IETF Logo Mail Archive

Re: [lamps] The Status of OCSP and its future

Tomas Gustavsson <tomas.gustavsson@primekey.com> Fri, 25 October 2019 06:58 UTC

Return-Path: <tomas.gustavsson@primekey.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62B9B120100 for <spasm@ietfa.amsl.com>; Thu, 24 Oct 2019 23:58:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=primekey.com header.b=L+5qNfnh; dkim=pass (1024-bit key) header.d=primekey.com header.b=L+5qNfnh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qSwAQK70aJz6 for <spasm@ietfa.amsl.com>; Thu, 24 Oct 2019 23:58:38 -0700 (PDT)
Received: from mail.primekey.com (mail.primekey.com [84.55.121.163]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E473A12003F for <spasm@ietf.org>; Thu, 24 Oct 2019 23:52:25 -0700 (PDT)
Received: from mail.primekey.com (localhost [127.0.0.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.primekey.com (Postfix) with ESMTPS id 1545C6AA0098 for <spasm@ietf.org>; Fri, 25 Oct 2019 08:52:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=primekey.com; s=mail; t=1571986331; bh=FRTbbrHfKubKWsBDblyVtcujNoG9//Bdv9XxKb1DJmQ=; h=Subject:To:References:From:Date:In-Reply-To:From; b=L+5qNfnheoNLVJX+tRoWHkpFKTscQZQFil/7x0Yeykrq3M8RsvMIEIb2kG4MGhbpU 9bpxPyQ73PjfnIRGMufovKYn/kDglTFbGihWJPfZoF3Hc9JplMox40jp5r9PygTc+1 ZdIpoRseGM1sXkrlw7+66GLvPaSeYvGPvLiTU5rw=
Received: from [192.168.1.113] (unknown [85.24.187.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.primekey.com (Postfix) with ESMTPSA id EA69A6AA0094 for <spasm@ietf.org>; Fri, 25 Oct 2019 08:52:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=primekey.com; s=mail; t=1571986331; bh=FRTbbrHfKubKWsBDblyVtcujNoG9//Bdv9XxKb1DJmQ=; h=Subject:To:References:From:Date:In-Reply-To:From; b=L+5qNfnheoNLVJX+tRoWHkpFKTscQZQFil/7x0Yeykrq3M8RsvMIEIb2kG4MGhbpU 9bpxPyQ73PjfnIRGMufovKYn/kDglTFbGihWJPfZoF3Hc9JplMox40jp5r9PygTc+1 ZdIpoRseGM1sXkrlw7+66GLvPaSeYvGPvLiTU5rw=
To: spasm@ietf.org
References: <8c84cf2c-c192-c13b-17e5-7ae09b748530@openca.org>
From: Tomas Gustavsson <tomas.gustavsson@primekey.com>
Openpgp: preference=signencrypt
Autocrypt: addr=tomas.gustavsson@primekey.com; prefer-encrypt=mutual; keydata= mQENBEyuwwYBCAD31Jsxn1lf7rnFc7y3Ol+TE7pU7ohO78kMdoVrZdAMnU9W0P33GedbU+kF 8/RFq7HlXV8a91RkgtdcMAK8tSdtBKDGZCOJZm5qOZ/EHikY8k/7s1wgSQSF4hYSG/IABCCA W139joDFl4L3buWyk2lsYX1HDBpuXGDL5HFyu165T0ZVlt23T04xmAwpIHUViKUWw1QYnlRz s66Desn2WeP+X8/QlqF1zOTUXbgrThB1X/Oh2+wzP08HVoTQCzlrEMeb9x2k+oa8PtVdnflh nZKBtyyBkZxRoHG3tNKcaf7JLoadSXcSKSKvfApcsxpP2JpkQgIhLi3JWik/Z+RR2WD1ABEB AAG0MFRvbWFzIEd1c3RhdnNzb24gPHRvbWFzLmd1c3RhdnNzb25AcHJpbWVrZXkuY29tPokB NwQTAQgAIQUCWX8yTAIbIwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBibcSbAEP+QGAU CAC82dn8XCQ8Ei7gxQAdRSc2imaP/388i/ObDMYhNhg5j4gXs3tkfxuCvhwkzskUFgOtmaEy uz/gIiVjQIsjQrHh5tl9M0q2tqbDHJpWfE6/SkXPUmTqQ0VGyq1MmZ3/zg2jSoll74qBSfdH V7sWugRXeCBxfaPeYo8DdPCGi27yrdL8zb3xkJ3BxPcDGNdkLm+Yza+qAOrssCD7MSLN+6Sd ML5Xcmw6pgRPlQ0aCsM7scrwgBNb7KrwxaqBxqwcuqF0NMgNjeiEHi2Oj3HOZdYU4Blk2GFq 9zHuCzTWumgNOlfksZ9K3ZMJBn6KLPot5bVXIKdnHwWRzoKMDxkSZjM5uQENBEyuwwYBCADZ 98eCFQ64zKo1OKkUgEJHO1JdsiqRO1znu6KyaTcd2vXfOCGkFFVBL+vjzzyyYV7Sg1/AaG4r l9TKJCwvx8mUmTJkKQspTfOj6AY33bmfMB/8LBYj2BjtxXyMucPjNTJqbL2r1HeGPV2nwyof MAyo2qcYuiLs20Ob7U8vooOV3GDDKEkXtJYZzTEU6qabGsepGIvMu770OZwvm4akQiCGe5sQ 4+/UH1pMZQNi+/fGbONFx+TUVMM8EkXD6dQ5WoL+xPabPjqiUmR7EBvg0uocr70Ag93tWk1d 4RgFcicjwMFcPg4TZ8Y/3Y7Nmbyo14+4SMNfNPFLgQMawL+cLLkdABEBAAGJAR8EGAECAAkC GwwFAlYXhXUACgkQYm3EmwBD/kA2igf/QNpPe7sLt3KdRD3x4cStxGjLCWyj7x1YLVnV4Nnu TvaNhC+KHx3uG39y1x3PJQwslpeSQ6JipOUmxeQjjGJGQZLV41L1PCJVhCL98Dinr6dJkYB7 cAVhfmW8PI51jiANExLZu8U5gnthj5CGv4428ODQgSoRI0demG3HmVCNrKdap+orhT8zRkq8 DuHTO01U7PKsfvQ2k8AqSAC/JjMOs1mpFe032IApXxlZkE+33Q3dE5BiJmICYg8hsRXvpKTm ZMCdNZJUQLq+XNpg6RtAPQIPMmCepXrE9M/KuH+jFS2G5+Hx5VBSM644E1G2i+HOPCVdHjof iaNi3V/ItEG3jw==
Message-ID: <84e130d2-2df2-2f96-0200-716b333a1390@primekey.com>
Date: Fri, 25 Oct 2019 08:52:21 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <8c84cf2c-c192-c13b-17e5-7ae09b748530@openca.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/9WJTjB6E4qG5DoowvenORGzodnc>
Subject: Re: [lamps] The Status of OCSP and its future
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 06:58:41 -0000

On 2019-10-24 17:01, Dr. Pala wrote:
> Hi All,
> 
> I just wanted to start the conversation around the status of revocation
> infrastructures and possible work we can be doing to address some of new
> issues deriving from the deployment of large PKIs. In particular, we are
> working on the optimization of the OCSP protocol to better serve some of
> the use-cases we have.
> 
> Specifically, for very large PKIs (i.e., few hundreds million
> certificates valid at any given time), the OCSP protocol does not scale
> well. In fact, taking into consideration how we operate OCSP responders
> today, the larger the PKI is, the higher the costs of providing a good
> revocation infrastructure is.

As there are many PKIs today with 100M+ entities, some with and some
without revocation infrastructure, I think it's a bit too broad claim
for all use cases.
It is certainly true of all operations, the larger the scale the larger
infrastructure costs usually are, where OCSP I'd say is generally a very
minor part.
It differs from use case to use case though, I think it would be good
for the discussion to provide more details on your problematic use case,
architecture, use pattern etc. Many things are use case and
implementation choice specific.

> 
> Our approach stem from two practical considerations: the occasion to
> provide optimized responses for the non-revoked case, and the
> possibility to reduce the number of round trips required to retrieve the
> revocation status for the full chain of certificates. In particular:
> 
>   * /*Optimizing for the common case (non-revoked certificate).*/ In
>     particular, for certificates that have no revocation information, we
>     do not have to provide specific responses for each individual
>     certificate (as we do in the revoked case), but we can provide
>     responses for ranges of certificates where the status is not
>     revoked. In a PKI with a population of 100M certificate and a
>     revocation rate of 5%, using "range" response types reduces the need
>     for calculating OCSP responses from 100M to 1M (i.e. 2N + 1 where N
>     is the population of revoked certificates). This allows to
>     pre-generate responses more quickly, allows for lower costs of
>     running the revocation infrastructure, and it is better for the
>     planet :D

What could a "range" of certificates be based on?
(I consider sequential serialnumbers to be dead by now)

> 
>   * /*Providing Full Chain responses.*/ Although single OCSP responders
>     can be authoritative for their own CA only, they can attach the
>     responses for the full chain as additional data. If we add this
>     possibility, then a single OCSP request can provide the
>     client/server with the full chain of certificates up to the Root.
>     This might be tricky in complex scenarios where cross-certification
>     is used, but it would definitely work for the Web PKI and IoT use cases.

If extra round-tripping is needed it is certainly a concern. This is
also valid and discussed in the Web PKI case.

> 
> Given these considerations - and the fact that large PKIs are being
> deployed, today, for the IoT case - we would like to start the
> discussion around the current status of OCSP and possibly work on a
> proposal for moving forward with a more efficient protocol.

We do se working use cases with OCSP for huge number of devices, but in
IoT it's all use case dependent so I'm interested in more on your use case.

> 
> What do you think ? Anybody would like to tackle this problem together ?
> 
> Cheers,
> Max
> 
> -- 
> Best Regards,
> Massimiliano Pala, Ph.D.
> OpenCA Labs Director
> OpenCA Logo
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
>

v2.34.0 | Report a Bug | By Email | System Status