Re: [pkix] New draft-ietf-pkix-rfc2560bis-06
"Piyush Jain" <piyush@ditenity.com> Sat, 27 October 2012 05:19 UTC
Return-Path: <piyush@ditenity.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4369B21F851C for <pkix@ietfa.amsl.com>; Fri, 26 Oct 2012 22:19:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.365
X-Spam-Level:
X-Spam-Status: No, score=-3.365 tagged_above=-999 required=5 tests=[AWL=0.234, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQYOjWR4E2L6 for <pkix@ietfa.amsl.com>; Fri, 26 Oct 2012 22:19:13 -0700 (PDT)
Received: from mail-ia0-f172.google.com (mail-ia0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 5D3F621F84DF for <pkix@ietf.org>; Fri, 26 Oct 2012 22:19:13 -0700 (PDT)
Received: by mail-ia0-f172.google.com with SMTP id x24so873723iak.31 for <pkix@ietf.org>; Fri, 26 Oct 2012 22:19:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:x-mailer :thread-index:content-language:x-gm-message-state; bh=MYV8Ic6uQJLbdtyK2x8r9WHoUXhSOHYWCkLbgtXvoHc=; b=b+P2CY5GSGA1GwtMaTizuSy/Xuo51y2Jk0t5F0QM0UxI8ufKtfujctPrhJ8gIjGl9v 2sb63knVElMkzPl2FzNnsxdgk6Xr76DadOXox5J9FUQuQTVYNBHKG3GMuXA6P3TfUOiE orRj3ke3KxURHzIcqBVbzKRJhd3CVIh21LsLaG6mzNEwTEgEsROs6IKA65TyLYaOh0A1 WslzGxbwJALFKzWj5gaiH1n+HMKWApYkxc8hdKpAS7x5EpU8GEzFbkyJiWSKoG9LEuiw Re2grxOCLO/KoAhIT6QeNhMmJgpZ6dGPh/0rr2EN4XGlXFecZYD4nbYnUPUav9C4jjZm k/xQ==
Received: by 10.50.57.169 with SMTP id j9mr4228234igq.16.1351315152828; Fri, 26 Oct 2012 22:19:12 -0700 (PDT)
Received: from hp13 (75-25-128-241.lightspeed.sjcpca.sbcglobal.net. [75.25.128.241]) by mx.google.com with ESMTPS id uz12sm790032igb.16.2012.10.26.22.19.10 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 26 Oct 2012 22:19:11 -0700 (PDT)
From: Piyush Jain <piyush@ditenity.com>
To: mrex@sap.com
References: <009301cdb395$4d4307f0$e7c917d0$@ditenity.com> <20121027024433.90F6F1A301@ld9781.wdf.sap.corp>
In-Reply-To: <20121027024433.90F6F1A301@ld9781.wdf.sap.corp>
Date: Fri, 26 Oct 2012 22:19:08 -0700
Message-ID: <001201cdb402$98ab4d70$ca01e850$@ditenity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGteoQecwln33ZCyYx7A2RCgqKALpgNCHcw
Content-Language: en-us
X-Gm-Message-State: ALoCoQle4QhhHxVRtV1+L9FF0SEDNwEJLPNfUUtQXXWlHUenoooTyVCTgOB35hAlQ2We9AuY5pbH
Cc: pkix@ietf.org, 'Stefan Santesson' <stefan@aaa-sec.com>
Subject: Re: [pkix] New draft-ietf-pkix-rfc2560bis-06
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Oct 2012 05:19:14 -0000
> -----Original Message----- > From: Martin Rex [mailto:mrex@sap.com] > Sent: Friday, October 26, 2012 7:45 PM > To: Piyush Jain > Cc: mrex@sap.com; 'Peter Rybar'; pkix@ietf.org; 'Stefan Santesson' > Subject: Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 > > Piyush Jain wrote: > > > > > > The other thing you seem to totally discount is that not every > > > breach of the CAs security amounts to a full and thorough > > > compromise, i.e. that the attacker can get hold of an carry away the CA > private signature key. > > > > [Piyush] Here is the bulletin published by NIST that pertains to this > > issue > > http://csrc.nist.gov/publications/nistbul/july-2012_itl-bulletin.pdf > > NIST recommends revoking the certificate in case of impersonation and > > RA compromise and revoking the CA in case of CA system or CA private > > key compromise. > > > > Let us know if/why you disagree with these recommendations and the > > kind of compromise in which this extension would make sense. > > These recommendations are the longer version of > > "CA compromise can not possibly happen. If it happens anyhow, nuke the > PKI" > > > There are two things to do here: > > (1) do like NIST, openly admit that existing X.509/PKIX is defective > describe the consequences for the installed base in case you're using > X.509/PKIX. > [Piyush] I think that the conclusion is unfair - X.509/PKIX is defective because a few CAs get compromised. > (2) fix the architecture of X.509 so that the CA key is no longer > an unavoidable single-point-of-failure, and that the authentication > can be restored to secure operation after the breach is detected > for existing/deployed PKI credentials for use with RPs that use > (modified) OCSP for revocation checking, _even_ when the CA signing > key plus the OCSP signing key were captured by the attacker. > [Piyush] May be there is a silver bullet out there. But I have not seen one yet. None of the proposals here satisfy what you are asking. The closest one was from Phil some time ago where he informally proposed OCSP responder key should not be bound to the CA that issues EE certificate. And that one did not get any support here. BTW authentication can be restored by revoking the CA and reissuing the end entity certificates with a new key. Not saying that it is easy but it is doable, and unfortunately the only way to patch the vulnerabilities introduced by a CA compromise. > I'm fully aware that patching/updating a huge installed base is going to be a > significant effort, and drag along for quite a while. > It is worthwhile and should be done. > Been there, still fixing... (rfc5746, TLS secure renegotiation). > [Piyush] I'm all for improvement, the idea of overloading OCSP as it stands today is just a hack. I have not seen a single attack scenario where responding for so called un-issued certificates helps. People have been splitting hair by saying that even CA compromise can have different severance level. Unless you can document those and provide guidance on how this change would help, you are just adding to the confusion. > > I'm aware that original OCSP is limited in functionality to essentially splitting > CRL checking into two tasks, and that it wasn't seen a chance to remediate > the problem of a CA compromise through an independent trust path. So lets > fix it. > [Piyush] I think I fail to see the problem here. If CA is compromised, revoke the CA and reissue the ee with new CA key. If you have a proposal that allows the CA to operate securely even after a compromise, I'm all ears. > > -Martin
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Peter Rybar
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- [pkix] Straw-poll on OCSP responses for non-revok… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yngve Nysaeter Pettersen
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yoav Nir
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Miller, Timothy J.
- Re: [pkix] Straw-poll on OCSP responses for non-r… David Chadwick
- Re: [pkix] Straw-poll on OCSP responses for non-r… Art Allison
- Re: [pkix] Straw-poll on OCSP responses for non-r… Miller, Timothy J.
- Re: [pkix] Straw-poll on OCSP responses for non-r… Santosh Chokhani
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yoav Nir
- Re: [pkix] Straw-poll on OCSP responses for non-r… Peter Rybar
- Re: [pkix] Straw-poll on OCSP responses for non-r… Paul Hoffman
- Re: [pkix] Straw-poll on OCSP responses for non-r… Juan Gonzalez
- Re: [pkix] Straw-poll on OCSP responses for non-r… Max Pritikin (pritikin)
- Re: [pkix] Straw-poll on OCSP responses for non-r… Simon Tardell
- Re: [pkix] Straw-poll on OCSP responses for non-r… Carl Wallace
- Re: [pkix] Straw-poll on OCSP responses for non-r… Paul Hoffman
- Re: [pkix] Straw-poll on OCSP responses for non-r… Rick Robinson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Jeremy Rowley
- Re: [pkix] Straw-poll on OCSP responses for non-r… Melinda Shore
- Re: [pkix] Straw-poll on OCSP responses for non-r… Martin Rex
- Re: [pkix] Straw-poll on OCSP responses for non-r… Russ Housley
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Ritter
- Re: [pkix] Straw-poll on OCSP responses for non-r… Dr Stephen Henson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ryan Sleevi
- Re: [pkix] Straw-poll on OCSP responses for non-r… Johannes Merkle
- Re: [pkix] Straw-poll on OCSP responses for non-r… Denis Pinkas
- Re: [pkix] Straw-poll on OCSP responses for non-r… Art Allison
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ryan Hurst
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ben Wilson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] Straw-poll on OCSP responses fornon-re… Art Allison
- [pkix] Proposed resolution to non-issued certific… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Ritter
- Re: [pkix] Proposed resolution to non-issued cert… Tom Ritter
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Peter Gutmann
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Phillip Hallam-Baker
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Peter Rybar
- Re: [pkix] Proposed resolution to non-issued cert… Simon Tardell
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Peter Rybar
- Re: [pkix] Proposed resolution to non-issued cert… Simon Tardell
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Gindin
- Re: [pkix] Straw-poll on OCSP responses for non-r… Phillip Hallam-Baker