IETF Logo Mail Archive

Re: [pkix] New draft-ietf-pkix-rfc2560bis-06

mrex@sap.com (Martin Rex) Wed, 24 October 2012 22:47 UTC

Return-Path: <mrex@sap.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB21E21F8C90 for <pkix@ietfa.amsl.com>; Wed, 24 Oct 2012 15:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.212
X-Spam-Level:
X-Spam-Status: No, score=-10.212 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e7ickrfLuU7N for <pkix@ietfa.amsl.com>; Wed, 24 Oct 2012 15:47:27 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id E2F2421F8C97 for <pkix@ietf.org>; Wed, 24 Oct 2012 15:47:26 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id q9OMlMoU011998 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 25 Oct 2012 00:47:23 +0200 (MEST)
In-Reply-To: <04d801cdb238$2ac3f350$804bd9f0$@ditenity.com>
To: Piyush Jain <piyush@ditenity.com>
Date: Thu, 25 Oct 2012 00:47:21 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20121024224721.EE2201A2F3@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: 'Peter Rybar' <peterryb@gmail.com>, pkix@ietf.org, 'Stefan Santesson' <stefan@aaa-sec.com>
Subject: Re: [pkix] New draft-ietf-pkix-rfc2560bis-06
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2012 22:47:27 -0000

Piyush Jain wrote:
>  
>> The "cert hash" in the OCSP response option protects against
>> hash-collisions
>> and fraudulently issued without record of certs that re-use the serial of
>> regular valid certs to appear innocent from not being detectable.
>> 
>> So that cert hash should probably use at least SHA-256.  Being a new
>> protocol feature, that ought to be easy (we skipped SHA-1 in DANE as well).
> 
> [Piyush]  I think you mean appears to protect. 
> I hope people really don't start believing that this extension
> protects them from a CA compromise scenario.


You're confusing things.  The reason why this protection currently
does not work is not that there is a problem with conveying back
the hash, but that the current scheme to identify an authorized OCSP
responder cert is fatally flawed.

Fixing the authorized OCSP responder issue is by defining a new
attribute that is hardwired into the CA cert in order to establish
an alternative trust path.


The other thing you seem to totally discount is that not every
breach of the CAs security amounts to a full and thorough compromise,
i.e. that the attacker can get hold of an carry away the CA private
signature key.


-Martin

v2.23.0 | Report a Bug | By Email