IETF Logo Mail Archive

Re: [lamps] The Status of OCSP and its future

Ryan Sleevi <ryan-ietf@sleevi.com> Fri, 25 October 2019 15:51 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B17FE120911 for <spasm@ietfa.amsl.com>; Fri, 25 Oct 2019 08:51:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GxGp4LxeWvMu for <spasm@ietfa.amsl.com>; Fri, 25 Oct 2019 08:51:12 -0700 (PDT)
Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEF351200F7 for <spasm@ietf.org>; Fri, 25 Oct 2019 08:51:11 -0700 (PDT)
Received: by mail-ed1-f48.google.com with SMTP id a21so2198316edj.8 for <spasm@ietf.org>; Fri, 25 Oct 2019 08:51:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xxqkjXlsTKnwa06dpITa5GBKyu4Vph8d7rwRThwN8d8=; b=QDeFTigMlercc9kJ0utAZ+VvvRwGAFSgW5JJ+GdJ9r91OpLIToYwf56pzSvXHutMFP 6UcFcCkc9OTUGb6mnIrH2nlYY/vJqmOp/Mkk5Hn5ATcyRKs2M4Y55opb91/Fsk24K2bW A3aQ/2souE/fsQc02PKWsMU0W3GlsLGaKJSXsT0Bu0nxJUpZh2tBKMVHkTvLoAKYtePk YUEmTDuZuuqneeOlrkQ1Jjh63adREEOVhy14VBCRO7DvG+u8sjiN7BZ6g5VrzuwUFalZ mw1TchHJxKSx9T2h5KTRp0geHYrBLWzgWEWqjJ4gVMfqEdH9GVpLwCUL2LL6KzRhXEa/ q0TQ==
X-Gm-Message-State: APjAAAU5I4RHA8l7SliRR7CJpVgcAYtNflBSXOm1P8BRxeAixqpnYieK DoLkHd1tDT0WsojWUod4QJCYIwoz
X-Google-Smtp-Source: APXvYqw6q0iQ8sEe/XpKLjA7pxpCD7EAELOgQNNp8zUdTpvtbu9YQBtXy+rPOW/o3zitC5UgmTg0qQ==
X-Received: by 2002:a17:906:181b:: with SMTP id v27mr4287102eje.117.1572018669883; Fri, 25 Oct 2019 08:51:09 -0700 (PDT)
Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com. [209.85.128.45]) by smtp.gmail.com with ESMTPSA id v13sm72984ede.82.2019.10.25.08.51.09 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 25 Oct 2019 08:51:09 -0700 (PDT)
Received: by mail-wm1-f45.google.com with SMTP id q70so2678332wme.1 for <spasm@ietf.org>; Fri, 25 Oct 2019 08:51:09 -0700 (PDT)
X-Received: by 2002:a7b:cf36:: with SMTP id m22mr3952241wmg.98.1572018668880; Fri, 25 Oct 2019 08:51:08 -0700 (PDT)
MIME-Version: 1.0
References: <8c84cf2c-c192-c13b-17e5-7ae09b748530@openca.org> <CAErg=HE6fJ3nfXhakckbf=ghJ6=kXQCmYy5_+LNHprqvYeEJFA@mail.gmail.com> <07ee43b6-a1b2-c2d4-2361-e6f87d0197c0@openca.org>
In-Reply-To: <07ee43b6-a1b2-c2d4-2361-e6f87d0197c0@openca.org>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Fri, 25 Oct 2019 11:50:57 -0400
X-Gmail-Original-Message-ID: <CAErg=HHv6X2++OZfmcNgS2kMh2oMWfefSMZLBWjN_-oH=tDZEA@mail.gmail.com>
Message-ID: <CAErg=HHv6X2++OZfmcNgS2kMh2oMWfefSMZLBWjN_-oH=tDZEA@mail.gmail.com>
To: "Dr. Pala" <madwolf@openca.org>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>, LAMPS WG <spasm@ietf.org>
Content-Type: multipart/related; boundary="0000000000005732d40595be1e00"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/3Tzv6A29isgVaRf6jnaC-GHF8Pk>
Subject: Re: [lamps] The Status of OCSP and its future
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 15:51:14 -0000

On Fri, Oct 25, 2019 at 11:18 AM Dr. Pala <madwolf@openca.org> wrote:

> [ ...]
>>
> On a conceptual level, how is the concept of "Signed status information
> for a range of certificates" functionally or conceptually different than a
> CRL, potentially sharded (e.g. by varying the issuerDistributionPoint
> extension within the CRL and the crlDistributionPoint within the range of
> certificates).
>
> As best I can tell, the only difference is that it allows the CA to
> rebalance the ranges post-issuance, but it's unclear if that's either good
> or desirable from a validator perspective.
>
> I think you got it right :D The main difference is that the
> issuerDistributionPoint is a static assignment and that might not be
> optimal. As you point out, it is a possibility today to do this, however
> there is no guarantee for the client that the target CRLs will not be big
> in size (since it is a static assignment, that is an unknown). Therefore,
> to provide the same level of flexibility, you might need to plan for
> thousands or even millions of different endpoints for a single CA.
> Conceptually, not a big issue. From a DevOps perspective... very scary,
> IMHO.
>

I suppose I'm still not sure I fully understand your concerns here.

That is, it seems like as an operational consideration, the balancing of
the issuerDistributionPoint allows you to bound your worst-case
performance, while making suitable tradeoffs for your average and best case
scenarios. As others have suggested, it seems like more work would be
needed to show the math as to why this is a problem, given the rather
extensive flexibility already afforded to address this using existing
technologies.


> As discussed before, there might be some other technologies for this - our
> proposal is to provide an updated version of the OCSP that optimizes
> responses for the non-revoked case and lowers the operational requirements
> and costs associated with it.
>

As others have suggested (e.g. in PKIX), I think that it'd be far more
useful to not suggest it's a "OCSPv2" and instead highlight that you're
interested in providing an alternative revocation protocol, one that
seemingly combines elements of SCVP with the design of underlying protocols
like TLS.


> Does this address your questions ? Would you be interested in
> participating to the work ?
>

I have no interest in this work. I think that, for the problem described,
it would be incompatible and undesirable for the PKIs I work with (that is,
the Web PKI used by Chrome).

That doesn't preclude there being value in exploring this for other PKIs;
my only interest would be in trying to effectively communicate the lack of
interest to avoid overfit for an implementation that won't adopt :)

To echo other's remarks, I think an improved approach that clearly
communicated the problem statement, and the comparison with the existing
technologies and operational capabilities, would be very useful in helping
others determine the relevance to their PKIs and/or products. From both
this and the PKIX thread, I do feel I've got sufficient information to say
"Not interested", but it took me quite a bit of confusion to get there ;)

v2.34.0 | Report a Bug | By Email | System Status