Re: [pkix] OCSP Signing Certificate Key usage standards
daniel bryan <danbryan80@gmail.com> Mon, 04 April 2016 23:10 UTC
Return-Path: <danbryan80@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1292512D875 for <pkix@ietfa.amsl.com>; Mon, 4 Apr 2016 16:10:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xHTv-0d_CqJ for <pkix@ietfa.amsl.com>; Mon, 4 Apr 2016 16:10:24 -0700 (PDT)
Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27C8712D156 for <pkix@ietf.org>; Mon, 4 Apr 2016 16:10:24 -0700 (PDT)
Received: by mail-pa0-x22a.google.com with SMTP id fe3so153384830pab.1 for <pkix@ietf.org>; Mon, 04 Apr 2016 16:10:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=tEd70pjkJ1nHV08UpPaNpZ3IQqQTvzxbMBV4FhoEL0c=; b=SqP48L7iOl2fB1HAXYx7Kym/iasArx1rlcfH88aF4RopQ8+/Dv37iOowXLlCiFZ8ip d/YHlkU1fbTP5lbEbHc28F4RisiDCh3xQ6hCNRVNuy3IiWdOuaeoali6eHdJfhjK9cP8 VlhWYxmYXgMrtdOsDMepQZDO7aB3ijrimTsPHaDoF+6wzuboFYSToJ8zzF0MnF7/D8eB y5CSThqFPkaCTk4QRkEJH7T2+vGbwL9EGYTQkTEhJIPycgfTC6S+v0UDfqQfLvV+/sdh INeqKUEMCok6XjYtDu+NNV8HM3FZQF65BOjbG8JnBSE40NrPg3magqVcyn801rrBMl2z ntAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=tEd70pjkJ1nHV08UpPaNpZ3IQqQTvzxbMBV4FhoEL0c=; b=H+nFgJUJ9/qR/6fGb9MSs3Oz7cqPcSMJDeqjrzAlUJMadf4eqY5kGcGtVWwVaWPxF8 DK+fWiwuZwUtF56D4ixjWJUTJcn/3fjaUzC5uBq+Ab5iXqIQUz3g9NJwMYREM1DYMdkQ cy3qN/y3Q7KYGRZUz6iknNPyzH6NvkGjVM9nweUuR+Aak29o1fsWE/ezKwz4CeJtmgGM U/qNvpl2poig+SbjPeAT5EDbKe62Qf3gpGzSZk4mxn5xIsuYfZv2J88UXnUSV4l+xc59 pR4cxlWu+vrEpj2PVyxPnbBuLlGOM//Ug0ryhEns017IKm7nsLIlMlQISGm1uIe1tDsz beuw==
X-Gm-Message-State: AD7BkJIb6J49UtGgb7ybXNaM7S8zAjEWBQdo/alPuKoHCicHV6c6r3dSlEy/CNvddtuBuV/aM1ZHxFclpkSUSA==
X-Received: by 10.66.120.46 with SMTP id kz14mr57152697pab.61.1459811423679; Mon, 04 Apr 2016 16:10:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAJKvcBTk6i2K1QYCm3VaO1jOm9sNTi7R8_oUuRVuuhBnzcZw9w@mail.gmail.com> <054a01d18eaa$5dbdcf40$19396dc0$@ascertia.com>
In-Reply-To: <054a01d18eaa$5dbdcf40$19396dc0$@ascertia.com>
From: daniel bryan <danbryan80@gmail.com>
Date: Mon, 04 Apr 2016 23:10:13 +0000
Message-ID: <CAJKvcBTjeKWLrs=OB1TpaPhq4_MpJkQrU0bhj0m8R3MTck3SQQ@mail.gmail.com>
To: Liaquat Khan <liaquat.khan@ascertia.com>, pkix@ietf.org
Content-Type: multipart/alternative; boundary="047d7b0721da58fd2b052fb0d5a6"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/IYYd_ArIDxRCHYmjfUot4iBp74o>
Subject: Re: [pkix] OCSP Signing Certificate Key usage standards
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 23:10:26 -0000
Thanks for the info, I agree with you that it doesn't matter if 1 key, or all the keys are on the HSM, if the HSM is compromised, everything would need to rekeyed. On Mon, Apr 4, 2016 at 3:44 PM Liaquat Khan <liaquat.khan@ascertia.com> wrote: > Hi Daniel > > > > We have deployed both options in the past, although with a variation on > option 2 in that we generate separate PKCS#10 CSR from the same public key > to send to the different CAs. I don’t think there is much difference in > performance with either option, remember the OCSP responder needs to find > the right responder certificate to attach to the OCSP response even if it’s > using a single private key – although I have not specifically tested the > performance difference. In terms of security having separate keys is > better although if they are in an HSM compromise is unlikely and if somehow > one can be comprised then so can others. I am not aware of any specific > industry/standards-based guidance to help choose between these options. > > > > Regards > > LK > > > > *From:* pkix [mailto:pkix-bounces@ietf.org] *On Behalf Of *daniel bryan > *Sent:* 04 April 2016 20:07 > *To:* pkix@ietf.org > *Subject:* [pkix] OCSP Signing Certificate Key usage standards > > > > Hello, > > I am looking for guidance/standards on deploying an OCSP service in > specific regards to the key management of the OCSP Signing certificate. > > Suppose I have a service, and I want to provide certificate status on 20 > different certificate authorities using a "CA Designated responder" > described in section 2.2 of RFC 6960. Technically I have a few options: > > *Option #1:* Generate 20 Keys on my HSM, Create 20 PKCS 10s, Submit all > 20 for Signing to each CA. Import the Signed Certificate into my OCSP > service. > > *Option #2:* Generate 1 Key on the HSM, Create 1 PKCS 10 with a generic > CN, Submit 1 CSR to all 20 CA's. The CA will override the CN value during > Signing to reference their CA name, Import all 20 Signed certificates into > my OCSP service. > > Option #1 adds complexity to key management, could potentially have an > impact on signing speed. An advantage is that if a key is lost/compromised, > it would only involve troubling one CA instead of all. > > Option #2 will greatly simplify key management, and I speculate it will > increase the signing speed potential of the HSM, being that it doesn't have > to determine which key to use from a pool of 20 keys. Obviously the bad > side is, if we ever loose the key, I would have to get all 20 CAs to sign > another request. This is especially bad when the certs have the noCheck > extension. > > Here are my 2 questions: > > > > *Q1:* From a security perspective, is option #2 worth considering. > Simplification is a huge priority, but security is a must. > > *Q2:* Does the IETF/cabforum/Any other authority provide > guidance/standards on key management in this situation that I can use to > support/defend the choice? > > Thanks, > > --Dan >
- [pkix] OCSP Signing Certificate Key usage standar… daniel bryan
- Re: [pkix] OCSP Signing Certificate Key usage sta… Liaquat Khan
- Re: [pkix] OCSP Signing Certificate Key usage sta… daniel bryan
- Re: [pkix] OCSP Signing Certificate Key usage sta… Dr. Pala
- Re: [pkix] OCSP Signing Certificate Key usage sta… Dr. Massimiliano Pala
- Re: [pkix] OCSP Signing Certificate Key usage sta… Dr. Pala
- Re: [pkix] OCSP Signing Certificate Key usage sta… Dr. Pala
- Re: [pkix] OCSP Signing Certificate Key usage sta… Dr. Pala
- Re: [pkix] OCSP Signing Certificate Key usage sta… daniel bryan
- Re: [pkix] OCSP Signing Certificate Key usage sta… Dr. Pala