Re: [pkix] Deployment Clarifications about RFC6960 - Section 2.2 and 4.4.8
Gervase Markham <gerv@mozilla.org> Fri, 14 November 2014 15:49 UTC
Return-Path: <gerv@mozilla.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00BD31A1A28 for <pkix@ietfa.amsl.com>; Fri, 14 Nov 2014 07:49:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gvir9h0KW7Po for <pkix@ietfa.amsl.com>; Fri, 14 Nov 2014 07:49:10 -0800 (PST)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2596A1A1A04 for <pkix@ietf.org>; Fri, 14 Nov 2014 07:49:10 -0800 (PST)
Received: from [86.172.148.252] (port=53011 helo=[192.168.1.72]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <gerv@mozilla.org>) id 1XpJ7T-0000FB-Kp; Fri, 14 Nov 2014 15:49:08 +0000
Message-ID: <54662471.8060500@mozilla.org>
Date: Fri, 14 Nov 2014 15:49:05 +0000
From: Gervase Markham <gerv@mozilla.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:33.0) Gecko/20100101 Thunderbird/33.0
MIME-Version: 1.0
To: "Dr. Massimiliano Pala" <massimiliano.pala@gmail.com>, "pkix@ietf.org" <pkix@ietf.org>
References: <54652E19.8050903@gmail.com>
In-Reply-To: <54652E19.8050903@gmail.com>
OpenPGP: id=9DF43DBB
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-BlackCat-Spam-Score: -28
X-Mythic-Debug: Threshold = On =
Archived-At: http://mailarchive.ietf.org/arch/msg/pkix/YqZbxoHcVxmb2PvPaEwSnAwyFyA
Subject: Re: [pkix] Deployment Clarifications about RFC6960 - Section 2.2 and 4.4.8
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2014 15:49:12 -0000
I wasn't involved in writing RFC 6960, but: On 13/11/14 22:18, Dr. Massimiliano Pala wrote: > In particular, by extending the responsibilities of the OCSP responders > to provide also information about the issuing status (instead of just > the revocation information) we might have potential deployment issues - > that is, for pre-computed responses, it seems difficult to make any > useful use of the Extender Revoked extension. This also applies for > other transport protocols that could be defined to make the OCSP > responses easily accessible (e.g., OCSP over DNS or OCSP over LDAP - not > currently standardized, but, I think, useful). As far as the web is concerned, HTTP (and stapling) is the way to go. CRL retrieval over LDAP (for example) is no longer supported by Firefox, if it ever was. > Also, I think there are some security considerations. The first one is > about protecting against certificate enumeration. Is that a security consideration, or a "protect a CA's business secrets" consideration? Regardless, CT means CAs in the Web PKI need to disclose everything anyway. Serial numbers remain random because randomness in certificate contents is a good "belt and braces" defence against various types of attack. > Historically, CRLs were the source of revocation information for the > OCSP. Yep. That's no longer possible, for the reasons you give. An OCSP responder is more than just a CRL-fragment-responder. > Unfortunately there is no standard for a signed "white" list - this > would be huge for many CAs. If CRLs are bad for sizes and they usually > are 10% of the overall population of certificates, the list of valid > certificates is quite huge and should be updated (and synchronized > throughout all the OCSP server cloud) each time a new certificate is > issued. This would mean that a CA has now to make 2 signatures each time > a certificate is issued - one of which over a huge file (the white list > itself). Why not just send a copy of the certificate itself? It's signed by the CA's key, and it is small. > As it is now, I would not implement the feature as I think it reduces > the overall security of the OCSP infrastructure. If your OCSP responder does not implement this feature, it will not be possible for any hierarchy which wishes to be CAB Forum BR-compliant to use your software. (I don't know whether this is a matter of concern for you or not.) Gerv
- [pkix] Deployment Clarifications about RFC6960 - … Dr. Massimiliano Pala
- Re: [pkix] Deployment Clarifications about RFC696… Gervase Markham
- Re: [pkix] Deployment Clarifications about RFC696… Massimiliano Pala