Re: [pkix] Straw-poll on OCSP responses for non-revoked certificates.
Tom Gindin <tgindin@us.ibm.com> Tue, 06 November 2012 02:08 UTC
Return-Path: <tgindin@us.ibm.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E1E511E80A5 for <pkix@ietfa.amsl.com>; Mon, 5 Nov 2012 18:08:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SLx07Q6wdzFz for <pkix@ietfa.amsl.com>; Mon, 5 Nov 2012 18:08:56 -0800 (PST)
Received: from e5.ny.us.ibm.com (e5.ny.us.ibm.com [32.97.182.145]) by ietfa.amsl.com (Postfix) with ESMTP id DAFB711E80CC for <pkix@ietf.org>; Mon, 5 Nov 2012 18:08:55 -0800 (PST)
Received: from /spool/local by e5.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <pkix@ietf.org> from <tgindin@us.ibm.com>; Mon, 5 Nov 2012 21:08:55 -0500
Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e5.ny.us.ibm.com (192.168.1.105) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 5 Nov 2012 21:08:53 -0500
Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 42CBD6E804F for <pkix@ietf.org>; Mon, 5 Nov 2012 21:08:52 -0500 (EST)
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id qA628qs6300760 for <pkix@ietf.org>; Mon, 5 Nov 2012 21:08:52 -0500
Received: from d01av04.pok.ibm.com (loopback [127.0.0.1]) by d01av04.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id qA628pRv016081 for <pkix@ietf.org>; Mon, 5 Nov 2012 21:08:52 -0500
Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.63.10.95]) by d01av04.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id qA628p9w016077; Mon, 5 Nov 2012 21:08:51 -0500
In-Reply-To: <CAMm+Lwic9ZvzapN-OLdpis_Q2V-mv24YbjGQnOcaT9baZ7BS1g@mail.gmail.com>
References: <20121029232328.BF5D91A309@ld9781.wdf.sap.corp> <CCB55CA3.52588%stefan@aaa-sec.com> <CAMm+Lwic9ZvzapN-OLdpis_Q2V-mv24YbjGQnOcaT9baZ7BS1g@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
MIME-Version: 1.0
X-KeepSent: 7D09602D:7E786A44-85257AAE:0007E349; type=4; name=$KeepSent
X-Mailer: Lotus Notes Build V853_CD5_06022011 June 02, 2011
From: Tom Gindin <tgindin@us.ibm.com>
Message-ID: <OF7D09602D.7E786A44-ON85257AAE.0007E349-85257AAE.000BCF3B@us.ibm.com>
Date: Mon, 05 Nov 2012 21:08:49 -0500
X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 8.5.3FP2 ZX853FP2HF2|October 8, 2012) at 11/05/2012 21:08:51, Serialize complete at 11/05/2012 21:08:51
Content-Type: text/plain; charset="US-ASCII"
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 12110602-5930-0000-0000-00000DDA1E37
Cc: "pkix@ietf.org" <pkix@ietf.org>, Stefan Santesson <stefan@aaa-sec.com>
Subject: Re: [pkix] Straw-poll on OCSP responses for non-revoked certificates.
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2012 02:08:57 -0000
Phill: Why do you think that a non-critical CRL entry extension will result in clients accepting the referenced cert? RFC 5280 5.3 says that RP's can ignore unrecognized extensions to an entry, not that they can ignore entries containing unrecognized extensions. A CRL entry without an extension (indeed, almost any CRL entry except one containing reasonCode removeFromCRL) implies that the certificate should be rejected for current use. So marking reason non-critical shouldn't hurt anything. Tom Gindin From: Phillip Hallam-Baker <hallam@gmail.com> To: Stefan Santesson <stefan@aaa-sec.com>, Cc: "pkix@ietf.org" <pkix@ietf.org> Date: 11/01/2012 09:46 AM Subject: Re: [pkix] Straw-poll on OCSP responses for non-revoked certificates. Sent by: pkix-bounces@ietf.org 1 and 3b Reading through the thread it appears that the poll has actually turned into 3a Do nothing 3b Add in unknown. But going back to the original straw poll, I think that it is pretty clear that any viable implementation of 'unknown' would have to be implemented as a CRL or OCSP entry that is marked 'Revoked' with a NON CRITICAL extension giving the revocation reason as 'It never existed' Marking the reason as non-critical looks like it is only going to result in the undesired behavior as clients will reject the CRL entry completely and accept the cert as good. Which is stupid behavior but so was not having the status 'never existed'. I would prefer the form of the OCSP 'does not exist' entry to specify a range of cert serial numbers that do not exist. This permits pre-signing of the responses and avoids a potential DoS issue. On Tue, Oct 30, 2012 at 5:52 AM, Stefan Santesson <stefan@aaa-sec.com> wrote: Before we loose everyone engaged in this, I would like to make a straw-poll: Background: A client may do a request for a certificate that has never been issued by the CA. This request may be done deliberately, by mistake or as a consequence of a compromised CA. The OCSP protocol does not require OCSP responders to have any knowledge about issued certificates. It must only know about revoked certificates that are within it's current validity period. However, some OCSP responders closely coupled with the CA may also know if a certificate with a particular serialNumber value has been issued or not. The following is agreed: - An OCSP responder is allowed to respond "good" to a status request for a non-revoked certificate, disregarding if it has ever been issued. - A client, having no additional out-of-band knowledge about the OCSP responder, will just know that the certificate is "not revoked" when receiving a "good" response, unless the response includes one or more response extensions that provides additional information. The following is debated: - Is an OCSP responder allowed to respond "revoked" even if a requested certificate serial number is not on the list of revoked certificates, IF the OCSP responder has positive knowledge that the requested serial number does NOT represent a valid certificate issued by the identified CA? Rationale for: There are a number of reasons to allow this that has been mentioned, such as: - It breaks nothing. A legitimate request for an issued certificate will get a legitimate deterministic response. - It's safer. Responding "revoked" may not prevent a compromised CA from being exploited. But if a request for a serialNumber that is known to be bad is done nevertheless, a "revoked" response will at least be safer than responding "good". - Allowing extension definitions with further semantics. A response extension may be defined in the future that adds more information about the requested certificate. This may include a positive confirmation that the certificate has been issued as well as information that this particular OCSP responder will only respond "good" if it knows that the requested certificate has been issued, otherwise it will respond "revoked". An extension with such semantics can only be defined if the base standard allows a status other than "good" in such situation. - Supporting Web-PKI. The CAB-Forum has indicated that they will profile the OCSP protocol for use with web server authentication. In such profile they have indicated that they will NOT allow the "good" response unless the requested certificate is known to have been issued. This means that they will require OCSP responder in their infrastructure to have this knowledge. Such profile would have to break the base OCSP standard if this states that "good" MUST be returned unless the certificate has been revoked. Rationale against: The basic rationale against raised on this list has been the argument that it is wrong and confusing to allow anything but "good" as a response to a non-revoked certificate (if the cert is issued by a CA that is served by this OCSP responder). Another strong opinion is that it basically does not solve anything. A broken CA is broken and can't be fixed by responding "revoked". It would be easy to adapt an attack to circumvent such response, for example by issuing a fake certificate that duplicates a legitimate serialNumber. Please reply with either: 1. Allow "revoked" response for a certificate that has not been "revoked" but where that OCSP responder for any other reason knows the certificate to be "bad". 2. Require that the OCSP responder MUST respond "good" in this situation. 3. Neither 1 or 2 (motivate). Note: both alternatives are placed in a context where the certificate is claimed to be issued by a CA that is served by this OCSP responder. The exact meaning of "bad" is for later discussion. Please keep any motivation short and do not use this thread for long debates. _______________________________________________ pkix mailing list pkix@ietf.org https://www.ietf.org/mailman/listinfo/pkix -- Website: http://hallambaker.com/ _______________________________________________ pkix mailing list pkix@ietf.org https://www.ietf.org/mailman/listinfo/pkix
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Peter Rybar
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- [pkix] Straw-poll on OCSP responses for non-revok… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yngve Nysaeter Pettersen
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yoav Nir
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Miller, Timothy J.
- Re: [pkix] Straw-poll on OCSP responses for non-r… David Chadwick
- Re: [pkix] Straw-poll on OCSP responses for non-r… Art Allison
- Re: [pkix] Straw-poll on OCSP responses for non-r… Miller, Timothy J.
- Re: [pkix] Straw-poll on OCSP responses for non-r… Santosh Chokhani
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yoav Nir
- Re: [pkix] Straw-poll on OCSP responses for non-r… Peter Rybar
- Re: [pkix] Straw-poll on OCSP responses for non-r… Paul Hoffman
- Re: [pkix] Straw-poll on OCSP responses for non-r… Juan Gonzalez
- Re: [pkix] Straw-poll on OCSP responses for non-r… Max Pritikin (pritikin)
- Re: [pkix] Straw-poll on OCSP responses for non-r… Simon Tardell
- Re: [pkix] Straw-poll on OCSP responses for non-r… Carl Wallace
- Re: [pkix] Straw-poll on OCSP responses for non-r… Paul Hoffman
- Re: [pkix] Straw-poll on OCSP responses for non-r… Rick Robinson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Jeremy Rowley
- Re: [pkix] Straw-poll on OCSP responses for non-r… Melinda Shore
- Re: [pkix] Straw-poll on OCSP responses for non-r… Martin Rex
- Re: [pkix] Straw-poll on OCSP responses for non-r… Russ Housley
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Ritter
- Re: [pkix] Straw-poll on OCSP responses for non-r… Dr Stephen Henson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ryan Sleevi
- Re: [pkix] Straw-poll on OCSP responses for non-r… Johannes Merkle
- Re: [pkix] Straw-poll on OCSP responses for non-r… Denis Pinkas
- Re: [pkix] Straw-poll on OCSP responses for non-r… Art Allison
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ryan Hurst
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ben Wilson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] Straw-poll on OCSP responses fornon-re… Art Allison
- [pkix] Proposed resolution to non-issued certific… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Ritter
- Re: [pkix] Proposed resolution to non-issued cert… Tom Ritter
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Peter Gutmann
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Phillip Hallam-Baker
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Peter Rybar
- Re: [pkix] Proposed resolution to non-issued cert… Simon Tardell
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Peter Rybar
- Re: [pkix] Proposed resolution to non-issued cert… Simon Tardell
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Gindin
- Re: [pkix] Straw-poll on OCSP responses for non-r… Phillip Hallam-Baker