[pkix] Clarification on OCSP with nonce
Koichi Sugimoto <koichi.sugimoto@globalsign.com> Mon, 12 March 2018 10:06 UTC
Return-Path: <koichi.sugimoto@globalsign.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AD09127275 for <pkix@ietfa.amsl.com>; Mon, 12 Mar 2018 03:06:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=globalsign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id leL9y7qZjrZE for <pkix@ietfa.amsl.com>; Mon, 12 Mar 2018 03:06:54 -0700 (PDT)
Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sg2apc01on0130.outbound.protection.outlook.com [104.47.125.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65F28127241 for <pkix@ietf.org>; Mon, 12 Mar 2018 03:06:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=globalsign.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kakHzY3Ct0gtDOkWLuXX6zarHvFGThggK42v1CfKkm8=; b=QhFDpPtMvEr9vHqOAIyCtja6Y7RO5BHb0nG1SwRv93+r+dqukPKVwv9NZUt0+45DJweDmPpsF5FAg2PPZOMcE+I0umcncK0xawLOTKFYaVKu9Ftm+kHIcJHq+dUOHD2jnIdusUScmPlIvlqdeMsP4eakNpJBv+3sQNhG/QAIdoc=
Received: from SG2PR03MB1421.apcprd03.prod.outlook.com (10.169.54.19) by SG2PR03MB0681.apcprd03.prod.outlook.com (10.161.8.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.588.7; Mon, 12 Mar 2018 10:06:50 +0000
Received: from SG2PR03MB1421.apcprd03.prod.outlook.com ([fe80::819f:c1c7:12d9:22f2]) by SG2PR03MB1421.apcprd03.prod.outlook.com ([fe80::819f:c1c7:12d9:22f2%4]) with mapi id 15.20.0588.013; Mon, 12 Mar 2018 10:06:50 +0000
From: Koichi Sugimoto <koichi.sugimoto@globalsign.com>
To: "pkix@ietf.org" <pkix@ietf.org>
Thread-Topic: Clarification on OCSP with nonce
Thread-Index: AdO54ZappleqL/mlQlio22X3ngYxHw==
Date: Mon, 12 Mar 2018 10:06:50 +0000
Message-ID: <SG2PR03MB1421D2648D78F83D159828999DD30@SG2PR03MB1421.apcprd03.prod.outlook.com>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [27.121.42.217]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SG2PR03MB0681; 6:uFJBFbXLkVcl/fUdF7MZPtgVgcyJcExDqvWqQJ3Y/dFAkdkZdRCYME208OAqn5Jqj0HpHdy7lpJmJrJT7+SZP4524Z3XIU/JB7Q+ZwdYV5HBz8kqvClYzTQPHXlfHW80NPwxQVoyXtkX0+cqnG6J4lbHQWDNcjdHtx2hmHKF+6DY2B8E23ojz+NO5ElwUZ7mxHH7iHd+fcE66cioL9qDjPO311D4O/Ft3m/MFtMLmeC12Xah5oefOAUWp6Ze7TjPXEKADxGwQO/GWaOOD2qbORaS3tXl9hxEKDoHXF8bhLoEjOAkvtq2cHcZqAHUFVvg2a5q8aY7II7qdXKZYhsdYoX/yEuPbyoWBKTHI9MUdGglnbdHRCS93eY2Vi7h9cWC; 5:prcPW36KTBOmg9YXPEy4JyPANuPgXMVftW5hrP83d/VYfvga7Qef7fCW55K9244Zz+ReZyO/JF2ch2atbBZNMq2n5AIA8fcEa2e+xPAJmA7pgPn4F7/6eS39xQqeuGopq1OUE742EL5xkg1rT3lARdYQWOFrlOyMI3krRjRTS40=; 24:x5EQMxuANKfVJ/zMzKUD/mrocxHrY6tIoIbr/Sg1+X5V2oEuGXtlJP92/4d6JiCJRwS++mUBcgVJcDvSLw659YCgr7f2hf4ILAkZpCQHBXI=; 7:96zq/cMORRUxrRZL0IfqJLHveEH0MvCF+i96H+lYKOGHzNeDkQzCKpbUHhvJmiNt+YMd0tfAoNPElbYl+ot/OJ6H55vMpe9XTIR2cZJPfR/Goe14QWXKNNbyS54E3Z2mucRLB90drRFXCv/IbzkDxO1sXkGz6IOl5bWQHoCkE6Zhfw5DCkO4nsu9i14W5o+vBKVE0IBVHA7CenT9KKEAroq32hWKXBtYGjzgYoXJ0ooEKGeWxNDwueE5T76eiQR8
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 2545dcae-26d1-4d89-7d05-08d58800f957
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SG2PR03MB0681;
x-ms-traffictypediagnostic: SG2PR03MB0681:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=koichi.sugimoto@globalsign.com;
x-microsoft-antispam-prvs: <SG2PR03MB0681893CC7374BF8C4F6A0DA9DD30@SG2PR03MB0681.apcprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(6041310)(20161123564045)(201703131423095)(201703011903075)(201702281528075)(20161123555045)(201703061421075)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:SG2PR03MB0681; BCL:0; PCL:0; RULEID:; SRVR:SG2PR03MB0681;
x-forefront-prvs: 06098A2863
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7966004)(39850400004)(346002)(396003)(366004)(376002)(39380400002)(199004)(189003)(2351001)(6916009)(5660300001)(5640700003)(316002)(33656002)(1730700003)(59450400001)(6506007)(6436002)(81166006)(8676002)(14454004)(81156014)(53936002)(7736002)(186003)(106356001)(99286004)(74316002)(3280700002)(102836004)(5250100002)(2906002)(2501003)(6116002)(9686003)(105586002)(6306002)(68736007)(2900100001)(86362001)(3846002)(54896002)(8936002)(508600001)(7696005)(55016002)(26005)(25786009)(97736004)(66066001)(3660700001); DIR:OUT; SFP:1102; SCL:1; SRVR:SG2PR03MB0681; H:SG2PR03MB1421.apcprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: globalsign.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 6FXyzFv79rYcrPUvIqPoX6IP30L6gyGAax+8qRXK7xCbrj5jjXqJQa9axKDDlBWOmxloBldZVYACdU6xV/+iLGoSaQmecjKshJKmRI4UwsRBGNuXXjgUqnXTPSnenRhRcFuFDdVnPul48PEoUMVhL+geXo8RV0isHWUxNpST218wBdBQeWOVuOaDwVFz0u0gZR3j1Wmg9pJQJxf71oXlFSmDpaeTvgWJ2zm4JqxFbszApruCNafHBRKBvw+bXMnXPaQ+5i/LNgDqxHMnyDHK+ggXWZp18wakFT1ffDjI2ZA9dYrMQ6HNbQ+Ibfl5jjfFMtf6FQnWMBQlmdidvO6iOg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SG2PR03MB1421D2648D78F83D159828999DD30SG2PR03MB1421apcp_"
MIME-Version: 1.0
X-OriginatorOrg: globalsign.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2545dcae-26d1-4d89-7d05-08d58800f957
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2018 10:06:50.6480 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8fff67c1-8281-4635-b62f-93106cb7a9a8
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR03MB0681
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/nwlRigVw528no269fwG72fEueLo>
Subject: [pkix] Clarification on OCSP with nonce
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 10:06:59 -0000
Hello. There is a description about OCSP with nonce in RFC 6960, but there is no description for the behavior of OCSP responder when the client sends an OCSP request with nonce. Specifically, will the OCSP responder that receives the OCSP request with nonce give me an opinion on whether to omit the nonce and return the response? In the discussion on the previous OCSP, I remember that there was an opinion that the conclusion has already been made in RFC 3161 regarding the behavior of nonce, and there is nothing to argue about OCSP. Recently OCSP traffic has been increasing, so in order to reduce the load on the signature engine of the OCSP responder, I often want to clarify because I want to omit the nonce and return a response. Regards, Koichi Sugimoto.
- [pkix] Clarification on OCSP with nonce Koichi Sugimoto
- Re: [pkix] Clarification on OCSP with nonce Peter Gutmann
- Re: [pkix] Clarification on OCSP with nonce Dr. Pala