS9vATs7lhOWwADUTJg
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
To: "Michael Myers" <mmyers@fastq.com>, "David Engberg" <dave@corestreet.com>
Cc: <liaquat.khan@ascertia.com>, "Florian Oelmaier" <oelmaier@sytrust.com>, <ietf-pkix@imc.org>
X-OriginalArrivalTime: 05 Dec 2003 22:26:10.0408 (UTC) FILETIME=[C8B4EE80:01C3BB7E]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB5MRLib072301
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Comments in-line
-----Original Message-----
From: Michael Myers [mailto:mmyers@fastq.com]
Sent: Friday, December 05, 2003 12:52 PM
To: Ryan M. Hurst; David Engberg
Cc: liaquat.khan@ascertia.com; 'Florian Oelmaier'; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
> From: Ryan M. Hurst
> Sent: Friday, December 05, 2003 12:25 PM
>
> [rmh] But what prevents the nonce unsupported
> response from being replayed?
While a caveated response can be replayed, it bears with it
unambiguous signed proof that the client's request for
anti-replay would not have been successful in the first place.
[rmh] Once again why does this matter, isn't that what you get by
getting the nonceless response back?
This is substantially different from replay of a nonceless
response captured from a server able and willing to support
nonces, but also able and willing to support non-nonced requests
(hence the capture and replay).
[rmh] But an attacker could just replay a response without this value,
how can this be relied upon?
In the former case, the replay protection is not there to begin
with and the server/service is being forthright about that. Any
lawyer will tell you, full disclosure is good thing, especially
in the case when one has no contracted relationship with a
relying party.
[rmh] But if no client decision is being made off of this data, why
include it? Why break existing implementations?
In the latter case, anti-replay *is* available but the client is
being blocked from it by an attacker. This is not so good.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5MQ7ib072217 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 14:26:07 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5MQ70K072216 for ietf-pkix-bks; Fri, 5 Dec 2003 14:26:07 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5MQ6ib072211 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 14:26:06 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hB5MQ6A21025; Fri, 5 Dec 2003 15:26:06 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: "Carl Wallace" <cwallace@orionsec.com>, <ietf-pkix@imc.org>
Subject: RE: Cached OCSP responses vs. single entry CRLs
Date: Fri, 5 Dec 2003 15:28:11 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDOEPEDFAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <000c01c3bb74$053cb190$9a00a8c0@hq.orionsec.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> From: Carl Wallace
> Sent: Friday, December 05, 2003 2:09 PM
>
> Why use OCSP to convey pre-produced revocation
> information in the way that's being discussed?
> Why not use single entry CRLs? The functionality
> is similar and they could be propagated using
> existing technology (e.g. directories, 3280
> compliant path processing clients, etc.)
Carl,
Funny you should mention that. The utility of CRL-based
approaches to the needs addressed by OCSP were amply debated in
the I-D phase of OCSP's development, principally between myself
and Carlisle Adams. The turning point came when that dialog
yielded the notion of nonces in OCSP.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5MAnib071363 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 14:10:49 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5MAnaN071361 for ietf-pkix-bks; Fri, 5 Dec 2003 14:10:49 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail3.microsoft.com (mail3.microsoft.com [131.107.3.123]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5MAlib071349 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 14:10:47 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from mail6.microsoft.com ([157.54.6.196]) by mail3.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 14:10:43 -0800
Received: from inet-vrs-06.redmond.corp.microsoft.com ([157.54.6.181]) by mail6.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Fri, 5 Dec 2003 14:11:36 -0800
Received: from 157.54.8.23 by inet-vrs-06.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 05 Dec 2003 14:10:42 -0800
Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 14:10:47 -0800
Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 14:12:29 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Fri, 5 Dec 2003 14:10:41 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.7122.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 14:10:45 -0800
Message-ID: <DDE1793D7266AD488BB4F5E8D38EACB8041BC6B6@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: DISCUSS: MUST reject in OCSPv1
thread-index: AcO7apO+ardawLSWT0aM7XnqqbiYgQAEC3Kg
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
To: "David Engberg" <dave@corestreet.com>
Cc: <liaquat.khan@ascertia.com>, "Florian Oelmaier" <oelmaier@sytrust.com>, <ietf-pkix@imc.org>
X-OriginalArrivalTime: 05 Dec 2003 22:10:41.0806 (UTC) FILETIME=[9F3782E0:01C3BB7C]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB5MAmib071356
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Comments in line
-----Original Message-----
From: David Engberg [mailto:dave@corestreet.com]
Sent: Friday, December 05, 2003 12:01 PM
To: Ryan M. Hurst
Cc: liaquat.khan@ascertia.com; 'Florian Oelmaier'; ietf-pkix@imc.org
Subject: Re: DISCUSS: MUST reject in OCSPv1
The value of 'nonceUnsupported' is to allow a client to distinguish
between 'a' and 'b' securely if that client cares about the difference
between the two. Without this mechanism, the client cannot securely
tell the difference.
It sounds like the argument is that no client will/should ever care
about this distinction. This is an argument about "business case"
rather than technology/security.
[rmh] I suppose so, I just don't see what the client would do with this
distinction; that's not to say there isn't something useful to be done
with it I just don't see it right now.
I believe that it would be valuable for many clients to make this
distinction. It allows a local security policy that permits
interoperabitliy with certs (e.g. SSL certs) from all sorts of
environments (e.g. with AIA fields). I'd say clients would use this to
implement a "use the security model that the server chooses" policy.
Not every client or user would choose this policy, but I believe some
clients would do so if permitted.
[rmh] Is that useful? How is that any different than saying don't
require nonces from this server?
The presence of a 'nonceSupported' extension doesn't just permit replay,
it encourages it (i.e. caching). The 'nonceSupported' extension may also
indicate that that server is not vulnerable to key compromise or DoS
attacks, and a client may choose to use that securely-transmitted
information in its decision making.
[rmh] I see what you're trying to get across here, but there may be
other reasons a responder may not be able to include a nonce; for
example as a mater of configuration it is possible that a responder
still has a key but for performance it still only issues pre-generated
responses.
Ryan M. Hurst wrote:
> comments in-line
>
>
------------------------------------------------------------------------
> *From:* David Engberg
> *Sent:* Fri 12/5/2003 11:17 AM
> *To:* Ryan M. Hurst
> *Cc:* liaquat.khan@ascertia.com; 'Florian Oelmaier'; ietf-pkix@imc.org
> *Subject:* Re: DISCUSS: MUST reject in OCSPv1
>
>Unfortunately, I think the anwer to Ryan's specific question is no. If
>you send a nonce and get back a response without that nonce under the
>current spec, you know either:
>
> a) The server does not support nonces
> b) An attacker is replaying a recorded response from a
>nonce-supporting server
>
>
>[rmh] This is absolutley true, but in either of these cases if the
client is attempting to protect against replay he would reject responses
in both a and b. And in not he wanted the "replay" (eg he wants caching
wherever he can get it)
>
>I think there needs to be another flag in the response (e.g.
>nonceUnsupported extension) to securely separate 'a' from 'b'.
>[rmh] But what prevents the nonce unsupported response from being
replayed?
>
>Ryan M. Hurst wrote:
>
>> 1.
>> What the responder returns if it can not return a nonce
>> 2.
>> What the client must do when it receives a response to a nonced
>> request
>>
>...
>
>> My take on #1 is that I don't see why the client needs to know that,
>> after all if the response to a nonced request does not contain the
>> same nonce doesn't that mean the server was unable to produce a
nonced
>> response?
>
>
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5L99ib067933 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 13:09:09 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5L99SO067932 for ietf-pkix-bks; Fri, 5 Dec 2003 13:09:09 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5L96ib067925 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 13:09:08 -0800 (PST) (envelope-from cwallace@orionsec.com)
Received: from wcwallace (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id hB5L96oO017810 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 16:09:07 -0500
From: "Carl Wallace" <cwallace@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: Cached OCSP responses vs. single entry CRLs
Date: Fri, 5 Dec 2003 16:09:01 -0500
Message-ID: <000c01c3bb74$053cb190$9a00a8c0@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Why use OCSP to convey pre-produced revocation information in the way that's
being discussed? Why not use single entry CRLs? The functionality is
similar and they could be propagated using existing technology (e.g.
directories, 3280 compliant path processing clients, etc.).
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Knbib066290 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 12:49:37 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5Knb9i066289 for ietf-pkix-bks; Fri, 5 Dec 2003 12:49:37 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Knaib066281 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 12:49:36 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hB5KnUA14645; Fri, 5 Dec 2003 13:49:30 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: "Ryan M. Hurst" <rmh@windows.microsoft.com>, "David Engberg" <dave@corestreet.com>
Cc: <liaquat.khan@ascertia.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 13:51:36 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDOEPDDFAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <23D34CEE-B951-4416-81C5-751B16CED60D@mimectl>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> From: Ryan M. Hurst
> Sent: Friday, December 05, 2003 12:25 PM
>
> [rmh] But what prevents the nonce unsupported
> response from being replayed?
While a caveated response can be replayed, it bears with it
unambiguous signed proof that the client's request for
anti-replay would not have been successful in the first place.
This is substantially different from replay of a nonceless
response captured from a server able and willing to support
nonces, but also able and willing to support non-nonced requests
(hence the capture and replay).
In the former case, the replay protection is not there to begin
with and the server/service is being forthright about that. Any
lawyer will tell you, full disclosure is good thing, especially
in the case when one has no contracted relationship with a
relying party.
In the latter case, anti-replay *is* available but the client is
being blocked from it by an attacker. This is not so good.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5KTtib064965 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 12:29:55 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5KTt0e064964 for ietf-pkix-bks; Fri, 5 Dec 2003 12:29:55 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5KTrib064959 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 12:29:54 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA23766; Fri, 5 Dec 2003 15:29:40 -0500 (EST)
Message-Id: <200312052029.PAA23766@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-sha244-00.txt
Date: Fri, 05 Dec 2003 15:29:40 -0500
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : A 224-bit One-way Hash Function: SHA-224
Author(s) : R. Housley
Filename : draft-ietf-pkix-sha244-00.txt
Pages : 6
Date : 2003-12-5
This document specifies a 224-bit one-way hash function, called
SHA-224. A SHA-224 has value is simply the truncation of the SHA-256
hash value. SHA-256 is the 256-bit one-way hash function specified
by the National Institute of Standards and Technology (NIST).
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-sha244-00.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-pkix-sha244-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-pkix-sha244-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <2003-12-5150834.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-sha244-00.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-pkix-sha244-00.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <2003-12-5150834.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5K1Wib063365 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 12:01:32 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5K1Wfe063364 for ietf-pkix-bks; Fri, 5 Dec 2003 12:01:32 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5K1Wib063358 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 12:01:32 -0800 (PST) (envelope-from dave@corestreet.com)
Received: from localhost (h005008001124.ne.client2.attbi.com[66.31.43.88]) by comcast.net (rwcrmhc12) with ESMTP id <2003120520011801400dnrene>; Fri, 5 Dec 2003 20:01:18 +0000
Received: from 167.sub-166-156-182.myvzw.com ([166.156.182.167] helo=corestreet.com) by localhost with asmtp (Exim 3.35 #1 (Debian)) id 1ASMAi-0000mM-00; Fri, 05 Dec 2003 15:03:29 -0500
Message-ID: <3FD0E418.4030103@corestreet.com>
Date: Fri, 05 Dec 2003 15:01:28 -0500
From: David Engberg <dave@corestreet.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Ryan M. Hurst" <rmh@windows.microsoft.com>
CC: liaquat.khan@ascertia.com, "'Florian Oelmaier'" <oelmaier@sytrust.com>, ietf-pkix@imc.org
Subject: Re: DISCUSS: MUST reject in OCSPv1
References: <DDE1793D7266AD488BB4F5E8D38EACB8041BBEA0@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>, <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL> <1BED1193-1DB5-4E45-8B2E-1B6FD2AFA617@mimectl>, <3FD0D9DA.4060506@corestreet.com> <23D34CEE-B951-4416-81C5-751B16CED60D@mimectl>
In-Reply-To: <23D34CEE-B951-4416-81C5-751B16CED60D@mimectl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
The value of 'nonceUnsupported' is to allow a client to distinguish
between 'a' and 'b' securely if that client cares about the difference
between the two. Without this mechanism, the client cannot securely
tell the difference.
It sounds like the argument is that no client will/should ever care
about this distinction. This is an argument about "business case"
rather than technology/security.
I believe that it would be valuable for many clients to make this
distinction. It allows a local security policy that permits
interoperabitliy with certs (e.g. SSL certs) from all sorts of
environments (e.g. with AIA fields). I'd say clients would use this to
implement a "use the security model that the server chooses" policy.
Not every client or user would choose this policy, but I believe some
clients would do so if permitted.
The presence of a 'nonceSupported' extension doesn't just permit replay,
it encourages it (i.e. caching). The 'nonceSupported' extension may also
indicate that that server is not vulnerable to key compromise or DoS
attacks, and a client may choose to use that securely-transmitted
information in its decision making.
Ryan M. Hurst wrote:
> comments in-line
>
> ------------------------------------------------------------------------
> *From:* David Engberg
> *Sent:* Fri 12/5/2003 11:17 AM
> *To:* Ryan M. Hurst
> *Cc:* liaquat.khan@ascertia.com; 'Florian Oelmaier'; ietf-pkix@imc.org
> *Subject:* Re: DISCUSS: MUST reject in OCSPv1
>
>Unfortunately, I think the anwer to Ryan's specific question is no. If
>you send a nonce and get back a response without that nonce under the
>current spec, you know either:
>
> a) The server does not support nonces
> b) An attacker is replaying a recorded response from a
>nonce-supporting server
>
>
>[rmh] This is absolutley true, but in either of these cases if the client is attempting to protect against replay he would reject responses in both a and b. And in not he wanted the "replay" (eg he wants caching wherever he can get it)
>
>I think there needs to be another flag in the response (e.g.
>nonceUnsupported extension) to securely separate 'a' from 'b'.
>[rmh] But what prevents the nonce unsupported response from being replayed?
>
>Ryan M. Hurst wrote:
>
>> 1.
>> What the responder returns if it can not return a nonce
>> 2.
>> What the client must do when it receives a response to a nonced
>> request
>>
>...
>
>> My take on #1 is that I don't see why the client needs to know that,
>> after all if the response to a nonced request does not contain the
>> same nonce doesn't that mean the server was unable to produce a nonced
>> response?
>
>
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5JQuib060659 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 11:26:56 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5JQueV060658 for ietf-pkix-bks; Fri, 5 Dec 2003 11:26:56 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5JQtib060645 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 11:26:55 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from inet-vrs-04.redmond.corp.microsoft.com ([157.54.8.149]) by mail4.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 11:26:54 -0800
Received: from 157.54.6.150 by inet-vrs-04.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 05 Dec 2003 11:26:51 -0800
Received: from RED-IMC-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 11:23:11 -0800
Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by RED-IMC-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 11:26:47 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Fri, 5 Dec 2003 11:26:49 -0800
Received: mail.windows.microsoft.com 157.54.12.84 from 157.54.0.150 157.54.0.150 via HTTP with MS-WebStorage 6.5.7122
Received: 157.54.0.150 157.54.0.150 from 157.54.1.70 157.54.1.70 via HTTP with MS-WebStorage 6.5.7122
MIME-Version: 1.0
Subject: RE: DISCUSS: MUST reject in OCSPv1
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
In-Reply-To: <3FD0D9DA.4060506@corestreet.com>
References: <DDE1793D7266AD488BB4F5E8D38EACB8041BBEA0@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>, <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL> <1BED1193-1DB5-4E45-8B2E-1B6FD2AFA617@mimectl>, <3FD0D9DA.4060506@corestreet.com>
To: David Engberg <dave@corestreet.com>
Cc: <liaquat.khan@ascertia.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, <ietf-pkix@imc.org>
Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary"
Thread-Topic: DISCUSS: MUST reject in OCSPv1
Thread-Index: AcO7ZXRvCeXhVpn0TyqjvzhxfkhO+w==
Message-ID: <23D34CEE-B951-4416-81C5-751B16CED60D@mimectl>
X-Mailer: Microsoft Outlook Web Access 6.5.7122.0
X-MimeCtl: Produced By Microsoft Exchange V6.5.7122.0
Date: Fri, 5 Dec 2003 11:24:51 -0800
X-OriginalArrivalTime: 05 Dec 2003 19:26:49.0228 (UTC) FILETIME=[BA8B2CC0:01C3BB65]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
boundary="_D7C207C0-CE9F-4DAF-9159-B5884580B364_"
--_D7C207C0-CE9F-4DAF-9159-B5884580B364_
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
comments in-line
From: David Engberg
Sent: Fri 12/5/2003 11:17 AM
To: Ryan M. Hurst
Cc: liaquat.khan@ascertia.com; 'Florian Oelmaier'; ietf-pkix@imc.org
Subject: Re: DISCUSS: MUST reject in OCSPv1
Unfortunately, I think the anwer to Ryan's specific question is no. If=20
you send a nonce and get back a response without that nonce under the=20
current spec, you know either:
a) The server does not support nonces
b) An attacker is replaying a recorded response from a=20
nonce-supporting server
[rmh] This is absolutley true, but in either of these cases if the client i=
s attempting to protect against replay he would reject responses in both a =
and b. And in not he wanted the "replay" (eg he wants caching wherever he c=
an get it)
I think there needs to be another flag in the response (e.g.=20
nonceUnsupported extension) to securely separate 'a' from 'b'.
[rmh] But what prevents the nonce unsupported response from being replayed?
Ryan M. Hurst wrote:
> 1.
> What the responder returns if it can not return a nonce
> 2.
> What the client must do when it receives a response to a nonced
> request
>
...
> My take on #1 is that I don't see why the client needs to know that,=20
> after all if the response to a nonced request does not contain the=20
> same nonce doesn't that mean the server was unable to produce a nonced=20
> response?
--_D7C207C0-CE9F-4DAF-9159-B5884580B364_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD>
<BODY>
<DIV id=3DidOWAReplyText63919 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>comments in-line=
</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> David Engberg<BR><B>Sent:</B> Fri=
12/5/2003 11:17 AM<BR><B>To:</B> Ryan M. Hurst<BR><B>Cc:</B> liaquat.khan@=
ascertia.com; 'Florian Oelmaier'; ietf-pkix@imc.org<BR><B>Subject:</B> Re: =
DISCUSS: MUST reject in OCSPv1<BR></FONT><BR></DIV>
<DIV><PRE style=3D"WORD-WRAP: break-word">Unfortunately, I think the anwer =
to Ryan's specific question is no. If=20
you send a nonce and get back a response without that nonce under the=20
current spec, you know either:
a) The server does not support nonces
b) An attacker is replaying a recorded response from a=20
nonce-supporting server
</PRE><PRE style=3D"WORD-WRAP: break-word">[rmh] This is absolutley true, b=
ut in either of these cases if the client is attempting to protect against =
replay he would reject responses in both a and b. And in not he wanted the =
"replay" (eg he wants caching wherever he can get it)</PRE><PRE style=3D"WO=
RD-WRAP: break-word">I think there needs to be another flag in the response=
(e.g.=20
nonceUnsupported extension) to securely separate 'a' from 'b'.
[rmh] But what prevents the nonce unsupported response from being replayed?
Ryan M. Hurst wrote:
> 1.
> What the responder returns if it can not return a nonce
> 2.
> What the client must do when it receives a response to a nonced
> request
>
...
> My take on #1 is that I don't see why the client needs to know that,=20
> after all if the response to a nonced request does not contain the=20
> same nonce doesn't that mean the server was unable to produce a nonced=
=20
> response?
</PRE></DIV></BODY></HTML>
--_D7C207C0-CE9F-4DAF-9159-B5884580B364_--
--------------InterScan_NT_MIME_Boundary--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5JHZib059843 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 11:17:35 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5JHZNG059842 for ietf-pkix-bks; Fri, 5 Dec 2003 11:17:35 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5JHZib059836 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 11:17:35 -0800 (PST) (envelope-from dave@corestreet.com)
Received: from localhost (h005008001124.ne.client2.attbi.com[66.31.43.88]) by comcast.net (rwcrmhc11) with ESMTP id <2003120519173101300muinve>; Fri, 5 Dec 2003 19:17:31 +0000
Received: from 30.sub-166-156-165.myvzw.com ([166.156.165.30] helo=corestreet.com) by localhost with asmtp (Exim 3.35 #1 (Debian)) id 1ASLUP-0000ln-00; Fri, 05 Dec 2003 14:19:46 -0500
Message-ID: <3FD0D9DA.4060506@corestreet.com>
Date: Fri, 05 Dec 2003 14:17:46 -0500
From: David Engberg <dave@corestreet.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Ryan M. Hurst" <rmh@windows.microsoft.com>
CC: liaquat.khan@ascertia.com, "'Florian Oelmaier'" <oelmaier@sytrust.com>, ietf-pkix@imc.org
Subject: Re: DISCUSS: MUST reject in OCSPv1
References: <DDE1793D7266AD488BB4F5E8D38EACB8041BBEA0@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>, <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL> <1BED1193-1DB5-4E45-8B2E-1B6FD2AFA617@mimectl>
In-Reply-To: <1BED1193-1DB5-4E45-8B2E-1B6FD2AFA617@mimectl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Unfortunately, I think the anwer to Ryan's specific question is no. If
you send a nonce and get back a response without that nonce under the
current spec, you know either:
a) The server does not support nonces
b) An attacker is replaying a recorded response from a
nonce-supporting server
I think there needs to be another flag in the response (e.g.
nonceUnsupported extension) to securely separate 'a' from 'b'.
Ryan M. Hurst wrote:
> 1.
> What the responder returns if it can not return a nonce
> 2.
> What the client must do when it receives a response to a nonced
> request
>
...
> My take on #1 is that I don't see why the client needs to know that,
> after all if the response to a nonced request does not contain the
> same nonce doesn't that mean the server was unable to produce a nonced
> response?
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5JFBib059687 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 11:15:11 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5JFBNk059686 for ietf-pkix-bks; Fri, 5 Dec 2003 11:15:11 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from rhenium.btinternet.com (rhenium.btinternet.com [194.73.73.93]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5JF9ib059679 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 11:15:09 -0800 (PST) (envelope-from liaquat.khan@ascertia.com)
Received: from dial81-135-74-253.in-addr.btopenworld.com ([81.135.74.253] helo=LiaquatDELL) by rhenium.btinternet.com with esmtp (Exim 3.22 #25) id 1ASLPq-0001fa-00; Fri, 05 Dec 2003 19:15:02 +0000
Reply-To: <liaquat.khan@ascertia.com>
From: "Liaquat Khan" <liaquat.khan@ascertia.com>
To: "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, "'David Engberg'" <dave@corestreet.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 19:14:51 -0000
Message-ID: <003201c3bb64$130dc8a0$fd4a8751@LiaquatDELL>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0033_01C3BB64.130DC8A0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <1BED1193-1DB5-4E45-8B2E-1B6FD2AFA617@mimectl>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------=_NextPart_000_0033_01C3BB64.130DC8A0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
See my comments inline.
Regards,
LK
-----Original Message-----
From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]
Sent: 05 December 2003 17:16
To: liaquat.khan@ascertia.com; 'Florian Oelmaier'; 'David Engberg';
ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Liaquat - I don't think there is any disagreement on weather it is up to
the client or not on including the nonce, there is however disagreement
on:
1. What the responder returns if it can not return a nonce
2. What the client must do when it receives a response to a nonced
request
For #1 my stance has been that the server should always return a
authoritative response.
LK: I agree (precisely for the reason you give for #2, i.e. this replay
protection was requested by the client, so let the client decide whether
or not it wants to go ahead and accept a nonce-less response. Our ARP
client will currently reject such nonce-less responses, if it included a
nonce in the outgoing message.)
For #2 my stance has been that just like the decision to include the
nonce in the first place its up to the client to decide what to do with
it when he gets it back, and that clients wanting replay protection
SHOULD reject responses that do not contain the nonce from their
request.
That being said others believe:
For #1 that the server needs to return a special response indicating it
is not capable of supporting nonces
For #2 that the client has no choice on what to do with the nonce in the
response if he included a nonce in the request.
My take on #1 is that I don't see why the client needs to know that,
after all if the response to a nonced request does not contain the same
nonce doesn't that mean the server was unable to produce a nonced
response?
LK: I assume the others believe that if you can indicate in a special
way that a nonce-less response is still "trustworthy".i.e. the only
reason it doesn't contain a nonce is because it's coming from a keyless
responder otherwise it's trustworthy. Rather than a normal nonce-less
response which may be coming from a keyless responder or may be a
replay! Assuming my understanding is correct, I still think this is
unnecessary complication. Even in this case the final decision will
still remain with the client on what to do next.i.e. the client may
accept the response or reject it depending on local policy..so what are
you gaining??
Changing the protocol by adjusting the ASN.1 of the nonce, adding a new
extension or error code, or adding special semantics to the value of the
nonce will break the existing implementations out there and its not
clear to me why this is needed (especialy in v1).
My take on #2 is that its a matter of policy of the client to the
client, but if accepting the MUST reject text here gets us out of #1
which will break clients I will accept it.
Ryan
_____
From: Liaquat Khan
Sent: Thu 12/4/2003 10:54 PM
To: 'Ryan M. Hurst'; 'Florian Oelmaier'; 'David Engberg';
ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Ryan,
We also agree with your viewpoint, particular the point about a nonce
being a matter for local client policy.
In the various OCSP clients we have, the option of whether to include
nonce or not in the request message is left to local policy (i.e. the
administrator can configure whether or not nonce is included in the
request message).
If the administrator decides nonces are necessary (to prevent replays)
then he/she will select these and our OCSP clients will include these in
the requests. Now if an OCSP response is received back without a nonce
it will be rejected by our OCSP clients.
On the other hand, if the administrator feels nonces are not required
(to allow for cached responses) then he/she will not select to include
one in outgoing responses.
The situation "we would like to have nonces in OCSP requests as default,
but if the server legitimately doesn't support nonces we are happy to
forgo nonces or we will generate a fresh request without a nonce" is not
that common in my opinion. If such a case does exist, local policy will
probably be also happy to choose to not include a nonce in the OCSP
request message in the first place.
Regards,
Liaquat
Ascertia Limited, Orchard Building, Royal Holloway, Egham, Surrey, TW20
OEX
tel: +44(0)1784 497 321, fax: +44(0)1784 497301, mobile: +44 (0)7776
308766
website: www.ascertia.com
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Ryan M. Hurst
Sent: 05 December 2003 01:41
To: Florian Oelmaier; David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
I am concerned with the idea of making any change to the standard that
"changes the 5 year old protocol".
This is particularly true since I don't see anyone on the list saying
this NonceUnsupported is needed, just that they would accept it.
I still think what is done with the nonce is a matter of local (client)
policy, and that if replay protection is desired responses not
containing the requested nonce MUST be rejected.
But since I appear to be odd man out on this, I would rather see us fall
back to Russ's original recommendation of MUST reject than break a 5
year old standard.
Ryan
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Florian Oelmaier
Sent: Thursday, December 04, 2003 1:47 AM
To: David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
> I like the elegance of Russ and Florian's ideas for securely
signalling
> that a server doesn't support nonces by using a special value for the
> nonce in replies. This seems like the "right" place to put this
message
> to the client.
Just for the record: I think you are referring to our server-generated
nonces when you talk about "Florian's idea". And while Russel is
signalling "NonceUnsupported" with a special nonce-value, we are
singalling "NonceSupported" with the inclusion of a nonce into every
request (mirrored from the request or server-generated). Thus we are not
subject to the attack you mention, as this does not need any additional
code in any existing client.
Russ proposal is a change in the protocol. Thus we need to update all
the clients and servers out there. Seeing that the proposed change is
needed and recognizing it as a good solution, I would accept this.
--
Florian Oelmaier
SyTrust
------=_NextPart_000_0033_01C3BB64.130DC8A0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C3BB64.0E79C190">
<link rel=3DEdit-Time-Data href=3D"cid:editdata.mso@01C3BB64.0E79C190">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
pre
{margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Courier New";
mso-fareast-font-family:"Times New Roman";}
span.EmailStyle18
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
mso-header-margin:35.4pt;
mso-footer-margin:35.4pt;
mso-paper-source:0;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:613288137;
mso-list-template-ids:-2079034812;}
@list l0:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:36.0pt'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>See my comments inline.<span
style=3D'mso-spacerun:yes'> </span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Regards,<o:p></o:p></span></font></p=
>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>LK<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Ryan M. Hurst
[mailto:rmh@windows.microsoft.com] <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> 05 December 2003 =
17:16<br>
<b><span style=3D'font-weight:bold'>To:</span></b> =
liaquat.khan@ascertia.com;
'Florian Oelmaier'; 'David Engberg'; ietf-pkix@imc.org<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: DISCUSS: =
MUST reject
in OCSPv1</span></font><o:p></o:p></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<div id=3DidOWAReplyText48938>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
color=3Dblack
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:black'>Liaquat
- I don't think there is any disagreement on weather it is up to the =
client or
not on including the nonce, there is however disagreement =
on:</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
margin-left:72.0pt;text-indent:-18.0pt;mso-list:l0 level1 =
lfo2;tab-stops:list 72.0pt'><![if !supportLists]><font
size=3D3 color=3Dnavy face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;
color:navy'><span style=3D'mso-list:Ignore'>1.<font size=3D1 =
face=3D"Times New Roman"><span
style=3D'font:7.0pt "Times New Roman"'> =
</span></font></span></span></font><![endif]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>What the
responder returns if it can not return a nonce</span></font><font =
color=3Dnavy><span
style=3D'color:navy'><o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
margin-left:72.0pt;text-indent:-18.0pt;mso-list:l0 level1 =
lfo2;tab-stops:list 72.0pt'><![if !supportLists]><font
size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt'><span
style=3D'mso-list:Ignore'>2.<font size=3D1 face=3D"Times New =
Roman"><span
style=3D'font:7.0pt "Times New Roman"'> =
</span></font></span></span></font><![endif]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>What the
client must do when it receives a response to a nonced =
request</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>For #1 my stance has been =
that the
server should always return a authoritative =
response.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>LK: I agree (precisely for the =
reason you
give for #2, i.e. this replay protection was requested by the client, so =
let
the client decide whether or not it wants to go ahead and accept a =
nonce-less
response.<span style=3D'mso-spacerun:yes'> </span>Our ARP client =
will
currently reject such nonce-less responses, if it included a nonce in =
the
outgoing message.)<span style=3D'mso-spacerun:yes'> =
</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>For #2 my stance has been =
that just
like the decision to include the nonce in the first place its up to the =
client
to decide what to do with it when he gets it back, and that clients =
wanting
replay protection SHOULD reject responses that do not contain the nonce =
from
their request.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>That being said others =
believe:</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>For #1 that the server =
needs to
return a special response indicating it is not capable of supporting =
nonces</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>For #2 that the client has =
no choice
on what to do with the nonce in the response if he included a nonce in =
the
request.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>My take on #1 is that I =
don't see
why the client needs to know that, after all if the response to a nonced
request does not contain the same nonce doesn't that mean the server was =
unable
to produce a nonced response? <o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>LK: I assume the others believe =
that if
you can indicate in a special way that a nonce-less response is still
“trustworthy”…i.e. the only reason it doesn’t =
contain a
nonce is because it’s coming from a keyless responder otherwise
it’s trustworthy.<span style=3D'mso-spacerun:yes'>
</span>Rather than a normal nonce-less response which may be coming from =
a
keyless responder or may be a replay!<span =
style=3D'mso-spacerun:yes'>
</span>Assuming my understanding is correct, I still think this is =
unnecessary
complication.<span style=3D'mso-spacerun:yes'> </span>Even =
in this
case the final decision will still remain with the client on what to do
next…i.e. the client may accept the response or reject it =
depending on
local policy….so what are you =
gaining??<o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Changing the protocol by =
adjusting
the ASN.1 of the nonce, adding a new extension or error code, or adding =
special
semantics to the value of the nonce will break the existing =
implementations out
there and its not clear to me why this is needed (especialy in =
v1).<o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>My take on #2 is that its a =
matter
of policy of the client to the client, but if accepting the MUST reject
text here gets us out of #1 which will break clients I will =
accept
it.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Ryan</span></font> <o:p=
></o:p></p>
</div>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<div style=3D'margin-left:36.0pt'>
<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>
<hr size=3D3 width=3D"100%" align=3Dcenter>
</span></font></div>
</div>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:
12.0pt;margin-left:36.0pt'><b><font size=3D2 face=3DTahoma><span =
style=3D'font-size:
10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> Liaquat
Khan<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Thu 12/4/2003 10:54 =
PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> 'Ryan M. Hurst'; =
'Florian
Oelmaier'; 'David Engberg'; ietf-pkix@imc.org<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: DISCUSS: =
MUST reject
in OCSPv1</span></font><o:p></o:p></p>
</div>
<div><pre style=3D'margin-left:36.0pt;WORD-WRAP: break-word'><font =
size=3D2
face=3D"Courier New"><span =
style=3D'font-size:10.0pt'>Ryan,<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>We also agree with your viewpoint, particular =
the point about a nonce<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>being a matter for local client policy.<span =
style=3D'mso-spacerun:yes'> =
</span><o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>In the various OCSP clients we have, the =
option of whether to include<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>nonce or not in the request message is left =
to local policy (i.e. the<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>administrator can configure whether or not =
nonce is included in the<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>request message). =
<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>If the administrator decides nonces are =
necessary (to prevent replays)<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>then he/she will select these and our OCSP =
clients will include these in<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>the requests.<span =
style=3D'mso-spacerun:yes'> </span>Now if an OCSP response is =
received back without a nonce<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>it will be rejected by our OCSP =
clients.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>On the other hand, if the administrator feels =
nonces are not required<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>(to allow for cached responses) then he/she =
will not select to include<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>one in outgoing responses. =
<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>The situation "we would like to have =
nonces in OCSP requests as default,<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>but if the server legitimately doesn't =
support nonces we are happy to<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>forgo nonces or we will generate a fresh =
request without a nonce" is not<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>that common in my opinion.<span =
style=3D'mso-spacerun:yes'> </span>If such a case does exist, =
local policy will<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>probably be also happy to choose to not =
include a nonce in the OCSP<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>request message in the first =
place.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Regards,<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Liaquat<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Ascertia Limited, Orchard Building, Royal =
Holloway, Egham, Surrey, TW20<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>OEX<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>tel: +44(0)1784 497 321, fax: +44(0)1784 =
497301, mobile: +44 (0)7776<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>308766<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>website: =
www.ascertia.com<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>-----Original =
Message-----<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>From: owner-ietf-pkix@mail.imc.org =
[mailto:owner-ietf-pkix@mail.imc.org]<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>On Behalf Of Ryan M. =
Hurst<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Sent: 05 December 2003 =
01:41<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>To: Florian Oelmaier; David Engberg; =
ietf-pkix@imc.org<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Subject: RE: DISCUSS: MUST reject in =
OCSPv1<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>I am concerned with the idea of making any =
change to the standard that<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>"changes the 5 year old =
protocol".<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>This is particularly true since I don't see =
anyone on the list saying<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>this NonceUnsupported is needed, just that =
they would accept it.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>I still think what is done with the nonce is =
a matter of local (client)<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>policy, and that if replay protection is =
desired responses not<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>containing the requested nonce MUST be =
rejected.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>But since I appear to be odd man out on this, =
I would rather see us fall<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>back to Russ's original recommendation of =
MUST reject than break a 5<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>year old standard. =
<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Ryan<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>-----Original =
Message-----<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>From: owner-ietf-pkix@mail.imc.org =
[mailto:owner-ietf-pkix@mail.imc.org]<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>On Behalf Of Florian =
Oelmaier<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Sent: Thursday, December 04, 2003 1:47 =
AM<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>To: David Engberg; =
ietf-pkix@imc.org<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Subject: RE: DISCUSS: MUST reject in =
OCSPv1<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>> I like the elegance of Russ and =
Florian's ideas for securely<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>signalling =
<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>> that a server doesn't support nonces by =
using a special value for the <o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>> nonce in replies.<span =
style=3D'mso-spacerun:yes'> </span>This seems like the =
"right" place to put this<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>message <o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>> to the =
client.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Just for the record: I think you are =
referring to our server-generated<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>nonces when you talk about "Florian's =
idea". And while Russel is<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>signalling "NonceUnsupported" with =
a special nonce-value, we are<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>singalling "NonceSupported" with =
the inclusion of a nonce into every<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>request (mirrored from the request or =
server-generated). Thus we are not<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>subject to the attack you mention, as this =
does not need any additional<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>code in any existing =
client.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Russ proposal is a change in the protocol. =
Thus we need to update all<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>the clients and servers out there. Seeing =
that the proposed change is<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>needed and recognizing it as a good solution, =
I would accept this. <o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>-- <o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Florian =
Oelmaier<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>SyTrust<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre></div>
</div>
</body>
</html>
------=_NextPart_000_0033_01C3BB64.130DC8A0--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5JETib059656 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 11:14:29 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5JET9h059655 for ietf-pkix-bks; Fri, 5 Dec 2003 11:14:29 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from rhenium.btinternet.com (rhenium.btinternet.com [194.73.73.93]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5JEIib059629 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 11:14:28 -0800 (PST) (envelope-from liaquat.khan@ascertia.com)
Received: from dial81-135-74-253.in-addr.btopenworld.com ([81.135.74.253] helo=LiaquatDELL) by rhenium.btinternet.com with esmtp (Exim 3.22 #25) id 1ASLOr-0001Ti-00; Fri, 05 Dec 2003 19:14:01 +0000
Reply-To: <liaquat.khan@ascertia.com>
From: "Liaquat Khan" <liaquat.khan@ascertia.com>
To: "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, "'David Engberg'" <dave@corestreet.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 19:13:40 -0000
Message-ID: <002601c3bb63$eeaa9920$fd4a8751@LiaquatDELL>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0027_01C3BB63.EEAA9920"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <1BED1193-1DB5-4E45-8B2E-1B6FD2AFA617@mimectl>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------=_NextPart_000_0027_01C3BB63.EEAA9920
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
See my comments inline.
Regards,
LK
-----Original Message-----
From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]
Sent: 05 December 2003 17:16
To: liaquat.khan@ascertia.com; 'Florian Oelmaier'; 'David Engberg';
ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Liaquat - I don't think there is any disagreement on weather it is up to
the client or not on including the nonce, there is however disagreement
on:
1. What the responder returns if it can not return a nonce
2. What the client must do when it receives a response to a nonced
request
For #1 my stance has been that the server should always return a
authoritative response.
LK: I agree (precisely for the reason you give for #2, i.e. this replay
protection was requested by the client, so let the client decide whether
or not it wants to go ahead and accept a nonce-less response. Our ARP
client will currently reject such nonce-less responses, if it included a
nonce in the outgoing message.)
For #2 my stance has been that just like the decision to include the
nonce in the first place its up to the client to decide what to do with
it when he gets it back, and that clients wanting replay protection
SHOULD reject responses that do not contain the nonce from their
request.
That being said others believe:
For #1 that the server needs to return a special response indicating it
is not capable of supporting nonces
For #2 that the client has no choice on what to do with the nonce in the
response if he included a nonce in the request.
My take on #1 is that I don't see why the client needs to know that,
after all if the response to a nonced request does not contain the same
nonce doesn't that mean the server was unable to produce a nonced
response?
LK: I assume the others believe that if you can indicate in a special
way that a nonce-less response is still "trustworthy".i.e. the only
reason it doesn't contain a nonce is because it's coming from a keyless
responder otherwise it's trustworthy. Rather than a normal nonce-less
response which may be coming from a keyless responder or may be a
replay! Assuming my understanding is correct, I still think this is
unnecessary complication. Even in this case the final decision will
still remain with the client on what to do next.i.e. the client may
accept the response or reject it depending on local policy..so what are
you gaining??
Changing the protocol by adjusting the ASN.1 of the nonce, adding a new
extension or error code, or adding special semantics to the value of the
nonce will break the existing implementations out there and its not
clear to me why this is needed (especialy in v1).
My take on #2 is that its a matter of policy of the client to the
client, but if accepting the MUST reject text here gets us out of #1
which will break clients I will accept it.
Ryan
_____
From: Liaquat Khan
Sent: Thu 12/4/2003 10:54 PM
To: 'Ryan M. Hurst'; 'Florian Oelmaier'; 'David Engberg';
ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Ryan,
We also agree with your viewpoint, particular the point about a nonce
being a matter for local client policy.
In the various OCSP clients we have, the option of whether to include
nonce or not in the request message is left to local policy (i.e. the
administrator can configure whether or not nonce is included in the
request message).
If the administrator decides nonces are necessary (to prevent replays)
then he/she will select these and our OCSP clients will include these in
the requests. Now if an OCSP response is received back without a nonce
it will be rejected by our OCSP clients.
On the other hand, if the administrator feels nonces are not required
(to allow for cached responses) then he/she will not select to include
one in outgoing responses.
The situation "we would like to have nonces in OCSP requests as default,
but if the server legitimately doesn't support nonces we are happy to
forgo nonces or we will generate a fresh request without a nonce" is not
that common in my opinion. If such a case does exist, local policy will
probably be also happy to choose to not include a nonce in the OCSP
request message in the first place.
Regards,
Liaquat
Ascertia Limited, Orchard Building, Royal Holloway, Egham, Surrey, TW20
OEX
tel: +44(0)1784 497 321, fax: +44(0)1784 497301, mobile: +44 (0)7776
308766
website: www.ascertia.com
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Ryan M. Hurst
Sent: 05 December 2003 01:41
To: Florian Oelmaier; David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
I am concerned with the idea of making any change to the standard that
"changes the 5 year old protocol".
This is particularly true since I don't see anyone on the list saying
this NonceUnsupported is needed, just that they would accept it.
I still think what is done with the nonce is a matter of local (client)
policy, and that if replay protection is desired responses not
containing the requested nonce MUST be rejected.
But since I appear to be odd man out on this, I would rather see us fall
back to Russ's original recommendation of MUST reject than break a 5
year old standard.
Ryan
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Florian Oelmaier
Sent: Thursday, December 04, 2003 1:47 AM
To: David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
> I like the elegance of Russ and Florian's ideas for securely
signalling
> that a server doesn't support nonces by using a special value for the
> nonce in replies. This seems like the "right" place to put this
message
> to the client.
Just for the record: I think you are referring to our server-generated
nonces when you talk about "Florian's idea". And while Russel is
signalling "NonceUnsupported" with a special nonce-value, we are
singalling "NonceSupported" with the inclusion of a nonce into every
request (mirrored from the request or server-generated). Thus we are not
subject to the attack you mention, as this does not need any additional
code in any existing client.
Russ proposal is a change in the protocol. Thus we need to update all
the clients and servers out there. Seeing that the proposed change is
needed and recognizing it as a good solution, I would accept this.
--
Florian Oelmaier
SyTrust
------=_NextPart_000_0027_01C3BB63.EEAA9920
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C3BB63.E3CD8800">
<link rel=3DEdit-Time-Data href=3D"cid:editdata.mso@01C3BB63.E3CD8800">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"time"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"date"/>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
pre
{margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Courier New";
mso-fareast-font-family:"Times New Roman";}
span.EmailStyle18
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
mso-header-margin:35.4pt;
mso-footer-margin:35.4pt;
mso-paper-source:0;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:613288137;
mso-list-template-ids:-2079034812;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:36.0pt'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>See my comments inline.<span
style=3D'mso-spacerun:yes'> </span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Regards,<o:p></o:p></span></font></p=
>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>LK<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Ryan M. Hurst
[mailto:rmh@windows.microsoft.com] <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> =
</span></font><st1:date
Month=3D"12" Day=3D"5" Year=3D"2003"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:
10.0pt;font-family:Tahoma'>05 December =
2003</span></font></st1:date><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> </span></font><st1:time
Hour=3D"17" Minute=3D"16"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>17:16</span></font></st1:time><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'><br>
<b><span style=3D'font-weight:bold'>To:</span></b> =
liaquat.khan@ascertia.com;
'Florian Oelmaier'; 'David Engberg'; ietf-pkix@imc.org<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: DISCUSS: =
MUST reject
in OCSPv1</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<div id=3DidOWAReplyText48938>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
color=3Dblack
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:black'>Liaquat
- I don't think there is any disagreement on weather it is up to the =
client or
not on including the nonce, there is however disagreement =
on:</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
margin-left:72.0pt;text-indent:-18.0pt;mso-list:l0 level1 =
lfo1;tab-stops:list 72.0pt'><![if !supportLists]><font
size=3D3 color=3Dnavy face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;
color:navy'><span style=3D'mso-list:Ignore'>1.<font size=3D1 =
face=3D"Times New Roman"><span
style=3D'font:7.0pt "Times New Roman"'> =
</span></font></span></span></font><![endif]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>What the
responder returns if it can not return a nonce</span></font><font =
color=3Dnavy><span
style=3D'color:navy'><o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
margin-left:72.0pt;text-indent:-18.0pt;mso-list:l0 level1 =
lfo1;tab-stops:list 72.0pt'><![if !supportLists]><font
size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt'><span
style=3D'mso-list:Ignore'>2.<font size=3D1 face=3D"Times New =
Roman"><span
style=3D'font:7.0pt "Times New Roman"'> =
</span></font></span></span></font><![endif]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>What the
client must do when it receives a response to a nonced =
request</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>For #1 my stance has been =
that the
server should always return a authoritative =
response.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>LK: I agree (precisely for the =
reason you
give for #2, i.e. this replay protection was requested by the client, so =
let
the client decide whether or not it wants to go ahead and accept a =
nonce-less
response.<span style=3D'mso-spacerun:yes'> </span>Our ARP client =
will
currently reject such nonce-less responses, if it included a nonce in =
the
outgoing message.) <span =
style=3D'mso-spacerun:yes'> </span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>For #2 my stance has been =
that just
like the decision to include the nonce in the first place its up to the =
client
to decide what to do with it when he gets it back, and that clients =
wanting
replay protection SHOULD reject responses that do not contain the nonce =
from
their request.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>That being said others =
believe:</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>For #1 that the server =
needs to
return a special response indicating it is not capable of supporting =
nonces</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>For #2 that the client has =
no choice
on what to do with the nonce in the response if he included a nonce in =
the
request.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>My take on #1 is that I =
don't see
why the client needs to know that, after all if the response to a nonced
request does not contain the same nonce doesn't that mean the server was =
unable
to produce a nonced response? <o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>LK: I assume the others believe =
that if
you can indicate in a special way that a nonce-less response is still =
“trustworthy”…i.e.
the only reason it doesn’t contain a nonce is because it’s =
coming
from a keyless responder otherwise it’s trustworthy.<span
style=3D'mso-spacerun:yes'> </span>Rather than a normal =
nonce-less
response which may be coming from a keyless responder or may be a =
replay!<span
style=3D'mso-spacerun:yes'> </span>Assuming my understanding is =
correct, I
still think this is unnecessary complication. <span
style=3D'mso-spacerun:yes'> </span>Even in this case the =
final
decision will still remain with the client on what to do next…i.e. =
the
client may accept the response or reject it depending on local =
policy….so
what are you gaining??<o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Changing the protocol by =
adjusting
the ASN.1 of the nonce, adding a new extension or error code, or adding =
special
semantics to the value of the nonce will break the existing =
implementations out
there and its not clear to me why this is needed (especialy in =
v1).<o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>My take on #2 is that its a =
matter
of policy of the client to the client, but if accepting the MUST reject
text here gets us out of #1 which will break clients I will =
accept
it.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Ryan</span></font> <o:p=
></o:p></p>
</div>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<div class=3DMsoNormal align=3Dcenter =
style=3D'margin-left:36.0pt;text-align:center'><font
size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>
<hr size=3D3 width=3D"100%" align=3Dcenter>
</span></font></div>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:
12.0pt;margin-left:36.0pt'><b><font size=3D2 face=3DTahoma><span =
style=3D'font-size:
10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> Liaquat
Khan<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Thu 12/4/2003 10:54 =
PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> 'Ryan M. Hurst'; =
'Florian
Oelmaier'; 'David Engberg'; ietf-pkix@imc.org<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: DISCUSS: =
MUST reject
in OCSPv1</span></font><o:p></o:p></p>
</div>
<div><pre style=3D'margin-left:36.0pt;WORD-WRAP: break-word'><font =
size=3D2
face=3D"Courier New"><span =
style=3D'font-size:10.0pt'>Ryan,<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>We also agree with your viewpoint, particular =
the point about a nonce<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>being a matter for local client policy.<span =
style=3D'mso-spacerun:yes'> =
</span><o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>In the various OCSP clients we have, the =
option of whether to include<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>nonce or not in the request message is left =
to local policy (i.e. the<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>administrator can configure whether or not =
nonce is included in the<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>request message). =
<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>If the administrator decides nonces are =
necessary (to prevent replays)<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>then he/she will select these and our OCSP =
clients will include these in<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>the requests.<span =
style=3D'mso-spacerun:yes'> </span>Now if an OCSP response is =
received back without a nonce<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>it will be rejected by our OCSP =
clients.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>On the other hand, if the administrator feels =
nonces are not required<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>(to allow for cached responses) then he/she =
will not select to include<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>one in outgoing responses. =
<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>The situation "we would like to have =
nonces in OCSP requests as default,<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>but if the server legitimately doesn't =
support nonces we are happy to<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>forgo nonces or we will generate a fresh =
request without a nonce" is not<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>that common in my opinion.<span =
style=3D'mso-spacerun:yes'> </span>If such a case does exist, =
local policy will<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>probably be also happy to choose to not =
include a nonce in the OCSP<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>request message in the first =
place.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Regards,<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Liaquat<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Ascertia Limited, Orchard Building, Royal =
Holloway, Egham, Surrey, TW20<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>OEX<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>tel: +44(0)1784 497 321, fax: +44(0)1784 =
497301, mobile: +44 (0)7776<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>308766<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>website: =
www.ascertia.com<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>-----Original =
Message-----<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>From: owner-ietf-pkix@mail.imc.org =
[mailto:owner-ietf-pkix@mail.imc.org]<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>On Behalf Of Ryan M. =
Hurst<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Sent: 05 December 2003 =
01:41<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>To: Florian Oelmaier; David Engberg; =
ietf-pkix@imc.org<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Subject: RE: DISCUSS: MUST reject in =
OCSPv1<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>I am concerned with the idea of making any =
change to the standard that<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>"changes the 5 year old =
protocol".<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>This is particularly true since I don't see =
anyone on the list saying<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>this NonceUnsupported is needed, just that =
they would accept it.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>I still think what is done with the nonce is =
a matter of local (client)<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>policy, and that if replay protection is =
desired responses not<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>containing the requested nonce MUST be =
rejected.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>But since I appear to be odd man out on this, =
I would rather see us fall<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>back to Russ's original recommendation of =
MUST reject than break a 5<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>year old standard. =
<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Ryan<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>-----Original =
Message-----<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>From: owner-ietf-pkix@mail.imc.org =
[mailto:owner-ietf-pkix@mail.imc.org]<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>On Behalf Of Florian =
Oelmaier<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Sent: Thursday, December 04, 2003 1:47 =
AM<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>To: David Engberg; =
ietf-pkix@imc.org<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Subject: RE: DISCUSS: MUST reject in =
OCSPv1<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>> I like the elegance of Russ and =
Florian's ideas for securely<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>signalling =
<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>> that a server doesn't support nonces by =
using a special value for the <o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>> nonce in replies.<span =
style=3D'mso-spacerun:yes'> </span>This seems like the =
"right" place to put this<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>message <o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>> to the =
client.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Just for the record: I think you are =
referring to our server-generated<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>nonces when you talk about "Florian's =
idea". And while Russel is<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>signalling "NonceUnsupported" with =
a special nonce-value, we are<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>singalling "NonceSupported" with =
the inclusion of a nonce into every<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>request (mirrored from the request or =
server-generated). Thus we are not<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>subject to the attack you mention, as this =
does not need any additional<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>code in any existing =
client.<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Russ proposal is a change in the protocol. =
Thus we need to update all<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>the clients and servers out there. Seeing =
that the proposed change is<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>needed and recognizing it as a good solution, =
I would accept this. <o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>-- <o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>Florian =
Oelmaier<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'>SyTrust<o:p></o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre
style=3D'margin-left:36.0pt'><font size=3D2 face=3D"Courier New"><span
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre></div>
</div>
</body>
</html>
------=_NextPart_000_0027_01C3BB63.EEAA9920--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5IjHib057858 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 10:45:17 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5IjHMo057857 for ietf-pkix-bks; Fri, 5 Dec 2003 10:45:17 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5IjFib057852 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 10:45:15 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hB5IjGA06154; Fri, 5 Dec 2003 11:45:16 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: "Ryan M. Hurst" <rmh@windows.microsoft.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 11:47:20 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDEEPCDFAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
In-Reply-To: <26E2C7F4-0558-4845-A20D-CFAE6E33432C@mimectl>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> From: Ryan M. Hurst
> Sent: Friday, December 05, 2003 10:57 AM
>
> [rmh]As I said, I am willing to accept the
> must reject if that means that others will
> drop the idea of adding breaking changes to
> the v1 protocol.
So now we've come full circle. A plain MUST reject is where we
got started and which principle Russ affirmed in Minneapolis.
I'm curious what others think.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5HwZib055938 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 09:58:35 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5HwZkl055937 for ietf-pkix-bks; Fri, 5 Dec 2003 09:58:35 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail3.microsoft.com (mail3.microsoft.com [131.107.3.123]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5HwXib055929 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 09:58:33 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from INET-VRS-03.redmond.corp.microsoft.com ([157.54.5.27]) by mail3.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 09:58:31 -0800
Received: from 157.54.6.150 by INET-VRS-03.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 05 Dec 2003 09:58:29 -0800
Received: from RED-IMC-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 09:54:50 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by RED-IMC-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 09:59:28 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Fri, 5 Dec 2003 09:58:31 -0800
Received: mail.windows.microsoft.com 157.54.12.84 from 157.54.0.150 157.54.0.150 via HTTP with MS-WebStorage 6.5.7122
Received: 157.54.0.150 157.54.0.150 from 157.54.1.70 157.54.1.70 via HTTP with MS-WebStorage 6.5.7122
Subject: RE: DISCUSS: MUST reject in OCSPv1
MIME-Version: 1.0
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
In-Reply-To: <EOEGJNFMMIBDKGFONJJDGEPADFAA.mmyers@fastq.com>
References: <3FD076D9.9080802@corestreet.com>, <EOEGJNFMMIBDKGFONJJDGEPADFAA.mmyers@fastq.com>
To: Michael Myers <mmyers@fastq.com>, <ietf-pkix@imc.org>
Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary"
Thread-Topic: DISCUSS: MUST reject in OCSPv1
Thread-Index: AcO7WRz4+Sb5JLPURX2ypEzO+Fyf+Q==
Message-ID: <26E2C7F4-0558-4845-A20D-CFAE6E33432C@mimectl>
X-Mailer: Microsoft Outlook Web Access 6.5.7122.0
X-MimeCtl: Produced By Microsoft Exchange V6.5.7122.0
Date: Fri, 5 Dec 2003 09:56:31 -0800
X-OriginalArrivalTime: 05 Dec 2003 17:58:31.0837 (UTC) FILETIME=[650D74D0:01C3BB59]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
boundary="_64E2673C-8737-4498-AE9C-D488CBA4CAF1_"
--_64E2673C-8737-4498-AE9C-D488CBA4CAF1_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Comments in-line
From: Michael Myers
Sent: Fri 12/5/2003 7:45 AM
To: ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
The fact still remains that Section 4.4.1 of RFC 2560 opens with
the sentence "The nonce cryptographically binds a request and a
response to prevent replay attacks." The original intent of
this assertion is self-evident: nonces are to be incorporated by
servers.
[rmh]As I said, I am willing to accept the must reject if that means that o=
thers will drop the idea of adding breaking changes to the v1 protocol.
Yet it is a fair observation that the relationship between
cached responses and nonced requests is underspecified,
particularly in the case of Internet-facing services receiving
requests from a heterogeneous population of clients over which
such services have no administrative control.
[rmh] No argument here!
I chose nonceUnsupported as a candidate means of developing a
compromise solution to this issue based in part on prior list
dialog, including that below:
[rmh]I just dont see what the client gets out of nonce not supported, he ei=
ther knows he needs a nonced response or not, its a matter of local policy.=
I remember when I did the default configuration for the ValiCert desktop v=
alidator, it just was not possible to make a one-size fits all policy just =
as an example consider the fact that some responders will require signature=
s and some wont, the client already has to deal with this concept.=20
> From: David Engberg
> Sent: Thursday, October 02, 2003 12:23 PM
> Subject: Re: OCSP response pre-production
>
> If adding a new top-level error code is possible
> in v1, and adding a new response extension to
> indicate nonceUnsupported (or similar solution)
> is only possible in v2, then this may be the
> best course of action.
I saw how it was possible by cycling v1 at Proposed to get this
solution into v1 in a way that satisified all perspectives,
including that of the opening sentence, and yet not break the
installed base. The core notion was that of a "caveated
response". Looking back, had we addressed this issue during the
I-D phase of OCSP, I suspect we would have come up with
something very similar.
It enables secure on-the-fly client configuration on a
per-server basis while also providing as much OCSP value add as
possible. Upon receipt of a caveated response, a clever client
could record this fact and not bother sending nonces to that
server again.
As proposed on this thread,
http://www.imc.org/ietf-pkix/mail-archive/msg07210.html
we have six who agree to this path forward and two who disagree.
Perhaps a poll is in order to get conclusive on it.
Yes, sending back a plain nonceless response to a nonced request
is not conformant to this proposal. But neither is it
conformant in spirit to the above 4.4.1 sentence. My
expectation is that, no matter what we do here, this will
continue anyway as a de-facto market standard practice until
such time as the market dictates otherwise. e.g. somebody gets
burned. In which case the official IETF standard will have the
solution in place. By not taking this action, someone could
otherwise point back to the RFC and claim it is the RFC's fault
for being underspecified in this area. Which is where we got
started over two months ago.
Mike
--_64E2673C-8737-4498-AE9C-D488CBA4CAF1_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD>
<BODY>
<DIV id=3DidOWAReplyText62173 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Comments in-line=
</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Michael Myers<BR><B>Sent:</B> Fri=
12/5/2003 7:45 AM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</B> RE: D=
ISCUSS: MUST reject in OCSPv1<BR></FONT><BR></DIV>
<DIV><PRE style=3D"WORD-WRAP: break-word">The fact still remains that Secti=
on 4.4.1 of RFC 2560 opens with
the sentence "The nonce cryptographically binds a request and a
response to prevent replay attacks." The original intent of
this assertion is self-evident: nonces are to be incorporated by
servers.</PRE><PRE style=3D"WORD-WRAP: break-word">[rmh]As I said, I am wil=
ling to accept the must reject if that means that others will drop the idea=
of adding breaking changes to the v1 protocol.
Yet it is a fair observation that the relationship between
cached responses and nonced requests is underspecified,
particularly in the case of Internet-facing services receiving
requests from a heterogeneous population of clients over which
such services have no administrative control.
[rmh] No argument here!</PRE><PRE style=3D"WORD-WRAP: break-word">I chose n=
onceUnsupported as a candidate means of developing a
compromise solution to this issue based in part on prior list
dialog, including that below:</PRE><PRE style=3D"WORD-WRAP: break-word">[rm=
h]I just dont see what the client gets out of nonce not supported, he eithe=
r knows he needs a nonced response or not, its a matter of local policy. I =
remember when I did the default configuration for the ValiCert desktop vali=
dator, it just was not possible to make a one-size fits all policy just as =
an example consider the fact that some responders will require signatures a=
nd some wont, the client already has to deal with this concept.=20
> From: David Engberg
> Sent: Thursday, October 02, 2003 12:23 PM
> Subject: Re: OCSP response pre-production
>
> If adding a new top-level error code is possible
> in v1, and adding a new response extension to
> indicate nonceUnsupported (or similar solution)
> is only possible in v2, then this may be the
> best course of action.
I saw how it was possible by cycling v1 at Proposed to get this
solution into v1 in a way that satisified all perspectives,
including that of the opening sentence, and yet not break the
installed base. The core notion was that of a "caveated
response". Looking back, had we addressed this issue during the
I-D phase of OCSP, I suspect we would have come up with
something very similar.
It enables secure on-the-fly client configuration on a
per-server basis while also providing as much OCSP value add as
possible. Upon receipt of a caveated response, a clever client
could record this fact and not bother sending nonces to that
server again.
As proposed on this thread,
http://www.imc.org/ietf-pkix/mail-archive/msg07210.html
we have six who agree to this path forward and two who disagree.
Perhaps a poll is in order to get conclusive on it.
Yes, sending back a plain nonceless response to a nonced request
is not conformant to this proposal. But neither is it
conformant in spirit to the above 4.4.1 sentence. My
expectation is that, no matter what we do here, this will
continue anyway as a de-facto market standard practice until
such time as the market dictates otherwise. e.g. somebody gets
burned. In which case the official IETF standard will have the
solution in place. By not taking this action, someone could
otherwise point back to the RFC and claim it is the RFC's fault
for being underspecified in this area. Which is where we got
started over two months ago.
Mike
</PRE></DIV></BODY></HTML>
--_64E2673C-8737-4498-AE9C-D488CBA4CAF1_--
--------------InterScan_NT_MIME_Boundary--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5HInib053432 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 09:18:49 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5HIn0l053431 for ietf-pkix-bks; Fri, 5 Dec 2003 09:18:49 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail2.microsoft.com (mail2.microsoft.com [131.107.3.124]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5HIZib053417 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 09:18:48 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from INET-VRS-02.redmond.corp.microsoft.com ([157.54.8.110]) by mail2.microsoft.com with Microsoft SMTPSVC(6.0.3790.1041); Fri, 5 Dec 2003 09:18:57 -0800
Received: from 157.54.8.23 by INET-VRS-02.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 05 Dec 2003 09:18:31 -0800
Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 09:18:34 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 5 Dec 2003 09:20:07 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Fri, 5 Dec 2003 09:18:23 -0800
Received: mail.windows.microsoft.com 157.54.12.84 from 157.54.0.150 157.54.0.150 via HTTP with MS-WebStorage 6.5.7122
Received: 157.54.0.150 157.54.0.150 from 157.54.1.70 157.54.1.70 via HTTP with MS-WebStorage 6.5.7122
Subject: RE: DISCUSS: MUST reject in OCSPv1
MIME-Version: 1.0
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
In-Reply-To: <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL>
References: <DDE1793D7266AD488BB4F5E8D38EACB8041BBEA0@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>, <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL>
To: <liaquat.khan@ascertia.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, "'David Engberg'" <dave@corestreet.com>, <ietf-pkix@imc.org>
Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary"
Thread-Topic: DISCUSS: MUST reject in OCSPv1
Thread-Index: AcO7U4CtzrcXiwHqTYyQxHeStTQzdw==
Message-ID: <1BED1193-1DB5-4E45-8B2E-1B6FD2AFA617@mimectl>
X-Mailer: Microsoft Outlook Web Access 6.5.7122.0
X-MimeCtl: Produced By Microsoft Exchange V6.5.7122.0
Date: Fri, 5 Dec 2003 09:16:21 -0800
X-OriginalArrivalTime: 05 Dec 2003 17:18:23.0186 (UTC) FILETIME=[C9627B20:01C3BB53]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
boundary="_E1C02530-570F-453A-A34B-7C5734A6EE62_"
--_E1C02530-570F-453A-A34B-7C5734A6EE62_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Liaquat - I don't think there is any disagreement on weather it is up to th=
e client or not on including the nonce, there is however disagreement on:
What the responder returns if it can not return a nonce
What the client must do when it receives a response to a nonced request
For #1 my stance has been that the server should always return a authoritat=
ive response.
For #2 my stance has been that just like the decision to include the nonce =
in the first place its up to the client to decide what to do with it when h=
e gets it back, and that clients wanting replay protection SHOULD reject re=
sponses that do not contain the nonce from their request.
That being said others believe:
For #1 that the server needs to return a special response indicating it is =
not capable of supporting nonces
For #2 that the client has no choice on what to do with the nonce in the re=
sponse if he included a nonce in the request.
My take on #1 is that I don't see why the client needs to know that, after =
all if the response to a nonced request does not contain the same nonce doe=
sn't that mean the server was unable to produce a nonced response?=20
Changing the protocol by adjusting the ASN.1 of the nonce, adding a new ext=
ension or error code, or adding special semantics to the value of the nonce=
will break the existing implementations out there and its not clear to me =
why this is needed (especialy in v1).
My take on #2 is that its a matter of policy of the client to the client, b=
ut if accepting the MUST reject text here gets us out of #1 which will brea=
k clients I will accept it.
Ryan=20
From: Liaquat Khan
Sent: Thu 12/4/2003 10:54 PM
To: 'Ryan M. Hurst'; 'Florian Oelmaier'; 'David Engberg'; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Ryan,
We also agree with your viewpoint, particular the point about a nonce
being a matter for local client policy. =20
In the various OCSP clients we have, the option of whether to include
nonce or not in the request message is left to local policy (i.e. the
administrator can configure whether or not nonce is included in the
request message).=20
If the administrator decides nonces are necessary (to prevent replays)
then he/she will select these and our OCSP clients will include these in
the requests. Now if an OCSP response is received back without a nonce
it will be rejected by our OCSP clients.
On the other hand, if the administrator feels nonces are not required
(to allow for cached responses) then he/she will not select to include
one in outgoing responses.=20
The situation "we would like to have nonces in OCSP requests as default,
but if the server legitimately doesn't support nonces we are happy to
forgo nonces or we will generate a fresh request without a nonce" is not
that common in my opinion. If such a case does exist, local policy will
probably be also happy to choose to not include a nonce in the OCSP
request message in the first place.
Regards,
Liaquat
Ascertia Limited, Orchard Building, Royal Holloway, Egham, Surrey, TW20
OEX
tel: +44(0)1784 497 321, fax: +44(0)1784 497301, mobile: +44 (0)7776
308766
website: www.ascertia.com
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Ryan M. Hurst
Sent: 05 December 2003 01:41
To: Florian Oelmaier; David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
I am concerned with the idea of making any change to the standard that
"changes the 5 year old protocol".
This is particularly true since I don't see anyone on the list saying
this NonceUnsupported is needed, just that they would accept it.
I still think what is done with the nonce is a matter of local (client)
policy, and that if replay protection is desired responses not
containing the requested nonce MUST be rejected.
But since I appear to be odd man out on this, I would rather see us fall
back to Russ's original recommendation of MUST reject than break a 5
year old standard.=20
Ryan
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Florian Oelmaier
Sent: Thursday, December 04, 2003 1:47 AM
To: David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
> I like the elegance of Russ and Florian's ideas for securely
signalling=20
> that a server doesn't support nonces by using a special value for the=20
> nonce in replies. This seems like the "right" place to put this
message=20
> to the client.
Just for the record: I think you are referring to our server-generated
nonces when you talk about "Florian's idea". And while Russel is
signalling "NonceUnsupported" with a special nonce-value, we are
singalling "NonceSupported" with the inclusion of a nonce into every
request (mirrored from the request or server-generated). Thus we are not
subject to the attack you mention, as this does not need any additional
code in any existing client.
Russ proposal is a change in the protocol. Thus we need to update all
the clients and servers out there. Seeing that the proposed change is
needed and recognizing it as a good solution, I would accept this.=20
--=20
Florian Oelmaier
SyTrust
--_E1C02530-570F-453A-A34B-7C5734A6EE62_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD>
<BODY>
<DIV id=3DidOWAReplyText48938 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Liaquat - I don'=
t think there is any disagreement on weather it is up to the client or not =
on including the nonce, there is however disagreement on:</FONT></DIV>
<OL dir=3Dltr>
<LI>
<DIV><FONT face=3DArial size=3D2>What the responder returns if it can not r=
eturn a nonce</FONT></DIV>
<LI>
<DIV><FONT face=3DArial size=3D2>What the client must do when it receives a=
response to a nonced request</FONT></DIV></LI></OL>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>For #1 my stance has been that t=
he server should always return a authoritative response.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>For #2 my stance has been that j=
ust like the decision to include the nonce in the first place its up to the=
client to decide what to do with it when he gets it back, and that clients=
wanting replay protection SHOULD reject responses that do not contain the =
nonce from their request.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>That being said others believe:<=
/FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>For #1 that the server needs to =
return a special response indicating it is not capable of supporting nonces=
</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>For #2 that the client has no ch=
oice on what to do with the nonce in the response if he included a nonce in=
the request.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>My take on #1 is that I don't se=
e why the client needs to know that, after all if the response to a nonced =
request does not contain the same nonce doesn't that mean the server was un=
able to produce a nonced response? </FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Changing the protocol by adjusti=
ng the ASN.1 of the nonce, adding a new extension or error code, or adding =
special semantics to the value of the nonce will break the existing impleme=
ntations out there and its not clear to me why this is needed (especialy in=
v1).</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>My take on #2 is that its a matt=
er of policy of the client to the client, but if accepting the MUST reject =
text here gets us out of #1 which will break clients I will accep=
t it.</FONT></DIV>
<DIV dir=3Dltr> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Ryan</FONT> </DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Liaquat Khan<BR><B>Sent:</B> Thu =
12/4/2003 10:54 PM<BR><B>To:</B> 'Ryan M. Hurst'; 'Florian Oelmaier'; 'Davi=
d Engberg'; ietf-pkix@imc.org<BR><B>Subject:</B> RE: DISCUSS: MUST reject i=
n OCSPv1<BR></FONT><BR></DIV>
<DIV><PRE style=3D"WORD-WRAP: break-word">Ryan,
We also agree with your viewpoint, particular the point about a nonce
being a matter for local client policy. =20
In the various OCSP clients we have, the option of whether to include
nonce or not in the request message is left to local policy (i.e. the
administrator can configure whether or not nonce is included in the
request message).=20
If the administrator decides nonces are necessary (to prevent replays)
then he/she will select these and our OCSP clients will include these in
the requests. Now if an OCSP response is received back without a nonce
it will be rejected by our OCSP clients.
On the other hand, if the administrator feels nonces are not required
(to allow for cached responses) then he/she will not select to include
one in outgoing responses.=20
The situation "we would like to have nonces in OCSP requests as default,
but if the server legitimately doesn't support nonces we are happy to
forgo nonces or we will generate a fresh request without a nonce" is not
that common in my opinion. If such a case does exist, local policy will
probably be also happy to choose to not include a nonce in the OCSP
request message in the first place.
Regards,
Liaquat
Ascertia Limited, Orchard Building, Royal Holloway, Egham, Surrey, TW20
OEX
tel: +44(0)1784 497 321, fax: +44(0)1784 497301, mobile: +44 (0)7776
308766
website: www.ascertia.com
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Ryan M. Hurst
Sent: 05 December 2003 01:41
To: Florian Oelmaier; David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
I am concerned with the idea of making any change to the standard that
"changes the 5 year old protocol".
This is particularly true since I don't see anyone on the list saying
this NonceUnsupported is needed, just that they would accept it.
I still think what is done with the nonce is a matter of local (client)
policy, and that if replay protection is desired responses not
containing the requested nonce MUST be rejected.
But since I appear to be odd man out on this, I would rather see us fall
back to Russ's original recommendation of MUST reject than break a 5
year old standard.=20
Ryan
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Florian Oelmaier
Sent: Thursday, December 04, 2003 1:47 AM
To: David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
> I like the elegance of Russ and Florian's ideas for securely
signalling=20
> that a server doesn't support nonces by using a special value for the=
=20
> nonce in replies. This seems like the "right" place to put this
message=20
> to the client.
Just for the record: I think you are referring to our server-generated
nonces when you talk about "Florian's idea". And while Russel is
signalling "NonceUnsupported" with a special nonce-value, we are
singalling "NonceSupported" with the inclusion of a nonce into every
request (mirrored from the request or server-generated). Thus we are not
subject to the attack you mention, as this does not need any additional
code in any existing client.
Russ proposal is a change in the protocol. Thus we need to update all
the clients and servers out there. Seeing that the proposed change is
needed and recognizing it as a good solution, I would accept this.=20
--=20
Florian Oelmaier
SyTrust
</PRE></DIV></BODY></HTML>
--_E1C02530-570F-453A-A34B-7C5734A6EE62_--
--------------InterScan_NT_MIME_Boundary--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Fh8ib048468 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 07:43:08 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5Fh8dx048467 for ietf-pkix-bks; Fri, 5 Dec 2003 07:43:08 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Fh7ib048461 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 07:43:07 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hB5Fh8A92776 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 08:43:08 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 08:45:12 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDGEPADFAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
In-Reply-To: <3FD076D9.9080802@corestreet.com>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
The fact still remains that Section 4.4.1 of RFC 2560 opens with
the sentence "The nonce cryptographically binds a request and a
response to prevent replay attacks." The original intent of
this assertion is self-evident: nonces are to be incorporated by
servers.
Yet it is a fair observation that the relationship between
cached responses and nonced requests is underspecified,
particularly in the case of Internet-facing services receiving
requests from a heterogeneous population of clients over which
such services have no administrative control.
I chose nonceUnsupported as a candidate means of developing a
compromise solution to this issue based in part on prior list
dialog, including that below:
> From: David Engberg
> Sent: Thursday, October 02, 2003 12:23 PM
> Subject: Re: OCSP response pre-production
>
> If adding a new top-level error code is possible
> in v1, and adding a new response extension to
> indicate nonceUnsupported (or similar solution)
> is only possible in v2, then this may be the
> best course of action.
I saw how it was possible by cycling v1 at Proposed to get this
solution into v1 in a way that satisified all perspectives,
including that of the opening sentence, and yet not break the
installed base. The core notion was that of a "caveated
response". Looking back, had we addressed this issue during the
I-D phase of OCSP, I suspect we would have come up with
something very similar.
It enables secure on-the-fly client configuration on a
per-server basis while also providing as much OCSP value add as
possible. Upon receipt of a caveated response, a clever client
could record this fact and not bother sending nonces to that
server again.
As proposed on this thread,
http://www.imc.org/ietf-pkix/mail-archive/msg07210.html
we have six who agree to this path forward and two who disagree.
Perhaps a poll is in order to get conclusive on it.
Yes, sending back a plain nonceless response to a nonced request
is not conformant to this proposal. But neither is it
conformant in spirit to the above 4.4.1 sentence. My
expectation is that, no matter what we do here, this will
continue anyway as a de-facto market standard practice until
such time as the market dictates otherwise. e.g. somebody gets
burned. In which case the official IETF standard will have the
solution in place. By not taking this action, someone could
otherwise point back to the RFC and claim it is the RFC's fault
for being underspecified in this area. Which is where we got
started over two months ago.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5EqTib045557 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 06:52:29 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5EqT1p045556 for ietf-pkix-bks; Fri, 5 Dec 2003 06:52:29 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail.be.ubizen.com (batty.be.ubizen.com [212.113.70.10]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5EqRib045549 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 06:52:28 -0800 (PST) (envelope-from andreas.mitrakas@ubizen.com)
Received: (from local) by mail.be.ubizen.com id hB5EqO2x007356 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 15:52:24 +0100
Received: from UNKNOWN(10.0.0.108), claiming to be "amaya.be.ubizen.com" via SMTP by batty.netvision.be, id smtpd07338aaa; Fri Dec 5 14:52:09 2003
Received: (qmail 31768 invoked from network); 5 Dec 2003 14:52:08 -0000
Received: from unknown (HELO ubi) (10.0.0.10) by amaya.be.ubizen.com with SMTP; 5 Dec 2003 14:52:06 -0000
Received: from ubizen.com (por017a.be.ubizen.com [10.0.40.67]) by ubi.be.ubizen.com (#####) with ESMTP id <0HPF00DTNFX9RS@ubi.be.ubizen.com>; Fri, 05 Dec 2003 15:51:09 +0100 (MET)
Date: Fri, 05 Dec 2003 15:54:29 +0100
From: Andreas Mitrakas <andreas.mitrakas@ubizen.com>
Subject: Re: Certificate Policy Standardization
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: anders.rundgren@telia.com, ietf-pkix@imc.org
Message-id: <3FD09C25.400DD9ED@ubizen.com>
MIME-version: 1.0
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
X-Accept-Language: en
References: <200312051339.hB5Ddus06553@cs.auckland.ac.nz>
X-Sanitizer: Out/BE
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Peter,
I reckon the underlying question is whether you want legal certainty to be
associated with the certificate or with the CA. By changing the OID to indicate a
new version of the CP, trust is vested in the certificate because the RP has a
better chance to know which terms apply to that specific cert . Else, by sticking
to one single OID for the CA policy lifetime, you assume that the CA will act
dilligently in notifying the RP of applicable changes, post the right version on
the right repository in the little disused lavatory of yours -- let alone posting
the hash of that CP possibly on a third party repository keeping someone else's
leopard busy to guard it.
By changing a policy OID when the policy changes, the issuer might choose to apply
those changes to certificates issued in the future only, which spares the CA from
re-issuing all certs all over again while linking the specific CP terms to certs
issued in the future. This approach seems to be fair for the subscriber because a
subscriber agrees on one specific set of terms that do not necessarily have to be
unilaterally reviewed and updated during the term of service, at least for no
reason. The result in this case would be that same class certs will be issued at
different CP speeds.
A relying party might have to periodically update his signature policy to include
all new OIDs and reference the certificate polices that govern the certs he
accepts. For the small time RP there seems to be no other specific remedy than
rule nr. 1 in the RP Commandments, that reads: "thou shall always check the CP of
the certs you accept".
Having said that it appears that shifting too much responsibility to the side of
the end user who happens to also be a consumer might be tough to defend. On the
other hand notifying a large population of subscribers on changes say three times
a year might also be challenging. At the end of the day it might be plain simpler
to accept that certs of the same class might be governed by different CPs.
A possible work around to alleviate negative effects would be to determine two
sets of terms of a CP:
- those that are etched in stone and do not change unless somehting extraordinary
happens
- those that are non essential and periodic changes are permitted.
I suppose there is no easy answer to this one and both options have their merits.
andreas
Peter Gutmann wrote:
> I wrote:
>
> >The feeling here was that a ToS-style policy might violate (at least NZ)
> >consumer protection legislation, however since a number of large
> >organisations relied on these types of agreements there would probably be a
> >spirited defence of them in court and/or existing case law upholding them.
>
> I've now checked this with a lawyer to see what the story is. Disclaimer: Not
> legal advice, merely an informal chat, and since it's been filtered through a
> non-lawyer (me) it's even less legally useful. Anyway, it pretty much follows
> what I said earlier: It's a grey area (meaning that few have ever tried to
> challenge it so there's not much precedent), but widely used in many parts of
> the world. For example when you sign up as an Oracle development partner you
> get a short paper document to sign, and that refers you to a much longer
> online document that you're expected to check regularly ("say, once a month,
> although no-one does"). This is probably the closest real-world analogy to
> the cert policy extension and policy URL, and has presumably undergone
> intensive scrutiny by lawyers working for some fairly serious players on both
> sides of the equation. The one thing you'd have to do (at least to keep a NZ
> court happy) is notify users of changes, for example by sending them email to
> tell them to check the online T&C (terms and conditions), although I forgot to
> ask whether you could get away with a "Our T&C have changed", a "The privacy
> section of our T&C has changed", or a full "These exact changes have been made
> to our T&C". So my original comments:
>
> So what you do is define a policy OID that points to whatever the policy is
> this week, and if you need to change anything you alter your policy, which
> customers are expected to check by downloading it from an undocumented
> location in an LDAP directory on a server in a locked filing cabinet in a
> disused lavatory in the cellar with a sign on the door saying "Beware of the
> Leopard", as explained in section 43, subsection 18, clause 4(a).13,
> paragraph 227.a of said policy. The policy extension seems almost designed
> for this use, it has provisions for specifying an OID and a means of
> pointing to the policy of the week, which is just what you need.
>
> The reason why this is approach is used is that if you changed your OID when
> your policy changes, you'd have to re-issue all your certs, which no-one
> wants to do. So you define your policy to be a mutable object, push
> responsibility for checking for changes onto the user in the standard
> manner, and you're set.
>
> still stand, you just need to apply the appropriate amount of legal time to
> get it set up in a satisfactory manner.
>
> Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Elmib045337 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 06:47:48 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5Elm8d045336 for ietf-pkix-bks; Fri, 5 Dec 2003 06:47:48 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailgw2a.lmco.com (mailgw2a.lmco.com [192.91.147.7]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Eliib045330 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 06:47:46 -0800 (PST) (envelope-from nicholas.e.stoner@lmco.com)
Received: from emss03g01.ems.lmco.com (emss03g01.ems.lmco.com [141.240.4.144]) by mailgw2a.lmco.com (8.11.6p2/8.11.6) with ESMTP id hB5Elih03748 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 09:47:44 -0500 (EST)
Received: from CONVERSION-DAEMON.lmco.com by lmco.com (PMDF V6.1-1 #40646) id <0HPF00C01FRKB2@lmco.com> for ietf-pkix@imc.org; Fri, 05 Dec 2003 09:47:44 -0500 (EST)
Received: from EMSS03I00.us.lmco.com ([141.240.31.211]) by lmco.com (PMDF V6.1-1 #40646) with ESMTP id <0HPF00M7AFRJSJ@lmco.com> for ietf-pkix@imc.org; Fri, 05 Dec 2003 09:47:43 -0500 (EST)
Received: from EMSS03M13.us.lmco.com ([141.240.192.68]) by EMSS03I00.us.lmco.com with Microsoft SMTPSVC(5.0.2195.2966); Fri, 05 Dec 2003 09:47:43 -0500
Date: Fri, 05 Dec 2003 09:47:43 -0500
From: "Stoner, Nicholas E" <nicholas.e.stoner@lmco.com>
Subject: remove
To: ietf-pkix@imc.org
Message-id: <2BEA03C6137B454CB50F2E92146D05CA01DA7E6D@EMSS03M13.us.lmco.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6487.1
Content-type: multipart/alternative; boundary="Boundary_(ID_NZx/+sDRMInFEheYk1wJ/w)"
Thread-Topic: remove
Thread-Index: AcO7PtRrZbN6Vv/bTJyB9gHZWb4R+w==
Content-Class: urn:content-classes:message
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-OriginalArrivalTime: 05 Dec 2003 14:47:43.0192 (UTC) FILETIME=[BD20DD80:01C3BB3E]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
--Boundary_(ID_NZx/+sDRMInFEheYk1wJ/w)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
remove
Nick Stoner
ISLDP - Corporate Information Security Office
Lockheed Martin Enterprise Information Systems
Phone: (407) 306-2908
Cell: (407) 808-5757
--Boundary_(ID_NZx/+sDRMInFEheYk1wJ/w)
Content-type: text/html; charset=US-ASCII
Content-transfer-encoding: 7BIT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6487.1">
<TITLE>remove</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">remove</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
<P ALIGN=LEFT><B><SPAN LANG="en"></SPAN></B><A NAME=""><B><SPAN LANG="en"><FONT COLOR="#000080" FACE="Arial">Nick Stoner</FONT></SPAN></B></A><SPAN LANG="en-us"><B></B></SPAN><B><SPAN LANG="en"></SPAN></B></P>
<P ALIGN=LEFT><SPAN LANG="en"><FONT COLOR="#000000" SIZE=1 FACE="Arial">ISLDP - Corporate Information Security Office</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en"><FONT COLOR="#000000" SIZE=1 FACE="Arial">Lockheed Martin Enterprise Information Systems</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en"><FONT COLOR="#000000" SIZE=1 FACE="Arial">Phone: (407) 306-2908</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en"><FONT COLOR="#000000" SIZE=1 FACE="Arial">Cell: (407) 808-5757</FONT></SPAN><SPAN LANG="en-us"><B></B></SPAN><SPAN LANG="en-us"><B></B></SPAN><B><SPAN LANG="en"></SPAN></B></P>
<P ALIGN=LEFT><SPAN LANG="en-us"></SPAN></P>
</BODY>
</HTML>
--Boundary_(ID_NZx/+sDRMInFEheYk1wJ/w)--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5EgMib044980 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 06:42:22 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5EgMU8044979 for ietf-pkix-bks; Fri, 5 Dec 2003 06:42:22 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail4.it-norr.com (mail7.it-norr.com [80.244.64.43]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5EgHib044963 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 06:42:20 -0800 (PST) (envelope-from hnn@hansnilsson.se)
Message-Id: <200312051442.hB5EgHib044963@above.proper.com>
Received: from HANSTOSHIBA ([217.211.59.224]) by mail4.it-norr.com (IT-NORR Mail Cluster v2003) with ASMTP id DUA74354 for <ietf-pkix@imc.org>; Fri, 05 Dec 2003 15:42:13 +0100
From: "Hans Nilsson" <hnn@hansnilsson.se>
To: <ietf-pkix@imc.org>
Subject: RE: Certificate Policy Standardization
Date: Fri, 5 Dec 2003 15:42:09 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <200312051339.hB5Ddus06553@cs.auckland.ac.nz>
Thread-Index: AcO7O5Jk/K68r9dsSmGAto/YkAxYYQAATlWg
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Very funny, as usual, Peter. However, let me just spoil your joke a bit.
It's not THAT bad...
1. A well-written CP/CPS should include a description of its change process
and its distribution. Extract from RFC 3647:
9.12.1 Procedure for Amendment 8.1
------------------------------------------------------
9.12.2 Notification Mechanism
and Period 8.1
So if the original CP/CPS contains your description
> customers are expected to check by downloading it from an undocumented
> location in an LDAP directory on a server in a locked filing cabinet in
a
> disused lavatory in the cellar with a sign on the door saying "Beware of
the
> Leopard",
Well, they better beware of the certificates in the first place....
2. You also say:
> The reason why this is approach is used is that if you changed your OID
when
> your policy changes, you'd have to re-issue all your certs, which no-one
> wants to do.
Why re-issue?? Old certs with old policy-OID are still fine and valid, but
from now on the CA just issues new certs according to its new policy, with
new OID.
Hans Nilsson
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On
> Behalf Of Peter Gutmann
> Sent: Friday, December 05, 2003 2:40 PM
> To: anders.rundgren@telia.com; andreas.mitrakas@ubizen.com;
ietf-pkix@imc.org
> Subject: Re: Certificate Policy Standardization
>
>
> I wrote:
>
> >The feeling here was that a ToS-style policy might violate (at least NZ)
> >consumer protection legislation, however since a number of large
> >organisations relied on these types of agreements there would probably be
a
> >spirited defence of them in court and/or existing case law upholding
them.
>
> I've now checked this with a lawyer to see what the story is. Disclaimer:
Not
> legal advice, merely an informal chat, and since it's been filtered
through a
> non-lawyer (me) it's even less legally useful. Anyway, it pretty much
follows
> what I said earlier: It's a grey area (meaning that few have ever tried to
> challenge it so there's not much precedent), but widely used in many parts
of
> the world. For example when you sign up as an Oracle development partner
you
> get a short paper document to sign, and that refers you to a much longer
> online document that you're expected to check regularly ("say, once a
month,
> although no-one does"). This is probably the closest real-world analogy
to
> the cert policy extension and policy URL, and has presumably undergone
> intensive scrutiny by lawyers working for some fairly serious players on
both
> sides of the equation. The one thing you'd have to do (at least to keep a
NZ
> court happy) is notify users of changes, for example by sending them email
to
> tell them to check the online T&C (terms and conditions), although I
forgot to
> ask whether you could get away with a "Our T&C have changed", a "The
privacy
> section of our T&C has changed", or a full "These exact changes have been
made
> to our T&C". So my original comments:
>
> So what you do is define a policy OID that points to whatever the policy
is
> this week, and if you need to change anything you alter your policy,
which
> customers are expected to check by downloading it from an undocumented
> location in an LDAP directory on a server in a locked filing cabinet in
a
> disused lavatory in the cellar with a sign on the door saying "Beware of
the
> Leopard", as explained in section 43, subsection 18, clause 4(a).13,
> paragraph 227.a of said policy. The policy extension seems almost
designed
> for this use, it has provisions for specifying an OID and a means of
> pointing to the policy of the week, which is just what you need.
>
> The reason why this is approach is used is that if you changed your OID
when
> your policy changes, you'd have to re-issue all your certs, which no-one
> wants to do. So you define your policy to be a mutable object, push
> responsibility for checking for changes onto the user in the standard
> manner, and you're set.
>
> still stand, you just need to apply the appropriate amount of legal time
to
> get it set up in a satisfactory manner.
>
> Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5EIxib043638 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 06:18:59 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5EIxHL043637 for ietf-pkix-bks; Fri, 5 Dec 2003 06:18:59 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5EIvib043630 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 06:18:58 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id 8762A3405A; Sat, 6 Dec 2003 03:18:40 +1300 (NZDT)
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id hB5EIvU06718; Sat, 6 Dec 2003 03:18:57 +1300
Date: Sat, 6 Dec 2003 03:18:57 +1300
Message-Id: <200312051418.hB5EIvU06718@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: kent@bbn.com, pgut001@cs.auckland.ac.nz
Subject: Re: Certificate Policy Standardization
Cc: ietf-pkix@imc.org
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Stephen Kent <kent@bbn.com> writes:
>Citing the critique from the Counterpane analysis of Ipsec and IKE from 5
>years ago is a nice touch, but you should be aware that the non-IKE
>criticisms were largely refuted in messages on the IPsec list.
Well that's a marvellous strawman you've demolished there, but you still
haven't addressed the original point I made, which is that without a
rationale, without explanations of difficult-to-understand points, a complex
standard is in trouble. In fact you've pretty much agreed with my comments:
Unfortunately, the folks who performed the analysis were not protocol
experts. They made assertions of what was wrong and how it should be fixed,
and in most instances THEY were wrong.
Without a rationale and implementation notes to guide them, there was no way
they could understand the spec, so they ended up analysing something that was
different from whatever it was the spec was trying to describe. What was
refuted was the analysis of the way Bruce thought IPsec worked, not the fact
that the spec is confusing, ambiguous, and contradictory.
Your comments do however raise one question: If (as you say) the intent wasn't
to create an IPsec for dummies, who exactly is the target audience? It's not
the average person, it's not techies and sysadmins, it's not cryptographers,
it's not security researchers, just who *was* this written for anyway? Your
first message implied that the only people capable of understanding IPsec are
people who already understand IPsec before they start. So the target audience
for the IPsec spec is "Anyone who's spent the last 5-10 years on the IPsec
list"? What happens when an outsider has to implement IPsec? (Well, I think
that's obvious from real-world experience with IPsec deployment when 2 or more
different vendors are involved). Is everyone who needs a technical question
on IPsec answered expected to track down IPsec list members and ask them, like
I did recently when I needed an answer to a simple yes/no question? What
happens when the last person who was involved in the IPsec design process
retires and there's no-one left to ask about all the stuff the spec doesn't
tell you?
To get back to the original point about including explanations and
implementation guidance in specs, a spec is difficult now and downright
dangerous in the future when there's no-one left to explain all the bits the
authors never bothered writing down. Consider as a nice counterexample the
DNS SRV spec. It starts with the usual MUST/SHOULD/MAY stuff. All the
features are clearly explained (not just "It does X" but "It does X because
Y"). There's advice for administrators. There's pseudocode for certain
processes that people might find confusing. There's a complete worked example
(I cut & pasted it into a zone file for testing). You can implement it
straight out of the spec in about half an hour (OK, it's nowhere near as
complex as IPsec), and it works the first time. With every server I could
find (and that's definitely nothing like IPsec).
The reason why it did that is because the authors didn't start by deciding
"We're not going to write a DNS for dummies", but because they wrote a spec
for implementors and users, which is why anyone can pick it up and write a
fully functional, interoperable DNS SRV implementation from it. Can you do
that with IPsec, or PKIX?
Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5De0ib041888 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 05:40:00 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5De00U041887 for ietf-pkix-bks; Fri, 5 Dec 2003 05:40:00 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Ddvib041879 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 05:39:58 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id 2FE713405A; Sat, 6 Dec 2003 02:39:40 +1300 (NZDT)
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id hB5Ddus06553; Sat, 6 Dec 2003 02:39:56 +1300
Date: Sat, 6 Dec 2003 02:39:56 +1300
Message-Id: <200312051339.hB5Ddus06553@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: anders.rundgren@telia.com, andreas.mitrakas@ubizen.com, ietf-pkix@imc.org
Subject: Re: Certificate Policy Standardization
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I wrote:
>The feeling here was that a ToS-style policy might violate (at least NZ)
>consumer protection legislation, however since a number of large
>organisations relied on these types of agreements there would probably be a
>spirited defence of them in court and/or existing case law upholding them.
I've now checked this with a lawyer to see what the story is. Disclaimer: Not
legal advice, merely an informal chat, and since it's been filtered through a
non-lawyer (me) it's even less legally useful. Anyway, it pretty much follows
what I said earlier: It's a grey area (meaning that few have ever tried to
challenge it so there's not much precedent), but widely used in many parts of
the world. For example when you sign up as an Oracle development partner you
get a short paper document to sign, and that refers you to a much longer
online document that you're expected to check regularly ("say, once a month,
although no-one does"). This is probably the closest real-world analogy to
the cert policy extension and policy URL, and has presumably undergone
intensive scrutiny by lawyers working for some fairly serious players on both
sides of the equation. The one thing you'd have to do (at least to keep a NZ
court happy) is notify users of changes, for example by sending them email to
tell them to check the online T&C (terms and conditions), although I forgot to
ask whether you could get away with a "Our T&C have changed", a "The privacy
section of our T&C has changed", or a full "These exact changes have been made
to our T&C". So my original comments:
So what you do is define a policy OID that points to whatever the policy is
this week, and if you need to change anything you alter your policy, which
customers are expected to check by downloading it from an undocumented
location in an LDAP directory on a server in a locked filing cabinet in a
disused lavatory in the cellar with a sign on the door saying "Beware of the
Leopard", as explained in section 43, subsection 18, clause 4(a).13,
paragraph 227.a of said policy. The policy extension seems almost designed
for this use, it has provisions for specifying an OID and a means of
pointing to the policy of the week, which is just what you need.
The reason why this is approach is used is that if you changed your OID when
your policy changes, you'd have to re-issue all your certs, which no-one
wants to do. So you define your policy to be a mutable object, push
responsibility for checking for changes onto the user in the standard
manner, and you're set.
still stand, you just need to apply the appropriate amount of legal time to
get it set up in a satisfactory manner.
Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Chlib038856 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 04:43:47 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5ChlLg038855 for ietf-pkix-bks; Fri, 5 Dec 2003 04:43:47 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from rhenium.btinternet.com (rhenium.btinternet.com [194.73.73.93]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5Chkib038848 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 04:43:46 -0800 (PST) (envelope-from liaquat.khan@ascertia.com)
Received: from host213-122-69-45.in-addr.btopenworld.com ([213.122.69.45] helo=LiaquatDELL) by rhenium.btinternet.com with esmtp (Exim 3.22 #25) id 1ASFJ4-0001av-00; Fri, 05 Dec 2003 12:43:39 +0000
Reply-To: <liaquat.khan@ascertia.com>
From: "Liaquat Khan" <liaquat.khan@ascertia.com>
To: "'David Engberg'" <dave@corestreet.com>
Cc: "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 12:43:27 -0000
Message-ID: <003501c3bb2d$65ca8740$e8a47ad5@LiaquatDELL>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <3FD076D9.9080802@corestreet.com>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
It's interesting what you say about "one-size-fits-all". My view is you
have to look at things from the RPs point of view, i.e. as a relying
party, I only care what's best for me. Therefore either nonces are
important to me or they are not (I don't particularly care whether OCSP
responder's support them or not).
Therefore from a RP perspective a single security policy is probably
want you do want. Also from a security perspective, you don't want to
make special cases unless you think that communication between that
particular server is secure against such threats and hence the
protection is not required.
I think it is sufficient to make OCSP clients configurable on whether to
include a nonce or not (since the protocol already identifies it as an
optional item) and then leave it up the local administrator to define
what suits them according to their local security policy. I should add
though that if you include a nonce in the request you MUST reject a
response if it doesn't include a nonce (or a correct one).
Regards,
LK
-----Original Message-----
From: David Engberg [mailto:dave@corestreet.com]
Sent: 05 December 2003 12:15
To: liaquat.khan@ascertia.com
Cc: 'Ryan M. Hurst'; 'Florian Oelmaier'; ietf-pkix@imc.org
Subject: Re: DISCUSS: MUST reject in OCSPv1
I agree that this is not a current problem that many people are seeing,
because current OCSP use is primarily limited to small "internal"
deployments where a one-size-fits-all security policy isn't an issue.
If I'm only ever hitting one OCSP responder, a "require nonces from all
servers" policy may be fine.
On the other hand, when people start using OCSP for real-world
interoperability, the nonce-related options in all existing clients will
likely be too limited. For example, if ACME Amalgamated installs CAPI
clients for its internal PKI users that are configured to "require
nonces from every server," this client will immediately act up when apps
try to verify SSL certs from Verisign if Verisign were to deploy a
cache-based infrastructure.
Without a spec refinement to handle the broader interopability case,
most people will probably just turn off nonce support across the board
rather than trying to reconcile their internal PKI with external ones
that they interoperate with. Since I think nonces are actually negative
for security on balance, I'm fine with this result, but I don't think
this is the desired goal of everyone involved.
Liaquat Khan wrote:
>The situation "we would like to have nonces in OCSP requests as
default,
>but if the server legitimately doesn't support nonces we are happy to
>forgo nonces or we will generate a fresh request without a nonce" is
not
>that common in my opinion. If such a case does exist, local policy
will
>probably be also happy to choose to not include a nonce in the OCSP
>request message in the first place.
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5CFHib037259 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 04:15:17 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5CFHxa037258 for ietf-pkix-bks; Fri, 5 Dec 2003 04:15:17 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5CFGib037249 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 04:15:17 -0800 (PST) (envelope-from dave@corestreet.com)
Received: from localhost (h005008001124.ne.client2.attbi.com[66.31.43.88]) by comcast.net (sccrmhc13) with ESMTP id <20031205121511016001hdfme>; Fri, 5 Dec 2003 12:15:12 +0000
Received: from 138.sub-166-156-174.myvzw.com ([166.156.174.138] helo=corestreet.com) by localhost with asmtp (Exim 3.35 #1 (Debian)) id 1ASEtg-0000h2-00; Fri, 05 Dec 2003 07:17:25 -0500
Message-ID: <3FD076D9.9080802@corestreet.com>
Date: Fri, 05 Dec 2003 07:15:21 -0500
From: David Engberg <dave@corestreet.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: liaquat.khan@ascertia.com
CC: "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, ietf-pkix@imc.org
Subject: Re: DISCUSS: MUST reject in OCSPv1
References: <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL>
In-Reply-To: <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I agree that this is not a current problem that many people are seeing,
because current OCSP use is primarily limited to small "internal"
deployments where a one-size-fits-all security policy isn't an issue.
If I'm only ever hitting one OCSP responder, a "require nonces from all
servers" policy may be fine.
On the other hand, when people start using OCSP for real-world
interoperability, the nonce-related options in all existing clients will
likely be too limited. For example, if ACME Amalgamated installs CAPI
clients for its internal PKI users that are configured to "require
nonces from every server," this client will immediately act up when apps
try to verify SSL certs from Verisign if Verisign were to deploy a
cache-based infrastructure.
Without a spec refinement to handle the broader interopability case,
most people will probably just turn off nonce support across the board
rather than trying to reconcile their internal PKI with external ones
that they interoperate with. Since I think nonces are actually negative
for security on balance, I'm fine with this result, but I don't think
this is the desired goal of everyone involved.
Liaquat Khan wrote:
>The situation "we would like to have nonces in OCSP requests as default,
>but if the server legitimately doesn't support nonces we are happy to
>forgo nonces or we will generate a fresh request without a nonce" is not
>that common in my opinion. If such a case does exist, local policy will
>probably be also happy to choose to not include a nonce in the OCSP
>request message in the first place.
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB5AUUib031179 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 02:30:30 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB5AUUHn031178 for ietf-pkix-bks; Fri, 5 Dec 2003 02:30:30 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from www16.your-server.de (IDENT:qmailr@www16.your-server.de [213.133.104.16]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB5AURib031171 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 02:30:28 -0800 (PST) (envelope-from oelmaier@sytrust.com)
Received: (qmail 8214 invoked by uid 1649); 5 Dec 2003 10:30:22 -0000
Date: 5 Dec 2003 10:30:22 -0000
Message-ID: <20031205103022.8213.qmail@www16.your-server.de>
From: "Florian Oelmaier" <oelmaier@sytrust.com>
To: ietf-pkix@imc.org
CC: "'David Engberg'" <dave@corestreet.com>, <liaquat.khan@ascertia.com>, "'Ryan M. Hurst'" <rmh@windows.microsoft.com>
Subject: RE: DISCUSS: MUST reject in OCSPv1
References: <>
In-Reply-To: <>
X-Mailer: oMail 0.98.2 - http://webmail.omnis.ch
X-IPAddress: 195.212.95.41
X-Sender: oelmaier@sytrust.de
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> I am concerned with the idea of making any change to the standard that
> "changes the 5 year old protocol".
I wholeheartly welcome the clarification and the change Russ proposed - but I am also concerned with interoperability issues.
Maybe we can keep the "old" nonce as it is and specify a new extension id for the new nonce? Then we can clarify that the "old" nonce is deprecated and that clients and servers should use the "new" nonce behaviour.
This way we can clarify the situation and simultaneous maintain compatibility.
--
Florian Oelmaier
SyTrust
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB59CNib015014 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 01:12:23 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB59CMfO015010 for ietf-pkix-bks; Fri, 5 Dec 2003 01:12:22 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB59CDib014924 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 01:12:14 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id 30F7034014; Fri, 5 Dec 2003 22:11:56 +1300 (NZDT)
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id hB59CA205534; Fri, 5 Dec 2003 22:12:10 +1300
Date: Fri, 5 Dec 2003 22:12:10 +1300
Message-Id: <200312050912.hB59CA205534@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: dsolo@alum.mit.edu, kent@bbn.com, rhousley@rsasecurity.com, shimaoka@secom.ne.jp, tim.polk@nist.gov, wford@verisign.com
Subject: Re: DN Encoding by UTF8String
Cc: ietf-pkix@imc.org
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Masaki SHIMAOKA <shimaoka@secom.ne.jp> writes:
>Of course, when the UTF8String problem solves, all certificates issuedMUST
>use UTF8String encoding.
I was actually going to save this for 1/1/04 (since I get to ask it before
anyone else does), but as a follow-up to the above I may as well ask it now:
How many CAs are actually going to switch their certs to UTF8 next month?
Anyone?
Peter.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB58LCib097630 for <ietf-pkix-bks@above.proper.com>; Fri, 5 Dec 2003 00:21:12 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB58LCFO097629 for ietf-pkix-bks; Fri, 5 Dec 2003 00:21:12 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from zinc.btinternet.com (zinc.btinternet.com [194.73.73.148]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB58LBib097612 for <ietf-pkix@imc.org>; Fri, 5 Dec 2003 00:21:11 -0800 (PST) (envelope-from liaquat.khan@ascertia.com)
Received: from host213-122-164-232.in-addr.btopenworld.com ([213.122.164.232] helo=LiaquatDELL) by zinc.btinternet.com with esmtp (Exim 3.22 #25) id 1ASBD0-0003IB-00; Fri, 05 Dec 2003 08:21:07 +0000
Reply-To: <liaquat.khan@ascertia.com>
From: "Liaquat Khan" <liaquat.khan@ascertia.com>
To: "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, "'David Engberg'" <dave@corestreet.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 08:20:53 -0000
Message-ID: <001701c3bb08$b7923250$e8a47ad5@LiaquatDELL>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Ooops...in 4th paragraph below, I meant to say "outgoing requests"
instead of "outgoing responses".
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Liaquat Khan
Sent: 05 December 2003 06:55
To: 'Ryan M. Hurst'; 'Florian Oelmaier'; 'David Engberg';
ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Ryan,
We also agree with your viewpoint, particular the point about a nonce
being a matter for local client policy.
In the various OCSP clients we have, the option of whether to include
nonce or not in the request message is left to local policy (i.e. the
administrator can configure whether or not nonce is included in the
request message).
If the administrator decides nonces are necessary (to prevent replays)
then he/she will select these and our OCSP clients will include these in
the requests. Now if an OCSP response is received back without a nonce
it will be rejected by our OCSP clients.
On the other hand, if the administrator feels nonces are not required
(to allow for cached responses) then he/she will not select to include
one in outgoing responses.
The situation "we would like to have nonces in OCSP requests as default,
but if the server legitimately doesn't support nonces we are happy to
forgo nonces or we will generate a fresh request without a nonce" is not
that common in my opinion. If such a case does exist, local policy will
probably be also happy to choose to not include a nonce in the OCSP
request message in the first place.
Regards,
Liaquat
Ascertia Limited, Orchard Building, Royal Holloway, Egham, Surrey, TW20
OEX
tel: +44(0)1784 497 321, fax: +44(0)1784 497301, mobile: +44 (0)7776
308766
website: www.ascertia.com
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Ryan M. Hurst
Sent: 05 December 2003 01:41
To: Florian Oelmaier; David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
I am concerned with the idea of making any change to the standard that
"changes the 5 year old protocol".
This is particularly true since I don't see anyone on the list saying
this NonceUnsupported is needed, just that they would accept it.
I still think what is done with the nonce is a matter of local (client)
policy, and that if replay protection is desired responses not
containing the requested nonce MUST be rejected.
But since I appear to be odd man out on this, I would rather see us fall
back to Russ's original recommendation of MUST reject than break a 5
year old standard.
Ryan
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Florian Oelmaier
Sent: Thursday, December 04, 2003 1:47 AM
To: David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
> I like the elegance of Russ and Florian's ideas for securely
signalling
> that a server doesn't support nonces by using a special value for the
> nonce in replies. This seems like the "right" place to put this
message
> to the client.
Just for the record: I think you are referring to our server-generated
nonces when you talk about "Florian's idea". And while Russel is
signalling "NonceUnsupported" with a special nonce-value, we are
singalling "NonceSupported" with the inclusion of a nonce into every
request (mirrored from the request or server-generated). Thus we are not
subject to the attack you mention, as this does not need any additional
code in any existing client.
Russ proposal is a change in the protocol. Thus we need to update all
the clients and servers out there. Seeing that the proposed change is
needed and recognizing it as a good solution, I would accept this.
--
Florian Oelmaier
SyTrust
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB578Nib075353 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 23:08:23 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB578NMv075352 for ietf-pkix-bks; Thu, 4 Dec 2003 23:08:23 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from iscan01.secomtrust.net (iscan01.secomtrust.net [61.114.177.102]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB578Kib075332 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 23:08:21 -0800 (PST) (envelope-from shimaoka@secom.ne.jp)
Received: (qmail 29813 invoked by alias); 5 Dec 2003 07:08:22 -0000
Delivered-To: alias-map-ietf-pkix@imc.org@MAP
Received: (qmail 29789 invoked by alias); 5 Dec 2003 07:08:21 -0000
Received: from localhost (HELO mail.secomtrust.net) (127.0.0.1) by localhost with SMTP; 5 Dec 2003 07:08:21 -0000
Received: (qmail 21660 invoked from network); 5 Dec 2003 07:08:20 -0000
Received: from unknown (HELO ?172.30.5.54?) (172.30.5.54) by mail with SMTP; 5 Dec 2003 07:08:20 -0000
Date: Fri, 05 Dec 2003 16:09:10 +0900
From: Masaki SHIMAOKA <shimaoka@secom.ne.jp>
To: Tim Polk <tim.polk@nist.gov>, Stephen Kent <kent@bbn.com>, rhousley@rsasecurity.com, wford@verisign.com, dsolo@alum.mit.edu
Subject: DN Encoding by UTF8String
Cc: IETF-PKIX <ietf-pkix@imc.org>
Message-Id: <20031205143116.4AFF.SHIMAOKA@secom.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.06.02
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Dear Authors and WG Chairs,
RFC3280 mentioned that "all certificates issued after Dec 31, 2003 MUST
use UTF8String encoding".
However, it seems that some applications do not yet support UTF8String
respectably and the detail of name comparison rule does not consider
UTF8String sufficiently.
Therefore, existing CAs using except UTF8String for DN encoding SHOULD
do the following actions until solving these UTF8String problem.
An encoding for issuer field of the certificates issued after 2004
SHOULD be same as an encoding for subject field of CA certificate
already issued.
Is this correct?
Of course, when the UTF8String problem solves, all certificates
issuedMUST use UTF8String encoding.
I worry that some confused CAs issue wrong certificates using UTF8String
encoding forcibly, even though the CA had used another encoding till now.
Best regards,
-----
Masaki SHIMAOKA
SECOM Trust.net
System Engineering Dpt.
Tel: +81 422 91 8498 (ext.3605)
Fax: +81 422 45 0536
e-mail: shimaoka@secom.ne.jp
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB56t4ib069094 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 22:55:04 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB56t4ht069093 for ietf-pkix-bks; Thu, 4 Dec 2003 22:55:04 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB56t3ib069044 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 22:55:03 -0800 (PST) (envelope-from liaquat.khan@ascertia.com)
Received: from host213-122-164-232.in-addr.btopenworld.com ([213.122.164.232] helo=LiaquatDELL) by gadolinium.btinternet.com with esmtp (Exim 3.22 #25) id 1AS9rd-0005hC-00; Fri, 05 Dec 2003 06:54:58 +0000
Reply-To: <liaquat.khan@ascertia.com>
From: "Liaquat Khan" <liaquat.khan@ascertia.com>
To: "'Ryan M. Hurst'" <rmh@windows.microsoft.com>, "'Florian Oelmaier'" <oelmaier@sytrust.com>, "'David Engberg'" <dave@corestreet.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Fri, 5 Dec 2003 06:54:43 -0000
Message-ID: <000c01c3bafc$ae734260$e8a47ad5@LiaquatDELL>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <DDE1793D7266AD488BB4F5E8D38EACB8041BBEA0@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Ryan,
We also agree with your viewpoint, particular the point about a nonce
being a matter for local client policy.
In the various OCSP clients we have, the option of whether to include
nonce or not in the request message is left to local policy (i.e. the
administrator can configure whether or not nonce is included in the
request message).
If the administrator decides nonces are necessary (to prevent replays)
then he/she will select these and our OCSP clients will include these in
the requests. Now if an OCSP response is received back without a nonce
it will be rejected by our OCSP clients.
On the other hand, if the administrator feels nonces are not required
(to allow for cached responses) then he/she will not select to include
one in outgoing responses.
The situation "we would like to have nonces in OCSP requests as default,
but if the server legitimately doesn't support nonces we are happy to
forgo nonces or we will generate a fresh request without a nonce" is not
that common in my opinion. If such a case does exist, local policy will
probably be also happy to choose to not include a nonce in the OCSP
request message in the first place.
Regards,
Liaquat
Ascertia Limited, Orchard Building, Royal Holloway, Egham, Surrey, TW20
OEX
tel: +44(0)1784 497 321, fax: +44(0)1784 497301, mobile: +44 (0)7776
308766
website: www.ascertia.com
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Ryan M. Hurst
Sent: 05 December 2003 01:41
To: Florian Oelmaier; David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
I am concerned with the idea of making any change to the standard that
"changes the 5 year old protocol".
This is particularly true since I don't see anyone on the list saying
this NonceUnsupported is needed, just that they would accept it.
I still think what is done with the nonce is a matter of local (client)
policy, and that if replay protection is desired responses not
containing the requested nonce MUST be rejected.
But since I appear to be odd man out on this, I would rather see us fall
back to Russ's original recommendation of MUST reject than break a 5
year old standard.
Ryan
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Florian Oelmaier
Sent: Thursday, December 04, 2003 1:47 AM
To: David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
> I like the elegance of Russ and Florian's ideas for securely
signalling
> that a server doesn't support nonces by using a special value for the
> nonce in replies. This seems like the "right" place to put this
message
> to the client.
Just for the record: I think you are referring to our server-generated
nonces when you talk about "Florian's idea". And while Russel is
signalling "NonceUnsupported" with a special nonce-value, we are
singalling "NonceSupported" with the inclusion of a nonce into every
request (mirrored from the request or server-generated). Thus we are not
subject to the attack you mention, as this does not need any additional
code in any existing client.
Russ proposal is a change in the protocol. Thus we need to update all
the clients and servers out there. Seeing that the proposed change is
needed and recognizing it as a good solution, I would accept this.
--
Florian Oelmaier
SyTrust
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB51f8ib036551 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 17:41:08 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB51f8Wi036550 for ietf-pkix-bks; Thu, 4 Dec 2003 17:41:08 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail3.microsoft.com (mail3.microsoft.com [131.107.3.123]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB51f4ib036500 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 17:41:04 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from INET-VRS-03.redmond.corp.microsoft.com ([157.54.5.27]) by mail3.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Thu, 4 Dec 2003 17:40:56 -0800
Received: from 157.54.6.197 by INET-VRS-03.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Thu, 04 Dec 2003 17:41:07 -0800
Received: from red-imc-01.redmond.corp.microsoft.com ([157.54.9.102]) by INET-HUB-06.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Thu, 4 Dec 2003 17:41:01 -0800
Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by red-imc-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Thu, 4 Dec 2003 17:40:51 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Thu, 4 Dec 2003 17:41:00 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.7122.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Thu, 4 Dec 2003 17:40:57 -0800
Message-ID: <DDE1793D7266AD488BB4F5E8D38EACB8041BBEA0@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: DISCUSS: MUST reject in OCSPv1
thread-index: AcO6XCvOonbEzH19QoSp25QLwIWKcwAdCBMQ
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
To: "Florian Oelmaier" <oelmaier@sytrust.com>, "David Engberg" <dave@corestreet.com>, <ietf-pkix@imc.org>
X-OriginalArrivalTime: 05 Dec 2003 01:41:00.0038 (UTC) FILETIME=[D5DB2A60:01C3BAD0]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB51f4ib036544
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I am concerned with the idea of making any change to the standard that
"changes the 5 year old protocol".
This is particularly true since I don't see anyone on the list saying
this NonceUnsupported is needed, just that they would accept it.
I still think what is done with the nonce is a matter of local (client)
policy, and that if replay protection is desired responses not
containing the requested nonce MUST be rejected.
But since I appear to be odd man out on this, I would rather see us fall
back to Russ's original recommendation of MUST reject than break a 5
year old standard.
Ryan
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Florian Oelmaier
Sent: Thursday, December 04, 2003 1:47 AM
To: David Engberg; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
> I like the elegance of Russ and Florian's ideas for securely
signalling
> that a server doesn't support nonces by using a special value for the
> nonce in replies. This seems like the "right" place to put this
message
> to the client.
Just for the record: I think you are referring to our server-generated
nonces when you talk about "Florian's idea". And while Russel is
signalling "NonceUnsupported" with a special nonce-value, we are
singalling "NonceSupported" with the inclusion of a nonce into every
request (mirrored from the request or server-generated). Thus we are not
subject to the attack you mention, as this does not need any additional
code in any existing client.
Russ proposal is a change in the protocol. Thus we need to update all
the clients and servers out there. Seeing that the proposed change is
needed and recognizing it as a good solution, I would accept this.
--
Florian Oelmaier
SyTrust
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4MoZib030094 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 14:50:35 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB4MoZf6030093 for ietf-pkix-bks; Thu, 4 Dec 2003 14:50:35 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4MoYib030088 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 14:50:34 -0800 (PST) (envelope-from mnystrom@rsasecurity.com)
Received: from ebola.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with ESMTP; Thu, 4 Dec 2003 17:50:36 -0500
Received: from sdtihq24.securid.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id hB4MoV1i013486 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 17:50:31 -0500 (EST)
Received: from exna00.securitydynamics.com (exna00.securitydynamics.com [10.100.8.217]) by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id hB4MoOsj019616 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 17:50:34 -0500 (EST)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2657.72) id <W335KLQY>; Thu, 4 Dec 2003 17:50:12 -0500
Received: from mnystrom-lap ([10.100.100.5]) by exrsa01.rsa.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id W4Q49A59; Thu, 4 Dec 2003 14:50:17 -0800
From: "Nystrom, Magnus" <mnystrom@rsasecurity.com>
Reply-To: "Nystrom, Magnus" <magnus@rsasecurity.com>
To: ietf-pkix@imc.org
Date: Thu, 4 Dec 2003 17:50:05 -0500 (Eastern Standard Time)
Subject: RE: DISCUSS: MUST reject in OCSPv1
Message-ID: <Pine.WNT.4.58.0312041747260.2572@mnystrom-lap>
X-X-Sender: mnystrom@exrsa01.rsa.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Russ wrote:
[...]
> Rather than defining a new extension, called nonceUnsupported, you have
> the opportunity to specify a syntax to go with this OID that does the
> same thing. Something like:
>
> OCSPNonce ::= CHOICE {
> nonceValue OCTET STRING,
> unsupported NULL }
Unfortunately, this would break compatibility with clients supporting RFC
3546 (see Section 3.6 in that document).
-- Magnus
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4KeUib022679 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 12:40:30 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB4KeUXq022678 for ietf-pkix-bks; Thu, 4 Dec 2003 12:40:30 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4KeRib022672 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 12:40:28 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA13562; Thu, 4 Dec 2003 15:40:14 -0500 (EST)
Message-Id: <200312042040.PAA13562@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-acpolicies-extn-05.txt
Date: Thu, 04 Dec 2003 15:40:13 -0500
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : Attribute Certificate Policies extension
Author(s) : C. Francis, D. Pinkas
Filename : draft-ietf-pkix-acpolicies-extn-05.txt
Pages : 10
Date : 2003-12-4
This document describes one certificate extension to explicitly
state the Attribute Certificate (AC) policies that apply to a given
Attribute Certificate. The goal of this document is to allow relying
parties to perform an additional test when validating an AC, i.e. to
assess whether a given AC carrying some attributes can be accepted on
the basis of references to one or more specific AC policies.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-acpolicies-extn-05.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-pkix-acpolicies-extn-05.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-pkix-acpolicies-extn-05.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <2003-12-4154943.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-acpolicies-extn-05.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-pkix-acpolicies-extn-05.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <2003-12-4154943.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4K8cib020838 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 12:08:38 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB4K8cql020837 for ietf-pkix-bks; Thu, 4 Dec 2003 12:08:38 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4K8aib020830 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 12:08:37 -0800 (PST) (envelope-from Denis.Pinkas@bull.net)
Received: from clbull.frcl.bull.fr (IDENT:root@clbull.frcl.bull.fr [129.182.8.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id VAA16644 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 21:15:25 +0100
Received: from bull.net (frclint79.bull.fr [129.181.81.79]) by clbull.frcl.bull.fr (8.9.3/8.9.3) with ESMTP id VAA30540 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 21:03:57 +0100
Message-ID: <3FCF9432.2000000@bull.net>
Date: Thu, 04 Dec 2003 21:08:18 +0100
From: Denis Pinkas <Denis.Pinkas@bull.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: RFC3039bis last call ?
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I probably missed the e-mail about an RFC3039bis last call, but since it
is mentioned in the WG minutes that there will be a last call. In case
it is already going, I would like to reiterate that the concerns I
raised before the Minneapolis meeting are still valid.
In particular, I would like to reinsist on two points:
RFC3039 states in the abstract:
This document forms a certificate profile for Qualified Certificates,
based on RFC 2459, for use in the Internet. The term Qualified
Certificate is used to describe a certificate with a certain
qualified status within applicable governing law.
RFC3039bis states in the abstract:
This document forms a certificate profile, based on RFC 3280, for
identity certificates issued to physical persons.
It is clear from the abstract that the topic of the two documents are
different and that the new draft should be renamed: Identity
Certificates Profile.
As a consequence, this new draft is NOT a replacement for RFC 3039. One
argument has been that ETSI needed changes to RFC 3039. There is not
such a requirement from ETSI.
Another major issue is that RFC3039bis states:
Key usage settings SHALL be set in accordance with RFC 3280 definitions.
We know that the key usage bit section of RFC 3280 is going to be
changed. However we still don't know what will be the new text.
Discussions are going on within ISO SC6 both to redefine bit 0 in terms
of the security services it may support (instead of saying all security
services except one security service), and to rename bit 1. This means
that referencing RFC 3280 is fine, except for the section on the key
usage bits.
Qualified Certificates are to be used when a signer wants to commit to
the content of a document, not when a signer wants to authenticate. As
it is, the new draft would create confusion.
Denis
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4GUgib010629 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 08:30:42 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB4GUgGM010628 for ietf-pkix-bks; Thu, 4 Dec 2003 08:30:42 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB4GUfib010623 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 08:30:41 -0800 (PST) (envelope-from housley@vigilsec.com)
Received: (qmail 15157 invoked by uid 0); 4 Dec 2003 16:30:17 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (141.156.168.12) by woodstock.binhost.com with SMTP; 4 Dec 2003 16:30:17 -0000
Message-Id: <5.2.0.9.2.20031204112238.0419bdf8@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Thu, 04 Dec 2003 11:24:28 -0500
To: "Manger, James H" <James.H.Manger@team.telstra.com>, <ietf-pkix@imc.org>
From: Russ Housley <housley@vigilsec.com>
Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
In-Reply-To: <73388857A695D31197EF00508B08F29806EE19AC@ntmsg0131.corpmai l.telstra.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
James:
I used the SNACC compliler (with the DigitalNet enhancements).
I changed the nullOcetString line to:
nullOctetString OCTET STRING (SIZE (0)) ::= ''H
And, it compiler fine too. Based on your research, I assume that SNACC is
being forgiving in this situation. We will change it in the next version
of the Internet Draft.
Russ
At 11:18 AM 12/4/2003 +1000, Manger, James H wrote:
>Russ,
>
>I still think I am right. Does your compiler compile complex values, or
>just types?
>
>Very early versions of ASN.1 (X.208 1998/1990?) may have allowed the
>identifier (field name) to be omitted, but subsequent versions (X.680
>1994/...) corrected this to avoid ambiguities. Perhaps you have a lenient
>compiler (nice sometimes, but not when writing standards).
>
>Much of draft-ietf-pkix-rsa-pkalgs-01.txt is based on PKCS #1 v2.1 where
>the ASN.1 is correct: it includes identifiers & type name and there are no
>squiggly brackets {} around octet string values.
>
>
>Extracts from sections 24.17, 16.13, 22.3 & 11.12.1 of X.680 ASN.1 (2002):
>
> SequenceValue ::=
> "{" ComponentValueList "}"
> | "{" "}"
>
> ComponentValueList ::=
> NamedValue
> | ComponentValueList "," NamedValue
>
> NamedValue = identifier Value
>
> NOTE- The "identifier" is part of the notation,
> it does not form part of the value itself.
> It is used to unambiguously refer to the components
> of a set type, sequence type or choice type.
>
> OctetStringValue ::=
> bstring
> | hstring
> | CONTAINING Value
>
> .. "hstring" ..
> EXAMPLE- 'AB0196'H
>
>
>Extracts from sections D.2 of X.681 ASN.1 Information object spec (2002):
>
> ExampleType ::= SEQUENCE {
> openTypeComponent1 EXAMPLE-CLASS.&TypeField,
> integerComponent1 EXAMPLE-CLASS.&fixedTypeValueField,
> openTypeComponent2 EXAMPLE-CLASS.&variableTypeValueField,
> integerComponent2 EXAMPLE-CLASS.&FixedTypeValueSetField,
> openTypeComponent3 EXAMPLE-CLASS.&VariableTypeValueSetField
> }
> exampleValue ExampleType ::= {
> openTypeComponent1 BOOLEAN : TRUE,
> integerComponent1 123,
> openTypeComponent2 IA5String : "abcdef",
> integerComponent2 456,
> openTypeComponent3 BIT STRING : '0101010101'B
> }
>
>
>-----Original Message-----
>From: Russ Housley [mailto:housley@vigilsec.com]
>Sent: Thursday, 4 December 2003 6:05 AM
>To: Manger, James H; ietf-pkix@imc.org
>Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1
>typos
>
>
>James:
>
>After changing:
> sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 XX }
>to:
> sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
>
>The module compiles fine for me.
>
>Russ
>
>At 09:54 AM 12/3/2003 +1000, Manger, James H wrote:
>
> >The ASN.1 module in draft-ietf-pkix-rsa-pkalgs-01.txt has some typos.
> >
> >1.
> >When specifying ASN.1 values the field names must be included. When
> >specifying open type values the type must be specified. For instance:
> >
> >WRONG:
> > sha1Identifier AlgorithmIdentifier ::=
> > { id-sha1, NULL }
> >
> >RIGHT:
> > sha1Identifier AlgorithmIdentifier ::=
> > { algorithm id-sha1, parameters NULL:NULL }
> >
> >These errors affect all 31 values of the following types:
> >AlgorithmIdentifier, RSASSA-PSS-params & RSAES-OAEP-params.
> >
> >
> >2.
> >In section 4.1 and in the ASN.1 module:
> >WRONG: nullOctetString OCTET STRING (SIZE (0)) ::= { ''H }
> >RIGHT: nullOctetString OCTET STRING (SIZE (0)) ::= ''H
> >
> >----------
> >From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]
> >Sent: Wednesday, 3 December 2003 7:36 AM
> >
> > Title : Additional Algorithms and Identifiers for RSA
> > Cryptography for use in the Internet X.509
> > Public Key Infrastructure Certificate and
> > Certificate Revocation List (CRL) Profile
> > Author(s) : R. Housley, B. Kaliski
> > Filename : draft-ietf-pkix-rsa-pkalgs-01.txt
> > Pages : 22
> > Date : 2003-12-2
> >
> >This document supplements RFC 3279. It describes the conventions for
> >using the RSASSA-PSS signature algorithm, the RSAES-OAEP key transport
> >algorithm, and additional one-way hash functions with the PKCS #1 version
> >1.5 signature algorithm in the Internet X.509 Public Key Infrastructure
> >(PKI). Encoding formats, algorithm identifiers, and parameter formats are
> >specified.
> >
> >http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4EJPib003959 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 06:19:25 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB4EJPmw003958 for ietf-pkix-bks; Thu, 4 Dec 2003 06:19:25 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from www16.your-server.de (IDENT:qmailr@www16.your-server.de [213.133.104.16]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB4EJNib003950 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 06:19:23 -0800 (PST) (envelope-from oelmaier@sytrust.com)
Received: (qmail 13855 invoked by uid 1649); 4 Dec 2003 14:19:23 -0000
Date: 4 Dec 2003 14:19:23 -0000
Message-ID: <20031204141923.13854.qmail@www16.your-server.de>
From: "Florian Oelmaier" <oelmaier@sytrust.com>
To: ietf-pkix@imc.org
CC: David Engberg <dave@corestreet.com>
Subject: Re: DISCUSS: MUST reject in OCSPv1
References: <>
In-Reply-To: <>
X-Mailer: oMail 0.98.2 - http://webmail.omnis.ch
X-IPAddress: 195.212.95.41
X-Sender: oelmaier@sytrust.de
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> Florian -
>
> Sorry, my misunderstanding. I think that your strategy is also good if
> both the client and server implement it, but it sounds like your clients
> would have the same backward-compatibility problem if talking to someone
> else's old servers. I.e. an attacker could send a nonceless request to
> an old existing server and record the nonceless response, and then
> replay that to your client to make you think that that server is
> securely signalling that it doesn't support nonces.
/agree. Thats completely correct.
The difference is that our strategy does not require new clients as it does not require anything "new" on the client side. But you are right, if a client talks to an "old" server the attack described is as feasible as with Russ´ proposal. Only "new" servers can prevent this type of attack in both proposals. My bad, sorry.
--
Florian Oelmaier
SyTrust
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4DPWib001005 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 05:25:32 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB4DPWHg001004 for ietf-pkix-bks; Thu, 4 Dec 2003 05:25:32 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp10.atl.mindspring.net (smtp10.atl.mindspring.net [207.69.200.246]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4DPUib000993 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 05:25:30 -0800 (PST) (envelope-from phil.griffin@asn-1.com)
Received: from user-10lfcae.cable.mindspring.com ([65.87.177.78] helo=asn-1.com) by smtp10.atl.mindspring.net with esmtp (Exim 3.33 #1) id 1ARtTx-00032Z-00 for ietf-pkix@imc.org; Thu, 04 Dec 2003 08:25:25 -0500
Message-ID: <3FCF35CA.8020607@asn-1.com>
Date: Thu, 04 Dec 2003 08:25:30 -0500
From: "Phillip H. Griffin" <phil.griffin@asn-1.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 (VAUSSU03)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
References: <73388857A695D31197EF00508B08F29806EE19AC@ntmsg0131.corpmail.telstra.com.au>
Content-Type: multipart/alternative; boundary="------------080700000904010202030503"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--------------080700000904010202030503
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X.208 and X.209 are no longer merely deprecated. They have been
withdrawn as international standards since last year. From
http://www.itu.int/ITU-T/studygroups/com17/changing-ASN/migration.html
"The term ASN.1:1988/1990 notation is used to refer to that ASN.1
notation specified in CCITT Rec. X.208 which was withdrawn in 2002.
Phil
Manger, James H wrote:
>Russ,
>
>I still think I am right. Does your compiler compile complex values, or just types?
>
>Very early versions of ASN.1 (X.208 1998/1990?) may have allowed the identifier (field name) to be omitted, but subsequent versions (X.680 1994/...) corrected this to avoid ambiguities. Perhaps you have a lenient compiler (nice sometimes, but not when writing standards).
>
>Much of draft-ietf-pkix-rsa-pkalgs-01.txt is based on PKCS #1 v2.1 where the ASN.1 is correct: it includes identifiers & type name and there are no squiggly brackets {} around octet string values.
>
>
>Extracts from sections 24.17, 16.13, 22.3 & 11.12.1 of X.680 ASN.1 (2002):
>
> SequenceValue ::=
> "{" ComponentValueList "}"
> | "{" "}"
>
> ComponentValueList ::=
> NamedValue
> | ComponentValueList "," NamedValue
>
> NamedValue = identifier Value
>
> NOTE- The "identifier" is part of the notation,
> it does not form part of the value itself.
> It is used to unambiguously refer to the components
> of a set type, sequence type or choice type.
>
> OctetStringValue ::=
> bstring
> | hstring
> | CONTAINING Value
>
> .. "hstring" ..
> EXAMPLE- 'AB0196'H
>
>
>Extracts from sections D.2 of X.681 ASN.1 Information object spec (2002):
>
> ExampleType ::= SEQUENCE {
> openTypeComponent1 EXAMPLE-CLASS.&TypeField,
> integerComponent1 EXAMPLE-CLASS.&fixedTypeValueField,
> openTypeComponent2 EXAMPLE-CLASS.&variableTypeValueField,
> integerComponent2 EXAMPLE-CLASS.&FixedTypeValueSetField,
> openTypeComponent3 EXAMPLE-CLASS.&VariableTypeValueSetField
> }
> exampleValue ExampleType ::= {
> openTypeComponent1 BOOLEAN : TRUE,
> integerComponent1 123,
> openTypeComponent2 IA5String : "abcdef",
> integerComponent2 456,
> openTypeComponent3 BIT STRING : '0101010101'B
> }
>
>
>-----Original Message-----
>From: Russ Housley [mailto:housley@vigilsec.com]
>Sent: Thursday, 4 December 2003 6:05 AM
>To: Manger, James H; ietf-pkix@imc.org
>Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1
>typos
>
>
>James:
>
>After changing:
> sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 XX }
>to:
> sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
>
>The module compiles fine for me.
>
>Russ
>
>At 09:54 AM 12/3/2003 +1000, Manger, James H wrote:
>
>
>
>>The ASN.1 module in draft-ietf-pkix-rsa-pkalgs-01.txt has some typos.
>>
>>1.
>>When specifying ASN.1 values the field names must be included. When
>>specifying open type values the type must be specified. For instance:
>>
>>WRONG:
>> sha1Identifier AlgorithmIdentifier ::=
>> { id-sha1, NULL }
>>
>>RIGHT:
>> sha1Identifier AlgorithmIdentifier ::=
>> { algorithm id-sha1, parameters NULL:NULL }
>>
>>These errors affect all 31 values of the following types:
>>AlgorithmIdentifier, RSASSA-PSS-params & RSAES-OAEP-params.
>>
>>
>>2.
>>In section 4.1 and in the ASN.1 module:
>>WRONG: nullOctetString OCTET STRING (SIZE (0)) ::= { ''H }
>>RIGHT: nullOctetString OCTET STRING (SIZE (0)) ::= ''H
>>
>>----------
>>From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]
>>Sent: Wednesday, 3 December 2003 7:36 AM
>>
>> Title : Additional Algorithms and Identifiers for RSA
>> Cryptography for use in the Internet X.509
>> Public Key Infrastructure Certificate and
>> Certificate Revocation List (CRL) Profile
>> Author(s) : R. Housley, B. Kaliski
>> Filename : draft-ietf-pkix-rsa-pkalgs-01.txt
>> Pages : 22
>> Date : 2003-12-2
>>
>>This document supplements RFC 3279. It describes the conventions for
>>using the RSASSA-PSS signature algorithm, the RSAES-OAEP key transport
>>algorithm, and additional one-way hash functions with the PKCS #1 version
>>1.5 signature algorithm in the Internet X.509 Public Key Infrastructure
>>(PKI). Encoding formats, algorithm identifiers, and parameter formats are
>>specified.
>>
>>http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
>>
>>
>
>
>
>
>
>
--------------080700000904010202030503
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body>
X.208 and X.209 are no longer merely deprecated. They have been<br>
withdrawn as international standards since last year. From<br>
<a class="moz-txt-link-freetext" href="http://www.itu.int/ITU-T/studygroups/com17/changing-ASN/migration.html">http://www.itu.int/ITU-T/studygroups/com17/changing-ASN/migration.html</a><br>
<br>
"The term <b>ASN.1:1988/1990 notation</b> is used to refer to that ASN.1
<br>
notation specified in CCITT Rec. X.208 which was withdrawn in 2002.<br>
<br>
Phil<br>
<br>
<br>
Manger, James H wrote:<br>
<blockquote type="cite"
cite="mid73388857A695D31197EF00508B08F29806EE19AC@ntmsg0131.corpmail.telstra.com.au">
<pre wrap="">Russ,
I still think I am right. Does your compiler compile complex values, or just types?
Very early versions of ASN.1 (X.208 1998/1990?) may have allowed the identifier (field name) to be omitted, but subsequent versions (X.680 1994/...) corrected this to avoid ambiguities. Perhaps you have a lenient compiler (nice sometimes, but not when writing standards).
Much of draft-ietf-pkix-rsa-pkalgs-01.txt is based on PKCS #1 v2.1 where the ASN.1 is correct: it includes identifiers & type name and there are no squiggly brackets {} around octet string values.
Extracts from sections 24.17, 16.13, 22.3 & 11.12.1 of X.680 ASN.1 (2002):
SequenceValue ::=
"{" ComponentValueList "}"
| "{" "}"
ComponentValueList ::=
NamedValue
| ComponentValueList "," NamedValue
NamedValue = identifier Value
NOTE- The "identifier" is part of the notation,
it does not form part of the value itself.
It is used to unambiguously refer to the components
of a set type, sequence type or choice type.
OctetStringValue ::=
bstring
| hstring
| CONTAINING Value
.. "hstring" ..
EXAMPLE- 'AB0196'H
Extracts from sections D.2 of X.681 ASN.1 Information object spec (2002):
ExampleType ::= SEQUENCE {
openTypeComponent1 EXAMPLE-CLASS.&TypeField,
integerComponent1 EXAMPLE-CLASS.&fixedTypeValueField,
openTypeComponent2 EXAMPLE-CLASS.&variableTypeValueField,
integerComponent2 EXAMPLE-CLASS.&FixedTypeValueSetField,
openTypeComponent3 EXAMPLE-CLASS.&VariableTypeValueSetField
}
exampleValue ExampleType ::= {
openTypeComponent1 BOOLEAN : TRUE,
integerComponent1 123,
openTypeComponent2 IA5String : "abcdef",
integerComponent2 456,
openTypeComponent3 BIT STRING : '0101010101'B
}
-----Original Message-----
From: Russ Housley [<a class="moz-txt-link-freetext" href="mailto:housley@vigilsec.com">mailto:housley@vigilsec.com</a>]
Sent: Thursday, 4 December 2003 6:05 AM
To: Manger, James H; <a class="moz-txt-link-abbreviated" href="mailto:ietf-pkix@imc.org">ietf-pkix@imc.org</a>
Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1
typos
James:
After changing:
sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 XX }
to:
sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
The module compiles fine for me.
Russ
At 09:54 AM 12/3/2003 +1000, Manger, James H wrote:
</pre>
<blockquote type="cite">
<pre wrap="">The ASN.1 module in draft-ietf-pkix-rsa-pkalgs-01.txt has some typos.
1.
When specifying ASN.1 values the field names must be included. When
specifying open type values the type must be specified. For instance:
WRONG:
sha1Identifier AlgorithmIdentifier ::=
{ id-sha1, NULL }
RIGHT:
sha1Identifier AlgorithmIdentifier ::=
{ algorithm id-sha1, parameters NULL:NULL }
These errors affect all 31 values of the following types:
AlgorithmIdentifier, RSASSA-PSS-params & RSAES-OAEP-params.
2.
In section 4.1 and in the ASN.1 module:
WRONG: nullOctetString OCTET STRING (SIZE (0)) ::= { ''H }
RIGHT: nullOctetString OCTET STRING (SIZE (0)) ::= ''H
----------
From: <a class="moz-txt-link-abbreviated" href="mailto:Internet-Drafts@ietf.org">Internet-Drafts@ietf.org</a> [<a class="moz-txt-link-freetext" href="mailto:Internet-Drafts@ietf.org">mailto:Internet-Drafts@ietf.org</a>]
Sent: Wednesday, 3 December 2003 7:36 AM
Title : Additional Algorithms and Identifiers for RSA
Cryptography for use in the Internet X.509
Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Author(s) : R. Housley, B. Kaliski
Filename : draft-ietf-pkix-rsa-pkalgs-01.txt
Pages : 22
Date : 2003-12-2
This document supplements RFC 3279. It describes the conventions for
using the RSASSA-PSS signature algorithm, the RSAES-OAEP key transport
algorithm, and additional one-way hash functions with the PKCS #1 version
1.5 signature algorithm in the Internet X.509 Public Key Infrastructure
(PKI). Encoding formats, algorithm identifiers, and parameter formats are
specified.
<a class="moz-txt-link-freetext" href="http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt">http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt</a>
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
<br>
</body>
</html>
--------------080700000904010202030503--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4D89ib000454 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 05:08:09 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB4D89DH000453 for ietf-pkix-bks; Thu, 4 Dec 2003 05:08:09 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4D88ib000445 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 05:08:08 -0800 (PST) (envelope-from dave@corestreet.com)
Received: from localhost (h005008001124.ne.client2.attbi.com[66.31.43.88]) by comcast.net (rwcrmhc12) with ESMTP id <2003120413080301400dlu4ne>; Thu, 4 Dec 2003 13:08:03 +0000
Received: from localhost ([127.0.0.1] helo=corestreet.com ident=dave) by localhost with esmtp (Exim 3.35 #1 (Debian)) id 1ARtFG-0000Lf-00; Thu, 04 Dec 2003 08:10:14 -0500
Message-ID: <3FCF3235.1080103@corestreet.com>
Date: Thu, 04 Dec 2003 08:10:13 -0500
From: David Engberg <dave@corestreet.com>
Organization: CoreStreet
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Florian Oelmaier <oelmaier@sytrust.com>
CC: ietf-pkix@imc.org
Subject: Re: DISCUSS: MUST reject in OCSPv1
References: <> <20031204094634.9632.qmail@www16.your-server.de>
In-Reply-To: <20031204094634.9632.qmail@www16.your-server.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Florian -
Sorry, my misunderstanding. I think that your strategy is also good if
both the client and server implement it, but it sounds like your clients
would have the same backward-compatibility problem if talking to someone
else's old servers. I.e. an attacker could send a nonceless request to
an old existing server and record the nonceless response, and then
replay that to your client to make you think that that server is
securely signalling that it doesn't support nonces.
Does that make sense?
Florian Oelmaier wrote:
> Just for the record: I think you are referring to our server-generated nonces when you talk about "Florian's idea". And while Russel is signalling "NonceUnsupported" with a special nonce-value, we are singalling "NonceSupported" with the inclusion of a nonce into every request (mirrored from the request or server-generated). Thus we are not subject to the attack you mention, as this does not need any additional code in any existing client.
>
> Russ proposal is a change in the protocol. Thus we need to update all the clients and servers out there. Seeing that the proposed change is needed and recognizing it as a good solution, I would accept this.
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4BPgib096216 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 03:25:42 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB4BPgh0096215 for ietf-pkix-bks; Thu, 4 Dec 2003 03:25:42 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB4BPeib096201 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 03:25:41 -0800 (PST) (envelope-from Peter.Sylvester@EdelWeb.fr)
Received: from chandon.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id MAA02275 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 12:25:35 +0100 (MET)
Received: from chandon.edelweb.fr (chandon.edelweb.fr [193.51.14.162]) by edelweb.fr (nospam/1.7); Thu, 4 Dec 2003 12:25:35 +0100 (MET)
Received: (from peter@localhost) by chandon.edelweb.fr (8.11.7p1+Sun/8.11.7) id hB4BPYO10465 for ietf-pkix@imc.org; Thu, 4 Dec 2003 12:25:34 +0100 (MET)
Date: Thu, 4 Dec 2003 12:25:34 +0100 (MET)
From: Peter Sylvester <Peter.Sylvester@EdelWeb.fr>
Message-Id: <200312041125.hB4BPYO10465@chandon.edelweb.fr>
To: ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
X-Sun-Charset: US-ASCII
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> OCSPNonce ::= CHOICE {
> nonceValue OCTET STRING,
> unsupported NULL }
Another way may be
nonceValue OCTET STRING OPTIONAL -- unsupported if omitted.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB49kfib088462 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 01:46:41 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB49kfPs088461 for ietf-pkix-bks; Thu, 4 Dec 2003 01:46:41 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from www16.your-server.de (IDENT:qmailr@www16.your-server.de [213.133.104.16]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB49kdib088414 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 01:46:39 -0800 (PST) (envelope-from oelmaier@sytrust.com)
Received: (qmail 9633 invoked by uid 1649); 4 Dec 2003 09:46:34 -0000
Date: 4 Dec 2003 09:46:34 -0000
Message-ID: <20031204094634.9632.qmail@www16.your-server.de>
From: "Florian Oelmaier" <oelmaier@sytrust.com>
To: David Engberg <dave@corestreet.com>, ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
References: <>
In-Reply-To: <>
X-Mailer: oMail 0.98.2 - http://webmail.omnis.ch
X-IPAddress: 195.212.95.41
X-Sender: oelmaier@sytrust.de
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> I like the elegance of Russ and Florian's ideas for securely signalling
> that a server doesn't support nonces by using a special value for the
> nonce in replies. This seems like the "right" place to put this message
> to the client.
Just for the record: I think you are referring to our server-generated nonces when you talk about "Florian's idea". And while Russel is signalling "NonceUnsupported" with a special nonce-value, we are singalling "NonceSupported" with the inclusion of a nonce into every request (mirrored from the request or server-generated). Thus we are not subject to the attack you mention, as this does not need any additional code in any existing client.
Russ proposal is a change in the protocol. Thus we need to update all the clients and servers out there. Seeing that the proposed change is needed and recognizing it as a good solution, I would accept this.
--
Florian Oelmaier
SyTrust
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB48v1ib072391 for <ietf-pkix-bks@above.proper.com>; Thu, 4 Dec 2003 00:57:01 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB48v1nQ072389 for ietf-pkix-bks; Thu, 4 Dec 2003 00:57:01 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from p-mail1.rd.francetelecom.com (p-mail1.rd.francetelecom.com [195.101.245.15]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB48uuib072091 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 00:57:00 -0800 (PST) (envelope-from olivier.dubuisson@francetelecom.com)
Received: from parmhs4.rd.francetelecom.fr ([10.193.117.63]) by parsmtp1.rd.francetelecom.com with Microsoft SMTPSVC(5.0.2195.6747); Thu, 4 Dec 2003 09:55:59 +0100
Received: from francetelecom.com ([10.193.13.109]) by parmhs4.rd.francetelecom.fr with Microsoft SMTPSVC(5.0.2195.6747); Thu, 4 Dec 2003 09:55:58 +0100
Message-ID: <3FCEF69E.7090403@francetelecom.com>
Date: Thu, 04 Dec 2003 09:55:58 +0100
From: Olivier Dubuisson <Olivier.Dubuisson@francetelecom.com>
Organization: France Telecom R&D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031030
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
References: <73388857A695D31197EF00508B08F29806EE19AE@ntmsg0131.corpmail.telstra.com.au>
In-Reply-To: <73388857A695D31197EF00508B08F29806EE19AE@ntmsg0131.corpmail.telstra.com.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 04 Dec 2003 08:55:58.0506 (UTC) FILETIME=[6F5798A0:01C3BA44]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Manger, James H wrote:
>
> ITU-T Recommendations X.208 & X.209 have been deleted
> (see http://www.itu.int/itudoc/itu-t/circ/01-04_1/130_ww9.doc).
> Referencing them in new internet-drafts hardly seems appropriate.
> Perhaps it is time PKIX started using X.680 instead.
Another argument is that the X.680 series can be downloaded for free from:
http://www.itu.int/ITU-T/studygroups/com17/languages/
--
Olivier DUBUISSON
france telecom R&D
DTL/TAL - 22307 Lannion Cedex - France
t: +33 2 96 05 38 50 - f: +33 2 96 05 39 45 - http://asn1.elibel.tm.fr/
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB444sib001059 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 20:04:54 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB444slZ001058 for ietf-pkix-bks; Wed, 3 Dec 2003 20:04:54 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from adacel.com (gunsmoke.adacel.com.au [210.11.130.7]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB444qib001046 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 20:04:53 -0800 (PST) (envelope-from steven.legg@adacel.com.au)
Received: from nexus.adacel.com (Not Verified[10.32.240.1]) by adacel.com with NetIQ MailMarshal (v5.5.3.16) id <B0001b701b>; Thu, 04 Dec 2003 14:56:34 +1100
Received: (qmail 13088 invoked from network); 4 Dec 2003 04:03:49 -0000
Received: from unknown (HELO adacel.com.au) (10.32.24.165) by nexus.adacel.com with SMTP; 4 Dec 2003 04:03:49 -0000
Message-ID: <3FCEB224.10708@adacel.com.au>
Date: Thu, 04 Dec 2003 15:03:48 +1100
From: Steven Legg <steven.legg@adacel.com.au>
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.3.1) Gecko/20030425
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: jimsch@exmsft.com
CC: "'Manger, James H'" <James.H.Manger@team.telstra.com>, ietf-pkix@imc.org
Subject: Re: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
References: <006f01c3ba16$80a7e700$e1b2efd8@augustcellars.local>
In-Reply-To: <006f01c3ba16$80a7e700$e1b2efd8@augustcellars.local>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Jim,
Jim Schaad wrote:
> James,
>
> The PKIX working group requires that all ASN.1 be the 1988 version. The
> changes you are claming as non-compliant are not required for the 1988
> version.
But they're not disallowed either. Why use a notation from 1988 which is
deprecated by later editions of ASN.1 when there is alternative notation
that is valid in 1988 and all later editions of ASN.1. ?
Regards,
Steven
>
> jim
>
>
>>-----Original Message-----
>>From: owner-ietf-pkix@mail.imc.org
>>[mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Manger, James H
>>Sent: Wednesday, December 03, 2003 5:18 PM
>>To: ietf-pkix@imc.org
>>Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt
>>- ASN.1 typos
>>
>>
>>
>>Russ,
>>
>>I still think I am right. Does your compiler compile complex
>>values, or just types?
>>
>>Very early versions of ASN.1 (X.208 1998/1990?) may have
>>allowed the identifier (field name) to be omitted, but
>>subsequent versions (X.680 1994/...) corrected this to avoid
>>ambiguities. Perhaps you have a lenient compiler (nice
>>sometimes, but not when writing standards).
>>
>>Much of draft-ietf-pkix-rsa-pkalgs-01.txt is based on PKCS #1
>>v2.1 where the ASN.1 is correct: it includes identifiers &
>>type name and there are no squiggly brackets {} around octet
>>string values.
>>
>>
>>Extracts from sections 24.17, 16.13, 22.3 & 11.12.1 of X.680
>>ASN.1 (2002):
>>
>> SequenceValue ::=
>> "{" ComponentValueList "}"
>> | "{" "}"
>>
>> ComponentValueList ::=
>> NamedValue
>> | ComponentValueList "," NamedValue
>>
>> NamedValue = identifier Value
>>
>> NOTE- The "identifier" is part of the notation,
>> it does not form part of the value itself.
>> It is used to unambiguously refer to the components
>> of a set type, sequence type or choice type.
>>
>> OctetStringValue ::=
>> bstring
>> | hstring
>> | CONTAINING Value
>>
>> .. "hstring" ..
>> EXAMPLE- 'AB0196'H
>>
>>
>>Extracts from sections D.2 of X.681 ASN.1 Information object
>>spec (2002):
>>
>> ExampleType ::= SEQUENCE {
>> openTypeComponent1 EXAMPLE-CLASS.&TypeField,
>> integerComponent1 EXAMPLE-CLASS.&fixedTypeValueField,
>> openTypeComponent2
>>EXAMPLE-CLASS.&variableTypeValueField,
>> integerComponent2
>>EXAMPLE-CLASS.&FixedTypeValueSetField,
>> openTypeComponent3
>>EXAMPLE-CLASS.&VariableTypeValueSetField
>> }
>> exampleValue ExampleType ::= {
>> openTypeComponent1 BOOLEAN : TRUE,
>> integerComponent1 123,
>> openTypeComponent2 IA5String : "abcdef",
>> integerComponent2 456,
>> openTypeComponent3 BIT STRING : '0101010101'B
>> }
>>
>>
>>-----Original Message-----
>>From: Russ Housley [mailto:housley@vigilsec.com]
>>Sent: Thursday, 4 December 2003 6:05 AM
>>To: Manger, James H; ietf-pkix@imc.org
>>Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt
>>- ASN.1 typos
>>
>>
>>James:
>>
>>After changing:
>> sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 XX }
>>to:
>> sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
>>
>>The module compiles fine for me.
>>
>>Russ
>>
>>At 09:54 AM 12/3/2003 +1000, Manger, James H wrote:
>>
>>
>>>The ASN.1 module in draft-ietf-pkix-rsa-pkalgs-01.txt has some typos.
>>>
>>>1.
>>>When specifying ASN.1 values the field names must be included. When
>>>specifying open type values the type must be specified. For
>>
>>instance:
>>
>>>WRONG:
>>> sha1Identifier AlgorithmIdentifier ::=
>>> { id-sha1, NULL }
>>>
>>>RIGHT:
>>> sha1Identifier AlgorithmIdentifier ::=
>>> { algorithm id-sha1, parameters NULL:NULL }
>>>
>>>These errors affect all 31 values of the following types:
>>>AlgorithmIdentifier, RSASSA-PSS-params & RSAES-OAEP-params.
>>>
>>>
>>>2.
>>>In section 4.1 and in the ASN.1 module:
>>>WRONG: nullOctetString OCTET STRING (SIZE (0)) ::= { ''H }
>>>RIGHT: nullOctetString OCTET STRING (SIZE (0)) ::= ''H
>>>
>>>----------
>>>From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]
>>>Sent: Wednesday, 3 December 2003 7:36 AM
>>>
>>> Title : Additional Algorithms and
>>
>>Identifiers for RSA
>>
>>> Cryptography for use in the Internet X.509
>>> Public Key Infrastructure Certificate and
>>> Certificate Revocation List (CRL) Profile
>>> Author(s) : R. Housley, B. Kaliski
>>> Filename : draft-ietf-pkix-rsa-pkalgs-01.txt
>>> Pages : 22
>>> Date : 2003-12-2
>>>
>>>This document supplements RFC 3279. It describes the conventions for
>>>using the RSASSA-PSS signature algorithm, the RSAES-OAEP key
>>
>>transport
>>
>>>algorithm, and additional one-way hash functions with the
>>
>>PKCS #1 version
>>
>>>1.5 signature algorithm in the Internet X.509 Public Key
>>
>>Infrastructure
>>
>>>(PKI). Encoding formats, algorithm identifiers, and
>>
>>parameter formats are
>>
>>>specified.
>>>
>>>http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
>>
>>
>
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB443cib001023 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 20:03:38 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB443cVl001022 for ietf-pkix-bks; Wed, 3 Dec 2003 20:03:38 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB443bib001016 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 20:03:37 -0800 (PST) (envelope-from dave@corestreet.com)
Received: from localhost (h005008001124.ne.client2.attbi.com[66.31.43.88]) by comcast.net (rwcrmhc13) with ESMTP id <2003120404033401500boae2e>; Thu, 4 Dec 2003 04:03:34 +0000
Received: from localhost ([127.0.0.1] helo=corestreet.com ident=dave) by localhost with esmtp (Exim 3.35 #1 (Debian)) id 1ARkkB-0000EM-00 for <ietf-pkix@imc.org>; Wed, 03 Dec 2003 23:05:35 -0500
Message-ID: <3FCEB28A.7090707@corestreet.com>
Date: Wed, 03 Dec 2003 23:05:30 -0500
From: David Engberg <dave@corestreet.com>
Organization: CoreStreet
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I like the elegance of Russ and Florian's ideas for securely signalling
that a server doesn't support nonces by using a special value for the
nonce in replies. This seems like the "right" place to put this message
to the client.
We do have to keep in mind these approaches do still expose a replay
potential when a "new" client that supports this system communicates
with any "old" OCSP server that currently supports nonces.
Here's the attack: Alice makes an OCSP request for her cert in the
morning (when her cert is valid) with a nonce value of NULL (or whatever
the special signalling value is). All existing servers will return a
response that includes this special value as the nonce, since they all
just spit back the raw bytes of whatever nonce they receive. Alice
records the response.
In the afternoon, Bob makes a request to get the status of her cert,
after she has been revoked. Alice intercepts the request, replays the
cached response, and Bob's new client thinks that the server is
indicating that it doesn't support nonces, so he accepts the response
anyway.
Sending the "nonce not supported" message from the server to the client
through a separate new extension is a little more klunky, but it might
be worth it to avoid any issues with backward compatibility.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB43uBib000717 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 19:56:11 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB43uBUO000716 for ietf-pkix-bks; Wed, 3 Dec 2003 19:56:11 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailbo.ntcif.telstra.com.au ([202.12.233.19]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB43u9ib000707 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 19:56:10 -0800 (PST) (envelope-from James.H.Manger@team.telstra.com)
Received: from mailai.ntcif.telstra.com.au (mailai.ntcif.telstra.com.au [202.12.162.17]) by mailbo.ntcif.telstra.com.au (Postfix) with ESMTP id EEAAC12D2C for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 14:56:05 +1100 (EST)
Received: from mail.cdn.telstra.com.au (localhost [127.0.0.1]) by mailai.ntcif.telstra.com.au (Postfix) with ESMTP id 7D0D212983 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 14:56:05 +1100 (EST)
Received: from WSMSG0004.srv.dir.telstra.com (wsmsg0004.srv.dir.telstra.com [192.74.168.133]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id OAA22482 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 14:56:05 +1100 (EST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
Date: Thu, 4 Dec 2003 13:55:47 +1000
Message-ID: <73388857A695D31197EF00508B08F29806EE19AE@ntmsg0131.corpmail.telstra.com.au>
Thread-Topic: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
Thread-Index: AcO6FiRu2xa8xYEoSmyL+k9Lc066PgAA0AWA
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: <ietf-pkix@imc.org>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB43uAib000712
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
ITU-T Recommendations X.208 & X.209 have been deleted
(see http://www.itu.int/itudoc/itu-t/circ/01-04_1/130_ww9.doc).
Referencing them in new internet-drafts hardly seems appropriate.
Perhaps it is time PKIX started using X.680 instead.
----------
From: Jim Schaad [mailto:jimsch@nwlink.com]
Sent: Thursday, 4 December 2003 2:27 PM
To: Manger, James H; ietf-pkix@imc.org
The PKIX working group requires that all ASN.1 be the 1988 version. The
changes you are claming as non-compliant are not required for the 1988
version.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB43OTib098743 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 19:24:29 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB43OTbe098742 for ietf-pkix-bks; Wed, 3 Dec 2003 19:24:29 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB43OSib098737 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 19:24:28 -0800 (PST) (envelope-from jimsch@nwlink.com)
Received: from ROMANS (ip167.13-173-207.eli-du.nwlink.com [207.173.13.167]) by smtp2.pacifier.net (Postfix) with ESMTP id 7D3B36A9B0; Wed, 3 Dec 2003 19:24:25 -0800 (PST)
Reply-To: <jimsch@exmsft.com>
From: "Jim Schaad" <jimsch@nwlink.com>
To: "'Manger, James H'" <James.H.Manger@team.telstra.com>, <ietf-pkix@imc.org>
Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
Date: Wed, 3 Dec 2003 19:27:04 -0800
Message-ID: <006f01c3ba16$80a7e700$e1b2efd8@augustcellars.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <73388857A695D31197EF00508B08F29806EE19AC@ntmsg0131.corpmail.telstra.com.au>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
James,
The PKIX working group requires that all ASN.1 be the 1988 version. The
changes you are claming as non-compliant are not required for the 1988
version.
jim
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Manger, James H
> Sent: Wednesday, December 03, 2003 5:18 PM
> To: ietf-pkix@imc.org
> Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt
> - ASN.1 typos
>
>
>
> Russ,
>
> I still think I am right. Does your compiler compile complex
> values, or just types?
>
> Very early versions of ASN.1 (X.208 1998/1990?) may have
> allowed the identifier (field name) to be omitted, but
> subsequent versions (X.680 1994/...) corrected this to avoid
> ambiguities. Perhaps you have a lenient compiler (nice
> sometimes, but not when writing standards).
>
> Much of draft-ietf-pkix-rsa-pkalgs-01.txt is based on PKCS #1
> v2.1 where the ASN.1 is correct: it includes identifiers &
> type name and there are no squiggly brackets {} around octet
> string values.
>
>
> Extracts from sections 24.17, 16.13, 22.3 & 11.12.1 of X.680
> ASN.1 (2002):
>
> SequenceValue ::=
> "{" ComponentValueList "}"
> | "{" "}"
>
> ComponentValueList ::=
> NamedValue
> | ComponentValueList "," NamedValue
>
> NamedValue = identifier Value
>
> NOTE- The "identifier" is part of the notation,
> it does not form part of the value itself.
> It is used to unambiguously refer to the components
> of a set type, sequence type or choice type.
>
> OctetStringValue ::=
> bstring
> | hstring
> | CONTAINING Value
>
> .. "hstring" ..
> EXAMPLE- 'AB0196'H
>
>
> Extracts from sections D.2 of X.681 ASN.1 Information object
> spec (2002):
>
> ExampleType ::= SEQUENCE {
> openTypeComponent1 EXAMPLE-CLASS.&TypeField,
> integerComponent1 EXAMPLE-CLASS.&fixedTypeValueField,
> openTypeComponent2
> EXAMPLE-CLASS.&variableTypeValueField,
> integerComponent2
> EXAMPLE-CLASS.&FixedTypeValueSetField,
> openTypeComponent3
> EXAMPLE-CLASS.&VariableTypeValueSetField
> }
> exampleValue ExampleType ::= {
> openTypeComponent1 BOOLEAN : TRUE,
> integerComponent1 123,
> openTypeComponent2 IA5String : "abcdef",
> integerComponent2 456,
> openTypeComponent3 BIT STRING : '0101010101'B
> }
>
>
> -----Original Message-----
> From: Russ Housley [mailto:housley@vigilsec.com]
> Sent: Thursday, 4 December 2003 6:05 AM
> To: Manger, James H; ietf-pkix@imc.org
> Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt
> - ASN.1 typos
>
>
> James:
>
> After changing:
> sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 XX }
> to:
> sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
>
> The module compiles fine for me.
>
> Russ
>
> At 09:54 AM 12/3/2003 +1000, Manger, James H wrote:
>
> >The ASN.1 module in draft-ietf-pkix-rsa-pkalgs-01.txt has some typos.
> >
> >1.
> >When specifying ASN.1 values the field names must be included. When
> >specifying open type values the type must be specified. For
> instance:
> >
> >WRONG:
> > sha1Identifier AlgorithmIdentifier ::=
> > { id-sha1, NULL }
> >
> >RIGHT:
> > sha1Identifier AlgorithmIdentifier ::=
> > { algorithm id-sha1, parameters NULL:NULL }
> >
> >These errors affect all 31 values of the following types:
> >AlgorithmIdentifier, RSASSA-PSS-params & RSAES-OAEP-params.
> >
> >
> >2.
> >In section 4.1 and in the ASN.1 module:
> >WRONG: nullOctetString OCTET STRING (SIZE (0)) ::= { ''H }
> >RIGHT: nullOctetString OCTET STRING (SIZE (0)) ::= ''H
> >
> >----------
> >From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]
> >Sent: Wednesday, 3 December 2003 7:36 AM
> >
> > Title : Additional Algorithms and
> Identifiers for RSA
> > Cryptography for use in the Internet X.509
> > Public Key Infrastructure Certificate and
> > Certificate Revocation List (CRL) Profile
> > Author(s) : R. Housley, B. Kaliski
> > Filename : draft-ietf-pkix-rsa-pkalgs-01.txt
> > Pages : 22
> > Date : 2003-12-2
> >
> >This document supplements RFC 3279. It describes the conventions for
> >using the RSASSA-PSS signature algorithm, the RSAES-OAEP key
> transport
> >algorithm, and additional one-way hash functions with the
> PKCS #1 version
> >1.5 signature algorithm in the Internet X.509 Public Key
> Infrastructure
> >(PKI). Encoding formats, algorithm identifiers, and
> parameter formats are
> >specified.
> >
> >http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB41Iwib092886 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 17:18:58 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB41IwSE092885 for ietf-pkix-bks; Wed, 3 Dec 2003 17:18:58 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailbo.vtcif.telstra.com.au (mailbo.vtcif.telstra.com.au [202.12.144.19]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB41Iqib092878 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 17:18:57 -0800 (PST) (envelope-from James.H.Manger@team.telstra.com)
Received: from mailai.vtcif.telstra.com.au (mailai.vtcif.telstra.com.au [202.12.142.17]) by mailbo.vtcif.telstra.com.au (Postfix) with ESMTP id 4224A22FBD for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 12:18:40 +1100 (EST)
Received: from mail.cdn.telstra.com.au (localhost [127.0.0.1]) by mailai.vtcif.telstra.com.au (Postfix) with ESMTP id 73F7F22883 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 12:18:39 +1100 (EST)
Received: from WSMSG0004.srv.dir.telstra.com (wsmsg0004.srv.dir.telstra.com [192.74.168.133]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id MAA07484 for <ietf-pkix@imc.org>; Thu, 4 Dec 2003 12:18:39 +1100 (EST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
Date: Thu, 4 Dec 2003 11:18:18 +1000
Message-ID: <73388857A695D31197EF00508B08F29806EE19AC@ntmsg0131.corpmail.telstra.com.au>
Thread-Topic: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
Thread-Index: AcO50HAxAiv5pohGQcCLUUblq5sWQgAJ3LOw
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: <ietf-pkix@imc.org>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB41Ivib092881
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Russ,
I still think I am right. Does your compiler compile complex values, or just types?
Very early versions of ASN.1 (X.208 1998/1990?) may have allowed the identifier (field name) to be omitted, but subsequent versions (X.680 1994/...) corrected this to avoid ambiguities. Perhaps you have a lenient compiler (nice sometimes, but not when writing standards).
Much of draft-ietf-pkix-rsa-pkalgs-01.txt is based on PKCS #1 v2.1 where the ASN.1 is correct: it includes identifiers & type name and there are no squiggly brackets {} around octet string values.
Extracts from sections 24.17, 16.13, 22.3 & 11.12.1 of X.680 ASN.1 (2002):
SequenceValue ::=
"{" ComponentValueList "}"
| "{" "}"
ComponentValueList ::=
NamedValue
| ComponentValueList "," NamedValue
NamedValue = identifier Value
NOTE- The "identifier" is part of the notation,
it does not form part of the value itself.
It is used to unambiguously refer to the components
of a set type, sequence type or choice type.
OctetStringValue ::=
bstring
| hstring
| CONTAINING Value
.. "hstring" ..
EXAMPLE- 'AB0196'H
Extracts from sections D.2 of X.681 ASN.1 Information object spec (2002):
ExampleType ::= SEQUENCE {
openTypeComponent1 EXAMPLE-CLASS.&TypeField,
integerComponent1 EXAMPLE-CLASS.&fixedTypeValueField,
openTypeComponent2 EXAMPLE-CLASS.&variableTypeValueField,
integerComponent2 EXAMPLE-CLASS.&FixedTypeValueSetField,
openTypeComponent3 EXAMPLE-CLASS.&VariableTypeValueSetField
}
exampleValue ExampleType ::= {
openTypeComponent1 BOOLEAN : TRUE,
integerComponent1 123,
openTypeComponent2 IA5String : "abcdef",
integerComponent2 456,
openTypeComponent3 BIT STRING : '0101010101'B
}
-----Original Message-----
From: Russ Housley [mailto:housley@vigilsec.com]
Sent: Thursday, 4 December 2003 6:05 AM
To: Manger, James H; ietf-pkix@imc.org
Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1
typos
James:
After changing:
sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 XX }
to:
sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
The module compiles fine for me.
Russ
At 09:54 AM 12/3/2003 +1000, Manger, James H wrote:
>The ASN.1 module in draft-ietf-pkix-rsa-pkalgs-01.txt has some typos.
>
>1.
>When specifying ASN.1 values the field names must be included. When
>specifying open type values the type must be specified. For instance:
>
>WRONG:
> sha1Identifier AlgorithmIdentifier ::=
> { id-sha1, NULL }
>
>RIGHT:
> sha1Identifier AlgorithmIdentifier ::=
> { algorithm id-sha1, parameters NULL:NULL }
>
>These errors affect all 31 values of the following types:
>AlgorithmIdentifier, RSASSA-PSS-params & RSAES-OAEP-params.
>
>
>2.
>In section 4.1 and in the ASN.1 module:
>WRONG: nullOctetString OCTET STRING (SIZE (0)) ::= { ''H }
>RIGHT: nullOctetString OCTET STRING (SIZE (0)) ::= ''H
>
>----------
>From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]
>Sent: Wednesday, 3 December 2003 7:36 AM
>
> Title : Additional Algorithms and Identifiers for RSA
> Cryptography for use in the Internet X.509
> Public Key Infrastructure Certificate and
> Certificate Revocation List (CRL) Profile
> Author(s) : R. Housley, B. Kaliski
> Filename : draft-ietf-pkix-rsa-pkalgs-01.txt
> Pages : 22
> Date : 2003-12-2
>
>This document supplements RFC 3279. It describes the conventions for
>using the RSASSA-PSS signature algorithm, the RSAES-OAEP key transport
>algorithm, and additional one-way hash functions with the PKCS #1 version
>1.5 signature algorithm in the Internet X.509 Public Key Infrastructure
>(PKI). Encoding formats, algorithm identifiers, and parameter formats are
>specified.
>
>http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3KTZib079989 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 12:29:35 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB3KTZ4G079988 for ietf-pkix-bks; Wed, 3 Dec 2003 12:29:35 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3KTXib079983 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 12:29:34 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA04052; Wed, 3 Dec 2003 15:29:19 -0500 (EST)
Message-Id: <200312032029.PAA04052@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-logotypes-13.txt
Date: Wed, 03 Dec 2003 15:29:19 -0500
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : Internet X.509 Public Key Infrastructure: Logotypes in X.509 certificates
Author(s) : S. Santesson, R. Housley, T. Freeman
Filename : draft-ietf-pkix-logotypes-13.txt
Pages : 23
Date : 2003-12-3
This document specifies a certificate extension for including
logotypes in public key certificates and attribute certificates.
Please send comments on this document to the ietf-pkix@imc.org
mailing list.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-logotypes-13.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-pkix-logotypes-13.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-pkix-logotypes-13.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <2003-12-3153002.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-logotypes-13.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-pkix-logotypes-13.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <2003-12-3153002.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3J5Wib076478 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 11:05:32 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB3J5WJU076477 for ietf-pkix-bks; Wed, 3 Dec 2003 11:05:32 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB3J5Vib076472 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 11:05:31 -0800 (PST) (envelope-from housley@vigilsec.com)
Received: (qmail 18593 invoked by uid 0); 3 Dec 2003 19:05:09 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (156.80.127.154) by woodstock.binhost.com with SMTP; 3 Dec 2003 19:05:09 -0000
Message-Id: <5.2.0.9.2.20031203140423.02e3fe80@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Wed, 03 Dec 2003 14:05:18 -0500
To: "Manger, James H" <James.H.Manger@team.telstra.com>, <ietf-pkix@imc.org>
From: Russ Housley <housley@vigilsec.com>
Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
In-Reply-To: <73388857A695D31197EF00508B08F29806EE19A9@ntmsg0131.corpmai l.telstra.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
James:
After changing:
sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 XX }
to:
sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
The module compiles fine for me.
Russ
At 09:54 AM 12/3/2003 +1000, Manger, James H wrote:
>The ASN.1 module in draft-ietf-pkix-rsa-pkalgs-01.txt has some typos.
>
>1.
>When specifying ASN.1 values the field names must be included. When
>specifying open type values the type must be specified. For instance:
>
>WRONG:
> sha1Identifier AlgorithmIdentifier ::=
> { id-sha1, NULL }
>
>RIGHT:
> sha1Identifier AlgorithmIdentifier ::=
> { algorithm id-sha1, parameters NULL:NULL }
>
>These errors affect all 31 values of the following types:
>AlgorithmIdentifier, RSASSA-PSS-params & RSAES-OAEP-params.
>
>
>2.
>In section 4.1 and in the ASN.1 module:
>WRONG: nullOctetString OCTET STRING (SIZE (0)) ::= { ''H }
>RIGHT: nullOctetString OCTET STRING (SIZE (0)) ::= ''H
>
>----------
>From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]
>Sent: Wednesday, 3 December 2003 7:36 AM
>
> Title : Additional Algorithms and Identifiers for RSA
> Cryptography for use in the Internet X.509
> Public Key Infrastructure Certificate and
> Certificate Revocation List (CRL) Profile
> Author(s) : R. Housley, B. Kaliski
> Filename : draft-ietf-pkix-rsa-pkalgs-01.txt
> Pages : 22
> Date : 2003-12-2
>
>This document supplements RFC 3279. It describes the conventions for
>using the RSASSA-PSS signature algorithm, the RSAES-OAEP key transport
>algorithm, and additional one-way hash functions with the PKCS #1 version
>1.5 signature algorithm in the Internet X.509 Public Key Infrastructure
>(PKI). Encoding formats, algorithm identifiers, and parameter formats are
>specified.
>
>http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3GVdib068058 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 08:31:39 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB3GVdwa068057 for ietf-pkix-bks; Wed, 3 Dec 2003 08:31:39 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3GVcib068045 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 08:31:38 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from mail6.microsoft.com ([157.54.6.196]) by mail4.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 3 Dec 2003 08:31:16 -0800
Received: from inet-vrs-06.redmond.corp.microsoft.com ([157.54.6.181]) by mail6.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Wed, 3 Dec 2003 08:31:31 -0800
Received: from 157.54.5.25 by inet-vrs-06.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 03 Dec 2003 08:31:33 -0800
Received: from red-imc-01.redmond.corp.microsoft.com ([157.54.9.102]) by inet-hub-03.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 3 Dec 2003 08:31:24 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Wed, 3 Dec 2003 08:31:26 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Wed, 3 Dec 2003 08:31:32 -0800
Received: mail.windows.microsoft.com 157.54.12.84 from 157.54.0.150 157.54.0.150 via HTTP with MS-WebStorage 6.5.7122
Received: 157.54.0.150 157.54.0.150 from 157.54.1.70 157.54.1.70 via HTTP with MS-WebStorage 6.5.7122
MIME-Version: 1.0
Subject: RE: Lightweight OCSP Profile for high volume environments...
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
In-Reply-To: <3FCDF1E7.90202@bull.net>
References: <000401c3b99a$5c93fb50$29404d0c@hq.orionsec.com>, <3FCDF1E7.90202@bull.net>
To: Denis Pinkas <Denis.Pinkas@bull.net>, Santosh Chokhani <chokhani@orionsec.com>
Cc: <ietf-pkix@imc.org>
Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary"
Thread-Topic: Lightweight OCSP Profile for high volume environments...
Thread-Index: AcO5uqCTO09Nh7X9QAqYi9ayc9X3Rw==
Message-ID: <15110045-2BF8-4F32-8BD1-AD1C92E50BC9@mimectl>
X-Mailer: Microsoft Outlook Web Access 6.5.7122.0
X-MimeCtl: Produced By Microsoft Exchange V6.5.7122.0
Date: Wed, 3 Dec 2003 08:29:30 -0800
X-OriginalArrivalTime: 03 Dec 2003 16:31:32.0329 (UTC) FILETIME=[E9283D90:01C3B9BA]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
boundary="_C2844197-57EA-48E7-B3AB-92311F72770E_"
--_C2844197-57EA-48E7-B3AB-92311F72770E_
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
Thats a good point Denis, but it is a very common practice on that has its =
purpose and its costs.
Ryan
From: Denis Pinkas
Sent: Wed 12/3/2003 6:23 AM
To: Santosh Chokhani
Cc: ietf-pkix@imc.org
Subject: Re: Lightweight OCSP Profile for high volume environments...
Santosh,
> Ryan: Thanks. I understand. But, given that network delays and clock=20
> synchronization issues are still there, you still need the same delta. =20
> Since nextUpdate was designed to serve this purpose, the response=20
> generator should put nextUpdate by which the response will be available.
> =20
> However, I do know if some PKI implementations where nextUpdate for CRL=20
> is well ahead (say a week) and actual issuance is daily or every two=20
> days.=20
... and in such a case in case of an attack, these daily CRLs will
not be seen. :-(
Denis
> In those scenarios, I can see nextUpdate being a week ahead, but=20
> nextPublish could be day or two days ahead.
>=20
> -----Original Message-----
> From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]
> Sent: Tuesday, December 02, 2003 10:15 PM
> To: Santosh Chokhani; ietf-pkix@imc.org
> Subject: RE: Lightweight OCSP Profile for high volume environments...
>=20
> Santosh -
> =20
> One of the things we have been discussing is how a client can
> retrieve data from the responder before it expressly needed without
> abusing the responder.
> =20
> This is needed so that clients do not need to interrupt their
> transaction to wait for a OCSP response, this is particularly
> interesting in the TLSEXT case where the webserver server is likely
> to maintain a cache of responses it provides to clients as part of
> the TLS negotiation.=20
> =20
> Typically nextUpdate (plus or minus some) is used by clients as the
> expiration of the response, the responder also typically will have
> some overlap in the responses they produce, in the case of a
> pre-production responder there is also going to be a delay between
> when the responses were produced, and when they become generally
> available.
> =20
> Without this value clients will simply guess at a value which may
> not be accurate for that particular responder resulting in
> un-necessary network traffic to the responder and delays for the clie=
nt.
> =20
> Ryan
>=20
> ---------------------------------------------------------------------=
---
> From: Santosh Chokhani
> Sent: Tue 12/2/2003 5:10 PM
> To: ietf-pkix@imc.org
> Subject: RE: Lightweight OCSP Profile for high volume environments...
>=20
>=20
> Alex:
>=20
> I think I understand what you are trying to say, but I fail to see mu=
ch
> added utility of nextPublish over nextUpdate.=20
>=20
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On
> Behalf Of Deacon, Alex
> Sent: Tuesday, December 02, 2003 2:43 PM
> To: ietf-pkix@imc.org
> Subject: Lightweight OCSP Profile for high volume environments...
>=20
>=20
>=20
>=20
> All,
>=20
> On a related topic, we (Ryan and myself) have recently submitted an
> informational internet-draft which describes a lightweight profile
> of OCSP
> (RFC 2560) for use in very large PKI deployments such as SSL/TLS, cod=
e
> signing and secure messaging. (i.e. environments where pre-produced a=
nd
> distributed responses may be desirable).=20
>=20
> http://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-pro=
file-00
> .txt
>=20
> Alex
>=20
>=20
--_C2844197-57EA-48E7-B3AB-92311F72770E_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD>
<BODY>
<DIV id=3DidOWAReplyText40219 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Thats a good poi=
nt Denis, but it is a very common practice on that has its purpose and its =
costs.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Ryan</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Denis Pinkas<BR><B>Sent:</B> Wed =
12/3/2003 6:23 AM<BR><B>To:</B> Santosh Chokhani<BR><B>Cc:</B> ietf-pkix@im=
c.org<BR><B>Subject:</B> Re: Lightweight OCSP Profile for high volume envir=
onments...<BR></FONT><BR></DIV>
<DIV><PRE style=3D"WORD-WRAP: break-word">Santosh,
> Ryan: Thanks. I understand. But, given that network delays and cloc=
k=20
> synchronization issues are still there, you still need the same delta.=
=20
> Since nextUpdate was designed to serve this purpose, the response=20
> generator should put nextUpdate by which the response will be availabl=
e.
> =20
> However, I do know if some PKI implementations where nextUpdate for CR=
L=20
> is well ahead (say a week) and actual issuance is daily or every two=20
> days.=20
... and in such a case in case of an attack, these daily CRLs will
not be seen. :-(
Denis
> In those scenarios, I can see nextUpdate being a week ahead, but=20
> nextPublish could be day or two days ahead.
>=20
> -----Original Message-----
> From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]
> Sent: Tuesday, December 02, 2003 10:15 PM
> To: Santosh Chokhani; ietf-pkix@imc.org
> Subject: RE: Lightweight OCSP Profile for high volume environments=
...
>=20
> Santosh -
> =20
> One of the things we have been discussing is how a client can
> retrieve data from the responder before it expressly needed withou=
t
> abusing the responder.
> =20
> This is needed so that clients do not need to interrupt their
> transaction to wait for a OCSP response, this is particularly
> interesting in the TLSEXT case where the webserver server is likel=
y
> to maintain a cache of responses it provides to clients as part of
> the TLS negotiation.=20
> =20
> Typically nextUpdate (plus or minus some) is used by clients as th=
e
> expiration of the response, the responder also typically will have
> some overlap in the responses they produce, in the case of a
> pre-production responder there is also going to be a delay between
> when the responses were produced, and when they become generally
> available.
> =20
> Without this value clients will simply guess at a value which may
> not be accurate for that particular responder resulting in
> un-necessary network traffic to the responder and delays for the c=
lient.
> =20
> Ryan
>=20
> ------------------------------------------------------------------=
------
> From: Santosh Chokhani
> Sent: Tue 12/2/2003 5:10 PM
> To: ietf-pkix@imc.org
> Subject: RE: Lightweight OCSP Profile for high volume environments=
...
>=20
>=20
> Alex:
>=20
> I think I understand what you are trying to say, but I fail to see=
much
> added utility of nextPublish over nextUpdate.=20
>=20
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On
> Behalf Of Deacon, Alex
> Sent: Tuesday, December 02, 2003 2:43 PM
> To: ietf-pkix@imc.org
> Subject: Lightweight OCSP Profile for high volume environments...
>=20
>=20
>=20
>=20
> All,
>=20
> On a related topic, we (Ryan and myself) have recently submitted a=
n
> informational internet-draft which describes a lightweight profile
> of OCSP
> (RFC 2560) for use in very large PKI deployments such as SSL/TLS, =
code
> signing and secure messaging. (i.e. environments where pre-produce=
d and
> distributed responses may be desirable).=20
>=20
> http://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-=
profile-00
> .txt
>=20
> Alex
>=20
>=20
</PRE></DIV></BODY></HTML>
--_C2844197-57EA-48E7-B3AB-92311F72770E_--
--------------InterScan_NT_MIME_Boundary--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3GTwib068002 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 08:29:58 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB3GTwws068001 for ietf-pkix-bks; Wed, 3 Dec 2003 08:29:58 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3GTvib067991 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 08:29:57 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from mail6.microsoft.com ([157.54.6.196]) by mail4.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 3 Dec 2003 08:29:36 -0800
Received: from inet-vrs-06.redmond.corp.microsoft.com ([157.54.6.181]) by mail6.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Wed, 3 Dec 2003 08:29:50 -0800
Received: from 157.54.6.150 by inet-vrs-06.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 03 Dec 2003 08:29:52 -0800
Received: from RED-IMC-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 3 Dec 2003 08:30:00 -0800
Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by RED-IMC-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 3 Dec 2003 08:29:47 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Wed, 3 Dec 2003 08:30:07 -0800
Received: mail.windows.microsoft.com 157.54.12.84 from 157.54.0.150 157.54.0.150 via HTTP with MS-WebStorage 6.5.7122
Received: 157.54.0.150 157.54.0.150 from 157.54.1.70 157.54.1.70 via HTTP with MS-WebStorage 6.5.7122
Subject: RE: Lightweight OCSP Profile for high volume environments...
MIME-Version: 1.0
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
In-Reply-To: <000401c3b99a$5c93fb50$29404d0c@hq.orionsec.com>
References: <8C6C8548-FE43-4112-9B1C-EA3C8DE7FB68@mimectl>, <000401c3b99a$5c93fb50$29404d0c@hq.orionsec.com>
To: Santosh Chokhani <chokhani@orionsec.com>, <ietf-pkix@imc.org>
Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary"
Thread-Topic: Lightweight OCSP Profile for high volume environments...
Thread-Index: AcO5umJDHpJR3qW7QTCp/uftZIzVvg==
Message-ID: <36B36FF6-F540-49BD-8DA8-810B7F6D46D1@mimectl>
X-Mailer: Microsoft Outlook Web Access 6.5.7122.0
X-MimeCtl: Produced By Microsoft Exchange V6.5.7122.0
Date: Wed, 3 Dec 2003 08:27:46 -0800
X-OriginalArrivalTime: 03 Dec 2003 16:30:07.0695 (UTC) FILETIME=[B6B61DF0:01C3B9BA]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0005_01C3B970.73BF79F0"
------=_NextPart_000_0005_01C3B970.73BF79F0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Santosh - Yes, clients will still have to have some padding to accommodate =
for time skew but that's not what this is about.=20
Most clients out there treat nextUpdate as a expiration, I know that's not =
what the RFC stated but that is what the common interpretation of this valu=
e ended up as being.
Given this interpretation, new data is needed on the client no later than n=
extUpdate; typically when issuers produce revocation information there is a=
overlap of validity (I have seen values in the range of hours, and some in=
days).=20
NextPublish value allows the responder to communicate this window explicitl=
y to the client, thus allowing the client to make intelligent decisions on =
when it can pre-fetching of this data.
Ryan
From: Santosh Chokhani
Sent: Wed 12/3/2003 4:38 AM
To: ietf-pkix@imc.org
Subject: RE: Lightweight OCSP Profile for high volume environments...
Ryan: Thanks. I understand. But, given that network delays and clock syn=
chronization issues are still there, you still need the same delta. Since =
nextUpdate was designed to serve this purpose, the response generator shoul=
d put nextUpdate by which the response will be available.
However, I do know if some PKI implementations where nextUpdate for CRL is =
well ahead (say a week) and actual issuance is daily or every two days. In=
those scenarios, I can see nextUpdate being a week ahead, but nextPublish =
could be day or two days ahead.
-----Original Message-----
From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]=20
Sent: Tuesday, December 02, 2003 10:15 PM
To: Santosh Chokhani; ietf-pkix@imc.org
Subject: RE: Lightweight OCSP Profile for high volume environments...
Santosh -
One of the things we have been discussing is how a client can retrieve data=
from the responder before it expressly needed without abusing the responde=
r.
This is needed so that clients do not need to interrupt their transaction t=
o wait for a OCSP response, this is particularly interesting in the TLSEXT =
case where the webserver server is likely to maintain a cache of responses =
it provides to clients as part of the TLS negotiation.=20
Typically nextUpdate (plus or minus some) is used by clients as the expirat=
ion of the response, the responder also typically will have some overlap in=
the responses they produce, in the case of a pre-production responder ther=
e is also going to be a delay between when the responses were produced, and=
when they become generally available.
Without this value clients will simply guess at a value which may not be ac=
curate for that particular responder resulting in un-necessary network traf=
fic to the responder and delays for the client.
Ryan
From: Santosh Chokhani
Sent: Tue 12/2/2003 5:10 PM
To: ietf-pkix@imc.org
Subject: RE: Lightweight OCSP Profile for high volume environments...
Alex:
I think I understand what you are trying to say, but I fail to see much
added utility of nextPublish over nextUpdate.=20
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On
Behalf Of Deacon, Alex
Sent: Tuesday, December 02, 2003 2:43 PM
To: ietf-pkix@imc.org
Subject: Lightweight OCSP Profile for high volume environments...
All,
On a related topic, we (Ryan and myself) have recently submitted an
informational internet-draft which describes a lightweight profile of OCSP
(RFC 2560) for use in very large PKI deployments such as SSL/TLS, code
signing and secure messaging. (i.e. environments where pre-produced and
distributed responses may be desirable).=20
http://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-profile-0=
0
.txt
Alex
------=_NextPart_000_0005_01C3B970.73BF79F0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD><TITLE>Message</TITLE></HEAD>
<BODY>
<DIV id=3DidOWAReplyText36706 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Santosh - Yes, c=
lients will still have to have some padding to accommodate for time skew bu=
t that's not what this is about. </FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Most clients out there treat nex=
tUpdate as a expiration, I know that's not what the RFC stated but that is =
what the common interpretation of this value ended up as being.</FONT></DIV=
>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Given this interpretation, new d=
ata is needed on the client no later than nextUpdate; typically when issuer=
s produce revocation information there is a overlap of validity (I have see=
n values in the range of hours, and some in days). </FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>NextPublish value allows th=
e responder to communicate this window explicitly to the client, =
thus allowing the client to make intelligent decisions on when it can pre-f=
etching of this data.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Ryan</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Santosh Chokhani<BR><B>Sent:</B> =
Wed 12/3/2003 4:38 AM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</B> RE=
: Lightweight OCSP Profile for high volume environments...<BR></FONT><BR></=
DIV>
<DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D096253112-03=
122003>Ryan: Thanks. I understand. But, given that networ=
k delays and clock synchronization issues are still there, you still need t=
he same delta. Since nextUpdate was designed to serve this purpo=
se, the response generator should put nextUpdate by which the response will=
be available.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D096253112-03=
122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D096253112-03=
122003>However, I do know if some PKI implementations where nextUpdate for =
CRL is well ahead (say a week) and actual issuance is daily or every two da=
ys. In those scenarios, I can see nextUpdate being a week ahead, but =
nextPublish could be day or two days ahead.</SPAN></FONT></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B> Ryan M. =
Hurst [mailto:rmh@windows.microsoft.com] <BR><B>Sent:</B> Tuesday, December=
02, 2003 10:15 PM<BR><B>To:</B> Santosh Chokhani; ietf-pkix@imc.org<BR><B>=
Subject:</B> RE: Lightweight OCSP Profile for high volume environments...<B=
R><BR></FONT></DIV>
<DIV id=3DidOWAReplyText56089 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Santosh -</FONT>=
</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>One of the things we have been d=
iscussing is how a client can retrieve data from the responder before it ex=
pressly needed without abusing the responder.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>This is needed so that clients d=
o not need to interrupt their transaction to wait for a OCSP response, this=
is particularly interesting in the TLSEXT case where the webserver server =
is likely to maintain a cache of responses it provides to clients as p=
art of the TLS negotiation. </FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Typically nextUpdate (plus =
or minus some) is used by clients as the expiration of the response, the re=
sponder also typically will have some overlap in the responses they produce=
, in the case of a pre-production responder there is also going to be =
a delay between when the responses were produced, and when they become=
generally available.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial color=3D#0000ff size=3D2></FONT> </D=
IV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Without this value clients =
will simply guess at a value which may not be accurate for that particular =
responder resulting in un-necessary network traffic to the responder and de=
lays for the client.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Ryan</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Santosh Chokhani<BR><B>Sent:</B> =
Tue 12/2/2003 5:10 PM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</B> RE=
: Lightweight OCSP Profile for high volume environments...<BR></FONT><BR></=
DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2></FONT><BR>
<P><FONT size=3D2>Alex:<BR><BR>I think I understand what you are trying to =
say, but I fail to see much<BR>added utility of nextPublish over nextUpdate=
. <BR><BR>-----Original Message-----<BR>From: owner-ietf-pkix@mail.imc=
.org [<A href=3D"mailto:owner-ietf-pkix@mail.imc.org" target=3D_blank>mailt=
o:owner-ietf-pkix@mail.imc.org</A>] On<BR>Behalf Of Deacon, Alex<BR>Sent: T=
uesday, December 02, 2003 2:43 PM<BR>To: ietf-pkix@imc.org<BR>Subject: Ligh=
tweight OCSP Profile for high volume environments...<BR><BR><BR><BR><BR>All=
,<BR><BR>On a related topic, we (Ryan and myself) have recently submitted a=
n<BR>informational internet-draft which describes a lightweight profile of =
OCSP<BR>(RFC 2560) for use in very large PKI deployments such as SSL/TLS, c=
ode<BR>signing and secure messaging. (i.e. environments where pre-produced =
and<BR>distributed responses may be desirable). <BR><BR><A href=3D"htt=
p://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-profile-00" =
target=3D_blank>http://www.ietf.org/internet-drafts/draft-deacon-lightweigh=
t-ocsp-profile-00</A><BR>.txt<BR><BR>Alex<BR><BR><BR></FONT></P></DIV></BLO=
CKQUOTE></DIV></BODY></HTML>
------=_NextPart_000_0005_01C3B970.73BF79F0--
--------------InterScan_NT_MIME_Boundary--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3G2Bib066590 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 08:02:11 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB3G2Brj066589 for ietf-pkix-bks; Wed, 3 Dec 2003 08:02:11 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mclean-vscan1.bah.com (mclean-vscan1.bah.com [156.80.3.61]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3G29ib066582 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 08:02:10 -0800 (PST) (envelope-from chokhani@orionsec.com)
Received: from mclean-vscan1.bah.com (mclean-vscan1.bah.com [156.80.3.61]) by mclean-vscan1.bah.com (8.11.0/8.11.0) with SMTP id hB3G1Z314137 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 11:01:36 -0500 (EST)
Received: from mclean-mail.usae.bah.com ([156.80.5.109]) by mclean-vscan1.bah.com (NAVGW 2.5.2.12) with SMTP id M2003120311013021450 for <ietf-pkix@imc.org>; Wed, 03 Dec 2003 11:01:31 -0500
Received: from wchokhani ([156.80.127.186]) by mclean-mail.usae.bah.com (Netscape Messaging Server 4.15) with ESMTP id HPBTU300.C0W for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 11:01:15 -0500
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: RE: Lightweight OCSP Profile for high volume environments...
Date: Wed, 3 Dec 2003 11:01:09 -0500
Message-ID: <004101c3b9b6$adfc85e0$29404d0c@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: <3FCDF1E7.90202@bull.net>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB3G2Aib066585
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Denis:
I agree and the organizations do recognize that the CRL replay attack window
is determined by nextUpdate and not the issuance frequency.
The point I was making to Ryan is that in nextPublish can be useful when the
revocation information is published more frequently than implied by the
nextUpdate.
-----Original Message-----
From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
Sent: Wednesday, December 03, 2003 9:24 AM
To: Santosh Chokhani
Cc: ietf-pkix@imc.org
Subject: Re: Lightweight OCSP Profile for high volume environments...
Santosh,
> Ryan: Thanks. I understand. But, given that network delays and
> clock
> synchronization issues are still there, you still need the same delta.
> Since nextUpdate was designed to serve this purpose, the response
> generator should put nextUpdate by which the response will be available.
>
> However, I do know if some PKI implementations where nextUpdate for
> CRL
> is well ahead (say a week) and actual issuance is daily or every two
> days.
... and in such a case in case of an attack, these daily CRLs will
not be seen. :-(
Denis
> In those scenarios, I can see nextUpdate being a week ahead, but
> nextPublish could be day or two days ahead.
>
> -----Original Message-----
> From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]
> Sent: Tuesday, December 02, 2003 10:15 PM
> To: Santosh Chokhani; ietf-pkix@imc.org
> Subject: RE: Lightweight OCSP Profile for high volume
> environments...
>
> Santosh -
>
> One of the things we have been discussing is how a client can
> retrieve data from the responder before it expressly needed without
> abusing the responder.
>
> This is needed so that clients do not need to interrupt their
> transaction to wait for a OCSP response, this is particularly
> interesting in the TLSEXT case where the webserver server is likely
> to maintain a cache of responses it provides to clients as part of
> the TLS negotiation.
>
> Typically nextUpdate (plus or minus some) is used by clients as the
> expiration of the response, the responder also typically will have
> some overlap in the responses they produce, in the case of a
> pre-production responder there is also going to be a delay between
> when the responses were produced, and when they become generally
> available.
>
> Without this value clients will simply guess at a value which may
> not be accurate for that particular responder resulting in
> un-necessary network traffic to the responder and delays for the
> client.
>
> Ryan
>
>
------------------------------------------------------------------------
> From: Santosh Chokhani
> Sent: Tue 12/2/2003 5:10 PM
> To: ietf-pkix@imc.org
> Subject: RE: Lightweight OCSP Profile for high volume
> environments...
>
>
> Alex:
>
> I think I understand what you are trying to say, but I fail to see
much
> added utility of nextPublish over nextUpdate.
>
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On
> Behalf Of Deacon, Alex
> Sent: Tuesday, December 02, 2003 2:43 PM
> To: ietf-pkix@imc.org
> Subject: Lightweight OCSP Profile for high volume environments...
>
>
>
>
> All,
>
> On a related topic, we (Ryan and myself) have recently submitted an
> informational internet-draft which describes a lightweight profile
> of OCSP
> (RFC 2560) for use in very large PKI deployments such as SSL/TLS, code
> signing and secure messaging. (i.e. environments where pre-produced
and
> distributed responses may be desirable).
>
>
http://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-profile-00
> .txt
>
> Alex
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3ENcib063144 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 06:23:38 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB3ENcKM063143 for ietf-pkix-bks; Wed, 3 Dec 2003 06:23:38 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3ENaib063138 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 06:23:37 -0800 (PST) (envelope-from Denis.Pinkas@bull.net)
Received: from clbull.frcl.bull.fr (IDENT:root@clbull.frcl.bull.fr [129.182.8.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA30850; Wed, 3 Dec 2003 15:30:23 +0100
Received: from bull.net (frcls4013.frcl.bull.fr [129.182.108.120]) by clbull.frcl.bull.fr (8.9.3/8.9.3) with ESMTP id PAA21080; Wed, 3 Dec 2003 15:18:56 +0100
Message-ID: <3FCDF1E7.90202@bull.net>
Date: Wed, 03 Dec 2003 15:23:35 +0100
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Bull SA.
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en, fr
MIME-Version: 1.0
To: Santosh Chokhani <chokhani@orionsec.com>
CC: ietf-pkix@imc.org
Subject: Re: Lightweight OCSP Profile for high volume environments...
References: <000401c3b99a$5c93fb50$29404d0c@hq.orionsec.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Santosh,
> Ryan: Thanks. I understand. But, given that network delays and clock
> synchronization issues are still there, you still need the same delta.
> Since nextUpdate was designed to serve this purpose, the response
> generator should put nextUpdate by which the response will be available.
>
> However, I do know if some PKI implementations where nextUpdate for CRL
> is well ahead (say a week) and actual issuance is daily or every two
> days.
... and in such a case in case of an attack, these daily CRLs will
not be seen. :-(
Denis
> In those scenarios, I can see nextUpdate being a week ahead, but
> nextPublish could be day or two days ahead.
>
> -----Original Message-----
> From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]
> Sent: Tuesday, December 02, 2003 10:15 PM
> To: Santosh Chokhani; ietf-pkix@imc.org
> Subject: RE: Lightweight OCSP Profile for high volume environments...
>
> Santosh -
>
> One of the things we have been discussing is how a client can
> retrieve data from the responder before it expressly needed without
> abusing the responder.
>
> This is needed so that clients do not need to interrupt their
> transaction to wait for a OCSP response, this is particularly
> interesting in the TLSEXT case where the webserver server is likely
> to maintain a cache of responses it provides to clients as part of
> the TLS negotiation.
>
> Typically nextUpdate (plus or minus some) is used by clients as the
> expiration of the response, the responder also typically will have
> some overlap in the responses they produce, in the case of a
> pre-production responder there is also going to be a delay between
> when the responses were produced, and when they become generally
> available.
>
> Without this value clients will simply guess at a value which may
> not be accurate for that particular responder resulting in
> un-necessary network traffic to the responder and delays for the client.
>
> Ryan
>
> ------------------------------------------------------------------------
> From: Santosh Chokhani
> Sent: Tue 12/2/2003 5:10 PM
> To: ietf-pkix@imc.org
> Subject: RE: Lightweight OCSP Profile for high volume environments...
>
>
> Alex:
>
> I think I understand what you are trying to say, but I fail to see much
> added utility of nextPublish over nextUpdate.
>
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On
> Behalf Of Deacon, Alex
> Sent: Tuesday, December 02, 2003 2:43 PM
> To: ietf-pkix@imc.org
> Subject: Lightweight OCSP Profile for high volume environments...
>
>
>
>
> All,
>
> On a related topic, we (Ryan and myself) have recently submitted an
> informational internet-draft which describes a lightweight profile
> of OCSP
> (RFC 2560) for use in very large PKI deployments such as SSL/TLS, code
> signing and secure messaging. (i.e. environments where pre-produced and
> distributed responses may be desirable).
>
> http://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-profile-00
> .txt
>
> Alex
>
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3CdDib059288 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 04:39:13 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB3CdDi9059287 for ietf-pkix-bks; Wed, 3 Dec 2003 04:39:13 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mtiwmhc11.worldnet.att.net (mtiwmhc11.worldnet.att.net [204.127.131.115]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3CdCib059259 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 04:39:12 -0800 (PST) (envelope-from chokhani@orionsec.com)
Received: from wchokhani (41.washington-42rh15-16rt.dc.dial-access.att.net[12.77.64.41]) by worldnet.att.net (mtiwmhc11) with SMTP id <2003120312390311100jbslle>; Wed, 3 Dec 2003 12:39:04 +0000
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: RE: Lightweight OCSP Profile for high volume environments...
Date: Wed, 3 Dec 2003 07:38:31 -0500
Message-ID: <000401c3b99a$5c93fb50$29404d0c@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C3B970.73BF79F0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: <8C6C8548-FE43-4112-9B1C-EA3C8DE7FB68@mimectl>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------=_NextPart_000_0005_01C3B970.73BF79F0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Ryan: Thanks. I understand. But, given that network delays and clock
synchronization issues are still there, you still need the same delta.
Since nextUpdate was designed to serve this purpose, the response =
generator
should put nextUpdate by which the response will be available.
=20
However, I do know if some PKI implementations where nextUpdate for CRL =
is
well ahead (say a week) and actual issuance is daily or every two days. =
In
those scenarios, I can see nextUpdate being a week ahead, but =
nextPublish
could be day or two days ahead.
-----Original Message-----
From: Ryan M. Hurst [mailto:rmh@windows.microsoft.com]=20
Sent: Tuesday, December 02, 2003 10:15 PM
To: Santosh Chokhani; ietf-pkix@imc.org
Subject: RE: Lightweight OCSP Profile for high volume environments...
Santosh -
=20
One of the things we have been discussing is how a client can retrieve =
data
from the responder before it expressly needed without abusing the =
responder.
=20
This is needed so that clients do not need to interrupt their =
transaction to
wait for a OCSP response, this is particularly interesting in the TLSEXT
case where the webserver server is likely to maintain a cache of =
responses
it provides to clients as part of the TLS negotiation.=20
=20
Typically nextUpdate (plus or minus some) is used by clients as the
expiration of the response, the responder also typically will have some
overlap in the responses they produce, in the case of a pre-production
responder there is also going to be a delay between when the responses =
were
produced, and when they become generally available.
=20
Without this value clients will simply guess at a value which may not be
accurate for that particular responder resulting in un-necessary network
traffic to the responder and delays for the client.
=20
Ryan
_____ =20
From: Santosh Chokhani
Sent: Tue 12/2/2003 5:10 PM
To: ietf-pkix@imc.org
Subject: RE: Lightweight OCSP Profile for high volume environments...
Alex:
I think I understand what you are trying to say, but I fail to see much
added utility of nextPublish over nextUpdate.=20
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] =
On
Behalf Of Deacon, Alex
Sent: Tuesday, December 02, 2003 2:43 PM
To: ietf-pkix@imc.org
Subject: Lightweight OCSP Profile for high volume environments...
All,
On a related topic, we (Ryan and myself) have recently submitted an
informational internet-draft which describes a lightweight profile of =
OCSP
(RFC 2560) for use in very large PKI deployments such as SSL/TLS, code
signing and secure messaging. (i.e. environments where pre-produced and
distributed responses may be desirable).=20
http://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-profile=
-00
.txt
Alex
------=_NextPart_000_0005_01C3B970.73BF79F0
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>
<META content=3D"MSHTML 6.00.2800.1276" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D096253112-03122003>Ryan: Thanks. I understand. =
But,=20
given that network delays and clock synchronization issues are still =
there, you=20
still need the same delta. Since nextUpdate was designed =
to serve=20
this purpose, the response generator should put nextUpdate by which the =
response=20
will be available.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D096253112-03122003></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D096253112-03122003>However, I do know if some PKI =
implementations where=20
nextUpdate for CRL is well ahead (say a week) and actual issuance is =
daily or=20
every two days. In those scenarios, I can see nextUpdate being a =
week=20
ahead, but nextPublish could be day or two days =
ahead.</SPAN></FONT></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B> Ryan =
M. Hurst=20
[mailto:rmh@windows.microsoft.com] <BR><B>Sent:</B> Tuesday, December =
02, 2003=20
10:15 PM<BR><B>To:</B> Santosh Chokhani; =
ietf-pkix@imc.org<BR><B>Subject:</B>=20
RE: Lightweight OCSP Profile for high volume=20
environments...<BR><BR></FONT></DIV>
<DIV id=3DidOWAReplyText56089 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Santosh =
-</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>One of the things we have =
been discussing=20
is how a client can retrieve data from the responder before it =
expressly=20
needed without abusing the responder.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>This is needed so that =
clients do not=20
need to interrupt their transaction to wait for a OCSP response, this =
is=20
particularly interesting in the TLSEXT case where the webserver server =
is=20
likely to maintain a cache of responses it provides to clients as =
part of=20
the TLS negotiation. </FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Typically nextUpdate =
(plus or minus=20
some) is used by clients as the expiration of the response, the =
responder also=20
typically will have some overlap in the responses they produce, in the =
case of=20
a pre-production responder there is also going to be a =
delay between=20
when the responses were produced, and when they become generally=20
available.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Without this =
value clients will=20
simply guess at a value which may not be accurate for that particular=20
responder resulting in un-necessary network traffic to the responder =
and=20
delays for the client.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Ryan</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Santosh =
Chokhani<BR><B>Sent:</B> Tue=20
12/2/2003 5:10 PM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</B> =
RE:=20
Lightweight OCSP Profile for high volume =
environments...<BR></FONT><BR></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2></FONT><BR>
<P><FONT size=3D2>Alex:<BR><BR>I think I understand what you are =
trying to say,=20
but I fail to see much<BR>added utility of nextPublish over=20
nextUpdate. <BR><BR>-----Original Message-----<BR>From:=20
owner-ietf-pkix@mail.imc.org [<A =
href=3D"mailto:owner-ietf-pkix@mail.imc.org"=20
target=3D_blank>mailto:owner-ietf-pkix@mail.imc.org</A>] On<BR>Behalf =
Of Deacon,=20
Alex<BR>Sent: Tuesday, December 02, 2003 2:43 PM<BR>To:=20
ietf-pkix@imc.org<BR>Subject: Lightweight OCSP Profile for high volume =
environments...<BR><BR><BR><BR><BR>All,<BR><BR>On a related topic, we =
(Ryan=20
and myself) have recently submitted an<BR>informational internet-draft =
which=20
describes a lightweight profile of OCSP<BR>(RFC 2560) for use in very =
large=20
PKI deployments such as SSL/TLS, code<BR>signing and secure messaging. =
(i.e.=20
environments where pre-produced and<BR>distributed responses may be=20
desirable). <BR><BR><A=20
=
href=3D"http://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp=
-profile-00"=20
=
target=3D_blank>http://www.ietf.org/internet-drafts/draft-deacon-lightwei=
ght-ocsp-profile-00</A><BR>.txt<BR><BR>Alex<BR><BR><BR></FONT></P></DIV><=
/BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0005_01C3B970.73BF79F0--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3AOJib054053 for <ietf-pkix-bks@above.proper.com>; Wed, 3 Dec 2003 02:24:19 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB3AOJBR054052 for ietf-pkix-bks; Wed, 3 Dec 2003 02:24:19 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB3AOFib054046 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 02:24:17 -0800 (PST) (envelope-from Denis.Pinkas@bull.net)
Received: from clbull.frcl.bull.fr (IDENT:root@clbull.frcl.bull.fr [129.182.8.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id LAA31512 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 11:31:01 +0100
Received: from bull.net (frcls4013.frcl.bull.fr [129.182.108.120]) by clbull.frcl.bull.fr (8.9.3/8.9.3) with ESMTP id LAA19091 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 11:19:34 +0100
Message-ID: <3FCDB9CD.3060206@bull.net>
Date: Wed, 03 Dec 2003 11:24:13 +0100
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Bull SA.
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en, fr
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: I-D ACTION:draft-ietf-pkix-certpathbuild-02.txt
References: <200312022036.PAA08902@ietf.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
A few comments about sections 6.4 and 6.2.
The text in section 6.4 is lacking guidance on what to do when using the CRL
DP, in particular what kind of verifications are necessary when the CRL
Issuer is not the CA.
Therefore, implementations may wish to provide support for decoding
the CRLDP extension and using the information to retrieve CRLs.
Support for CRLDP is optional and [RFC 3280] compliant implementations
need not populate the CRLDP extension.
Then what to do if the CRLDP is not present ?
Similar guidance is misssing in section 6.2 about the use of the authority
information access (AIA) extension which contains an accessMethod defined
with the id-ad-caIssuers OID, i.e. what kind of verifications are necessary
when the OCSP responder is not the CA.
BTW, the following sentence extracted for the document is not correct:
If a certificate with an AIA extension contains an accessMethod defined
with the id-ad-caIssuers OID, the AIA may be used to retrieve one or
more certificates for entities that issued the certificate containing
the AIA extension.
Denis
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
>
> Title : Internet X.509 Public Key Infrastructure:
> Certification Path Building
> Author(s) : M. Cooper, Y. Dzambasow
> Filename : draft-ietf-pkix-certpathbuild-02.txt
> Pages : 70
> Date : 2003-12-2
>
> This document was written to provide guidance and recommendations to
> developers building X.509 public-key certification paths within their
> applications. By following the guidance and recommendations defined
> in this document, an application developer is more likely to develop
> a robust X.509 certificate enabled application that can build valid
> certification paths across a wide range of PKI environments.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-pkix-certpathbuild-02.txt
>
> To remove yourself from the IETF Announcement list, send a message to
> ietf-announce-request with the word unsubscribe in the body of the message.
>
> Internet-Drafts are also available by anonymous FTP. Login with the username
> "anonymous" and a password of your e-mail address. After logging in,
> type "cd internet-drafts" and then
> "get draft-ietf-pkix-certpathbuild-02.txt".
>
> A list of Internet-Drafts directories can be found in
> http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
>
> Internet-Drafts can also be obtained by e-mail.
>
> Send a message to:
> mailserv@ietf.org.
> In the body type:
> "FILE /internet-drafts/draft-ietf-pkix-certpathbuild-02.txt".
>
> NOTE: The mail server at ietf.org can return the document in
> MIME-encoded form by using the "mpack" utility. To use this
> feature, insert the command "ENCODING mime" before the "FILE"
> command. To decode the response(s), you will need "munpack" or
> a MIME-compliant mail reader. Different MIME-compliant mail readers
> exhibit different behavior, especially when dealing with
> "multipart" MIME messages (i.e. documents which have been split
> up into multiple messages), so check your local documentation on
> how to manipulate these messages.
>
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB33H5ib066611 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 19:17:05 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB33H5QP066610 for ietf-pkix-bks; Tue, 2 Dec 2003 19:17:05 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail2.microsoft.com (mail2.microsoft.com [131.107.3.124]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB33H4ib066605 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 19:17:04 -0800 (PST) (envelope-from rmh@windows.microsoft.com)
Received: from mail6.microsoft.com ([157.54.6.196]) by mail2.microsoft.com with Microsoft SMTPSVC(6.0.3790.1041); Tue, 2 Dec 2003 19:17:06 -0800
Received: from inet-vrs-06.redmond.corp.microsoft.com ([157.54.6.181]) by mail6.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Tue, 2 Dec 2003 19:16:49 -0800
Received: from 157.54.6.150 by inet-vrs-06.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 02 Dec 2003 19:17:00 -0800
Received: from RED-IMC-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 2 Dec 2003 19:17:08 -0800
Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by RED-IMC-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 2 Dec 2003 19:16:55 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Tue, 2 Dec 2003 19:17:05 -0800
Received: mail.windows.microsoft.com 157.54.12.84 from 157.54.0.150 157.54.0.150 via HTTP with MS-WebStorage 6.5.7122
Received: 157.54.0.150 157.54.0.150 from 157.54.1.70 157.54.1.70 via HTTP with MS-WebStorage 6.5.7122
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Lightweight OCSP Profile for high volume environments...
Thread-Topic: Lightweight OCSP Profile for high volume environments...
Thread-Index: AcO5SYjLpOV5N27+SxaYhsDRJo31OgAAhh6E
From: "Ryan M. Hurst" <rmh@windows.microsoft.com>
In-Reply-To: <000501c3b93a$4d8a5920$a02a4d0c@hq.orionsec.com>
References: <F5678115F458B4458C227F0EC02691BB02BA8530@mou1wnexm04.vcorp.ad.vrsn.com>, <000501c3b93a$4d8a5920$a02a4d0c@hq.orionsec.com>
To: Santosh Chokhani <chokhani@orionsec.com>, <ietf-pkix@imc.org>
Message-ID: <8C6C8548-FE43-4112-9B1C-EA3C8DE7FB68@mimectl>
X-Mailer: Microsoft Outlook Web Access 6.5.7122.0
X-MimeCtl: Produced By Microsoft Exchange V6.5.7122.0
Date: Tue, 2 Dec 2003 19:14:57 -0800
X-OriginalArrivalTime: 03 Dec 2003 03:17:05.0102 (UTC) FILETIME=[ED469EE0:01C3B94B]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
<HTML><HEAD><TITLE>RE: Lightweight OCSP Profile for high volume environment=
s...</TITLE></HEAD>
<BODY>
<DIV id=3DidOWAReplyText56089 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>Santosh -</FONT>=
</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>One of the things we have been d=
iscussing is how a client can retrieve data from the responder before it ex=
pressly needed without abusing the responder.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>This is needed so that clients d=
o not need to interrupt their transaction to wait for a OCSP response, this=
is particularly interesting in the TLSEXT case where the webserver server =
is likely to maintain a cache of responses it provides to clients as p=
art of the TLS negotiation. </FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Typically nextUpdate (plus =
or minus some) is used by clients as the expiration of the response, the re=
sponder also typically will have some overlap in the responses they produce=
, in the case of a pre-production responder there is also going to be =
a delay between when the responses were produced, and when they become=
generally available.</FONT></DIV>
<DIV dir=3Dltr> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Without this value clients =
will simply guess at a value which may not be accurate for that particular =
responder resulting in un-necessary network traffic to the responder and de=
lays for the client.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Ryan</FONT></DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Santosh Chokhani<BR><B>Sent:</B> =
Tue 12/2/2003 5:10 PM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</B> RE=
: Lightweight OCSP Profile for high volume environments...<BR></FONT><BR></=
DIV>
<DIV><BR>
<P><FONT size=3D2>Alex:<BR><BR>I think I understand what you are trying to =
say, but I fail to see much<BR>added utility of nextPublish over nextUpdate=
. <BR><BR>-----Original Message-----<BR>From: owner-ietf-pkix@mail.imc=
.org [<A href=3D"mailto:owner-ietf-pkix@mail.imc.org" target=3D_blank>mailt=
o:owner-ietf-pkix@mail.imc.org</A>] On<BR>Behalf Of Deacon, Alex<BR>Sent: T=
uesday, December 02, 2003 2:43 PM<BR>To: ietf-pkix@imc.org<BR>Subject: Ligh=
tweight OCSP Profile for high volume environments...<BR><BR><BR><BR><BR>All=
,<BR><BR>On a related topic, we (Ryan and myself) have recently submitted a=
n<BR>informational internet-draft which describes a lightweight profile of =
OCSP<BR>(RFC 2560) for use in very large PKI deployments such as SSL/TLS, c=
ode<BR>signing and secure messaging. (i.e. environments where pre-produced =
and<BR>distributed responses may be desirable). <BR><BR><A href=3D"htt=
p://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-profile-00" =
target=3D_blank>http://www.ietf.org/internet-drafts/draft-deacon-lightweigh=
t-ocsp-profile-00</A><BR>.txt<BR><BR>Alex<BR><BR><BR></FONT></P></DIV></BOD=
Y></HTML>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB31BGib062664 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 17:11:16 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB31BGsI062663 for ietf-pkix-bks; Tue, 2 Dec 2003 17:11:16 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mtiwmhc11.worldnet.att.net (mtiwmhc11.worldnet.att.net [204.127.131.115]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB31BFib062656 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 17:11:15 -0800 (PST) (envelope-from chokhani@orionsec.com)
Received: from wchokhani (160.washington-27rh16rt-28rh15rt.dc.dial-access.att.net[12.77.42.160]) by worldnet.att.net (mtiwmhc11) with SMTP id <2003120301105611100jdjp8e>; Wed, 3 Dec 2003 01:10:56 +0000
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: RE: Lightweight OCSP Profile for high volume environments...
Date: Tue, 2 Dec 2003 20:10:54 -0500
Message-ID: <000501c3b93a$4d8a5920$a02a4d0c@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
Importance: Normal
In-Reply-To: <F5678115F458B4458C227F0EC02691BB02BA8530@mou1wnexm04.vcorp.ad.vrsn.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB31BFib062658
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Alex:
I think I understand what you are trying to say, but I fail to see much
added utility of nextPublish over nextUpdate.
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On
Behalf Of Deacon, Alex
Sent: Tuesday, December 02, 2003 2:43 PM
To: ietf-pkix@imc.org
Subject: Lightweight OCSP Profile for high volume environments...
All,
On a related topic, we (Ryan and myself) have recently submitted an
informational internet-draft which describes a lightweight profile of OCSP
(RFC 2560) for use in very large PKI deployments such as SSL/TLS, code
signing and secure messaging. (i.e. environments where pre-produced and
distributed responses may be desirable).
http://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-profile-00
.txt
Alex
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2Nu2ib060134 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 15:56:02 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2Nu2N3060133 for ietf-pkix-bks; Tue, 2 Dec 2003 15:56:02 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailao.vtcif.telstra.com.au (mailao.vtcif.telstra.com.au [202.12.144.17]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2Nu1ib060116 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 15:56:01 -0800 (PST) (envelope-from James.H.Manger@team.telstra.com)
Received: from mailai.vtcif.telstra.com.au (mailai.vtcif.telstra.com.au [202.12.142.17]) by mailao.vtcif.telstra.com.au (Postfix) with ESMTP id 8C33222BBD for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 10:55:55 +1100 (EST)
Received: from mail.cdn.telstra.com.au (localhost [127.0.0.1]) by mailai.vtcif.telstra.com.au (Postfix) with ESMTP id D40D822883 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 10:55:54 +1100 (EST)
Received: from WSMSG0004.srv.dir.telstra.com (wsmsg0004.srv.dir.telstra.com [192.74.168.133]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id KAA26646 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 10:55:54 +1100 (EST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: RSA Algs: 01: draft-ietf-pkix-rsa-pkalgs-01.txt - ASN.1 typos
Date: Wed, 3 Dec 2003 09:54:07 +1000
Message-ID: <73388857A695D31197EF00508B08F29806EE19A9@ntmsg0131.corpmail.telstra.com.au>
Thread-Topic: I-D ACTION:draft-ietf-pkix-rsa-pkalgs-01.txt
Thread-Index: AcO5IqQvqcxpifSTSPut5LxNENfd/AACgzzw
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: <ietf-pkix@imc.org>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB2Nu2ib060129
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
The ASN.1 module in draft-ietf-pkix-rsa-pkalgs-01.txt has some typos.
1.
When specifying ASN.1 values the field names must be included. When specifying open type values the type must be specified. For instance:
WRONG:
sha1Identifier AlgorithmIdentifier ::=
{ id-sha1, NULL }
RIGHT:
sha1Identifier AlgorithmIdentifier ::=
{ algorithm id-sha1, parameters NULL:NULL }
These errors affect all 31 values of the following types: AlgorithmIdentifier, RSASSA-PSS-params & RSAES-OAEP-params.
2.
In section 4.1 and in the ASN.1 module:
WRONG: nullOctetString OCTET STRING (SIZE (0)) ::= { ''H }
RIGHT: nullOctetString OCTET STRING (SIZE (0)) ::= ''H
----------
From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]
Sent: Wednesday, 3 December 2003 7:36 AM
Title : Additional Algorithms and Identifiers for RSA
Cryptography for use in the Internet X.509
Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Author(s) : R. Housley, B. Kaliski
Filename : draft-ietf-pkix-rsa-pkalgs-01.txt
Pages : 22
Date : 2003-12-2
This document supplements RFC 3279. It describes the conventions for using the RSASSA-PSS signature algorithm, the RSAES-OAEP key transport algorithm, and additional one-way hash functions with the PKCS #1 version 1.5 signature algorithm in the Internet X.509 Public Key Infrastructure (PKI). Encoding formats, algorithm identifiers, and parameter formats are specified.
http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2MkLib057728 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 14:46:21 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2MkLZB057727 for ietf-pkix-bks; Tue, 2 Dec 2003 14:46:21 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailbo.ntcif.telstra.com.au ([202.12.233.19]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2MkJib057719 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 14:46:20 -0800 (PST) (envelope-from James.H.Manger@team.telstra.com)
Received: from mailbi.ntcif.telstra.com.au (mailbi.ntcif.telstra.com.au [202.12.162.19]) by mailbo.ntcif.telstra.com.au (Postfix) with ESMTP id 7448312D47 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 09:46:15 +1100 (EST)
Received: from mail.cdn.telstra.com.au (localhost [127.0.0.1]) by mailbi.ntcif.telstra.com.au (Postfix) with ESMTP id E8FB01298F for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 09:46:14 +1100 (EST)
Received: from WSMSG0004.srv.dir.telstra.com (wsmsg0004.srv.dir.telstra.com [192.74.168.133]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id JAA12394 for <ietf-pkix@imc.org>; Wed, 3 Dec 2003 09:46:14 +1100 (EST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Wed, 3 Dec 2003 08:45:38 +1000
Message-ID: <73388857A695D31197EF00508B08F29806EE19A7@ntmsg0131.corpmail.telstra.com.au>
Thread-Topic: DISCUSS: MUST reject in OCSPv1
Thread-Index: AcO46mJm8STtUnXqSkWrDMOYomDKVAANzZWw
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: <ietf-pkix@imc.org>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB2MkKib057723
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
If Russ's syntax will break compatibility and a new extension is deemed unnecessary, the functionality could be achieved by designating a specific nonce value as a "special" value to indicate that a server does not support nonces. An empty octet string (04 00) would be a sensible candidate.
With this idea an extra restriction must be placed on servers that can use nonces so that they never issue a response with a empty octet string for the nonce, even if a (malicious) client included this nonce value in a request. The fact that existing servers are unlikely to implement this rule would allow an attacker to make them appear to be caching-only servers.
-----Original Message-----
From: Russ Housley [mailto:housley@vigilsec.com]
Sent: Wednesday, 3 December 2003 12:42 AM
To: ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
I am not very happy with the way that this discussion is going. I am not
convinced that a new extension is the best compromise.
...
OCSPNonce ::= CHOICE {
nonceValue OCTET STRING,
unsupported NULL }
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2LWUib053419 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 13:32:30 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2LWUp9053418 for ietf-pkix-bks; Tue, 2 Dec 2003 13:32:30 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB2LWSib053413 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 13:32:29 -0800 (PST) (envelope-from housley@vigilsec.com)
Received: (qmail 16264 invoked by uid 0); 2 Dec 2003 21:32:07 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (151.200.240.131) by woodstock.binhost.com with SMTP; 2 Dec 2003 21:32:07 -0000
Message-Id: <5.2.0.9.2.20031202163019.043b1358@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Tue, 02 Dec 2003 16:32:28 -0500
To: "Ambarish Malpani" <ambarish@malpani.biz>, <ietf-pkix@imc.org>
From: Russ Housley <housley@vigilsec.com>
Subject: RE: DISCUSS: MUST reject in OCSPv1
In-Reply-To: <BFEMKEKPCAINGFNEOGMEIEBPCCAA.ambarish@malpani.biz>
References: <5.2.0.9.2.20031202082917.02dee7e0@mail.binhost.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Ambarish:
This lack of interoperability is a result of the under specification of the
nonce extension. I do not see a way to specify the return of the same
random blob that was received or a specific flag to indicate the
unsupported nonce response.
Russ
At 07:48 AM 12/2/2003 -0800, Ambarish Malpani wrote:
>Hi Russ,
> This would *definitely* break compatibility with exisiting
>software.
>
>Currently, some folks put in some random bytes as the value of
>the nonce extension, while others put in an OCTET STRING, whose value is
>the random bytes.
>
>The only check the clients do, is verify that the request contains
>the same set of bytes.
>
>Servers that include the nonce in the response include the bytes
>they got in the request in the response.
>
>The solution suggested by Mike would allow current servers and clients
>to work as they do, and allow a way for smarter servers/clients to
>work together where a server wanted to provide a response without the
>nonce.
>
>If we wanted to break compatibility, it would make more sense to use the
>criticality bit in extensions (as suggested by others on the list).
>
>Regards,
>Ambarish
>
> > -----Original Message-----
> > From: owner-ietf-pkix@mail.imc.org
> > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Russ Housley
> > Sent: Tuesday, December 02, 2003 5:42 AM
> > To: ietf-pkix@imc.org
> > Subject: RE: DISCUSS: MUST reject in OCSPv1
> >
> >
> >
> > I am not very happy with the way that this discussion is going. I am not
> > convinced that a new extension is the best compromise.
> >
> > I have just reread the nonce-related portions of RFC 2560. I
> > must say, it
> > is quite under specified. It does not even provide a syntax for a
> > nonce. It really only provides the OID to identify the nonce
> > extension and
> > which extension location in which it is carried.
> >
> > It says:
> >
> > The nonce cryptographically binds a request and a response to prevent
> > replay attacks. The nonce is included as one of the requestExtensions
> > in requests, while in responses it would be included as one of the
> > responseExtensions. In both the request and the response, the nonce
> > will be identified by the object identifier id-pkix-ocsp-nonce, while
> > the extnValue is the value of the nonce.
> >
> > id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
> >
> > Rather than defining a new extension, called nonceUnsupported,
> > you have the
> > opportunity to specify a syntax to go with this OID that does the same
> > thing. Something like:
> >
> > OCSPNonce ::= CHOICE {
> > nonceValue OCTET STRING,
> > unsupported NULL }
> >
> > Text that goes with the syntax definition ought to make it
> > illegal for the
> > request to use the NULL. That is, it is only allowed in the response.
> >
> > I still prefer the "MUST reject" approach, but this seems like a cleaner
> > solution than a new extension.
> >
> > Russ
> >
> >
> > Ambarish wrote:
> >
> > >Hi Florian,
> > > The reason for including a nonce in the request is to enable a
> > >client that doesn't have a very precise knowledge of time to still
> > >be sure the response he got from the server was generated for this
> > >specific request.
> > >
> > >While I do agree with Mark and think that the "right" way would be
> > >to require the client to require the nonce in the response, in the
> > >interests of moving ahead, I vote to accept Mike's compromise
> > >proposal that a client MUST require the nonce in the response
> > >unless it is accompanied by a nonceUnsupported extension in
> > >the response and the client is willing to accept a response w/o
> > >a nonce. This preserves the semantics for current clients and
> > >still allows caching servers to supply responses to clients
> > >who will take them.
> > >
> > >Regards,
> > >Ambarish
> >
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2LU1ib053268 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 13:30:01 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2LU1kn053267 for ietf-pkix-bks; Tue, 2 Dec 2003 13:30:01 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB2LU0ib053262 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 13:30:00 -0800 (PST) (envelope-from housley@vigilsec.com)
Received: (qmail 15873 invoked by uid 0); 2 Dec 2003 21:29:38 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (151.200.240.131) by woodstock.binhost.com with SMTP; 2 Dec 2003 21:29:38 -0000
Message-Id: <5.2.0.9.2.20031202162942.0445ca18@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Tue, 02 Dec 2003 16:29:59 -0500
To: "Michael Myers" <mmyers@fastq.com>, <ietf-pkix@imc.org>
From: Russ Housley <housley@vigilsec.com>
Subject: RE: DISCUSS: MUST reject in OCSPv1
In-Reply-To: <EOEGJNFMMIBDKGFONJJDAEODDFAA.mmyers@fastq.com>
References: <5.2.0.9.2.20031202082917.02dee7e0@mail.binhost.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Yes, that is my compromise proposal.
At 08:33 AM 12/2/2003 -0700, Michael Myers wrote:
>Russ,
>
>So if I'm reading this correctly, a server that receives a
>request containing a value for nonceValue MAY ignore the nonce
>and return NULL?
>
>By the way, Ambarish and I had already planned to clarify nonce
>syntax as OCTET STRING as 2560 goes from Proposed to Draft.
>
>Mike
>
> > -----Original Message-----
> > From: owner-ietf-pkix@mail.imc.org
> > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Russ Housley
> > Sent: Tuesday, December 02, 2003 6:42 AM
> > To: ietf-pkix@imc.org
> > Subject: RE: DISCUSS: MUST reject in OCSPv1
> >
> >
> >
> > I am not very happy with the way that this discussion
> > is going. I am not
> > convinced that a new extension is the best compromise.
> >
> > I have just reread the nonce-related portions of RFC
> > 2560. I must say, it
> > is quite under specified. It does not even provide a
> > syntax for a
> > nonce. It really only provides the OID to identify
> > the nonce extension and
> > which extension location in which it is carried.
> >
> > It says:
> >
> > The nonce cryptographically binds a request and a
> > response to prevent
> > replay attacks. The nonce is included as one of
> > the requestExtensions
> > in requests, while in responses it would be
> > included as one of the
> > responseExtensions. In both the request and the
> > response, the nonce
> > will be identified by the object identifier
> > id-pkix-ocsp-nonce, while
> > the extnValue is the value of the nonce.
> >
> > id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= {
> > id-pkix-ocsp 2 }
> >
> > Rather than defining a new extension, called
> > nonceUnsupported, you have the
> > opportunity to specify a syntax to go with this OID
> > that does the same
> > thing. Something like:
> >
> > OCSPNonce ::= CHOICE {
> > nonceValue OCTET STRING,
> > unsupported NULL }
> >
> > Text that goes with the syntax definition ought to
> > make it illegal for the
> > request to use the NULL. That is, it is only allowed
> > in the response.
> >
> > I still prefer the "MUST reject" approach, but this
> > seems like a cleaner
> > solution than a new extension.
> >
> > Russ
> >
> >
> > Ambarish wrote:
> >
> > >Hi Florian,
> > > The reason for including a nonce in the request
> > is to enable a
> > >client that doesn't have a very precise knowledge of
> > time to still
> > >be sure the response he got from the server was
> > generated for this
> > >specific request.
> > >
> > >While I do agree with Mark and think that the
> > "right" way would be
> > >to require the client to require the nonce in the
> > response, in the
> > >interests of moving ahead, I vote to accept Mike's compromise
> > >proposal that a client MUST require the nonce in the response
> > >unless it is accompanied by a nonceUnsupported extension in
> > >the response and the client is willing to accept a
> > response w/o
> > >a nonce. This preserves the semantics for current clients and
> > >still allows caching servers to supply responses to clients
> > >who will take them.
> > >
> > >Regards,
> > >Ambarish
> >
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2LJiib052756 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 13:19:44 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2LJiiR052755 for ietf-pkix-bks; Tue, 2 Dec 2003 13:19:44 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2LJgib052750 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 13:19:43 -0800 (PST) (envelope-from chokhani@orionsec.com)
Received: from wchokhani (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id hB2LJiau009271 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 16:19:44 -0500
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Tue, 2 Dec 2003 16:19:39 -0500
Message-ID: <00a601c3b91a$01cb3a10$9e00a8c0@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: <3FCCF7E0.6000909@corestreet.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
David:
I agree. There is no need for the added complexity.
-----Original Message-----
From: David Engberg [mailto:dengberg@corestreet.com]
Sent: Tuesday, December 02, 2003 3:37 PM
To: chokhani@orionsec.com
Cc: ietf-pkix@imc.org
Subject: Re: DISCUSS: MUST reject in OCSPv1
Santosh -
Would it be possible to achieve this same result using the existing
"nextUpdate" mechanism instead of adding a new nonce-related expiration
time ("supportedAt")?
If I have a caching-only responder that plans to support nonces in 4
hours, I could pre-generate the OCSP responses with a "nextUpdate" for
that scheduled time. These responses will automatically be rejected by
any OCSP software (backward compatible) in 4 hours when nonces are
supported.
(Going the other direction from nonce to nonceUnsupported isn't a
problem, obviously.)
Thanks,
Dave
Santosh Chokhani wrote:
> 3. It will nice for the servers to be able to declare when they will
> start supporting nonce. In that case, ASN.1 could be revised as
> follows:
>
> OCSPNonce ::= CHOICE {
> nonceValue OCTET STRING,
> unsupported NULL,
> supportedAt GENERALIZED TIME }
>
> Option 3 does not commit the server to start supporting nonce's. It
> requires the server to start producing nonce's at that time or produce
> new responses at that client. A client SHOULD reject responses when
> the current time is past the supportedAt time.
>
> Option 3 reduces the temporal window of replay attack.
>
> If there is a desire for option 3, the ASN.1 can be further compacted
> by using 99991231235959Z in place of NULL for unsupported.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2KbQib045230 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 12:37:26 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2KbQ5c045229 for ietf-pkix-bks; Tue, 2 Dec 2003 12:37:26 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2KbMib045194 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 12:37:22 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08889; Tue, 2 Dec 2003 15:36:15 -0500 (EST)
Message-Id: <200312022036.PAA08889@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-rsa-pkalgs-01.txt
Date: Tue, 02 Dec 2003 15:36:15 -0500
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : Additional Algorithms and Identifiers for RSA
Cryptography for use in the Internet X.509
Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Author(s) : R. Housley, B. Kaliski
Filename : draft-ietf-pkix-rsa-pkalgs-01.txt
Pages : 22
Date : 2003-12-2
This document supplements RFC 3279. It describes the conventions for
using the RSASSA-PSS signature algorithm, the RSAES-OAEP key
transport algorithm, and additional one-way hash functions with the
PKCS #1 version 1.5 signature algorithm in the Internet X.509 Public
Key Infrastructure (PKI). Encoding formats, algorithm identifiers,
and parameter formats are specified.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-pkix-rsa-pkalgs-01.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <2003-12-2154607.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-rsa-pkalgs-01.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-pkix-rsa-pkalgs-01.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <2003-12-2154607.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2KbOib045219 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 12:37:25 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2KbOEI045217 for ietf-pkix-bks; Tue, 2 Dec 2003 12:37:24 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2KbMib045195 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 12:37:22 -0800 (PST) (envelope-from dinaras@cnri.reston.va.us)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08902; Tue, 2 Dec 2003 15:36:21 -0500 (EST)
Message-Id: <200312022036.PAA08902@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-certpathbuild-02.txt
Date: Tue, 02 Dec 2003 15:36:20 -0500
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : Internet X.509 Public Key Infrastructure:
Certification Path Building
Author(s) : M. Cooper, Y. Dzambasow
Filename : draft-ietf-pkix-certpathbuild-02.txt
Pages : 70
Date : 2003-12-2
This document was written to provide guidance and recommendations to
developers building X.509 public-key certification paths within their
applications. By following the guidance and recommendations defined
in this document, an application developer is more likely to develop
a robust X.509 certificate enabled application that can build valid
certification paths across a wide range of PKI environments.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-certpathbuild-02.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-pkix-certpathbuild-02.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-pkix-certpathbuild-02.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <2003-12-2154618.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-certpathbuild-02.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-pkix-certpathbuild-02.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <2003-12-2154618.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2Kb9ib045132 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 12:37:09 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2Kb9uH045131 for ietf-pkix-bks; Tue, 2 Dec 2003 12:37:09 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from the-humungus.corestreet.com ([68.162.232.130]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2Kb7ib045098 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 12:37:08 -0800 (PST) (envelope-from dengberg@corestreet.com)
Received: from corestreet.com (engberg.corestreet.com [192.168.2.87]) by the-humungus.corestreet.com (8.12.8/8.12.8) with ESMTP id hB2KalEj023977; Tue, 2 Dec 2003 15:36:48 -0500
Message-ID: <3FCCF7E0.6000909@corestreet.com>
Date: Tue, 02 Dec 2003 15:36:48 -0500
From: David Engberg <dengberg@corestreet.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: chokhani@orionsec.com
CC: ietf-pkix@imc.org
Subject: Re: DISCUSS: MUST reject in OCSPv1
References: <004e01c3b90e$2fad8ed0$9e00a8c0@hq.orionsec.com>
In-Reply-To: <004e01c3b90e$2fad8ed0$9e00a8c0@hq.orionsec.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Santosh -
Would it be possible to achieve this same result using the existing
"nextUpdate" mechanism instead of adding a new nonce-related expiration
time ("supportedAt")?
If I have a caching-only responder that plans to support nonces in 4
hours, I could pre-generate the OCSP responses with a "nextUpdate" for
that scheduled time. These responses will automatically be rejected by
any OCSP software (backward compatible) in 4 hours when nonces are
supported.
(Going the other direction from nonce to nonceUnsupported isn't a
problem, obviously.)
Thanks,
Dave
Santosh Chokhani wrote:
> 3. It will nice for the servers to be able to declare when they will start
> supporting nonce. In that case, ASN.1 could be revised as follows:
>
> OCSPNonce ::= CHOICE {
> nonceValue OCTET STRING,
> unsupported NULL,
> supportedAt GENERALIZED TIME }
>
> Option 3 does not commit the server to start supporting nonce's. It
> requires the server to start producing nonce's at that time or produce new
> responses at that client. A client SHOULD reject responses when the current
> time is past the supportedAt time.
>
> Option 3 reduces the temporal window of replay attack.
>
> If there is a desire for option 3, the ASN.1 can be further compacted by
> using 99991231235959Z in place of NULL for unsupported.
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2JtKib037524 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 11:55:20 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2JtKu8037523 for ietf-pkix-bks; Tue, 2 Dec 2003 11:55:20 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from host13.websitesource.com (host13.websitesource.com [209.239.35.152]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2JtJib037514 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 11:55:19 -0800 (PST) (envelope-from chokhani@orionsec.com)
Received: from wchokhani (dpvc-138-88-161-20.res.east.verizon.net [138.88.161.20]) by host13.websitesource.com (8.12.10/8.12.10) with ESMTP id hB2Jstau024008 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 14:55:08 -0500
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Tue, 2 Dec 2003 14:54:49 -0500
Message-ID: <004e01c3b90e$2fad8ed0$9e00a8c0@hq.orionsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: <EOEGJNFMMIBDKGFONJJDIEODDFAA.mmyers@fastq.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id hB2JtKib037518
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Mike and Russ:
One topic that has not been discussed is what if the server switches back
and forth from nonce supported and "not supported". May be server supports
nonce during working hours and not during non-working hours.
Seems like we have the following options:
1. Servers shall not switch. If that is the case, the RFC should state
that.
2. Servers can do this ad hoc. Clients need not be notified. In that
case, no change is required.
3. It will nice for the servers to be able to declare when they will start
supporting nonce. In that case, ASN.1 could be revised as follows:
OCSPNonce ::= CHOICE {
nonceValue OCTET STRING,
unsupported NULL,
supportedAt GENERALIZED TIME }
Option 3 does not commit the server to start supporting nonce's. It
requires the server to start producing nonce's at that time or produce new
responses at that client. A client SHOULD reject responses when the current
time is past the supportedAt time.
Option 3 reduces the temporal window of replay attack.
If there is a desire for option 3, the ASN.1 can be further compacted by
using 99991231235959Z in place of NULL for unsupported.
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On
Behalf Of Michael Myers
Sent: Tuesday, December 02, 2003 11:08 AM
To: Russ Housley; ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
> -----Original Message-----
> From: Russ Housley
> Sent: Tuesday, December 02, 2003 6:42 AM
>
>
> OCSPNonce ::= CHOICE {
> nonceValue OCTET STRING,
> unsupported NULL }
Russ,
More precisely, based on the prior proposal, we have:
1. Cycle v1 at Proposed with the above
amendment to nonce value syntax and
the following semantics.
2. Clients that send a nonce:
a. SHALL use the nonceValue CHOICE of
OCSPNonce value syntax.
b. MUST reject a response that fails
to include the nonce extension
(errors notwithstanding);
c. Else, if such response includes a
nonce extension with a value of
"unsupported", clients MAY accept the
response subject to the advice in the
Security Considerations section of
this document.
4. Conversely, if a server receives a nonced
request but is unable to incorporate the
nonce in its response, the server MUST
include a nonce extension with the value
"unsupported" for OCSPNonce.
So basically, it is pretty much the same semantics as previously proposed,
only using the "unsupported" CHOICE for OCSPNonce as the caveat instead of
an extension-based OID of "unsupported".
Is this what you had in mind? Note that we still have a "MUST reject" for
plain responses.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2Jgeib036947 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 11:42:40 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2Jgebp036945 for ietf-pkix-bks; Tue, 2 Dec 2003 11:42:40 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2Jgeib036940 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 11:42:40 -0800 (PST) (envelope-from alex@verisign.com)
Received: from MOU1WNEXC03.vcorp.ad.vrsn.com (mailer3.verisign.com [65.205.251.55]) by peacock.verisign.com (8.12.10/) with ESMTP id hB2Jggrc006079 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 11:42:42 -0800 (PST)
Received: by mou1wnexc03.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <XLQFBR77>; Tue, 2 Dec 2003 11:42:41 -0800
Message-ID: <F5678115F458B4458C227F0EC02691BB02BA8530@mou1wnexm04.vcorp.ad.vrsn.com>
From: "Deacon, Alex" <alex@verisign.com>
To: ietf-pkix@imc.org
Subject: Lightweight OCSP Profile for high volume environments...
Date: Tue, 2 Dec 2003 11:42:34 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
All,
On a related topic, we (Ryan and myself) have recently submitted an
informational internet-draft which describes a lightweight profile of OCSP
(RFC 2560) for use in very large PKI deployments such as SSL/TLS, code
signing and secure messaging. (i.e. environments where pre-produced and
distributed responses may be desirable).
http://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-profile-00
.txt
Alex
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2JXJib036528 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 11:33:19 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2JXJBt036527 for ietf-pkix-bks; Tue, 2 Dec 2003 11:33:19 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from pigeon.verisign.com (pigeon.verisign.com [65.205.251.71]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2JXIib036522 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 11:33:18 -0800 (PST) (envelope-from alex@verisign.com)
Received: from mou1wnexc01.vcorp.ad.vrsn.com (verisign.com [65.205.251.53]) by pigeon.verisign.com (8.12.10/) with ESMTP id hB2JXIq6009271; Tue, 2 Dec 2003 11:33:18 -0800 (PST)
Received: by mou1wnexc01.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <XHBNDL3V>; Tue, 2 Dec 2003 11:33:18 -0800
Message-ID: <F5678115F458B4458C227F0EC02691BB02BA852F@mou1wnexm04.vcorp.ad.vrsn.com>
From: "Deacon, Alex" <alex@verisign.com>
To: "'Michael Myers'" <mmyers@fastq.com>, Russ Housley <housley@vigilsec.com>, ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Tue, 2 Dec 2003 11:33:15 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
But doesn't this ASN.1 additon make the interop issues with the existing
deployed client/server base even worse? Its still not clear how we can
justify making such a large normative change to v1 at this point in the
process. This spec has been at proposed for almost 4.5 years (!) now.
Alex
> -----Original Message-----
> From: Michael Myers [mailto:mmyers@fastq.com]
> Sent: Tuesday, December 02, 2003 8:08 AM
> To: Russ Housley; ietf-pkix@imc.org
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
>
> > -----Original Message-----
> > From: Russ Housley
> > Sent: Tuesday, December 02, 2003 6:42 AM
> >
> >
> > OCSPNonce ::= CHOICE {
> > nonceValue OCTET STRING,
> > unsupported NULL }
>
> Russ,
>
> More precisely, based on the prior proposal, we have:
>
> 1. Cycle v1 at Proposed with the above
> amendment to nonce value syntax and
> the following semantics.
>
> 2. Clients that send a nonce:
>
> a. SHALL use the nonceValue CHOICE of
> OCSPNonce value syntax.
>
> b. MUST reject a response that fails
> to include the nonce extension
> (errors notwithstanding);
>
> c. Else, if such response includes a
> nonce extension with a value of
> "unsupported", clients MAY accept the
> response subject to the advice in the
> Security Considerations section of
> this document.
>
> 4. Conversely, if a server receives a nonced
> request but is unable to incorporate the
> nonce in its response, the server MUST
> include a nonce extension with the value
> "unsupported" for OCSPNonce.
>
> So basically, it is pretty much the same semantics as
> previously proposed, only using the "unsupported" CHOICE for
> OCSPNonce as the caveat instead of an extension-based OID of
> "unsupported".
>
> Is this what you had in mind? Note that we still have a
> "MUST reject" for plain responses.
>
> Mike
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2J18ib034297 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 11:01:08 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2J18xs034296 for ietf-pkix-bks; Tue, 2 Dec 2003 11:01:08 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from sigurd.x509.com ([199.175.155.2]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB2J17ib034291 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 11:01:07 -0800 (PST) (envelope-from marcnarc@rsasecurity.com)
Received: from nebula.x509.com by sigurd.x509.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 2 Dec 2003 19:01:09 UT
Received: from crack.x509.com (localhost [127.0.0.1]) by nebula.x509.com (8.12.10/NULL) with ESMTP id hB2Iv66L016507 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 10:57:07 -0800 (PST)
Received: from exvan01.x509.com (exvan01.x509.com [10.9.22.50]) by crack.x509.com (8.12.10/8.12.10) with ESMTP id hB2J17Y0013952 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 11:01:07 -0800 (PST)
Received: from rsasecurity.com (mbranchaud2.eng.x509.com [10.7.33.48]) by exvan01.x509.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id VQFWHT7J; Tue, 2 Dec 2003 11:10:01 -0800
Message-ID: <3FCCDF1F.7050502@rsasecurity.com>
Date: Tue, 02 Dec 2003 10:51:11 -0800
X-Sybari-Trust: d5f3b416 64c784fd 5697006d 00000139
From: Marc Branchaud <marcnarc@rsasecurity.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031110
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: OCSP in TLS handshake
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms050108080502020100020109"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a cryptographically signed message in MIME format.
--------------ms050108080502020100020109
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Deacon, Alex wrote:
>
> As for the nonceUnsupported proposal, it does have it merits. However
> I have to agree with Ryan by objecting to its standardization in v1
> for two reasons. First, doing so will not allow for the "TLS
> Extension" use case where OCSP responses are included in protocol
> exchanges.
I'm not trying to be obtuse here (it actually takes very little effort),
but I really need a patient explanation of why nonceUnsupported
precludes the use of OCSP responses in the TLS handshake.
M.
--------------ms050108080502020100020109
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISqTCC
AtcwggJAoAMCAQICEFgUQCxch7Sxp7XFFauIqpwwDQYJKoZIhvcNAQEFBQAwbDEaMBgGA1UE
ChMRUlNBIFNlY3VyaXR5IEluYy4xHjAcBgNVBAMTFVJTQSBQdWJsaWMgUm9vdCBDQSB2MTEu
MCwGCSqGSIb3DQEJARYfcnNha2VvbnJvb3RzaWduQHJzYXNlY3VyaXR5LmNvbTAeFw0wMjA5
MDYxNDEzNTJaFw0wNzA5MDYxNDEzNTJaMIGCMRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5j
LjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMRYwFAYDVQQDEw1SU0EgQ29ycG9yYXRlMRAwDgYD
VQQHEwdCZWRmb3JkMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQswCQYDVQQGEwJVUzCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqnOw876lPpMTkSqrqzpEON/609PDLEhmWX4tkC19
AHneDaoetL277GtYYXBCggP2E+s66MN1ccWXyApfWjCZkIHepPC08NVI1JRcbViW3kwLzDD2
w5T9QJcyL5V1pN/LQdxahM56TiLeXlPiJekdmTdJoo+5Pw4bQU+MxTqURk8CAwEAAaNjMGEw
HwYDVR0jBBgwFoAU9UwxelEDPyzXi5eZb6hxkKt4PZswHQYDVR0OBBYEFO2RCGt0t1lKkvah
HSJwJp8KrxaSMA8GA1UdEwQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
BQUAA4GBAHiSe1a79hnPr16PuBwUTBWbuNQ4GJNsyfrCXzAswIT2A2WtGZ1Hp1jEAWi9OfAX
IYAdy52Jyv9N87wAEbLUgVmsFEIlYM5mi6ag7YIRGp8JP5UhLAN9O5YHrR9FsrGK4WmSl3sY
W1qAPOXubFcfhTgUDIYzM30izZBP4nwO07FpMIIC+DCCAmGgAwIBAgIQeuiOriTayCwjwpmR
gmdIUjANBgkqhkiG9w0BAQUFADCBgjEaMBgGA1UEChMRUlNBIFNlY3VyaXR5IEluYy4xFTAT
BgNVBAsTDEtDQSBTZXJ2aWNlczEWMBQGA1UEAxMNUlNBIENvcnBvcmF0ZTEQMA4GA1UEBxMH
QmVkZm9yZDEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDIwOTIz
MTkxMzAzWhcNMDYwOTIzMTUxMzAzWjCBjDEaMBgGA1UEChMRUlNBIFNlY3VyaXR5IEluYy4x
FTATBgNVBAsTDEtDQSBTZXJ2aWNlczEgMB4GA1UEAxMXUlNBIENsYXNzIDIgUGVyc29uYWwg
Q0ExEDAOBgNVBAcTB0JlZGZvcmQxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxCzAJBgNVBAYT
AlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkR9yiabyRo6+NwC3Sl8wPuUiBD3rP
sENNjXvzSbTAyXA8pDDndnlAa1nLUhSMgvn8g1sYMd0Bp+C1/mI5PFUZ8jukUK95yt+TK26L
hM/M5RUq/EINdDDdWzg9je498K6oGfyWR6ETSJbIrDe5qQcLCABs9E2gVKb7Z/FwFo3C9QID
AQABo2MwYTAPBgNVHRMECDAGAQH/AgECMA4GA1UdDwEB/wQEAwIBhjAfBgNVHSMEGDAWgBTt
kQhrdLdZSpL2oR0icCafCq8WkjAdBgNVHQ4EFgQUxpPuxqX+41WOz4ojH+6Y3iHyn6cwDQYJ
KoZIhvcNAQEFBQADgYEAcdRHBjq8GfdDoutUTJPtSzQd7XsdsQh2KBbu8utl92VQHuI0J5wc
Rc817G8YbmTtCt/xqAzrr6k7fdaoDBr/kBuVHA5FEJ94foPgrOlbT3zdziMATXh5ESSDLMx6
p8ITIsTJNmwszIG5P9AAKJCW48gu1ZZmLXhFbHcYJGf99pwwggMFMIICbqADAgECAhEAvhyf
0s21hKaAc2Nm1WX4LTANBgkqhkiG9w0BAQUFADCBuzEkMCIGA1UEBxMbVmFsaUNlcnQgVmFs
aWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwgSW5jLjE1MDMGA1UECxMsVmFs
aUNlcnQgQ2xhc3MgMyBQb2xpY3kgVmFsaWRhdGlvbiBBdXRob3JpdHkxITAfBgNVBAMTGGh0
dHA6Ly93d3cudmFsaWNlcnQuY29tLzEgMB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5j
b20wHhcNMDIwNDMwMTUzMDE5WhcNMTkwNDMwMDkyMTU1WjBsMRowGAYDVQQKExFSU0EgU2Vj
dXJpdHkgSW5jLjEeMBwGA1UEAxMVUlNBIFB1YmxpYyBSb290IENBIHYxMS4wLAYJKoZIhvcN
AQkBFh9yc2FrZW9ucm9vdHNpZ25AcnNhc2VjdXJpdHkuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQC0dSVa2EQ740GxqiIKsHATT4f8XYwUU23pzRe5W6IVpt4jkwDWkgnvTcP6
M8PD4OfK6Imal4hAH/c3K/dUIH7YyQZRGAE5Y27G5klZYKidcFlrfautgVES170MLKFmJqym
2FWAfVOibXatRcw7B0S+mP9404jID/MaIpRXkH5JjwIDAQABo1cwVTAMBgNVHRMEBTADAQH/
MA4GA1UdDwEB/wQEAwIBhjAWBgNVHSAEDzANMAsGCSqGSIb3DQUGATAdBgNVHQ4EFgQU9Uwx
elEDPyzXi5eZb6hxkKt4PZswDQYJKoZIhvcNAQEFBQADgYEAKsviXBc1FeBT2hIwyWuGwnPZ
J9ctjrsO7NbVLjsx/EYclFFGwo+pphiwdUTml9yd7fXzfk0D+7LOs9ZA5xhiHVrGusV4OW4i
7hx2KVILkYlcXCN5tDltKwa5+BkGUuvZdyAoIhpyf61h7uKCFguhaJ+VOiNB4DPtsmxI+KxO
E6YwggTYMIIEQaADAgECAhBgzHl9dAoZGu0JMqXovSgdMA0GCSqGSIb3DQEBBQUAMIGMMRow
GAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMSAwHgYD
VQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEWMBQGA1UE
CBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDMwNzA3MjMwODEzWhcNMDQwNzA3
MjMwODEzWjCBvjETMBEGCgmSJomT8ixkARkWA2NvbTEbMBkGCgmSJomT8ixkARkWC3JzYXNl
Y3VyaXR5MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEWMBQGA1UECxMNTm9ydGggQW1l
cmljYTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFzAVBgNVBAMTDk1hcmMgQnJhbmNoYXVkMScw
JQYJKoZIhvcNAQkBFhhtYXJjbmFyY0Byc2FzZWN1cml0eS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDg2xoRr+a/dtnuFG+oTHa+tGtzeObFazNhYV2iSLNED4fHRu86
tknBYFgXggcHW5gsyjfkCtVMzP2tCivmbJgvISo36vsCsmAJH6LRnJf8HsvfmWZaD9tzhDpL
QVsBHr88J0ZMdVniRc7MQoYeu/3hYtUBeGO9bGA6T8vTrnXYonnFtVoTqE62SFqPZZk7HpCS
X1n+dM3zSym2ylMFYE14nukF4I9vAhsQVzk3QNpghmzGj8uoEy9xpf3k0o5+neneAGvcSkwo
r1mH5tSqhrEQaZp7vuSA2bvXaZEnjZzZiTpPDzs1oMpn3guzYhU7wMKz6xvwvgEYyAAV+P5n
FWM/AgMBAAGjggGBMIIBfTCBkgYDVR0gBIGKMIGHMIGEBgkqhkiG9w0FBwIwdzAuBggrBgEF
BQcCARYiaHR0cDovL2NhLnJzYXNlY3VyaXR5LmNvbS9DUFMuaHRtbDBFBggrBgEFBQcCAjA5
MBgWEVJTQSBTZWN1cml0eSBJbmMuMAMCAQEaHUNQUyBJbmNvcnBvcmF0ZWQgYnkgcmVmZXJl
bmNlMCkGA1UdJQQiMCAGCisGAQQBgjcUAgIGCCsGAQUFBwMCBggrBgEFBQcDBDAjBgNVHREE
HDAagRhtYXJjbmFyY0Byc2FzZWN1cml0eS5jb20wDgYDVR0PAQH/BAQDAgeAMEYGA1UdHwQ/
MD0wO6A5oDeGNWh0dHA6Ly9jcmwucnNhc2VjdXJpdHkuY29tOjgwL1JTQUNsYXNzMlBlcnNv
bmFsQ0EuY3JsMB8GA1UdIwQYMBaAFMaT7sal/uNVjs+KIx/umN4h8p+nMB0GA1UdDgQWBBQ1
yQ/UrvKb563LjzHqJzBzrZp/ejANBgkqhkiG9w0BAQUFAAOBgQCV82oGGnglQQzklKg/wKhy
evNeJ6FNBZFhLlmZRNlKgqvPFmBcxygfBGpHqIhsHcrt2/AjhJuzAj7UdW1vTVCY5MkZw8P9
6+J6aTc3bNlGbk0jvcvVgDhmM4xYJLwMZKEw92HlRhfuMnj7ah9DTqbKSewmyAyOc+FLpGfd
lu6CgTCCBOkwggRSoAMCAQICEQDqxAXqre9Mr+FeYw3+MQhsMA0GCSqGSIb3DQEBBQUAMIGM
MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2VzMSAw
HgYDVQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEWMBQG
A1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwHhcNMDMwNzA3MjMwODI4WhcNMDQw
NzA3MjMwODEzWjCBwjETMBEGCgmSJomT8ixkARkWA2NvbTEbMBkGCgmSJomT8ixkARkWC3Jz
YXNlY3VyaXR5MRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEWMBQGA1UECxMNTm9ydGgg
QW1lcmljYTEUMBIGA1UECxMLRW5naW5lZXJpbmcxGzAZBgNVBAMTEk1hcmMgQnJhbmNoYXVk
LUVuYzEnMCUGCSqGSIb3DQEJARYYbWFyY25hcmNAcnNhc2VjdXJpdHkuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBjNaHTwtCXpdJg+iDxYMkWjuZIF0ic2fRLymZe+
BnZYWPnik0dFmTulx+V8slsLEtBllcc5o1yfIYfeHPinwRxv86kCUSlgfGGXKjJZaIeURgbo
bUbIfDTPlvRUZuiZvTR4C8tEY88Lle66n62B7wjUvDbiwK4EjzlXOkjpcYXLH7FbaFaRLDBB
PlFD5ydDRhQ67t6fjUeS7p7o/l/VHmPC5LFLXZkjEhjGd5pknbQIAbUGACL5UET85NUFPowD
3F47g0GCKEnuOsk2Ra+WHu7honhIxqmOwGnu85V6tW5xscf4dTofWZONQeaD3gSxv8+hcfKN
k9cwjpnUG2xGzwIDAQABo4IBjTCCAYkwNQYDVR0lBC4wLAYKKwYBBAGCNxQCAgYIKwYBBQUH
AwIGCCsGAQUFBwMEBgorBgEEAYI3CgMEMIGSBgNVHSAEgYowgYcwgYQGCSqGSIb3DQUHAjB3
MC4GCCsGAQUFBwIBFiJodHRwOi8vY2EucnNhc2VjdXJpdHkuY29tL0NQUy5odG1sMEUGCCsG
AQUFBwICMDkwGBYRUlNBIFNlY3VyaXR5IEluYy4wAwIBARodQ1BTIEluY29ycG9yYXRlZCBi
eSByZWZlcmVuY2UwIwYDVR0RBBwwGoEYbWFyY25hcmNAcnNhc2VjdXJpdHkuY29tMEYGA1Ud
HwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwucnNhc2VjdXJpdHkuY29tOjgwL1JTQUNsYXNzMlBl
cnNvbmFsQ0EuY3JsMB8GA1UdIwQYMBaAFMaT7sal/uNVjs+KIx/umN4h8p+nMB0GA1UdDgQW
BBT/OiMCyY8CPnNBySW1ijJOYhj7ejAOBgNVHQ8BAf8EBAMCAzgwDQYJKoZIhvcNAQEFBQAD
gYEAlchAObA9eVmeiLu0nTU985Fch6v+EZKodUhZUN7dILgd05HorHN9jxBH6XI4/b9ZVvub
Pkpicdc112YbcLYTD2NumVksyNDI7fDaqiszgk1zluXtZJ+HsCt+GIAKCDfOVLECclpGyizq
VjZFEK4Pt9FxPGTnUJEvIKJcAQ24EvgxggPsMIID6AIBATCBoTCBjDEaMBgGA1UEChMRUlNB
IFNlY3VyaXR5IEluYy4xFTATBgNVBAsTDEtDQSBTZXJ2aWNlczEgMB4GA1UEAxMXUlNBIENs
YXNzIDIgUGVyc29uYWwgQ0ExEDAOBgNVBAcTB0JlZGZvcmQxFjAUBgNVBAgTDU1hc3NhY2h1
c2V0dHMxCzAJBgNVBAYTAlVTAhBgzHl9dAoZGu0JMqXovSgdMAkGBSsOAwIaBQCgggIfMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTIwMjE4NTExMVow
IwYJKoZIhvcNAQkEMRYEFK+xFsYPqCdYU8ZveuaekyrrwRlUMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIGzBgkrBgEEAYI3EAQxgaUwgaIwgYwxGjAYBgNVBAoTEVJTQSBTZWN1
cml0eSBJbmMuMRUwEwYDVQQLEwxLQ0EgU2VydmljZXMxIDAeBgNVBAMTF1JTQSBDbGFzcyAy
IFBlcnNvbmFsIENBMRAwDgYDVQQHEwdCZWRmb3JkMRYwFAYDVQQIEw1NYXNzYWNodXNldHRz
MQswCQYDVQQGEwJVUwIRAOrEBeqt70yv4V5jDf4xCGwwgbUGCyqGSIb3DQEJEAILMYGloIGi
MIGMMRowGAYDVQQKExFSU0EgU2VjdXJpdHkgSW5jLjEVMBMGA1UECxMMS0NBIFNlcnZpY2Vz
MSAwHgYDVQQDExdSU0EgQ2xhc3MgMiBQZXJzb25hbCBDQTEQMA4GA1UEBxMHQmVkZm9yZDEW
MBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMCEQDqxAXqre9Mr+FeYw3+MQhs
MA0GCSqGSIb3DQEBAQUABIIBAE1IR5Hg2FgcegPp8Aq5d2U5N7/tQQmp1wYFQflDuAA63lMg
lUKflBxw+lmOzgL1Ex0IUoYNde2RpFe6t3JELxQX00EfpXile15hDrads0xmihzl5wrS/XBn
pPJzlSvvZCUc50spdGm88Cr2eqUp0k9Kd/umkAqdKwGH2JIRQLVZRr/Jd3PNa9I0nyJ1K9h4
UTtzSCrC++04PMuH/TT91v4AbO5cbEw1AZHdZr7lrWd8wOa81OfkPTHDD4wlhT1/REhv0DvO
ZaFtl6SEshuJ1aYeulArVacawCybNskpNIPJ7ilmf2tWPcXsJNS7ovFRO3OTRU6zmHe75jfx
IDoD3ykAAAAAAAA=
--------------ms050108080502020100020109--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2G5Vib025549 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 08:05:31 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2G5VRr025547 for ietf-pkix-bks; Tue, 2 Dec 2003 08:05:31 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2G5Uib025542 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 08:05:30 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hB2G5UA03955; Tue, 2 Dec 2003 09:05:30 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: "Russ Housley" <housley@vigilsec.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Tue, 2 Dec 2003 09:07:38 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDIEODDFAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: <5.2.0.9.2.20031202082917.02dee7e0@mail.binhost.com>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> -----Original Message-----
> From: Russ Housley
> Sent: Tuesday, December 02, 2003 6:42 AM
>
>
> OCSPNonce ::= CHOICE {
> nonceValue OCTET STRING,
> unsupported NULL }
Russ,
More precisely, based on the prior proposal, we have:
1. Cycle v1 at Proposed with the above
amendment to nonce value syntax and
the following semantics.
2. Clients that send a nonce:
a. SHALL use the nonceValue CHOICE of
OCSPNonce value syntax.
b. MUST reject a response that fails
to include the nonce extension
(errors notwithstanding);
c. Else, if such response includes a
nonce extension with a value of
"unsupported", clients MAY accept the
response subject to the advice in the
Security Considerations section of
this document.
4. Conversely, if a server receives a nonced
request but is unable to incorporate the
nonce in its response, the server MUST
include a nonce extension with the value
"unsupported" for OCSPNonce.
So basically, it is pretty much the same semantics as previously
proposed, only using the "unsupported" CHOICE for OCSPNonce as
the caveat instead of an extension-based OID of "unsupported".
Is this what you had in mind? Note that we still have a "MUST
reject" for plain responses.
Mike
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2Fg2ib024669 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 07:42:02 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2Fg2U5024668 for ietf-pkix-bks; Tue, 2 Dec 2003 07:42:02 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ns.malpani.biz (adsl-63-194-89-166.dsl.snfc21.pacbell.net [63.194.89.166]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2Fg2ib024656 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 07:42:02 -0800 (PST) (envelope-from ambarish@malpani.biz)
Received: from nt1 (nt1.malpani.biz [192.168.25.13]) by ns.malpani.biz (8.12.9/8.12.9) with SMTP id hB2Fft2B024430; Tue, 2 Dec 2003 07:41:55 -0800
From: "Ambarish Malpani" <ambarish@malpani.biz>
To: "Russ Housley" <housley@vigilsec.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Tue, 2 Dec 2003 07:48:03 -0800
Message-ID: <BFEMKEKPCAINGFNEOGMEIEBPCCAA.ambarish@malpani.biz>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <5.2.0.9.2.20031202082917.02dee7e0@mail.binhost.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Hi Russ,
This would *definitely* break compatibility with exisiting
software.
Currently, some folks put in some random bytes as the value of
the nonce extension, while others put in an OCTET STRING, whose value is
the random bytes.
The only check the clients do, is verify that the request contains
the same set of bytes.
Servers that include the nonce in the response include the bytes
they got in the request in the response.
The solution suggested by Mike would allow current servers and clients
to work as they do, and allow a way for smarter servers/clients to
work together where a server wanted to provide a response without the
nonce.
If we wanted to break compatibility, it would make more sense to use the
criticality bit in extensions (as suggested by others on the list).
Regards,
Ambarish
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Russ Housley
> Sent: Tuesday, December 02, 2003 5:42 AM
> To: ietf-pkix@imc.org
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
>
> I am not very happy with the way that this discussion is going. I am not
> convinced that a new extension is the best compromise.
>
> I have just reread the nonce-related portions of RFC 2560. I
> must say, it
> is quite under specified. It does not even provide a syntax for a
> nonce. It really only provides the OID to identify the nonce
> extension and
> which extension location in which it is carried.
>
> It says:
>
> The nonce cryptographically binds a request and a response to prevent
> replay attacks. The nonce is included as one of the requestExtensions
> in requests, while in responses it would be included as one of the
> responseExtensions. In both the request and the response, the nonce
> will be identified by the object identifier id-pkix-ocsp-nonce, while
> the extnValue is the value of the nonce.
>
> id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
>
> Rather than defining a new extension, called nonceUnsupported,
> you have the
> opportunity to specify a syntax to go with this OID that does the same
> thing. Something like:
>
> OCSPNonce ::= CHOICE {
> nonceValue OCTET STRING,
> unsupported NULL }
>
> Text that goes with the syntax definition ought to make it
> illegal for the
> request to use the NULL. That is, it is only allowed in the response.
>
> I still prefer the "MUST reject" approach, but this seems like a cleaner
> solution than a new extension.
>
> Russ
>
>
> Ambarish wrote:
>
> >Hi Florian,
> > The reason for including a nonce in the request is to enable a
> >client that doesn't have a very precise knowledge of time to still
> >be sure the response he got from the server was generated for this
> >specific request.
> >
> >While I do agree with Mark and think that the "right" way would be
> >to require the client to require the nonce in the response, in the
> >interests of moving ahead, I vote to accept Mike's compromise
> >proposal that a client MUST require the nonce in the response
> >unless it is accompanied by a nonceUnsupported extension in
> >the response and the client is willing to accept a response w/o
> >a nonce. This preserves the semantics for current clients and
> >still allows caching servers to supply responses to clients
> >who will take them.
> >
> >Regards,
> >Ambarish
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2FVIib023904 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 07:31:18 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2FVIgW023903 for ietf-pkix-bks; Tue, 2 Dec 2003 07:31:18 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailout.fastq.com (mailout.fastq.com [204.62.193.66]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2FVHib023898 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 07:31:17 -0800 (PST) (envelope-from mmyers@fastq.com)
Received: from MMyersLapTop ([65.39.77.99]) by mailout.fastq.com (8.11.6-2003091800/8.11.3.FastQ-MailOut) with SMTP id hB2FVGA01602; Tue, 2 Dec 2003 08:31:17 -0700 (MST) (envelope-from mmyers@fastq.com)
From: "Michael Myers" <mmyers@fastq.com>
To: "Russ Housley" <housley@vigilsec.com>, <ietf-pkix@imc.org>
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Tue, 2 Dec 2003 08:33:24 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDAEODDFAA.mmyers@fastq.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: <5.2.0.9.2.20031202082917.02dee7e0@mail.binhost.com>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Russ,
So if I'm reading this correctly, a server that receives a
request containing a value for nonceValue MAY ignore the nonce
and return NULL?
By the way, Ambarish and I had already planned to clarify nonce
syntax as OCTET STRING as 2560 goes from Proposed to Draft.
Mike
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Russ Housley
> Sent: Tuesday, December 02, 2003 6:42 AM
> To: ietf-pkix@imc.org
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
>
> I am not very happy with the way that this discussion
> is going. I am not
> convinced that a new extension is the best compromise.
>
> I have just reread the nonce-related portions of RFC
> 2560. I must say, it
> is quite under specified. It does not even provide a
> syntax for a
> nonce. It really only provides the OID to identify
> the nonce extension and
> which extension location in which it is carried.
>
> It says:
>
> The nonce cryptographically binds a request and a
> response to prevent
> replay attacks. The nonce is included as one of
> the requestExtensions
> in requests, while in responses it would be
> included as one of the
> responseExtensions. In both the request and the
> response, the nonce
> will be identified by the object identifier
> id-pkix-ocsp-nonce, while
> the extnValue is the value of the nonce.
>
> id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= {
> id-pkix-ocsp 2 }
>
> Rather than defining a new extension, called
> nonceUnsupported, you have the
> opportunity to specify a syntax to go with this OID
> that does the same
> thing. Something like:
>
> OCSPNonce ::= CHOICE {
> nonceValue OCTET STRING,
> unsupported NULL }
>
> Text that goes with the syntax definition ought to
> make it illegal for the
> request to use the NULL. That is, it is only allowed
> in the response.
>
> I still prefer the "MUST reject" approach, but this
> seems like a cleaner
> solution than a new extension.
>
> Russ
>
>
> Ambarish wrote:
>
> >Hi Florian,
> > The reason for including a nonce in the request
> is to enable a
> >client that doesn't have a very precise knowledge of
> time to still
> >be sure the response he got from the server was
> generated for this
> >specific request.
> >
> >While I do agree with Mark and think that the
> "right" way would be
> >to require the client to require the nonce in the
> response, in the
> >interests of moving ahead, I vote to accept Mike's compromise
> >proposal that a client MUST require the nonce in the response
> >unless it is accompanied by a nonceUnsupported extension in
> >the response and the client is willing to accept a
> response w/o
> >a nonce. This preserves the semantics for current clients and
> >still allows caching servers to supply responses to clients
> >who will take them.
> >
> >Regards,
> >Ambarish
>
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB2Dh3ib019077 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 05:43:03 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB2Dh38s019076 for ietf-pkix-bks; Tue, 2 Dec 2003 05:43:03 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.240.3]) by above.proper.com (8.12.10/8.12.8) with SMTP id hB2Dh2ib019068 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 05:43:02 -0800 (PST) (envelope-from housley@vigilsec.com)
Received: (qmail 31492 invoked by uid 0); 2 Dec 2003 13:42:23 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (138.88.95.142) by woodstock.binhost.com with SMTP; 2 Dec 2003 13:42:23 -0000
Message-Id: <5.2.0.9.2.20031202082917.02dee7e0@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Tue, 02 Dec 2003 08:42:27 -0500
To: ietf-pkix@imc.org
From: Russ Housley <housley@vigilsec.com>
Subject: RE: DISCUSS: MUST reject in OCSPv1
In-Reply-To: <OF86404AF5.A8C6A80E-ON85256DEF.0066D6ED-85256DEF.0066F0EF@ db.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I am not very happy with the way that this discussion is going. I am not
convinced that a new extension is the best compromise.
I have just reread the nonce-related portions of RFC 2560. I must say, it
is quite under specified. It does not even provide a syntax for a
nonce. It really only provides the OID to identify the nonce extension and
which extension location in which it is carried.
It says:
The nonce cryptographically binds a request and a response to prevent
replay attacks. The nonce is included as one of the requestExtensions
in requests, while in responses it would be included as one of the
responseExtensions. In both the request and the response, the nonce
will be identified by the object identifier id-pkix-ocsp-nonce, while
the extnValue is the value of the nonce.
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
Rather than defining a new extension, called nonceUnsupported, you have the
opportunity to specify a syntax to go with this OID that does the same
thing. Something like:
OCSPNonce ::= CHOICE {
nonceValue OCTET STRING,
unsupported NULL }
Text that goes with the syntax definition ought to make it illegal for the
request to use the NULL. That is, it is only allowed in the response.
I still prefer the "MUST reject" approach, but this seems like a cleaner
solution than a new extension.
Russ
Ambarish wrote:
>Hi Florian,
> The reason for including a nonce in the request is to enable a
>client that doesn't have a very precise knowledge of time to still
>be sure the response he got from the server was generated for this
>specific request.
>
>While I do agree with Mark and think that the "right" way would be
>to require the client to require the nonce in the response, in the
>interests of moving ahead, I vote to accept Mike's compromise
>proposal that a client MUST require the nonce in the response
>unless it is accompanied by a nonceUnsupported extension in
>the response and the client is willing to accept a response w/o
>a nonce. This preserves the semantics for current clients and
>still allows caching servers to supply responses to clients
>who will take them.
>
>Regards,
>Ambarish
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB28gaib084774 for <ietf-pkix-bks@above.proper.com>; Tue, 2 Dec 2003 00:42:36 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB28gaTw084773 for ietf-pkix-bks; Tue, 2 Dec 2003 00:42:36 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ddba033.netstream.ch (ddba033.netstream.ch [62.65.128.33]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB28gVib084724 for <ietf-pkix@imc.org>; Tue, 2 Dec 2003 00:42:34 -0800 (PST) (envelope-from joseph.doekbrijder@swisssign.com)
Received: from [62.65.151.222] (helo=swisssign.com) by ddba033.netstream.ch with esmtp (Exim 4.10) id 1AR66z-00097v-00; Tue, 02 Dec 2003 09:42:25 +0100
Message-ID: <3FCC505E.3010307@swisssign.com>
Date: Tue, 02 Dec 2003 09:42:06 +0100
From: Joseph Doekbrijder <joseph.doekbrijder@swisssign.com>
Organization: SwissSign AG
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007
X-Accept-Language: de-ch, en-us, en, fr-ch
MIME-Version: 1.0
To: Anders Rundgren <anders.rundgren@telia.com>
CC: ietf-pkix@imc.org
Subject: An advice to a commercial CA
References: <01fc01c3b366$8707d760$88754a0c@hq.orionsec.com> <002601c3b3fc$1d25e8a0$0500a8c0@arport> <p06010203bbea6ed9a3e9@[128.89.89.75]> <006601c3b44f$66f98330$0500a8c0@arport> <3FC5C73A.9060309@swisssign.com> <00e201c3b4de$2ab65e40$0500a8c0@arport>
In-Reply-To: <00e201c3b4de$2ab65e40$0500a8c0@arport>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms060907010202070508090502"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a cryptographically signed message in MIME format.
--------------ms060907010202070508090502
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
A root key always deserves the lowest level of trust since whatever it
signs is accepted by the RP.
The clue of the matter is that the RP should not just accept the root,
but instead the issuing CA as trusted issuing party.
an example
tree / liability
-----/ -----
root / 0
signs
bronze / 0
signs
silver / 1'000
signs
gold / 10'000
signs
platinum / 100'000
signs
qualified / 1'000'000
with this hierarchy an RP can say "my application (ex: web shop)
requires silver or better" and thus accept the silver CA. If an RP
decides to only accept gold level certs (for whatever reason, maybe
liability) he should never accept the Root key.
This way a CA can decide to provide requesters with a certain level of
certificate, meant for certain types of transactions (buying a CD vs
booking hollidays vs or e-voting). And thus fullfill a business case.
The requesters can choose to purchase a cert of a certain quality
allowing for certain types of transactions independent from the provider
of these certs.
The RP can look at the cert and base his sell or no-sell decission on
the cert quality. Also becomming independent of the issuing party.
All this requires, is a verifyable definition of Bronze, Silver, Gold,
Platinum, Qualified. All issuing parties that are able to offer certs of
a certain level get "audited" regularly and published to provide
subscribers and RP's a decission aid. Issuing parties no longer being
able to offer a certain quality loose their "quality seal" and probably
their subscribers
regarding the the two different "expensive" issuances.
Here in detail it actually looks like this
signs
silver
signs
silver P(ersonal) and silver S(ervices) and X(xxx)..... and
Gold
Silver, with its sub CA's becomes a level having certain characteristics
like liability. Thus organisations can choose for a certain level and
then outsource their entire PKI realizing that registration, liability
and whatever other elements are important, fit their requirements. This
is very attractive for an industry that thus becomes independent of CA's
while determining the minimum requirements of the certs they are willing
to work with.
RP's actually like this. All they have to decide on is what level of
certs they are willing to accept. if the cert is of the right level the
root key of the issuing party no longer matters! trust is based on cert
quality.
:-)
Looking forward to any feedback
Josh
Anders Rundgren wrote:
>Doesn't your scheme make an RP trusting the "expensive" CA
>also trust the "cheap" CA as they share a common root?
>
>And there could also be just two different "expensive" issuances
>that are incompatible like server-side SSL certs and certs for
>individuals.
>
>It looks to me that you move potential problems to the RP SW.
>Mathematically OK? For sure. Standards-compliant? For sure.
>But working? Under strictly monitored conditions only. Such
>conditions are unlikely to be met when you start to count RPs
>in the thousands and up.
>
>Anyway. several other folks on the list seem to agree that
>such schemes (including policy OID-enhanced path validation)
>only work in "managed" or "community" based PKIs.
>
>In my opinion the need for standards is much more evident
>in "unmanaged" spaces.
>
>Anders
>
>----- Original Message -----
>From: "Joseph Doekbrijder" <joseph.doekbrijder@swisssign.com>
>To: "Anders Rundgren" <anders.rundgren@telia.com>
>Cc: "Stephen Kent" <kent@bbn.com>; <ietf-pkix@imc.org>
>Sent: Thursday, November 27, 2003 10:43
>Subject: Re: Straw poll: An advice to a commercial CA
>
>
>Only logical thing to do is a single root, signing the cheap CA which in
>its turn signs the expensive CA.
>Mathematically correct, includes trust logic, liability levels etc, etc...
>
>This is how we do it. :-)
>
>Cheers
>
>Josh
>
>
>Anders Rundgren wrote:
>
>
>
>>Well,
>>Since the list is close to "vibrant" with emotions, why not
>>put RFC3280 through the litmus test?
>>
>>Assume that you as PKI professionals would advice a commercial
>>TTP CA on how to configure their issuance for the following:
>>1. Free e-mail roundtrip-verification certficates. Low insurance level
>>2. Expensive (high insurance level) multi-usage certificates for individuals
>>using strong verification procedures.
>>
>>Note: the service is to be launched ASAP and has the only
>>objective, making money by serving its subscribers well.
>>
>>Indicate your advice by the word in uppercase.
>>
>>SINGLE: A single root + possibly some CP OIDs to spice things up
>>MULTIPLE: Different roots
>>
>>Lets rock!
>>
>>
>>
>>
>>
>--
>Joseph A. Doekbrijder
>--------------------------------------------------
>SwissSign AG
>Löwenstrasse 1, CH-8001 Zürich
>Tel: +41 43 344 88 11 Mobil: +41 79 211 24 46
>www.swisssign.com
>--------------------------------------------------
>
>
>
>
--
Joseph A. Doekbrijder
--------------------------------------------------
SwissSign AG
Löwenstrasse 1, CH-8001 Zürich
Tel: +41 43 344 88 11 Mobil: +41 79 211 24 46
www.swisssign.com
--------------------------------------------------
--------------ms060907010202070508090502
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIXbDCC
A6kwggKRoAMCAQICCFyxMno/hKJgMA0GCSqGSIb3DQEBBQUAMGQxHDAaBgNVBAMTE1N3aXNz
U2lnbiBTaWx2ZXIgQ0ExIzAhBgkqhkiG9w0BCQEWFHNpbHZlckBzd2lzc3NpZ24uY29tMRIw
EAYDVQQKEwlTd2lzc1NpZ24xCzAJBgNVBAYTAkNIMB4XDTAzMTAxMjExMzgyMloXDTE1MTAw
NjEzMzY1N1owYDEaMBgGA1UEAxMRU3dpc3NTaWduIEdvbGQgQ0ExITAfBgkqhkiG9w0BCQEW
EmdvbGRAc3dpc3NzaWduLmNvbTESMBAGA1UEChMJU3dpc3NTaWduMQswCQYDVQQGEwJDSDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLSn8w7oFQMQut0IZfPgpKO0yo4dGjJ
bOqNImHzxOi1PY0RxkRNhchKCOPtxIKLTSFRF+xjk7UFC92Ec5CeeU/7q8zbVg3mnXraJDca
B9Sq2Dm8SLhXksnqRDf0CnDXnZYjasBhd8D6ighp2ueeEHsleOKUYbzR9/oRS9zM902s39sL
ZhP3rfyUgBRVD1n0qq7oFERNRtpGgfaNrbfwRbRI7JUg+NQ/YO53sY74Bw8kSrKGNxaBB3sV
f7bbxWTcxiSezS8IAvOCbwnS4t0bzchn4lp6pI7kXUDqIQLFjSXI5+2qJLAecvyKawY7Ir7W
PywWEO86vknPL/vG3909Zc8CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLRs9TBBLMA8kYw0J2P6Vbz857Q/MB8GA1UdIwQYMBaAFBL6DIFb
/3/RJdgeczA1D0YYNrJ1MA0GCSqGSIb3DQEBBQUAA4IBAQAxtKZakF6f0gCYxSWGsatUfty2
g4XhEdSIF2iHpvp6H8HAWgrxD/r5FpBLgcBW7yPe7SpTuqGNVrVZSR25Hx13L0QIr7PFvRG7
kJVyfYNSfmSiW5yPypk8LDWLx4+TwXvfj8LwNaGcEyQxBAUmlHHTsWjcN3HpGu6E3XVl3wFl
IRlw5ktztskx1aL1KxQLIZmBM/a+GEb21M5CmHD9dszrtlJnawjs0lrmthDrkopizLHtNCDi
U5YSTHy/pcujvBtTAO8E6ipEoJw21XtF7DEGJkiWolakpERiFGBO5r5avWCgoLgWdX6Zrqzt
AXlr5s2cWU/+1QY3HzM8EtbWeAngMIIDrjCCApagAwIBAgIIEEgLDERrLUUwDQYJKoZIhvcN
AQEFBQAwYDEaMBgGA1UEAxMRU3dpc3NTaWduIEdvbGQgQ0ExITAfBgkqhkiG9w0BCQEWEmdv
bGRAc3dpc3NzaWduLmNvbTESMBAGA1UEChMJU3dpc3NTaWduMQswCQYDVQQGEwJDSDAeFw0w
MzEwMTIxMTU4MjJaFw0wNjEwMTIxMTU4MjJaMGkxIzAhBgNVBAMTGlN3aXNzU2lnbiBQZXJz
b25hbCBHb2xkIENBMSEwHwYJKoZIhvcNAQkBFhJnb2xkQHN3aXNzc2lnbi5jb20xEjAQBgNV
BAoTCVN3aXNzU2lnbjELMAkGA1UEBhMCQ0gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDGZp1oXB5kPBmQfvbqGcm/i5qlKmEVli+r0hcFjEkHbZ+2jE9M1SNTd+8tiCzefyrq
xud0qJ8YDH8KrMYHQ94yO+8sicLDdGjHQQ6LXC/qV0iapQtYKQ7FR7TCMkLOT6mE8WN7lCVW
wREXISxS7/9lSdIgRl4NNPZcjVVC2vVRXBvxdlBd+GK2pzlgVuDkkKMH9ZCWDV6+AHioaS5z
Yb99P33SDEa4ocoEAj2jCdJ0ABLgVWxUnzlED7zAwwcGCgvsjJHJuUFoJ1RlwHsqwMe5PPqy
j3zW2Kp8ni/WgJ8lDJGJuhbVLGjOSOhzViWOt4H6qj3qaxbqIGTWNUcKtpjTAgMBAAGjYzBh
MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTyNobPvaTWed8y
mYzQWWkdBZUshjAfBgNVHSMEGDAWgBS0bPUwQSzAPJGMNCdj+lW8/Oe0PzANBgkqhkiG9w0B
AQUFAAOCAQEArhxiYfa9i4inp2LgOCJotU2dGFlQdKNin6Ohw9wj2cGr8j814koTNNDxiKF/
27Pit+j2I9uBOoHae/AeIc6jz+ducFGqQ8v1l/J7q/F263HRMH31svgps+fd2p+18ohZdfMC
AxixpKRqcLTPyYrtkC1LoIVOxIdP4ukdfqFDyxfcGHAdHqGJwwStClhb0xFpCwFmGxeOT1eL
bAV1iPlE0AQfd64HY0GyTcUr+yv5CwEGP5lrPXxdo6eF/PlDLYZtvE5BxO1QKJNJnTGvcd19
WazA5m94o5FMcCYRXsHpYPbzGXXF1B43s8OSfNy+SPGgUJnyiBywxINl1XEFITIvwTCCA8Aw
ggKooAMCAQICCQDo8h6mwbv3LjANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJDSDESMBAG
A1UEChMJU3dpc3NTaWduMTIwMAYDVQQDEylTd2lzc1NpZ24gQ0EgKFJTQSBJSyBNYXkgNiAx
OTk5IDE4OjAwOjU4KTEfMB0GCSqGSIb3DQEJARYQY2FAU3dpc3NTaWduLmNvbTAeFw0wMzEw
MDYxMzM2NTdaFw0xNTEwMDYxMzM2NTdaMGQxHDAaBgNVBAMTE1N3aXNzU2lnbiBCcm9uemUg
Q0ExIzAhBgkqhkiG9w0BCQEWFGJyb256ZUBzd2lzc3NpZ24uY29tMRIwEAYDVQQKEwlTd2lz
c1NpZ24xCzAJBgNVBAYTAkNIMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNE7
xmO7xNmdlODqLZd7W+gGTeEj00zeh2DMsy/Tnils5TH58CahM7+Mo5BTHGkra5skTjzJMCxF
nHdxYmsSgZq9Hgjfcm4GboSr0sWH2qnDOUAID6iusgNlkPrIFgFJRB+D3YQlGHfOKnjpbMM8
67W4IFVkLG4fy6E+3nTngSZQ4iB7n5pl05eV+6bBSCJpFiW53oHe34nYUblMTCRdFy3AP/Vm
ic2Q2UphjjUUj/ljs5TP6OMbp4z8CKAlikiKPTTFrSdvWs9Nf03C3oacjI0IO2vjyd8hbZeT
20tuSZu1vSKKSEjTxmM7nIziFSmKPQUORd9pRp/DSZeNfMjbbQIDAQABo2MwYTAOBgNVHQ8B
Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUcoCI7Z4LPa+pqGtPWhfi1KGO
ZSQwHwYDVR0jBBgwFoAUltdxzTkq1PyIsYqrU3hp749HfhYwDQYJKoZIhvcNAQEFBQADggEB
AKRX2YzRnkOzrcQjyN5iNa4xdoG8TEzLTHiXmsR9kEibK73CkUNvb9MMwyzJnihUfHdwfDw4
fGqsNiBs9V9xXCJ+wlE3aDrxQhrltEqXbys4Ld0VTqaeBxXHzCupsbm0hwgVen+ugFMsWyvk
r+0acJ9wWegGJ3TM2DBJOiKwL67qyM+odg068BDt6B9RikaWJY5XKIfpihJ72Yrem7xjXC6S
0zGTXvtHZSs8NbhzSPYKrXjap/warpzAwKj3AV+LmdHpuz/2SfPkgAp7M/evkeTElRHqBalk
KEUAMTYI1F08tMWGuHBkanl7Uzv7N5ioAwVpLQhV1NH9JG9CECAZhqgwggP4MIIC4KADAgEC
AgkA3pgncg3bHVUwDQYJKoZIhvcNAQEFBQAwZDEcMBoGA1UEAxMTU3dpc3NTaWduIEJyb256
ZSBDQTEjMCEGCSqGSIb3DQEJARYUYnJvbnplQHN3aXNzc2lnbi5jb20xEjAQBgNVBAoTCVN3
aXNzU2lnbjELMAkGA1UEBhMCQ0gwHhcNMDMxMDEyMTEzNjMyWhcNMTUxMDA2MTMzNjU3WjBk
MRwwGgYDVQQDExNTd2lzc1NpZ24gU2lsdmVyIENBMSMwIQYJKoZIhvcNAQkBFhRzaWx2ZXJA
c3dpc3NzaWduLmNvbTESMBAGA1UEChMJU3dpc3NTaWduMQswCQYDVQQGEwJDSDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMz3QXwh/nvpMabdHEk5CptaSV13UQjSfJq27Dab
l9jtvdKc89XRBewyhQh/pPW5vGKo9SoMoSq7eyaDRlB1vN7FPvI462Bv2T637rAh/uIolWXI
gQrz3TNbdKrz2b1qylWHSG/t7fGkM/Pi9PMxS3ZMRuPTPuHDFubKxAj8uGCd5Cc1a2sK1wTA
HIar4jJ4LMlrisOaleRQPaad+sA7LpiLaGVy9wTrDLFNpYd8/zi4Q6VwOQ/N5oBDlkW6pH0l
smk9ZXCLqDGf1zHU/GoVPtxlp2fDvbUBYNP/0n65U92bKex4cdFxLbLiCkGU67FB40M0fm5P
UZSi890suZ8T0UUCAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
/zAdBgNVHQ4EFgQUEvoMgVv/f9El2B5zMDUPRhg2snUwHwYDVR0jBBgwFoAUcoCI7Z4LPa+p
qGtPWhfi1KGOZSQwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cHM6Ly9zd2lzc3NpZ24ubmV0L2Nn
aS1iaW4vYXV0aG9yaXR5L2NybD9jYT1Ccm9uemUwDQYJKoZIhvcNAQEFBQADggEBAKmlVsVY
uuOGs5sWDTYJZEVQOaRbFN8zeM3qWK4xJmphYBkTrDSmAsH9OnBgx17CcsWc5MxTxhU0ef6U
S6A1pxLhYH5vmulwPak1HnLp/vdPQ5M/BGzZPyrFmhhBvh8TI8J7rHLY3loTt9q0R/gFiVvV
YTUfoIG5BsG1WnUQpWO9+fQoaFk8JMklm9oY02VNwTp6gDmCdkDyoljKxjgzfSaPePoX8XA+
qNPGpOSmP+Qc2uBBC/7G0v6roaAmbIPEwQ+Pinl4G1alPV5Tx5P4KtUU8uPUj5kZEJYMBUr0
EUQA/+aEF92SsYVwFbBGB8hr6grBb11imoLpW+TYzXQ9KckwggP/MIIC56ADAgECAghxv+3S
3YlILDANBgkqhkiG9w0BAQUFADBpMSMwIQYDVQQDExpTd2lzc1NpZ24gUGVyc29uYWwgR29s
ZCBDQTEhMB8GCSqGSIb3DQEJARYSZ29sZEBzd2lzc3NpZ24uY29tMRIwEAYDVQQKEwlTd2lz
c1NpZ24xCzAJBgNVBAYTAkNIMB4XDTAzMTAzMDEwNDAyN1oXDTA0MTAzMDEwNDAyN1owbzEb
MBkGA1UEAxMSSm9zZXBoIERvZWticmlqZGVyMS8wLQYJKoZIhvcNAQkBFiBqb3NlcGguZG9l
a2JyaWpkZXJAc3dpc3NzaWduLmNvbTESMBAGA1UEChMJU3dpc3NTaWduMQswCQYDVQQGEwJD
SDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxqYj3gyEv57yU1uWzgJ45nMp3C
XPEcnoyT5z1rX9BM35qRMjxqnjOXHTSCi3Jt32WrwKs/mN5ZjVcbEwYCme90FcFSqs8of9I3
5o3WzDc1KlhyF1iyahUBQhU2Ckg2wEsgiEgUmSEjuSPjoCa2ggqI8FkGEwTVbDpgANA+9HSi
mzy33s/6kf38npd2ZlBfw3B9A/+hX28THS+JkvcaF3vQ0fAJ7xjanAjOGLbnJ/n0tT1gzI7Z
cMwrdZqSS5O92DPbNyB+iGyVDhE24C9lGaJNkwMYtCHFc2JIuHW0AhmunTUs6YFN/MIoIFqQ
8y95vAdt25eK/ECCt8aYABnLbrECAwEAAaOBpDCBoTAfBgNVHSMEGDAWgBTyNobPvaTWed8y
mYzQWWkdBZUshjBNBgNVHR8ERjBEMEKgQKA+hjxodHRwczovL3N3aXNzc2lnbi5uZXQvY2dp
LWJpbi9hdXRob3JpdHkvY3JsP2NhPVBlcnNvbmFsK0dvbGQwDgYDVR0PAQH/BAQDAgQwMB8G
A1UdJQQYMBYGCisGAQQBgjcKAwQGCCsGAQUFBwMEMA0GCSqGSIb3DQEBBQUAA4IBAQAE4D7D
QYdUJeZlOJIsLuqtVe6UV9qdBnWP0xtpGP6UNEtsbUlLxsQcUn3yTKT1pS5wXnIPXP6q7Nka
klClJGaqTiUqzgDgvzFZEAE/yn/hJW3FAh1fMI/8mg6TjUGZp9EfRuTRN95Vpx8Fplajj0gb
eq3LCmMhonTBkBDC8xC7MQNeMoNfwMwWV2CwYv/nYd4xQPJV+M6gbosQu8IkLZCwS1At/DGo
ZVIMT2oG9Dod42+BLoSo00hVBf7ZVYWu1kRKGW1Fpo9GKRz950e5wXyioqOsubTl3MawYc9R
5ruN2UpfyieybVgELxFJWctrxUMCbZt40TSU9BKagtPYpmOoMIIERjCCAy6gAwIBAgIJAKmI
07nX+nqHMA0GCSqGSIb3DQEBBQUAMGkxIzAhBgNVBAMTGlN3aXNzU2lnbiBQZXJzb25hbCBH
b2xkIENBMSEwHwYJKoZIhvcNAQkBFhJnb2xkQHN3aXNzc2lnbi5jb20xEjAQBgNVBAoTCVN3
aXNzU2lnbjELMAkGA1UEBhMCQ0gwHhcNMDMxMDMwMTQ0MzE2WhcNMDQxMDMwMTQ0MzE2WjBv
MRswGQYDVQQDExJKb3NlcGggRG9la2JyaWpkZXIxLzAtBgkqhkiG9w0BCQEWIGpvc2VwaC5k
b2VrYnJpamRlckBzd2lzc3NpZ24uY29tMRIwEAYDVQQKEwlTd2lzc1NpZ24xCzAJBgNVBAYT
AkNIMIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQBtmISHM5pmxmB3GrD4n8ZfA82r
tfHgSAl14N3NV9YT6jsiaav2K/k4n5Hn0ije8gGNhZFP+8Q9edYN0rQ1HR22+YfU27J7qm9C
EyY9saO55F36I9yPj4h57PUu6SWgwgwrcOv1ocAbbdKKB8VRFNr9DhwtcXM5pXYC1yHVGpVc
WKy87qv7401vKtftkB5VaC2cE9H14J/7eMExb1NRDUprj96+THgHU4APqDLiU6DphS+MwBwC
v8P2k3BXn9mD91MHMqrPmI+88bTz/MOXw+ynXD8nIgxKFjh2XajOjMUNxKB3tAVosuh0ny51
vpAQiA7AzOkwUDCtNL2vcNHly0dRAgMBAAGjgeswgegwHwYDVR0jBBgwFoAU8jaGz72k1nnf
MpmM0FlpHQWVLIYwTQYDVR0fBEYwRDBCoECgPoY8aHR0cHM6Ly9zd2lzc3NpZ24ubmV0L2Nn
aS1iaW4vYXV0aG9yaXR5L2NybD9jYT1QZXJzb25hbCtHb2xkMA4GA1UdDwEB/wQEAwIDyDAp
BgNVHSUEIjAgBggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcUAgIwOwYDVR0RBDQwMqAw
BgorBgEEAYI3FAIDoCIMIGpvc2VwaC5kb2VrYnJpamRlckBzd2lzc3NpZ24uY29tMA0GCSqG
SIb3DQEBBQUAA4IBAQAlCsDvsCrsE47twAYZFVAaZ078L3JzZxtK8b4TnwTZp7miqrtD7+sZ
Q0JNkerghgZWhAR9oKo6jdnxAf9KTSFDtQPQhTEU/Pp+17mQAzKPvKCMmfGjr3hxEq5i71TW
bUEvQpwPmIYjQ+bcu+vAQiD9CcQjesOOGRi5gspiP+GVNmUQWYg/DHBpaJj5BkCfmisXsTmY
0i9AlOQc2IPUHw/xUUlnFYfoTkqENjEXIUOkxww2wPUs5Jz0ZL2J15u/TJ0w1eKbQJPQo8zM
qZJpQYJVeJq731+5grJ2WN1BGy0/k8x4mOttUC5SMSseIndd/uLjiqIBkx7PcHjpDLXJ9cxj
MYIDYjCCA14CAQEwdjBpMSMwIQYDVQQDExpTd2lzc1NpZ24gUGVyc29uYWwgR29sZCBDQTEh
MB8GCSqGSIb3DQEJARYSZ29sZEBzd2lzc3NpZ24uY29tMRIwEAYDVQQKEwlTd2lzc1NpZ24x
CzAJBgNVBAYTAkNIAgkAqYjTudf6eocwCQYFKw4DAhoFAKCCAcEwGAYJKoZIhvcNAQkDMQsG
CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDMxMjAyMDg0MjIwWjAjBgkqhkiG9w0BCQQx
FgQU5VxC7K1Gg+9ZocMu76WIDYii9NYwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAO
BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgw
gYQGCSsGAQQBgjcQBDF3MHUwaTEjMCEGA1UEAxMaU3dpc3NTaWduIFBlcnNvbmFsIEdvbGQg
Q0ExITAfBgkqhkiG9w0BCQEWEmdvbGRAc3dpc3NzaWduLmNvbTESMBAGA1UEChMJU3dpc3NT
aWduMQswCQYDVQQGEwJDSAIIcb/t0t2JSCwwgYYGCyqGSIb3DQEJEAILMXegdTBpMSMwIQYD
VQQDExpTd2lzc1NpZ24gUGVyc29uYWwgR29sZCBDQTEhMB8GCSqGSIb3DQEJARYSZ29sZEBz
d2lzc3NpZ24uY29tMRIwEAYDVQQKEwlTd2lzc1NpZ24xCzAJBgNVBAYTAkNIAghxv+3S3YlI
LDANBgkqhkiG9w0BAQEFAASCAQAvCSxpM4U31/QgEOsb0gKJXmB9LpXODWOGLY0vZxxU/PM+
nz4mIWLnfP0ZHbdcK6dzWDdpMpxkP3+3P0/T6dQkuNqjjpNxQI8wKfR2/Pw3+g0joYDiCI73
EtixJjGV2wgZ0SVhGkJ13rBCufLBYES26D0UvWxY7tYBZWDdCBdPNq6AFXgGExu06OzUfj1C
5NchfUyE5fQ9pq0PBSlfprtRxACgZ0TnYNRbIqtPFY+iklfNEcywJ7kwinFB0tD7XB5ZLbWb
svzPB+OAlO8vK2W364yXrWVZnnoU+3QrdKCo7crz/6u2813NkVYoRFaMMS1EkaEAP6oeOH1x
3VIdx9JMAAAAAAAA
--------------ms060907010202070508090502--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB1Ngvib013110 for <ietf-pkix-bks@above.proper.com>; Mon, 1 Dec 2003 15:42:57 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB1NgvQV013109 for ietf-pkix-bks; Mon, 1 Dec 2003 15:42:57 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB1Ngsib013103 for <ietf-pkix@imc.org>; Mon, 1 Dec 2003 15:42:56 -0800 (PST) (envelope-from alex@verisign.com)
Received: from mou1wnexc02.vcorp.ad.vrsn.com (verisign.com [65.205.251.54]) by peacock.verisign.com (8.12.10/) with ESMTP id hB1Ngtq1015443 for <ietf-pkix@imc.org>; Mon, 1 Dec 2003 15:42:55 -0800 (PST)
Received: by mou1wnexc02.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2653.19) id <XZHCCDMY>; Mon, 1 Dec 2003 15:42:55 -0800
Message-ID: <F5678115F458B4458C227F0EC02691BB02BA8523@mou1wnexm04.vcorp.ad.vrsn.com>
From: "Deacon, Alex" <alex@verisign.com>
To: ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
Date: Mon, 1 Dec 2003 15:42:53 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_0205_01C3B821.C86F6140"; micalg=SHA1
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------=_NextPart_000_0205_01C3B821.C86F6140
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
It looks like I've missed most of the fun, but here are my thoughts in
any case...
For the record, I would object to any v1 addition that would mandate a
"MUST reject" clause.
As for the nonceUnsupported proposal, it does have it merits. However I
have to agree with Ryan by objecting to its standardization in v1 for
two reasons. First, doing so will not allow for the "TLS Extension" use
case where OCSP responses are included in protocol exchanges. Second,
it will make currently conformant clients, non-conformant. I'm also
worried that such a large change to v1 now will break some
implementations.
I'm happy to have discussions on these issue in the context of a v2
protocol. But would suggest we leave v1 as it is.
Alex
> -----Original Message-----
> From: Marc Branchaud [mailto:marcnarc@rsasecurity.com]
> Sent: Friday, November 28, 2003 2:23 PM
> To: ietf-pkix@imc.org
> Subject: Re: DISCUSS: MUST reject in OCSPv1
>
>
>
> Mike just gave me an offline whack to the head.
>
> I have no objection to the original nonceUnsupported proposal, as
> described in
> http://www.imc.org/ietf-pkix/mail-archive/msg07210.html
> including David's "return an error" addition in
> http://www.imc.org/ietf-pkix/mail-archive/msg07214.html
>
> Having clarified my earlier clarification, I wish to reset the
> conversation...
>
> Florian: As we both support the proposal, we may be in danger
> of violent
> agreement.
>
> Ryan: Your arguments have failed to convince me that the
> proposal is bad.
>
> Apologies to all for the churn.
>
> M.
>
>
> Michael Myers wrote:
> > Marc,
> >
> > The proposal is to cycle *v1* at Proposed to address this one issue.
> > We would also take the opportunity to clarify encoding of nonce
> > as OCTET STRING, which was going to happen anyway as v1 went
> > from
> > Proposed to Draft.
> >
> > I take it then you have no objection to the core technical
> aspects of
> > the proposed resolution?
> >
> > Mike
> >
> >
> >>-----Original Message-----
> >>From: owner-ietf-pkix@mail.imc.org
> >>[mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Marc Branchaud
> >>Sent: Friday, November 28, 2003 10:28 AM
> >>To: ietf-pkix@imc.org
> >>Subject: Re: DISCUSS: MUST reject in OCSPv1
> >>
> >>
> >>
> >>Michael Myers wrote:
> >>
> >>>Marc, your response was ambiguous.
> >>
> >>Just to clarify, then:
> >>
> >>The resolution started with a "big if": Cycling at
> >>proposed. I have no
> >>objection to cycling at Proposed and issuing an
> >>OCSPv2 that works all
> >>this out.
> >>
> >>It's the "then" I am objecting to. The proposed
> >>"then" is bad.
> >>
> >> M.
> >>
> >
> >
>
------=_NextPart_000_0205_01C3B821.C86F6140
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINXzCCAj0w
ggGmAhEAulrJTAU7ktantt9O0FOSDTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVibGljIFByaW1hcnkgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMDQwMTA3MjM1OTU5WjBfMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVi
bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBALZai6MNaiODgGvPOYf0IRMzBkwlou1VEpfFp4C5+oPBIKD6LxUNfKFga355LPoGDzqu
9htvsdL/LyhSX4N9S8R6t/hmH4BU/LfCjllKFFdG0ZqTvkGRA7sVgJNc6+fMCGw/PrNK/P9LbCPV
UIImRBmOI8Nx6hkkRwSedb/IpgAfAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAtgAfk1ekB6dAzmVA
P1Ve7e/6VEmlMNYhfGGH7oOTC7+0M/KYrJ8Gv06ozhSBTMsETljDz1/ufNeab8tBird/gbj/hGHG
J0NlHQzssQAK3Ruku8d4ICiyot02lS7hVE+/YLl3aBGZI+jqUuiqAE5nTruQtUWbRuuOFu/EM1sz
PdUwggNDMIICrKADAgECAhAffl/nA9Hgv5kg3GuJDUsEMA0GCSqGSIb3DQEBBAUAMF8xCzAJBgNV
BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTAyMjUwMDAwMDBaFw0wNDAxMDUy
MzU5NTlaMIGtMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1
c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93
d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTEmMCQGA1UEAxMdVmVyaVNpZ24gQ2xhc3MgMiBQ
ZXJzb25uZWwgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKcEbA+icrdKBi741yksNJ2C
vEiRSses+en8uVl4sVXAU1ixz28WO8FJ1cv0bszhzMu1xy5OiKo06bbQW3w+FVc04Ri8/931r2dZ
IArlPeqIikDSmokTKam21dunfuHnNyST/ZR0TXrkMm1M6FwWl6/dktlmihRm5OpaA6g9X/sLAgMB
AAGjgbAwga0wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMi5j
cmwwEQYJYIZIAYb4QgEBBAQDAgEGMEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEF
BQcCARYfaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rcjAPBgNVHRMECDAGAQH/AgEBMAsG
A1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQB59xXN6GhRWWv8qaa94B77vPQ/kN/n+u3kVPdh
PVSLBrqXMloeqyzur3Orx13TP4/0zstOSGCiqGC2ON6gpvePKegRrMw5dlA83TlsC/Fa/QhUdt0W
bPcxcLi/CPfJJgaO37svGbG2uLToPEjoJ7GXKSBXA5ybZ/p9QMQ4fxiqmjCCA8AwggMpoAMCAQIC
EErIAANjYdQVAxbxhjabt80wDQYJKoZIhvcNAQEFBQAwga0xFzAVBgNVBAoTDlZlcmlTaWduLCBJ
bmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUkwRwYDVQQLE0BVc2UgaXMgc3Vi
amVjdCB0byB0ZXJtcyBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWtyIChjKTk5MSYw
JAYDVQQDEx1WZXJpU2lnbiBDbGFzcyAyIFBlcnNvbm5lbCBDQTAeFw05OTAyMjUwMDAwMDBaFw0w
OTAyMjMyMzU5NTlaMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
Z24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0
cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UEAxMcVmVyaVNpZ24gQ2xh
c3MgMiBFbXBsb3llZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwIrRh2Gi6jADVWsI
NvCX+hpUNSQf6H2dyMNz09hG9ZEt2TjtlNewJnMq3pdQTf8iHL1wAJgMWCqxpHKPpbn3LXxg47Xf
6X1OISFh1fw7VMmkCZy7IvmiunBhT4ZGov0FZOwKP6ZYdle7FnNEfPClDZfAbKbxYwglsQQXlaCN
/n8CAwEAAaOB3zCB3DApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMS0xMTgw
EQYJYIZIAYb4QgEBBAQDAgEGMA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMEQGA1UdIAQ9
MDswOQYLYIZIAYb4RQEHFwIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
L3JwYTA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9WU0NsYXNzMklu
dC5jcmwwDQYJKoZIhvcNAQEFBQADgYEANhj9M2DWF9MEtdhUX1Ia5ZIIKPSiQNrDW4wahpfvrqIV
/mzEzi/IAcozvvJ5WDOXl5JFcFpOKB3d98GIThuHVwI9kyXZfk5yNYlJF7O5dy9tDvmkiCXBznZz
ZWkFk3fn/ZOWGDhNWGx6nejSm+jQ24n9ScJ1BAOXpdSWgdgjQfAwggQPMIIDeKADAgECAhAzLr9g
Nl/Alm5BwDUqJfjZMA0GCSqGSIb3DQEBBAUAMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEf
MB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3Qg
dG8gdGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UE
AxMcVmVyaVNpZ24gQ2xhc3MgMiBFbXBsb3llZSBDQTAeFw0wMzAyMjQwMDAwMDBaFw0wNDAyMjQy
MzU5NTlaMGUxETAPBgNVBAoTCFZFUklTSUdOMQswCQYDVQQLEwJIUTETMBEGA1UEAxMKUmVjaXBp
ZW50czEuMCwGA1UEAxMlQURlYWNvbiAoRGVhY29uIEFsZXgsIFZlcmlTaWduLCBJbmMuKTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzx3sCPaQpHpxCg1L2vrDWdm9vpNny7aftpAvzfcCcjYn
EFPjODoBoEzqqTadrgD6YehNArWIWBf7STGJfQApFpSxCU5OWECQc+2Ti825B06KhAye00epJwgH
ByGqsDHGK7A+FlkpmqWybsLm2Q5kqdrv9gNFRw2oMRhsA6Ztx5sCAwEAAaOCAXYwggFyMAkGA1Ud
EwQCMAAwWQYDVR0fBFIwUDBOoEygSoZIaHR0cDovL29uc2l0ZWNybC52ZXJpc2lnbi5jb20vVmVy
aVNpZ25JbmNFeGNoYW5nZUVtcGxveWVlcy9MYXRlc3RDUkwuY3JsMAsGA1UdDwQEAwIFoDAcBgNV
HREEFTATgRFhbGV4QHZlcmlzaWduLmNvbTCBrAYDVR0gBIGkMIGhMIGeBgtghkgBhvhFAQcBATCB
jjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggrBgEFBQcCAjBW
MBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJl
bmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wEQYJYIZIAYb4QgEBBAQDAgeAMB0GA1UdJQQW
MBQGCCsGAQUFBwMEBggrBgEFBQcDAjANBgkqhkiG9w0BAQQFAAOBgQCD7anMuD4hgW1JGGSf+6Rf
25ZGkg2fjkCC8eh4XpTd5cQOhi+nQ1eUSxiU8r3UZJN1LQ5F9bkGj5G+hCQd+0mKvByk/l2Nwq34
/zZ9jraFBm60xDBF8FI2TfOCwlx6NsQR6xYdTl8IsvUx9oy0J8YBPFZLN3z2Q/JtLf07g/4mojGC
A88wggPLAgEBMIHBMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
Z24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0
cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UEAxMcVmVyaVNpZ24gQ2xh
c3MgMiBFbXBsb3llZSBDQQIQMy6/YDZfwJZuQcA1KiX42TAJBgUrDgMCGgUAoIICYzAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMzEyMDEyMzQyNTNaMCMGCSqGSIb3
DQEJBDEWBBRK6YovR5jsEA4WsMR7tnetS+zBsjBYBgkqhkiG9w0BCQ8xSzBJMAoGCCqGSIb3DQMH
MAcGBSsOAwIaMA4GCCqGSIb3DQMCAgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAKBggqhkiG
9w0CBTCB0gYJKwYBBAGCNxAEMYHEMIHBMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0G
A1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8g
dGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UEAxMc
VmVyaVNpZ24gQ2xhc3MgMiBFbXBsb3llZSBDQQIQMy6/YDZfwJZuQcA1KiX42TCB1AYLKoZIhvcN
AQkQAgsxgcSggcEwgawxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
biBUcnVzdCBOZXR3b3JrMUkwRwYDVQQLE0BVc2UgaXMgc3ViamVjdCB0byB0ZXJtcyBhdCBodHRw
czovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWtyIChjKTk5MSUwIwYDVQQDExxWZXJpU2lnbiBDbGFz
cyAyIEVtcGxveWVlIENBAhAzLr9gNl/Alm5BwDUqJfjZMA0GCSqGSIb3DQEBAQUABIGAITOhvkjv
Q17OtiPtbQfeeN3e658Cb+6FOnpEKjH4nXxZzDNBK/W3STatdIyyFQO1fUm6v4M+s4raQ8TnWMvg
mDeFxtqqG7Bhk6eQHQtXuc8fv9AjuHPnKy1OXmtg7JGXDde3yGVL6rP6A3zlb7MCF+PDYxORmPWD
GuQotJOVlAIAAAAAAAA=
------=_NextPart_000_0205_01C3B821.C86F6140--
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB1MfJib011126 for <ietf-pkix-bks@above.proper.com>; Mon, 1 Dec 2003 14:41:19 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB1MfJlT011125 for ietf-pkix-bks; Mon, 1 Dec 2003 14:41:19 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB1MfGib011114 for <ietf-pkix@imc.org>; Mon, 1 Dec 2003 14:41:16 -0800 (PST) (envelope-from dpkemp@missi.ncsc.mil)
Message-ID: <200312012223.hB1MNiRg029770@stingray.missi.ncsc.mil>
Date: Mon, 01 Dec 2003 17:41:08 -0500
From: "David P. Kemp" <dpkemp@missi.ncsc.mil>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: Straw poll: An advice to a commercial CA
References: <4.3.2.7.2.20031128140532.02a3dea0@localhost>
In-Reply-To: <4.3.2.7.2.20031128140532.02a3dea0@localhost>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Absolutely correct. "Typical users", and their user agent software,
have no threat model against which to apply any sort of security policy,
and therefore have no reason to demand certificates containing policy
OIDs or configuration interfaces more complex than the "Whatever" button.
Typically only organizations have security policies, and therefore
organizations are the only relying parties with a need to configure the
strength of authentication they are willing to accept. If there were a
standardized set of certificate policies (analogous to gasoline octanes,
or USDA beef grades Choice and Select), then users could select among
competing commercial CAs providing a certain grade of product. But
unless banks or other e-businesses start requiring users to have Choice
(but not Select) third-party certificates to access their accounts,
users have no reason to obtain such certificates or to care how much
assurance they provide.
Dave
Christine Karman wrote:
> At 12:27 11-27-03, Peter Gutmann wrote:
>
>> To answer an earlier question about support for policy restrictions,
>> cryptlib
>> supports these (policy constraints with all its weird variations). If
>> cryptlib finds constraints in a CA cert it'll apply them down the
>> chain, but
>> there's no way for a user to configure the behaviour. The reason for
>> this is
>> that no-one has ever asked for this [0], so I can't even begin to
>> imagine what
>> sort of interface it'd require to manage things. Do users type in a
>> list of
>> OIDs from a piece of paper? Do they click on a CA cert and say "Use the
>> policies advertised by this CA"?
>
>
> Typical users hardly know what a CA is. They don't know what kind of
> policies you are talking about. So a GUI would assume a most probable
> strategy, and then prompt the user with "I recommend you adopt policy
> xyz for this certificate. Press 'OK', or press 'advanced' to change". On
> a company level, a system administrator would force a certain behavior
> of the GUI, which cannot be changed by individual users.
> Having said this, the GUI would probably make the choice by itself,
> because user interaction suggests that the user makes a decision on the
> subject, while in reality the user just presses a button that may as
> well read "Whatever".
> I agree, this is not what the world should be like. But it is.
>
> dagdag
> Christine
> --
> Izecom BV
> Secure e-mail and digital signatures
> www.izecom.com
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB1IiQib001212 for <ietf-pkix-bks@above.proper.com>; Mon, 1 Dec 2003 10:44:26 -0800 (PST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hB1IiQkS001211 for ietf-pkix-bks; Mon, 1 Dec 2003 10:44:26 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from imr6.us.db.com (imr6.us.db.com [160.83.65.199]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hB1IiOib001206 for <ietf-pkix@imc.org>; Mon, 1 Dec 2003 10:44:25 -0800 (PST) (envelope-from frank.balluffi@db.com)
Received: from sdbo1005.db.com by imr6.us.db.com id hB1IiOuD018908; Mon, 1 Dec 2003 13:44:25 -0500 (EST)
To: ietf-pkix@imc.org
Subject: RE: DISCUSS: MUST reject in OCSPv1
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.11 July 24, 2002
Message-ID: <OF86404AF5.A8C6A80E-ON85256DEF.0066D6ED-85256DEF.0066F0EF@db.com>
From: "Frank Balluffi" <frank.balluffi@db.com>
Date: Mon, 1 Dec 2003 13:44:22 -0500
X-MIMETrack: Serialize by Router on sdbo1005/DBNA/DeuBaInt/DeuBa(5012HF330 | August 01, 2003) at 12/01/2003 01:44:25 PM, Serialize complete at 12/01/2003 01:44:25 PM
Content-Type: multipart/alternative; boundary="=_alternative 0066F0EA85256DEF_="
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multipart message in MIME format.
--=_alternative 0066F0EA85256DEF_=
Content-Type: text/plain; charset="us-ascii"
I agree with Ambarish.
Frank
"Ambarish Malpani" <ambarish@malpani.biz>
Sent by: owner-ietf-pkix@mail.imc.org
11/28/2003 05:00 PM
To: "Florian Oelmaier" <oelmaier@sytrust.com>, "'Marc Branchaud'"
<marcnarc@rsasecurity.com>, <ietf-pkix@imc.org>
cc:
Subject: RE: DISCUSS: MUST reject in OCSPv1
Hi Florian,
The reason for including a nonce in the request is to enable a
client that doesn't have a very precise knowledge of time to still
be sure the response he got from the server was generated for this
specific request.
While I do agree with Mark and think that the "right" way would be
to require the client to require the nonce in the response, in the
interests of moving ahead, I vote to accept Mike's compromise
proposal that a client MUST require the nonce in the response
unless it is accompanied by a nonceUnsupported extension in
the response and the client is willing to accept a response w/o
a nonce. This preserves the semantics for current clients and
still allows caching servers to supply responses to clients
who will take them.
Regards,
Ambarish
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Florian Oelmaier
> Sent: Thursday, November 27, 2003 4:15 PM
> To: 'Marc Branchaud'; ietf-pkix@imc.org
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
>
> Your argument is "nonces are only for replay protection". Thats true.
>
> Now lets discuss WHY a client wants to get replay protection. Seeing
> that we have the three times in the response with a clear semantic, the
> client is not harmed by a replay. So why should a client include a nonce
> into the request?
>
> There are different reasons for that, but the main reason is: the client
> wants a "fresh" response. Following that path Ryans arguments apply as
> he presented it in his previous replies. A client will include a nonce
> into the request to ask for a "fresh" response. If the client does not
> need a fresh response, then replaying is not a problem (then it is a
> feature called "caching").
>
> So if a responder gets a request with a nonce, it not only means "the
> client wants replay protection" - it also means "the client would like
> to get a fresh response". Because otherwise replay attacks would not
> matter.
>
> --
> Florian Oelmaier
> SyTrust
>
>
--=_alternative 0066F0EA85256DEF_=
Content-Type: text/html; charset="us-ascii"
<br><font size=2 face="sans-serif">I agree with Ambarish.</font>
<br>
<br><font size=2 face="sans-serif">Frank</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>"Ambarish Malpani" <ambarish@malpani.biz></b></font>
<br><font size=1 face="sans-serif">Sent by: owner-ietf-pkix@mail.imc.org</font>
<p><font size=1 face="sans-serif">11/28/2003 05:00 PM</font>
<br>
<td><font size=1 face="Arial"> </font>
<br><font size=1 face="sans-serif"> To: "Florian Oelmaier" <oelmaier@sytrust.com>, "'Marc Branchaud'" <marcnarc@rsasecurity.com>, <ietf-pkix@imc.org></font>
<br><font size=1 face="sans-serif"> cc: </font>
<br><font size=1 face="sans-serif"> Subject: RE: DISCUSS: MUST reject in OCSPv1</font></table>
<br>
<br>
<br><font size=2 face="Courier New"><br>
<br>
Hi Florian,<br>
The reason for including a nonce in the request is to enable a<br>
client that doesn't have a very precise knowledge of time to still<br>
be sure the response he got from the server was generated for this<br>
specific request.<br>
<br>
While I do agree with Mark and think that the "right" way would be<br>
to require the client to require the nonce in the response, in the<br>
interests of moving ahead, I vote to accept Mike's compromise<br>
proposal that a client MUST require the nonce in the response<br>
unless it is accompanied by a nonceUnsupported extension in<br>
the response and the client is willing to accept a response w/o<br>
a nonce. This preserves the semantics for current clients and<br>
still allows caching servers to supply responses to clients<br>
who will take them.<br>
<br>
Regards,<br>
Ambarish<br>
<br>
<br>
<br>
> -----Original Message-----<br>
> From: owner-ietf-pkix@mail.imc.org<br>
> [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Florian Oelmaier<br>
> Sent: Thursday, November 27, 2003 4:15 PM<br>
> To: 'Marc Branchaud'; ietf-pkix@imc.org<br>
> Subject: RE: DISCUSS: MUST reject in OCSPv1<br>
> <br>
> <br>
> <br>
> Your argument is "nonces are only for replay protection". Thats true.<br>
> <br>
> Now lets discuss WHY a client wants to get replay protection. Seeing<br>
> that we have the three times in the response with a clear semantic, the<br>
> client is not harmed by a replay. So why should a client include a nonce<br>
> into the request?<br>
> <br>
> There are different reasons for that, but the main reason is: the client<br>
> wants a "fresh" response. Following that path Ryans arguments apply as<br>
> he presented it in his previous replies. A client will include a nonce<br>
> into the request to ask for a "fresh" response. If the client does not<br>
> need a fresh response, then replaying is not a problem (then it is a<br>
> feature called "caching").<br>
> <br>
> So if a responder gets a request with a nonce, it not only means "the<br>
> client wants replay protection" - it also means "the client would like<br>
> to get a fresh response". Because otherwise replay attacks would not<br>
> matter.<br>
> <br>
> -- <br>
> Florian Oelmaier<br>
> SyTrust<br>
> <br>
> <br>
</font>
<br>
<br>
--=_alternative 0066F0EA85256DEF_=--
- Summary RE: Last Call: Qualified Certificates Stefan Santesson