IETF Logo Mail Archive

Re: [pkix] RFC 6960 section 4.2.2.2. question

"David A. Cooper" <david.cooper@nist.gov> Fri, 13 February 2015 21:26 UTC

Return-Path: <david.cooper@nist.gov>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E74F1A1A58 for <pkix@ietfa.amsl.com>; Fri, 13 Feb 2015 13:26:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.187
X-Spam-Level:
X-Spam-Status: No, score=-3.187 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j4kZH1z67wbV for <pkix@ietfa.amsl.com>; Fri, 13 Feb 2015 13:25:49 -0800 (PST)
Received: from wsget2.nist.gov (wsget2.nist.gov [129.6.13.151]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9709B1A1A91 for <pkix@ietf.org>; Fri, 13 Feb 2015 13:25:47 -0800 (PST)
Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget2.nist.gov (129.6.13.151) with Microsoft SMTP Server (TLS) id 14.3.224.2; Fri, 13 Feb 2015 16:26:10 -0500
Received: from postmark.nist.gov (129.6.16.94) by WSXGHUB1.xchange.nist.gov (129.6.18.96) with Microsoft SMTP Server (TLS) id 8.3.389.2; Fri, 13 Feb 2015 16:25:46 -0500
Received: from [129.6.54.72] (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id t1DLPbe7023862; Fri, 13 Feb 2015 16:25:37 -0500
Message-ID: <54DE6BD1.9030703@nist.gov>
Date: Fri, 13 Feb 2015 16:25:37 -0500
From: "David A. Cooper" <david.cooper@nist.gov>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Santosh Chokhani <schokhani@cygnacom.com>, Antanas Živatkauskas <Antanas.Zivatkauskas@gyvreg.lt>, "'pkix@ietf.org'" <pkix@ietf.org>
References: <02c3425c45974d09861b79e078dd23f1@rcmail.kada.lan> <1628fc57677b4fa4a5ba9b59da1e3a94@svaexch1.cygnacom.com>
In-Reply-To: <1628fc57677b4fa4a5ba9b59da1e3a94@svaexch1.cygnacom.com>
Content-Type: text/html; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-NIST-MailScanner-Information:
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/N3iwG1v7DZZL1cxXusHMLWNDCWc>
Subject: Re: [pkix] RFC 6960 section 4.2.2.2. question
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2015 21:26:04 -0000

Actually, this is not what the text is trying to say. The text is not imposing a constraint on relying parties, it is only saying that relying parties are not required to be able to handle the case in which the CA uses different keys to sign the certificate in question and the delegation certificate. As noted in RFC 6960, RFC 2560 was very clear that it did not impose such a constraint.

Here is the quoted text with more context included, which makes it clear that the text is not imposing a constraint on relying parties:

   The CA SHOULD use the same issuing key to issue a delegation
   certificate as that used to sign the certificate being checked for
   revocation.  Systems relying on OCSP responses MUST recognize a
   delegation certificate as being issued by the CA that issued the
   certificate in question only if the delegation certificate and the
   certificate being checked for revocation were signed by the same key.

   Note: For backwards compatibility with RFC 2560 [RFC2560], it is not
         prohibited to issue a certificate for an Authorized Responder
         using a different issuing key than the key used to issue the
         certificate being checked for revocation.  However, such a
         practice is strongly discouraged, since clients are not
         required to recognize a responder with such a certificate as an
         Authorized Responder.

I think the reason that the word "recognize" was used instead of "accept" is that verifying that the certificate in question and the delegation certificate were issued by the same CA is neither necessary nor sufficient to accept a response. The relying party could accept the response based on its being signed by a locally-trusted responder, and the relying party could reject the response for other reasons (e.g., response is too old or does not provide information about the certificate in question).

On 02/13/2015 03:59 PM, Santosh Chokhani wrote:

To me it is saying that the relying party must only accept CA-delegated OCSP Responder certificate only if both certificates were signed using the same key.  It is trying to disambiguate a purported ambiguity in 2560.

 

BTW, the two certificates are: OCSP Responder certificate and the certificate whose status is being checked by the OCSP Responder.

 

This constraint provides simple crypto binding to the delegation.

 

From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of Antanas Živatkauskas
Sent: Friday, February 13, 2015 7:36 AM
To: 'pkix@ietf.org'
Subject: [pkix] RFC 6960 section 4.2.2.2. question

 

 

Need help in interpreting the following statement in RFC 6960 section 4.2.2.2.  Authorized Responders:

 

“Systems relying on OCSP responses MUST recognize a

delegation certificate as being issued by the CA that issued the

certificate in question only if the delegation certificate and the

certificate being checked for revocation were signed by the same key.”

 

It is not really clear if it is  a must for systems relying on OCSP responses in all cases accept a delegation certificate as long as CA uses “the same issuing key to issue a delegation certificate as that used to sign the certificate being checked for revocation”, so that the alternative option of providing “a means of locally configuring one or more OCSP signing authorities and specifying the set of CAs for which each signing authority is trusted” is irrelevant.

 

Is the word RECOGNIZE in the excerpt above interchangable with the word ACCEPT?

If not, what is the meaning of RECOGNIZE, respectively the purpose of such recognition?

 

 


--
This message has been scanned for viruses and
dangerous content by http://www.mailscanner.info/" rel="nofollow">MailScanner, and is
believed to be clean. 



_______________________________________________
pkix mailing list
pkix@ietf.org
https://www.ietf.org/mailman/listinfo/pkix" rel="nofollow">https://www.ietf.org/mailman/listinfo/pkix

v2.29.0 | Report a Bug | By Email | System Status