IETF Logo Mail Archive

Re: [pkix] OCSP Signing Certificate Key usage standards

"Liaquat Khan" <liaquat.khan@ascertia.com> Mon, 04 April 2016 19:44 UTC

Return-Path: <liaquat.khan@ascertia.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6953112D84B for <pkix@ietfa.amsl.com>; Mon, 4 Apr 2016 12:44:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuT4eWoyW4Uu for <pkix@ietfa.amsl.com>; Mon, 4 Apr 2016 12:44:26 -0700 (PDT)
Received: from mail.ascertia.com (ds9380.dedicated.turbodns.co.uk [94.136.51.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A67F12D821 for <pkix@ietf.org>; Mon, 4 Apr 2016 12:44:25 -0700 (PDT)
Received: from LKHP ([86.174.155.70]) by ascertia.com with MailEnable ESMTP; Mon, 4 Apr 2016 20:43:40 +0100
From: Liaquat Khan <liaquat.khan@ascertia.com>
To: 'daniel bryan' <danbryan80@gmail.com>, pkix@ietf.org
References: <CAJKvcBTk6i2K1QYCm3VaO1jOm9sNTi7R8_oUuRVuuhBnzcZw9w@mail.gmail.com>
In-Reply-To: <CAJKvcBTk6i2K1QYCm3VaO1jOm9sNTi7R8_oUuRVuuhBnzcZw9w@mail.gmail.com>
Date: Mon, 04 Apr 2016 20:44:13 +0100
Message-ID: <054a01d18eaa$5dbdcf40$19396dc0$@ascertia.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_054B_01D18EB2.BF8348B0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQL1Uy8z7zfvtsa3DKL/u2P6x7wU/50yqP+w
Content-Language: en-gb
X-MXScan-Scan: Scanned by MxScan 3.1.101.0 for DS9380
X-MXScan-Msgid: 8BAF19311CF94794BCA4EE1A4FB9C1CB_
X-MXScan-Country-Sequence: UNITED KINGDOM->Destination
X-MXScan-AntiVirus: ClamAV 0.98.7/21484/Fri Apr 01 21:09:25 2016 [Clean]
X-MXScan-AntiSpam: [Disabled for SMTP-OUT(1)]
X-MXScan-ProcessingTime: 0.062 sec(s)
X-ME-Bayesian: 0.000000
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/yaZ1pHxUE2oJSRYYhPgSvFPqXSg>
Subject: Re: [pkix] OCSP Signing Certificate Key usage standards
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 19:44:29 -0000

Hi Daniel 

 

We have deployed both options in the past, although with a variation on option 2 in that we generate separate PKCS#10 CSR from the same public key to send to the different CAs.  I don’t think there is much difference in performance with either option, remember the OCSP responder needs to find the right responder certificate to attach to the OCSP response even if it’s using a single private key – although I have not specifically tested the performance difference.  In terms of security having separate keys is better although if they are in an HSM compromise is unlikely and if somehow one can be comprised then so can others.   I am not aware of any specific industry/standards-based guidance to help choose between these options. 

 

Regards

LK

 

From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of daniel bryan
Sent: 04 April 2016 20:07
To: pkix@ietf.org
Subject: [pkix] OCSP Signing Certificate Key usage standards

 

Hello,

I am looking for guidance/standards on deploying an OCSP service in specific regards to the key management of the OCSP Signing certificate. 

Suppose I have a service, and I want to provide certificate status on 20 different certificate authorities using a "CA Designated responder" described in section 2.2 of RFC 6960. Technically I have a few options:

Option #1: Generate 20 Keys on my HSM, Create 20 PKCS 10s, Submit all 20 for Signing to each CA. Import the Signed Certificate into my OCSP service.

Option #2: Generate 1 Key on the HSM, Create 1 PKCS 10 with a generic CN, Submit 1 CSR to all 20 CA's. The CA will override the CN value during Signing to reference their CA name, Import all 20 Signed certificates into my OCSP service.

Option #1 adds complexity to key management, could potentially have an impact on signing speed. An advantage is that if a key is lost/compromised, it would only involve troubling one CA instead of all.

Option #2 will greatly simplify key management, and I speculate it will increase the signing speed potential of the HSM, being that it doesn't have to determine which key to use from a pool of 20 keys.  Obviously the bad side is, if we ever loose the key, I would have to get all 20 CAs to sign another request. This is especially bad when the certs have the noCheck extension.



Here are my 2 questions:

 

Q1: From a security perspective, is option #2 worth considering. Simplification is a huge priority, but security is a must.

Q2: Does the IETF/cabforum/Any other authority provide guidance/standards on key management in this situation that I can use to support/defend the choice?

Thanks,

--Dan

v2.23.0 | Report a Bug | By Email