Re: [pkix] Straw-poll on OCSP responses for non-revoked certificates.
Phillip Hallam-Baker <hallam@gmail.com> Wed, 07 November 2012 22:00 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23F0521F8458 for <pkix@ietfa.amsl.com>; Wed, 7 Nov 2012 14:00:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.534
X-Spam-Level:
X-Spam-Status: No, score=-3.534 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYnDxn82obeE for <pkix@ietfa.amsl.com>; Wed, 7 Nov 2012 14:00:30 -0800 (PST)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5C23F21F8C53 for <pkix@ietf.org>; Wed, 7 Nov 2012 13:56:00 -0800 (PST)
Received: by mail-oa0-f44.google.com with SMTP id n5so2360529oag.31 for <pkix@ietf.org>; Wed, 07 Nov 2012 13:55:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=8ZyPG9+W+Sp/nba9tdtFUZ3LFlK1Qv2pNk07b8Go9Q0=; b=eaSKLJO5Hb/ihksNyms997+AClV3Nwyto2tTnZ+8KxuUMU7ICk5n7GvNzkeRXNOfPo r557B+yjVVVJEo0GIRJMU95p5jQAq+NTRmXl35Hxp5c8px8e7uCMM2ZNPCK5HTepeb2N WvsZ4kWtOBiNGtGX6EEiBr2RER5vD2/HNk9mWHVnmzljEQC31WWltBcOclKAlsdEcR3G xrjGi92y/+/gJtmQCi99MpxhFsWnRDy+XSvvLlEEVHTi0nMFaMY0CjUTG/0+dDKzOJHl eAh8sAvy/bLICWqWoIxEe9m91FAkAIKJLxA2RYtAYOKFBnQjMTw29HYcYtKQBMaUyRgX 49bQ==
MIME-Version: 1.0
Received: by 10.60.28.42 with SMTP id y10mr3143648oeg.24.1352325359671; Wed, 07 Nov 2012 13:55:59 -0800 (PST)
Received: by 10.76.27.103 with HTTP; Wed, 7 Nov 2012 13:55:59 -0800 (PST)
In-Reply-To: <OF7D09602D.7E786A44-ON85257AAE.0007E349-85257AAE.000BCF3B@us.ibm.com>
References: <20121029232328.BF5D91A309@ld9781.wdf.sap.corp> <CCB55CA3.52588%stefan@aaa-sec.com> <CAMm+Lwic9ZvzapN-OLdpis_Q2V-mv24YbjGQnOcaT9baZ7BS1g@mail.gmail.com> <OF7D09602D.7E786A44-ON85257AAE.0007E349-85257AAE.000BCF3B@us.ibm.com>
Date: Wed, 07 Nov 2012 16:55:59 -0500
Message-ID: <CAMm+Lwist2YBROWsFt8m4EC4ychCadQOuGMcPxW7DTh_8nT0eg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Tom Gindin <tgindin@us.ibm.com>
Content-Type: multipart/alternative; boundary="e89a8f503b84af1aa204cdeec8a1"
Cc: "pkix@ietf.org" <pkix@ietf.org>, Stefan Santesson <stefan@aaa-sec.com>
Subject: Re: [pkix] Straw-poll on OCSP responses for non-revoked certificates.
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2012 22:00:32 -0000
The reason I think that we should take a look at what the clients actually do here is that experience suggests that the specification is a poor guide to behavior even in the cases where it is unambiguous. On Mon, Nov 5, 2012 at 9:08 PM, Tom Gindin <tgindin@us.ibm.com> wrote: > Phill: > > Why do you think that a non-critical CRL entry extension will > result in clients accepting the referenced cert? RFC 5280 5.3 says that > RP's can ignore unrecognized extensions to an entry, not that they can > ignore entries containing unrecognized extensions. A CRL entry without an > extension (indeed, almost any CRL entry except one containing reasonCode > removeFromCRL) implies that the certificate should be rejected for current > use. So marking reason non-critical shouldn't hurt anything. > > Tom Gindin > > > > > From: Phillip Hallam-Baker <hallam@gmail.com> > To: Stefan Santesson <stefan@aaa-sec.com>, > Cc: "pkix@ietf.org" <pkix@ietf.org> > Date: 11/01/2012 09:46 AM > Subject: Re: [pkix] Straw-poll on OCSP responses for non-revoked > certificates. > Sent by: pkix-bounces@ietf.org > > > > 1 and 3b > > Reading through the thread it appears that the poll has actually turned > into > > 3a Do nothing > 3b Add in unknown. > > But going back to the original straw poll, I think that it is pretty clear > that any viable implementation of 'unknown' would have to be implemented > as a CRL or OCSP entry that is marked 'Revoked' with a NON CRITICAL > extension giving the revocation reason as 'It never existed' > > Marking the reason as non-critical looks like it is only going to result > in the undesired behavior as clients will reject the CRL entry completely > and accept the cert as good. Which is stupid behavior but so was not > having the status 'never existed'. > > I would prefer the form of the OCSP 'does not exist' entry to specify a > range of cert serial numbers that do not exist. This permits pre-signing > of the responses and avoids a potential DoS issue. > > > > On Tue, Oct 30, 2012 at 5:52 AM, Stefan Santesson <stefan@aaa-sec.com> > wrote: > Before we loose everyone engaged in this, I would like to make a > straw-poll: > > > Background: > A client may do a request for a certificate that has never been issued by > the CA. > This request may be done deliberately, by mistake or as a consequence of a > compromised CA. > > The OCSP protocol does not require OCSP responders to have any knowledge > about issued certificates. It must only know about revoked certificates > that are within it's current validity period. However, some OCSP > responders closely coupled with the CA may also know if a certificate with > a particular serialNumber value has been issued or not. > > The following is agreed: > - An OCSP responder is allowed to respond "good" to a status request > for a non-revoked certificate, disregarding if it has ever been issued. > > - A client, having no additional out-of-band knowledge about the OCSP > responder, will just know that the certificate is "not revoked" when > receiving a "good" response, unless the response includes one or more > response extensions that provides additional information. > > > The following is debated: > - Is an OCSP responder allowed to respond "revoked" even if a requested > certificate serial number is not on the list of revoked certificates, IF > the OCSP responder has positive knowledge that the requested serial number > does NOT represent a valid certificate issued by the identified CA? > > > Rationale for: > There are a number of reasons to allow this that has been mentioned, such > as: > - It breaks nothing. A legitimate request for an issued certificate will > get a legitimate deterministic response. > - It's safer. Responding "revoked" may not prevent a compromised CA from > being exploited. But if a request for a serialNumber that is known to be > bad is done nevertheless, a "revoked" response will at least be safer than > responding "good". > - Allowing extension definitions with further semantics. A response > extension may be defined in the future that adds more information about > the requested certificate. This may include a positive confirmation that > the certificate has been issued as well as information that this > particular OCSP responder will only respond "good" if it knows that the > requested certificate has been issued, otherwise it will respond > "revoked". An extension with such semantics can only be defined if the > base standard allows a status other than "good" in such situation. > - Supporting Web-PKI. The CAB-Forum has indicated that they will profile > the OCSP protocol for use with web server authentication. In such profile > they have indicated that they will NOT allow the "good" response unless > the requested certificate is known to have been issued. This means that > they will require OCSP responder in their infrastructure to have this > knowledge. Such profile would have to break the base OCSP standard if this > states that "good" MUST be returned unless the certificate has been > revoked. > > Rationale against: > The basic rationale against raised on this list has been the argument that > it is wrong and confusing to allow anything but "good" as a response to a > non-revoked certificate (if the cert is issued by a CA that is served by > this OCSP responder). > Another strong opinion is that it basically does not solve anything. A > broken CA is broken and can't be fixed by responding "revoked". It would > be easy to adapt an attack to circumvent such response, for example by > issuing a fake certificate that duplicates a legitimate serialNumber. > > > Please reply with either: > > 1. Allow "revoked" response for a certificate that has not been "revoked" > but where that OCSP responder for any other reason knows the certificate > to be "bad". > > 2. Require that the OCSP responder MUST respond "good" in this situation. > > 3. Neither 1 or 2 (motivate). > > > > > Note: both alternatives are placed in a context where the certificate is > claimed to be issued by a CA that is served by this OCSP responder. The > exact meaning of "bad" is for later discussion. > > Please keep any motivation short and do not use this thread for long > debates. > > > > > > > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix > > > > -- > Website: http://hallambaker.com/ > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix > > > -- Website: http://hallambaker.com/
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Simon Tardell
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Stefan Santesson
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Denis Pinkas
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Peter Rybar
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- [pkix] Straw-poll on OCSP responses for non-revok… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yngve Nysaeter Pettersen
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yoav Nir
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Miller, Timothy J.
- Re: [pkix] Straw-poll on OCSP responses for non-r… David Chadwick
- Re: [pkix] Straw-poll on OCSP responses for non-r… Art Allison
- Re: [pkix] Straw-poll on OCSP responses for non-r… Miller, Timothy J.
- Re: [pkix] Straw-poll on OCSP responses for non-r… Santosh Chokhani
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] Straw-poll on OCSP responses for non-r… Yoav Nir
- Re: [pkix] Straw-poll on OCSP responses for non-r… Peter Rybar
- Re: [pkix] Straw-poll on OCSP responses for non-r… Paul Hoffman
- Re: [pkix] Straw-poll on OCSP responses for non-r… Juan Gonzalez
- Re: [pkix] Straw-poll on OCSP responses for non-r… Max Pritikin (pritikin)
- Re: [pkix] Straw-poll on OCSP responses for non-r… Simon Tardell
- Re: [pkix] Straw-poll on OCSP responses for non-r… Carl Wallace
- Re: [pkix] Straw-poll on OCSP responses for non-r… Paul Hoffman
- Re: [pkix] Straw-poll on OCSP responses for non-r… Rick Robinson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Jeremy Rowley
- Re: [pkix] Straw-poll on OCSP responses for non-r… Melinda Shore
- Re: [pkix] Straw-poll on OCSP responses for non-r… Martin Rex
- Re: [pkix] Straw-poll on OCSP responses for non-r… Russ Housley
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Martin Rex
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Ritter
- Re: [pkix] Straw-poll on OCSP responses for non-r… Dr Stephen Henson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ryan Sleevi
- Re: [pkix] Straw-poll on OCSP responses for non-r… Johannes Merkle
- Re: [pkix] Straw-poll on OCSP responses for non-r… Denis Pinkas
- Re: [pkix] Straw-poll on OCSP responses for non-r… Art Allison
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ryan Hurst
- Re: [pkix] Straw-poll on OCSP responses for non-r… Ben Wilson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Erwann Abalea
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Piyush Jain
- Re: [pkix] Straw-poll on OCSP responses fornon-re… Art Allison
- [pkix] Proposed resolution to non-issued certific… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Ritter
- Re: [pkix] Proposed resolution to non-issued cert… Tom Ritter
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] New draft-ietf-pkix-rfc2560bis-06 Peter Gutmann
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Straw-poll on OCSP responses for non-r… Phillip Hallam-Baker
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Peter Rybar
- Re: [pkix] Proposed resolution to non-issued cert… Simon Tardell
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… David A. Cooper
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Peter Rybar
- Re: [pkix] Proposed resolution to non-issued cert… Simon Tardell
- Re: [pkix] Proposed resolution to non-issued cert… Stefan Santesson
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Proposed resolution to non-issued cert… Martin Rex
- Re: [pkix] Proposed resolution to non-issued cert… Piyush Jain
- Re: [pkix] Straw-poll on OCSP responses for non-r… Tom Gindin
- Re: [pkix] Straw-poll on OCSP responses for non-r… Phillip Hallam-Baker