RE: OCSP Algorithm Agility
"Santosh Chokhani" <chokhani@orionsec.com> Fri, 21 September 2007 22:42 UTC
Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IYrD9-0001Zs-TF for pkix-archive@lists.ietf.org; Fri, 21 Sep 2007 18:42:59 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IYrCz-0001eG-Th for pkix-archive@lists.ietf.org; Fri, 21 Sep 2007 18:42:51 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l8LLivMH095871 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Sep 2007 14:44:57 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l8LLivjS095870; Fri, 21 Sep 2007 14:44:57 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from EXVS01.ex.dslextreme.net (exbe04.ex.dslextreme.net [66.51.199.86]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l8LLiujB095864 for <ietf-pkix@imc.org>; Fri, 21 Sep 2007 14:44:57 -0700 (MST) (envelope-from chokhani@orionsec.com)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: OCSP Algorithm Agility
Date: Fri, 21 Sep 2007 14:44:34 -0700
Message-ID: <82D5657AE1F54347A734BDD33637C87909439443@EXVS01.ex.dslextreme.net>
In-Reply-To: <p06240814c319da7d9330@[165.227.249.200]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: OCSP Algorithm Agility
Thread-Index: Acf8l4NIxZexIh9rTveKgrEJmUDxVQAAJZEA
References: <2788466ED3E31C418E9ACC5C3166155703DF57@mou1wnexmb09.vcorp.ad.vrsn.com> <p0624080ec319a977190d@[165.227.249.200]> <p0624050dc319b62dedaf@[128.89.89.71]> <p06240814c319da7d9330@[165.227.249.200]>
From: Santosh Chokhani <chokhani@orionsec.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, Stephen Kent <kent@bbn.com>, ietf-pkix@imc.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l8LLivjB095865
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Paul, Here are my views on this. The client should be first asking for the algorithm suite that signed the certificate in question. There is no need for the client to ask for anything stronger. The client can ask for stronger suites as secondary, if client has them. In the scenario you cite, the Responder certificate will not include RSA with SHA 1 any longer. So, client will know that Responder only supported his second choice and he should be ok with it. -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Paul Hoffman Sent: Friday, September 21, 2007 4:39 PM To: Stephen Kent; ietf-pkix@imc.org Subject: RE: OCSP Algorithm Agility At 2:07 PM -0400 9/21/07, Stephen Kent wrote: >How about defining an extension to be included in the cert issued to >an OCSP responder by a CA. The extension would have an ordered list >of algorithms (hash and signature if we want to address more than >the hash agility issue) accepted by the OCSP responder. An OCSP >client can use this info to determine what is the "best" algorithm >(or alg pair) that it and the responder share. The combination of >this extension and an OCSP negotiation procedure will allow the >client to detect MITM downgrade attacks. In fact, if the client >acquires the responder's cert prior to making a request, there would >not even be a need for real negotiation, since the client would know >what alg to request in a response. Imagine the list of algorithms is RSA-with-SHA1 first and DSA-with-SHA1 second. How does your negotiation work? The client asks for this message to be signed with RSA-with-SHA1. But the server knows that RSA-with-SHA1 has been compromised since it got that certificate from the CA. What does the server say to the client to indicate that it only wants to sign with DSA-with-SHA1? What prevents Mallory from saying the same thing to the client? --Paul Hoffman, Director --VPN Consortium
- OCSP Algorithm Agility Hallam-Baker, Phillip
- RE: OCSP Algorithm Agility Stefan Santesson
- RE: OCSP Algorithm Agility Michael Myers
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Hallam-Baker, Phillip
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Hallam-Baker, Phillip
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Michael Myers
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Andrews, Rick
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Andrews, Rick
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Hallam-Baker, Phillip
- RE: OCSP Algorithm Agility Paul Hoffman
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Stefan Santesson
- RE: OCSP Algorithm Agility Stephen Kent
- RE: OCSP Algorithm Agility Stefan Santesson
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Paul Hoffman
- RE: OCSP Algorithm Agility Stephen Kent
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Paul Hoffman
- RE: OCSP Algorithm Agility Andrews, Rick
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Hallam-Baker, Phillip
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Hallam-Baker, Phillip
- RE: OCSP Algorithm Agility Santosh Chokhani
- RE: OCSP Algorithm Agility Seth Hitchings
- RE: OCSP Algorithm Agility Stefan Santesson
- RE: OCSP Algorithm Agility Hallam-Baker, Phillip
- RE: OCSP Algorithm Agility Hallam-Baker, Phillip
- RE: OCSP Algorithm Agility Santosh Chokhani