IETF Logo Mail Archive

Re: [pkix] New draft-ietf-pkix-rfc2560bis-06

Erwann Abalea <eabalea@gmail.com> Tue, 23 October 2012 07:07 UTC

Return-Path: <eabalea@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C91371F0C54 for <pkix@ietfa.amsl.com>; Tue, 23 Oct 2012 00:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K3A+Zav9xb3h for <pkix@ietfa.amsl.com>; Tue, 23 Oct 2012 00:07:06 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id E897E1F0429 for <pkix@ietf.org>; Tue, 23 Oct 2012 00:07:05 -0700 (PDT)
Received: by mail-wg0-f44.google.com with SMTP id dr13so1976226wgb.13 for <pkix@ietf.org>; Tue, 23 Oct 2012 00:07:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=C7WUn5n8h+3rOB4yhJypOLY9a1psVk81oo1K583eclc=; b=xb9kO6qy8sb96x5cgqGV7Sp6KIKb7peLcjOVLW6GkpBs4VohdSRxnxciQl0iDrqe2t h+FQr7kIA7ERj5bHSIACz0yLIE5GDGYqXDAA4VnvPhXirm7H5/fKd1srycb3dmpJK0Ss 1s++a62KDJRRW4V9MPTbsa7LkxopD+s0KOo4V5fYWrcqYXd1VaL0th02poS8PgIu3lD4 /Tf8nrnAoiVAGqRZwc/jrDbGnWt15DuF6aAgTkh4+pOGPIWc6UD830/cy0yxhmOjuCQY bL6ilafEBa8cvlkjgrF4NaBkUWDDFHaY7YnbEcc+pFsHudS7RY1/oihUNm23cgjSUNNo ZYOw==
MIME-Version: 1.0
Received: by 10.216.197.99 with SMTP id s77mr7280630wen.64.1350976024957; Tue, 23 Oct 2012 00:07:04 -0700 (PDT)
Received: by 10.223.133.194 with HTTP; Tue, 23 Oct 2012 00:07:04 -0700 (PDT)
In-Reply-To: <20121022215319.55EC71A2EB@ld9781.wdf.sap.corp>
References: <CANkYYy6nvWrE2U+xnnXa6kXu+WioE4+LZ+yd6cCiD8diBoHiLQ@mail.gmail.com> <20121022215319.55EC71A2EB@ld9781.wdf.sap.corp>
Date: Tue, 23 Oct 2012 09:07:04 +0200
Message-ID: <CA+i=0E5ELaACas2hJKAYKLJkZ8z3hS90z5PLOotCSCc35usQqA@mail.gmail.com>
From: Erwann Abalea <eabalea@gmail.com>
To: mrex@sap.com
Content-Type: text/plain; charset="UTF-8"
Cc: Peter Rybar <peterryb@gmail.com>, pkix@ietf.org, Stefan Santesson <stefan@aaa-sec.com>
Subject: Re: [pkix] New draft-ietf-pkix-rfc2560bis-06
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Oct 2012 07:07:06 -0000

Bonjour,

2012/10/22 Martin Rex <mrex@sap.com>:
> Simon Tardell wrote:
>>
>> I suggest that we use your current text plus that, if "revoked" is used
>> to say "never issued/not in database", the revocationReason should be
>> certificateHold and that revocationTime should be set to midnight Jan 1
>> 1950 (or some other time before the rise of PKI).
>
> I support the "revoked, ReasonCode=CertificateHold" for OCSP responders
> that can not find proof/indication that the cert in question was properly
> issued.

I don't think it's wise to use one reason code to cover two reasons.
The latest CAs we deployed want to have certificates issued in a
suspended state until the smartcard has been delivered, whence
"certificateHold" reason code, with CRLs filled in that way. For these
CAs, an OCSP responder will respond "certificateHold" for legitimate
certificates, and you're proposing to also reply "certificateHold" for
random serial numbers.

> The CertificateHold reason code is vitally important, because otherwise
> the CA would have to keep track of OCSP responses given out from the
> CA's OCSP responder that declared a serial as "permanently revoked"
> in order to ensure that the CA will never issue a cert with that serial
> in the future.  Looks like an unnecessary and easily avoidable burden to me.

This is why I don't think that declaring an unknown and potentially
random serial number as revoked is good. Nor useful.
An attacker will most likely intercept communications with the
responder and reply something like "unauthorized", or any unsigned
error code.

> I don't like the particular date Jan 1, 1950, for safety, a date >= 1970
> ought to be chosen (so that it does not get negative when converted
> to time_t, which has potential to confuse some code).
>
> And since the timestamp is a GeneralizedTime, the date ought to be
> given in exactly that format, e.g.  "700101010101Z"
>
> What also should be noted is that the optional OCSP SingleResponseExtension
> "CrlID" must not be used when this "not issued" certificate was not
> conveyed through a CRL--and there currently is no means to convey
> proof-of-cert-existence through CRLs unless they're revoked, and in the
> latter case there would be no "not issued" OCSP response to convey.

See, by declaring a non-issued certificate as revoked, you're asking
the CA to lie about its revocation date and declare it's not been
issued in a CRL. How can it be right?

> I believe it is very inappropriate for the spec to make any assumptions
> about why exactly the OCSP responder believes that a cert (serial) has not
> ever been issued.  The reason can be manyfold.  Besides an accidental or
> fraudulent deletion (attack), it may be something as simple as a
> database software bug.

Or invalid encoding in client, or wrong issuerKeyHash (the serial
exists, but for another CA), or random serial, or specially crafted
numbers, or unrecognized hash function, ... All these cases have been
spotted on our responders, and we haven't wrongly issued certificates.

-- 
Erwann.

v2.23.0 | Report a Bug | By Email