Re: [pkix] New draft-ietf-pkix-rfc2560bis-06
mrex@sap.com (Martin Rex) Tue, 23 October 2012 13:41 UTC
Return-Path: <mrex@sap.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 047BB21F8704 for <pkix@ietfa.amsl.com>; Tue, 23 Oct 2012 06:41:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.21
X-Spam-Level:
X-Spam-Status: No, score=-10.21 tagged_above=-999 required=5 tests=[AWL=0.039, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aB+Z0g-uRsnK for <pkix@ietfa.amsl.com>; Tue, 23 Oct 2012 06:41:29 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id DA2F921F86E4 for <pkix@ietf.org>; Tue, 23 Oct 2012 06:41:28 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id q9NDfNXJ013092 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 23 Oct 2012 15:41:24 +0200 (MEST)
In-Reply-To: <CA+i=0E5EjhvqU+4fdtiEMO-gjGqjrSkbZ30S19VvgYie97jG5w@mail.gmail.com>
To: Erwann Abalea <eabalea@gmail.com>
Date: Tue, 23 Oct 2012 15:41:21 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20121023134121.9FD8D1A2EE@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: Peter Rybar <peterryb@gmail.com>, pkix@ietf.org, Stefan Santesson <stefan@aaa-sec.com>
Subject: Re: [pkix] New draft-ietf-pkix-rfc2560bis-06
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Oct 2012 13:41:30 -0000
Erwann Abalea wrote: > Martin Rex <mrex@sap.com> wrote: >> >> Erwann Abalea wrote: >> >> CertificateHold is EXACTLY the correct ReasonCode: >> >> It indicates that the CA has not issued a cert with the given serial >> >> *YET*, but it MAY eventually issue such a cert in the future >> >> (sometimes even in the _very_next_future_ ... i.e. it is about >> >> to become visible to the OCSP responder, but not visible yet). >> > >> > No. It indicates that the corresponding (existent) certificate has been >> > put on hold. >> > You're asking the CA to assert a status for a non-existent certificate. >> >> Where exactly does X.509 or PKIX require that a serial on a CRL >> will have to refer to an existing cert, i.e. one that the CA has >> positive proof to have issued. I (now) believe this is a completely >> flawed assumption. > > X.509, 7.3 > revokedCertificates identifies certificates that have been revoked. The > revoked certificates are identified by their serial > numbers. It uses serial numbers (and an implied isser name) to identify certificates in order for disambiguation. This is not a requirement that the serial refers to a cert that the CA has positive proof to have consciously issued/signed with its key. > > CRL as in "Certificate Revocation List", not as in "inexistent Certificate > Revocation List". > Fraudulently producing certificates is bad, but producing a CRL for > nonexistent certificate is good? Unconvincing. The C is to clarify that the CRL does not revoke Apples and neither Oranges, but Certificates. And in order to disambiguate between certs issued by the same CA, the list identifies/disambiguates certs by their serial number. You're arguing here that DigiNotar was "breaking" the OCSP protocol and hurting RPs when they decided to respond "revoked" to requests for certs for which they had no record of issuance. I believe it was perfectly reasonable, fully conforming and actively helping RPs. Do you realize that X.509 defines a "Revoked Group of certificates" crlExtension, with a "serialNumberRange" options. There is *NO* requirement that the CA has positively created/issued all certs within the range before it can use that extension. So the idea that a CRL can contain revocations for certs for which the CA does not have records of issuance is already part of X.509 08/2005! Distinguishing why in particular a specific serial in not on the cert isse record (accidentally lost, fraudulently deleted, created by a precomputed hash collision, whathaveyou) would be splitting hairs over a total non-issue. > > > CRLs and OCSP only assert a state to a certificate serial. > > Infering about existance/noexistance of certs is a logical fallacy. > > > The certificate is identified by its serial number (along with its issuer > name, of course). What is the meaning/value of a serial number that doesn't > identify anything? When an RP sends an OCSP with a particular serial, then the OCSP responder has to assume that the OCSP requestor is serious about his request and is actually looking at a *REAL* certificate. So it is perfectly valid and reasonable for the OCSP responder to refer to that cert from the request by the very same serial and return a "revoked, certificateHold" status when it can not find this serial on the certificate issue logs. > > > > What's next? Ask CAs to sign the next OCSP response with a > > > "removeFromCRL" > > > code for dumb serial numbers for which they replied "certificateHold"? > > Why > > > not also add a holdInstructionCode extension to the OCSP response, and > > > define proper codes? > > > > removeFromCRL doesn't make sense in an OCSP response, because OCSP does > > not hand out CRLs. > > But holdInstructionCode could make sense, right? If you ignore for a moment that holdInstructionCode was removed from X.509 08/2005 _and_ rfc5280/PKIX, then id-holdinstruction-reject is another STRONG hint that certificateHold was defined intentionally with a very broad scope, even though certificateHold at early stages might have been motivated by a few, very specific use cases. Sensible protocol designers will try to provide an abstraction for initial use cases in order to remain open and easily extensible for related usage scenarios in the future. Having to retrofit agility into a protocol can otherwise be very painful. And while the original 3 basic CertStatus { good, revoked, unknown } were evidently short-sighted, the CRLEntry ReasonCode "certificateHold" does not suffer from such a limitiation - YMMV. > >>> >>> With my "CA" hat, I see that OCSP is a hidden cost, and you want to make >>> it more costly. > > I have nothing against a "positive assertion", maybe the hash of the > certificate for which the responder produces a good answer. If the > responder can have access to an issuance log and pick useful authoritative > information from it and optionally deliver it with the response, I'm fine. > Asking for a signed response from a bogus request is different. The thread > then slept into producing a revoked response for bogus requests, and > discussing about what could a plausible reason code and revocation date be. Personally, I consider the original OCSP design, where the RP rather than the certified entity obtains the OCSP response, a fairly useless protocol for online authentication. With the TLS multiple-OCSP-stapling extension, where the cert bearer can obtain&refresh the OCSP responses for his own cert chain out-of-band, OCSP may become an alternative to CRL processing. > > I believe that a well-behaving CA shouldn't produce a CRL containing random > serial numbers provided by anonymous requesters. A "CRL request" is a simple download request. The RP does not convey any serials to the CA, and given the serial number space of 160 bits, it would be unfeasible for the CA to guess what cert serials an RP, who has just requested download of a CRL, is going to check between now an the next periodical CRL download. > > By extension, I believe that a well-behaving OCSP responder shouldn't > assert anything authoritative (either good or revoked) about a random > serial number. That's a fail for the "good" response because an OCSP > responder can be based on a blacklist, I don't think that changing "good" > into "revoked" is the right way to solve this problem. A well-behaving OCSP responder is one that does not let RPs fall for fraudulent certs when it knows pretty damn well that the cert that the RP is requesting the status, for can not possibly be a bona fide certificate. An OCSP responder that lets RPs down so recklessly does not count as trustworthy on my scorecard. (Bad dog, no cookie). -Martin
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Peter Rybar
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- [pkix] Straw-poll on OCSP responses for non-revok… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yngve Nysaeter Pettersen
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yoav Nir
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Miller, Timothy J.
- Re: [pkix] Straw-poll on OCSP responses for non-r… David Chadwick
- Re: [pkix] Straw-poll on OCSP responses for non-r… Art Allison
- Re: [pkix] Straw-poll on OCSP responses for non-r… Miller, Timothy J.
- Re: [pkix] Straw-poll on OCSP responses for non-r… Santosh Chokhani
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yoav Nir
- Re: [pkix] Straw-poll on OCSP responses for non-r… Peter Rybar
- Re: [pkix] Straw-poll on OCSP responses for non-r… Paul Hoffman
- Re: [pkix] Straw-poll on OCSP responses for non-r… Juan Gonzalez
- Re: [pkix] Straw-poll on OCSP responses for non-r… Max Pritikin (pritikin)
- Re: [pkix] Straw-poll on OCSP responses for non-r… Simon Tardell
- Re: [pkix] Straw-poll on OCSP responses for non-r… Carl Wallace
- Re: [pkix] Straw-poll on OCSP responses for non-r… Paul Hoffman
- Re: [pkix] Straw-poll on OCSP responses for non-r… Rick Robinson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Jeremy Rowley
- Re: [pkix] Straw-poll on OCSP responses for non-r… Melinda Shore
- Re: [pkix] Straw-poll on OCSP responses for non-r… Martin Rex
- Re: [pkix] Straw-poll on OCSP responses for non-r… Russ Housley
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Ritter
- Re: [pkix] Straw-poll on OCSP responses for non-r… Dr Stephen Henson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ryan Sleevi
- Re: [pkix] Straw-poll on OCSP responses for non-r… Johannes Merkle
- Re: [pkix] Straw-poll on OCSP responses for non-r… Denis Pinkas
- Re: [pkix] Straw-poll on OCSP responses for non-r… Art Allison
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ryan Hurst
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ben Wilson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] Straw-poll on OCSP responses fornon-re… Art Allison
- [pkix] Proposed resolution to non-issued certific… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Ritter
- Re: [pkix] Proposed resolution to non-issued cert… Tom Ritter
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Peter Gutmann
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Phillip Hallam-Baker
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Peter Rybar
- Re: [pkix] Proposed resolution to non-issued cert… Simon Tardell
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Peter Rybar
- Re: [pkix] Proposed resolution to non-issued cert… Simon Tardell
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Gindin
- Re: [pkix] Straw-poll on OCSP responses for non-r… Phillip Hallam-Baker