IETF Logo Mail Archive

Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15

mrex@sap.com (Martin Rex) Tue, 02 April 2013 20:05 UTC

Return-Path: <mrex@sap.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0495C21F8D29 for <pkix@ietfa.amsl.com>; Tue, 2 Apr 2013 13:05:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.249
X-Spam-Level:
X-Spam-Status: No, score=-10.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W7f0VLKw8kXl for <pkix@ietfa.amsl.com>; Tue, 2 Apr 2013 13:05:45 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 81D2421F8CF4 for <pkix@ietf.org>; Tue, 2 Apr 2013 13:05:45 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id r32K5Z2b029549 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 2 Apr 2013 22:05:35 +0200 (MEST)
In-Reply-To: <033501ce2fcf$ac7f4240$057dc6c0$@ditenity.com>
To: Piyush Jain <piyush@ditenity.com>
Date: Tue, 02 Apr 2013 22:05:34 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20130402200534.EC2211A68A@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: 'Stefan Santesson' <stefan@aaa-sec.com>, sts@aaa-sec.com, pkix@ietf.org
Subject: Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 20:05:47 -0000

Piyush Jain wrote:
> > The original guidance in rfc2560 for thisUpdate/nextUpdate
> > is fine with me.
> 
> [Piyush] Which original guidance? There is a note that says that these
> values correspond to the values in the CRL.

The meaning of thisUpdate/nextUpdate as described in rfc2560 section 2.4:

   http://tools.ietf.org/html/rfc2560#section-2.4

   2.4 Semantics of thisUpdate, nextUpdate and producedAt

   Responses can contain three times in them - thisUpdate, nextUpdate
   and producedAt. The semantics of these fields are:

   - thisUpdate: The time at which the status being indicated is known
                 to be correct
   - nextUpdate: The time at or before which newer information will be
                 available about the status of the certificate
   - producedAt: The time at which the OCSP responder signed this
                 response.

   If nextUpdate is not set, the responder is indicating that newer
   revocation information is available all the time.


> 
> > You specific guidance on nextUpdate := current Time is actually
> problematic!
> >   http://tools.ietf.org/html/rfc2560#section-4.2.2.1
> > 
> >                Responses whose nextUpdate value is earlier than
> >    the local system time value SHOULD be considered unreliable.
> > 
> > because a nextUpdate = "current Time" on the OCSP responder may often
> > result in nextUpdate < "current Time" on the OCSP client when processing
> > the OCSP response.
>
> [Piyush] Servers typically add a skew and clients typically assume a skew
> when they process the response.


I tend to distinguish these three:
  -  servers defensively adding "slack" (when creating timestamps),
     positive slack for timestamps in the future, negative slack for
     timestamps that represent current time or time in the past.
  -  clients accounting for clock skew when comparing timestamps
     from received or cached PDUs to current time
  -  clients additionally allowing a grace period for revocation
     information that is outdated (i.e. beyond it's accompanying nextUpdate)


During verification of CRLs, my client code ignores thisUpdate, does
_not_ use a clock skew for nextUpdate, and would allow a user-configurable
grace period.


> > 
> > The semantics that you might have been looking for is "nextUpdate not
> set".
> 
> [Piyush] Agreed. Not set implies newer responses are available all the time.

The "nextUpdate not set" semantics also discourages a client from caching
this revocation information.  There may be situations or environments,
when this is desired, but the impact on the client processing latency and
OCSP responder load should be carefully weighed.


> 
> > 
> > I believe, however, that the OCSP responder should not return "nextUpdate
> > not set" for the not-issued situation if it would return nextUpdate
> > several hours or days into the future for "good", "unknown"
> > or CRL-originated "certificateHold" situations.
>
> [Piyush] What is the reason for this belief? I bet it contradicts with the
> rationale behind marking the reason code as "onHold".

Technically, the "good" status is no less temporary than the certificateHold
status (that includes the CA-asserted and CRL-published certificateHold).


-Martin

v2.23.0 | Report a Bug | By Email