Re: [pkix] RFC 6960 section 4.2.2.2. question
Santosh Chokhani <schokhani@cygnacom.com> Sun, 15 February 2015 14:44 UTC
Return-Path: <schokhani@cygnacom.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C71D31A1EEA for <pkix@ietfa.amsl.com>; Sun, 15 Feb 2015 06:44:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.61
X-Spam-Level:
X-Spam-Status: No, score=-1.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Nt9ulJZbU1i for <pkix@ietfa.amsl.com>; Sun, 15 Feb 2015 06:44:13 -0800 (PST)
Received: from ipesa1.cygnacom.com (ipesa1.cygnacom.com [65.242.48.200]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3AE01A1C02 for <pkix@ietf.org>; Sun, 15 Feb 2015 06:44:12 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AssFAEaw4FQKPDLZ/2dsb2JhbABbgkNDUloEwjKFdQKBDkMBAQEBAQF8hAwBAQEELVwCAQUDDQQEAQEoBzIUCQgBAQQBEgiIJQXOYwEBAQEBAQEBAQEBAQEBAQEBAQEBAReKP02BPYM2AQaEJAWfVIwoIoICHIFQPjGBRH8BAQE
X-IronPort-AV: E=Sophos;i="5.09,581,1418101200"; d="scan'208,217";a="35951"
Received: from unknown (HELO svaexch2.cygnacom.com) ([10.60.50.217]) by ipesa1.cygnacom.com with ESMTP; 15 Feb 2015 09:44:08 -0500
Received: from svaexch1.cygnacom.com (10.60.50.216) by svaexch2.cygnacom.com (10.60.50.217) with Microsoft SMTP Server (TLS) id 15.0.913.22; Sun, 15 Feb 2015 09:44:09 -0500
Received: from svaexch1.cygnacom.com ([fe80::b53e:f4f1:9071:563e]) by svaexch1.cygnacom.com ([fe80::b53e:f4f1:9071:563e%12]) with mapi id 15.00.0913.011; Sun, 15 Feb 2015 09:44:08 -0500
From: Santosh Chokhani <schokhani@cygnacom.com>
To: Antanas Živatkauskas <Antanas.Zivatkauskas@gyvreg.lt>, "David A. Cooper" <david.cooper@nist.gov>, "'pkix@ietf.org'" <pkix@ietf.org>
Thread-Topic: [pkix] RFC 6960 section 4.2.2.2. question
Thread-Index: AdBHiL8RA0CkdGMZQ7OvyuRXQLKqlwARONNwAAv4jIAAHYoxAAAuaFFg
Date: Sun, 15 Feb 2015 14:44:08 +0000
Message-ID: <88626183739549a1b23028251cc50882@svaexch1.cygnacom.com>
References: <02c3425c45974d09861b79e078dd23f1@rcmail.kada.lan> <1628fc57677b4fa4a5ba9b59da1e3a94@svaexch1.cygnacom.com>, <54DE6BD1.9030703@nist.gov> <1423913471668.74024@gyvreg.lt>
In-Reply-To: <1423913471668.74024@gyvreg.lt>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [71.191.89.116]
Content-Type: multipart/alternative; boundary="_000_88626183739549a1b23028251cc50882svaexch1cygnacomcom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/fwYMdD1X3rkvr7SQGQgAPpwRV-E>
Subject: Re: [pkix] RFC 6960 section 4.2.2.2. question
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Feb 2015 14:44:18 -0000
Based on Section 2.2 which states "a Trusted Responder whose public key is trusted by the requestor" I would say that you can still trust a locally configured OCSP Responder and be compliant with the RFC. From: Antanas Živatkauskas [mailto:Antanas.Zivatkauskas@gyvreg.lt] Sent: Saturday, February 14, 2015 6:31 AM To: David A. Cooper; Santosh Chokhani; 'pkix@ietf.org' Subject: Re: [pkix] RFC 6960 section 4.2.2.2. question What I am trying to understand in other words is whether systems or applications that rely on OCSP responses are still free to use local configuration of OCSP signing authority for the certificate in question even when the OCSP responses they get contain the delegation certificate which is signed by the same key as the certificate being checked for revocation? You say that the text is not imposing a constraint on relying parties, meaning that the answer to the question above is "Yes". However for me it seems to conflict with the note which says: such a practice is strongly discouraged, since clients are not required to recognize a responder with such a certificate as an Authorized Responder. This statement I interpret in the following way: clients are NOT REQUIRED to recognize responder if it is using a diffent key for delegation certificate as the one which signed certificate being checked for revocation which implies they are REQUIRED to recognize responder if the two keys are the same and consequently it does not matter what local configuration of OCSP signing authority they use. I am still confused ... ________________________________ From: David A. Cooper <david.cooper@nist.gov<mailto:david.cooper@nist.gov>> Sent: Friday, February 13, 2015 11:25 PM To: Santosh Chokhani; Antanas Živatkauskas; 'pkix@ietf.org' Subject: Re: [pkix] RFC 6960 section 4.2.2.2. question Actually, this is not what the text is trying to say. The text is not imposing a constraint on relying parties, it is only saying that relying parties are not required to be able to handle the case in which the CA uses different keys to sign the certificate in question and the delegation certificate. As noted in RFC 6960, RFC 2560 was very clear that it did not impose such a constraint. Here is the quoted text with more context included, which makes it clear that the text is not imposing a constraint on relying parties: The CA SHOULD use the same issuing key to issue a delegation certificate as that used to sign the certificate being checked for revocation. Systems relying on OCSP responses MUST recognize a delegation certificate as being issued by the CA that issued the certificate in question only if the delegation certificate and the certificate being checked for revocation were signed by the same key. Note: For backwards compatibility with RFC 2560 [RFC2560], it is not prohibited to issue a certificate for an Authorized Responder using a different issuing key than the key used to issue the certificate being checked for revocation. However, such a practice is strongly discouraged, since clients are not required to recognize a responder with such a certificate as an Authorized Responder. I think the reason that the word "recognize" was used instead of "accept" is that verifying that the certificate in question and the delegation certificate were issued by the same CA is neither necessary nor sufficient to accept a response. The relying party could accept the response based on its being signed by a locally-trusted responder, and the relying party could reject the response for other reasons (e.g., response is too old or does not provide information about the certificate in question). On 02/13/2015 03:59 PM, Santosh Chokhani wrote: To me it is saying that the relying party must only accept CA-delegated OCSP Responder certificate only if both certificates were signed using the same key. It is trying to disambiguate a purported ambiguity in 2560. BTW, the two certificates are: OCSP Responder certificate and the certificate whose status is being checked by the OCSP Responder. This constraint provides simple crypto binding to the delegation. From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of Antanas Živatkauskas Sent: Friday, February 13, 2015 7:36 AM To: 'pkix@ietf.org<mailto:pkix@ietf.org>' Subject: [pkix] RFC 6960 section 4.2.2.2. question Need help in interpreting the following statement in RFC 6960 section 4.2.2.2. Authorized Responders: "Systems relying on OCSP responses MUST recognize a delegation certificate as being issued by the CA that issued the certificate in question only if the delegation certificate and the certificate being checked for revocation were signed by the same key." It is not really clear if it is a must for systems relying on OCSP responses in all cases accept a delegation certificate as long as CA uses "the same issuing key to issue a delegation certificate as that used to sign the certificate being checked for revocation", so that the alternative option of providing "a means of locally configuring one or more OCSP signing authorities and specifying the set of CAs for which each signing authority is trusted" is irrelevant. Is the word RECOGNIZE in the excerpt above interchangable with the word ACCEPT? If not, what is the meaning of RECOGNIZE, respectively the purpose of such recognition? -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean.
- [pkix] RFC 6960 section 4.2.2.2. question Antanas Živatkauskas
- Re: [pkix] RFC 6960 section 4.2.2.2. question Santosh Chokhani
- Re: [pkix] RFC 6960 section 4.2.2.2. question David A. Cooper
- Re: [pkix] RFC 6960 section 4.2.2.2. question Antanas Živatkauskas
- Re: [pkix] RFC 6960 section 4.2.2.2. question Santosh Chokhani