Re: [pkix] A question regarding certificate status service delegation
Peter Rybár <peter.rybar@nbu.gov.sk> Tue, 24 November 2020 10:33 UTC
Return-Path: <prvs=5905de0e0=peter.rybar@nbu.gov.sk>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 539553A1CA5;
Tue, 24 Nov 2020 02:33:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.21
X-Spam-Level:
X-Spam-Status: No, score=-0.21 tagged_above=-999 required=5
tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001,
T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=nbu.gov.sk
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id L4CDltGk8XfR; Tue, 24 Nov 2020 02:32:59 -0800 (PST)
Received: from mail.gov.sk (mail.gov.sk [195.49.191.189])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 0FAFC3A1CA3;
Tue, 24 Nov 2020 02:32:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=nbu.gov.sk; i=@nbu.gov.sk; q=dns/txt; s=nbugovsk;
t=1606213977; x=1637749977;
h=from:to:cc:subject:date:message-id:references:
in-reply-to:mime-version;
bh=L33Ol/1GThSqtO8YT53S1e6ugs4JEYptG+iNat1dNqE=;
b=Z4hi+LKxpd5mXxa5/Aevc16kC0XdXw1y2GE429cGls8BjzfRZQayhXV2
2zkHxtJGXqfZceh6xJPkcOHLHL2TLDsWzDBTxwXNej9oo0nQC0+ze4yV2
qHYiorTNjNkhtprTL1pPeE20DXF8ftEyYBXX7K04/Sl7w/sCYr2jaysio
uaCghXMG7uENUTePpdrnPVSK8LhfQzNeU6SrvT1xQHm1Br6tYKdTXu9BK
d+hsV/4fSseU22IKENvFHtmSrfGzAwLKZERKChKWHvvJhyrFYXOhVbgae
vaYEkyGA7PugQXcYubbyFi63efCPMbFVV9L70O1VnMFP27rHSNFHpqJ9/ g==;
IronPort-SDR: +wrp3PlT6tt71Li6TJGPmFZw5SBC/cImUVycQNhXavU5AwfcOjBcVm5igSgiefzuSwdeKKtA5u
eB9PR5XYpPyA==
X-IronPort-AV: E=Sophos;i="5.78,366,1599516000";
d="jpg'145?png'145,150?scan'145,150,208,217,150,145";a="34366837"
X-ironport-allowed: yes
Received: from unknown (HELO gw.nbusr.sk) ([100.112.59.16])
by g2inmail.gov.sk with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
24 Nov 2020 11:32:53 +0100
Received: from MAIL.nbu.gov.sk ([10.0.245.11])
by gw.nbusr.sk with ESMTP id 0AOAWmtf092573;
Tue, 24 Nov 2020 11:32:48 +0100 (CET)
Received: from MAIL.nbu.gov.sk (10.0.245.11) by MAIL.nbu.gov.sk (10.0.245.11)
with Microsoft SMTP Server (TLS) id 15.0.1497.2;
Tue, 24 Nov 2020 11:32:36 +0100
Received: from MAIL.nbu.gov.sk ([::1]) by MAIL.nbu.gov.sk ([::1]) with mapi id
15.00.1497.006; Tue, 24 Nov 2020 11:32:35 +0100
From: =?iso-8859-2?Q?Peter_Ryb=E1r?= <peter.rybar@nbu.gov.sk>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Santosh Chokhani
<santosh.chokhani@gmail.com>
CC: Thomas Kopp <thomas.kopp@luxtrust.lu>,
=?iso-8859-2?Q?Alexandra_Ka=B5avsk=E1_Diani=B9kov=E1?=
<alexandra.dianiskova@nbu.gov.sk>, "pkix@ietf.org" <pkix@ietf.org>,
"rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>, "'pkix'"
<pkix-bounces@ietf.org>
Thread-Topic: [pkix] A question regarding certificate status service delegation
Thread-Index: AdbBrrkFh2Y1xbpbRWSjitYAMlxaswAElRGAAAXG8QAAAKhiAAAAGmCAAAma/oAAD+9LkA==
Date: Tue, 24 Nov 2020 10:32:35 +0000
Message-ID: <311168151ca848a28d1d6d751d3b6db1@MAIL.nbu.gov.sk>
References: <a2436a14b48c4db8af1ba5d0d550695c@luxtrust.lu>,
<08d601d6c1c9$6f882930$4e987b90$@gmail.com>
<1606167321110.54730@cs.auckland.ac.nz>,
<09cd01d6c1e3$2cd51f70$867f5e50$@gmail.com>,
<1606168627672.79913@cs.auckland.ac.nz>
<1606185129977.23561@cs.auckland.ac.nz>
In-Reply-To: <1606185129977.23561@cs.auckland.ac.nz>
Accept-Language: sk-SK, en-US
Content-Language: sk-SK
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.0.250.204]
Content-Type: multipart/related;
boundary="_006_311168151ca848a28d1d6d751d3b6db1MAILnbugovsk_";
type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/OZTEUFiUD8bJLzi4iwXy6op5JcQ>
X-Mailman-Approved-At: Wed, 25 Nov 2020 07:17:42 -0800
Subject: Re: [pkix] A question regarding certificate status service
delegation
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>,
<mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>,
<mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2020 10:33:02 -0000
Dear Peter, The link (http://www.cs.auckland.ac.nz/~pgut001/pubs/beta.zip) contains your lib instead of documents. Dear Santosh, (Both indirect CRL and OCSP delegation suffer from a class of errors or attacks without crypto binding.) When the trust anchors are included in the store which is under responsibility of the supervisory body (signed by supervisory body), as it is the trusted list in the European Union, then the attacks are fixed by including the extension in the trusted list as it is the trusted list of one of the Member States of the European Union. This extension contains unique identifier of the authorized issuer of the indirect CRL or of the issuer of OCSP responses and is included in the record of the issuer of the certificate and only such issuer is able to authorise any indirect issuers of CRLs or OCSP responses. The trusted list contains the record of the certificate issuer and the same record can contain also authorization for issuing e.g. indirect OCSP responses of certificates issued by this service. See the trusted list (TL) https://www.nbu.gov.sk/en/trust-services/trusted-list/index.html URL of TL http://tl.nbu.gov.sk/kca/tsl/tsl.xml Additional XSD where the extension URLContentTypeAndAuthorizedServiceList is defined: http://ep.nbu.gov.sk/kca/tsl/tlX509XMLSchemaDocumentation.pdf See the record which contains <Name xml:lang="en">(10) CA Disig</Name> This record contains also <tlx509:URLContentTypeAndAuthorizedServiceList> <tlx509:URLContentTypeAndAuthorizedService> <tlx509:URL>http://ocsp.nbu.gov.sk/ocsp/pqc</tlx509:URL> <tlx509:ContentType>application/ocsp-request</tlx509:ContentType> <tlx509:AuthorizedService> <tlx509:TLServiceIdentifier>TLISK-99</tlx509:TLServiceIdentifier> <tlx509:notBefore>2019-12-08T12:46:26Z</tlx509:notBefore> </tlx509:AuthorizedService> </tlx509:URLContentTypeAndAuthorizedService> </tlx509:URLContentTypeAndAuthorizedServiceList> The identifier TLISK-99 is the identifier of the record in the Slovak (SK) TL containing the element: <Name xml:lang="en">(99) NSA OCSP</Name> I also agree with the old document provided by Peter: https://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt For that reason I offer only the enveloped XML signature, e.g. used for the trusted list, in my QES application. https://www.nbu.gov.sk/en/trust-services/trusted-list/tl-and-qes-applications/index.html [cid:image003.jpg@01D6C255.8069BBB0] If the detached or enveloping XML signature formats are selected, then the selected format is switched to the CMS signature format and the following information is provided: [cid:image001.png@01D6C250.6914C770] Kind regards, Deputy Director COL Peter Rybár Regulation and Supervision Department | NSA Budatínska 30 | 851 06 Bratislava | Slovak Republic tel.: +421 2 6869 2163| fax: +421 2 6869 1700 peter.rybar@nbu.gov.sk<mailto:peter.rybar@nbu.gov.sk> | www.nbu.gov.sk<http://www.nbu.gov.sk/> Free QES application qes.webnode.sk/en/ <https://www.nbu.gov.sk/en/trust-services/trusted-list/tl-and-qes-applications/index.html> -----Original Message----- From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of Peter Gutmann Sent: Tuesday, November 24, 2020 3:32 AM To: Santosh Chokhani <santosh.chokhani@gmail.com>om>; 'pkix' <pkix-bounces@ietf.org>rg>; pkix@ietf.org; rfc-editor@rfc-editor.org Subject: Re: [pkix] A question regarding certificate status service delegation Santosh has forwarded me the two documents that describe the problem and given his OK to post them, since posting binaries to the list may be a breach of etiquette I've temporarily hosted them at: http://www.cs.auckland.ac.nz/~pgut001/pubs/beta.zip I'll take them down again in a day or two once people have had a chance to read them. Peter. From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of Santosh Chokhani Sent: Monday, November 23, 2020 7:50 PM To: 'Thomas Kopp' <thomas.kopp@luxtrust.lu>lu>; 'pkix' <pkix-bounces@ietf.org> Cc: pkix@ietf.org; rfc-editor@rfc-editor.org Subject: Re: [pkix] A question regarding certificate status service delegation On CRL, it is not a different CA, it is a different Authority (e.g., it need not be authorized to issue certificates). Both indirect CRL and OCSP delegation suffer from a class of errors or attacks without crypto binding. In 6960, some of us requested that the OCSP have crypto binding by requiring the CA to sign the Responder delegation certificate using the same key that the CA used to sign the certificate for which the Responder is authoritative. The language you see is compromise since some folks did not want to mandate crypto binding. Indirect CRLs are inherently vulnerable to lack of crypto binding problem and I would recommend against their usage. There is a mitigation I proposed in 2004 but no known client uses that mitigation. From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of Thomas Kopp Sent: Monday, November 23, 2020 10:39 AM To: pkix <pkix-bounces@ietf.org<mailto:pkix-bounces@ietf.org>> Cc: pkix@ietf.org<mailto:pkix@ietf.org>; rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org> Subject: [pkix] A question regarding certificate status service delegation Dear all, According to RFC 5280, a certificate issuer can delegate CRL issuance to a different CA which may particularly be part of a different hierarchy than the one the certificate issuer belongs to (cf. the crlDistributionPoints extension, specifically sections 4.2.1.13 and 6.3.3. (b) 1) of the RFC). By contrast, in the case of OCSP delegation, it is required that an OCSP responder belongs to the same hierarchy like the certificate issuer (cf. section 2.6 of RFC 6960). Which is the motivation for this latter limitation? Is it just the lack of an OCSP-specific certificate extension that corresponds to the CRL-related crlDistributionPoints extension or are there any other reasons; if yes, which ones ? [LuxTrust_logo_blue_signature] Thomas KOPP Chief Scientist Email: thomas.kopp@luxtrust.lu<mailto:thomas.kopp@luxtrust.lu> Mobile:+352 621 229 316 Office: +352 26 68 15 - 574 LuxTrust S.A. | IVY Building | 13-15, Parc d'activités | L-8308 Capellen | Luxembourg | www.luxtrust.lu<http://www.luxtrust.lu/> _______________________________________________ pkix mailing list pkix@ietf.org<mailto:pkix@ietf.org> https://www.ietf.org/mailman/listinfo/pkix
- [pkix] A question regarding certificate status se… Thomas Kopp
- Re: [pkix] A question regarding certificate statu… Santosh Chokhani
- Re: [pkix] A question regarding certificate statu… Peter Gutmann
- Re: [pkix] A question regarding certificate statu… Santosh Chokhani
- Re: [pkix] A question regarding certificate statu… Peter Gutmann
- Re: [pkix] A question regarding certificate statu… Todd E. Johnson
- Re: [pkix] A question regarding certificate statu… Peter Gutmann
- Re: [pkix] A question regarding certificate statu… Santosh Chokhani
- Re: [pkix] A question regarding certificate statu… Peter Gutmann
- Re: [pkix] A question regarding certificate statu… Niklas Matthies
- Re: [pkix] A question regarding certificate statu… Peter Rybár