IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-norevavail-00

Michael StJohns <msj@nthpermutation.com> Tue, 23 May 2023 20:03 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 693C0C15152F for <spasm@ietfa.amsl.com>; Tue, 23 May 2023 13:03:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.794
X-Spam-Level:
X-Spam-Status: No, score=-1.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IWJIdMJVZCeA for <spasm@ietfa.amsl.com>; Tue, 23 May 2023 13:03:44 -0700 (PDT)
Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 904E1C15107A for <spasm@ietf.org>; Tue, 23 May 2023 13:03:44 -0700 (PDT)
Received: by mail-qk1-x731.google.com with SMTP id af79cd13be357-75b14216386so23105585a.0 for <spasm@ietf.org>; Tue, 23 May 2023 13:03:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20221208.gappssmtp.com; s=20221208; t=1684872223; x=1687464223; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=rkbk8EiFEQDGzUJZK9n50xGpPk5FLcGb4fad0Z42+EI=; b=q3LJICQqGjotPNH1nQBGl9biOmzB0jeq52Deecmd2ARI11BJao6XNKGHGg3Bb+uaHT mG4Fc32TP08s6WPNitSFxon8EUDbYWSraMmT0F2+4rn5WOxuXAzEHTHal8ybr1yDhKqB awh6oB4oxCuv9q3Eda5CFzVNfcgI+SIqF/Cf1EkR9bZELj1fOqSz3X4kmTEnMOL35dar JZuzHL0F6h7YjzORLz3XJFHyAJ1kzpLOFXEkylmjMhweCuQNArs74Rij5NfuQ4gqV1Jc wEQ+YJVa8ZierOdTvq2Qyi1lm3T2fw/ohHHwB0w/NAu3SFUnuWNgYIn7qC2pbJVlT+67 682g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684872223; x=1687464223; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=rkbk8EiFEQDGzUJZK9n50xGpPk5FLcGb4fad0Z42+EI=; b=KNdIou1J8l6+nJuquPFc1icUeOUUw4xzFXjo60XmbdUOhf+XXAxWSQqSdPL7neZB8B 9n3lrQwA5Kww3Wid8l+NDmZCrDs0gPAV19xJ+Ae/b6FxUd0abqG/GG7Jj1D2m9Fx/s3G 5knHScaYiw9AiPrSRp6xbGaDNWVcG1XQMP5LPO0k6W6+7UBnu2Twz5+g8PvZOpcUCmLk 7Asp6qnusxES8/J59Vn/6mToUAmFj6X91HmmN8uqdzCEmJV1uEbYM5h4jUk8gLDjr0AG 42LBzuUcWaxVdPD9XVq+FCJ1TdGYeNOkt/V+skz+MQteJAtSpPtF5W9D6vvzyIxqf2Pd GP0g==
X-Gm-Message-State: AC+VfDwQ3iIyVHop13cf3U47t1Glz623ddHciuRgEPwRxUkzVIfcXAOz sl3wrsM4aI4nyJ552ADFGUn0zypk7vOF4Y36pC4=
X-Google-Smtp-Source: ACHHUZ5SZnAdqLliJeg0FWGXmcn3eICHuU/7B5UGcNOADVdXxJRHTmLlEqFa5q6CwJjjUdQYaO8SIQ==
X-Received: by 2002:a05:620a:1927:b0:75b:23a0:e7e7 with SMTP id bj39-20020a05620a192700b0075b23a0e7e7mr6463423qkb.72.1684872222951; Tue, 23 May 2023 13:03:42 -0700 (PDT)
Received: from [192.168.1.23] (pool-108-31-156-76.washdc.fios.verizon.net. [108.31.156.76]) by smtp.gmail.com with ESMTPSA id r29-20020a05620a03dd00b007592f2016f4sm2747894qkm.110.2023.05.23.13.03.41 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 23 May 2023 13:03:42 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------du0Nwl3CrmhFoD0ylkqvBIpa"
Message-ID: <c775fb10-4309-cc5d-7d00-a94991ffb409@nthpermutation.com>
Date: Tue, 23 May 2023 16:03:38 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: spasm@ietf.org
References: <168444309553.24047.14923062710269229403@ietfa.amsl.com> <E2BE1DCD-A241-4DDF-A5EC-DD3209C4CDA2@vigilsec.com> <a2122a10-fdfd-aabc-5c3c-242d90bd4175@gmail.com> <D18F7C58-EC30-4640-9AB7-94E428B79F62@vigilsec.com> <CH0PR11MB5739CD4F7CCE62CE34E4B7319F7C9@CH0PR11MB5739.namprd11.prod.outlook.com> <3FEBFDE6-1AA9-4615-AFA7-FB0B650A5DAB@vigilsec.com> <SN7PR14MB6492368040612089C83EB21983409@SN7PR14MB6492.namprd14.prod.outlook.com> <FBE4078F-33C0-49E0-A25C-69BCA88DC0E6@vigilsec.com> <DM8PR11MB5736036B93C87D3F6A719DE09F409@DM8PR11MB5736.namprd11.prod.outlook.com> <DM8PR11MB5736E02D5E52113CAD16A6289F409@DM8PR11MB5736.namprd11.prod.outlook.com> <DM8PR11MB573650B6F19B3443B54B5AF69F409@DM8PR11MB5736.namprd11.prod.outlook.com> <53D0D2FC-36AE-4D91-95D9-55CF93A7F278@vigilsec.com> <DM8PR11MB573617E10370BF46DD6C5B6D9F409@DM8PR11MB5736.namprd11.prod.outlook.com>
From: Michael StJohns <msj@nthpermutation.com>
In-Reply-To: <DM8PR11MB573617E10370BF46DD6C5B6D9F409@DM8PR11MB5736.namprd11.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/CN8vrMJDUg0Y9QOFjNX7Z0yvk-8>
Subject: Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-norevavail-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2023 20:03:48 -0000

Suspenders and belt suggests that you may also want to indicate what a 
relying party should do if it receives a non-compliant certificate.

E.g. if I'm offered a cert with the no-check extension, but without the 
id-kp-OCSPSigning what do I do - treat it as a bad certificate, or just 
ignore the extension? Maybe:

"If a certificate does not include the id-kp-OCSPSigning EKU, an 
included id-pkix-ocsp-nocheck extension may be safely ignored by a 
relying party."

Mike


On 5/23/2023 3:32 PM, Mike Ounsworth wrote:
>
> Lol, soapbox indeed.
>
> But that’s fine, right?
>
> id-kp-OCSPSigning without id-pkix-ocsp-nocheck is fine (ocsp-nocheck 
> is one of several mechanisms suggested in 4.2.2.2.1.)
>
> id-pkix-ocsp-nocheck without id-kp-OCSPSigning is NOT FINE.
>
> ---
>
> *Mike*Ounsworth
>
> *From:* Spasm <spasm-bounces@ietf.org> *On Behalf Of * Russ Housley
> *Sent:* Tuesday, May 23, 2023 2:26 PM
> *To:* Mike Ounsworth <Mike.Ounsworth@entrust.com>
> *Cc:* Tim Hollebeek <tim.hollebeek@digicert.com>; Seo Suchan 
> <tjtncks@gmail.com>; LAMPS <spasm@ietf.org>
> *Subject:* Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-norevavail-00
>
> Mike:
>
> I thought about the linkage between the nocheck extension and the OCSP 
> Signing EKU.  I agree that there should not be any certificate that 
> has no check that does not also have the OCSP Signing EKU.  However, 
> given the way that some implementations handle EKU constraints one 
> might find the OCSP Signing EKU without the nocheck extension.
>
> Russ
>
> P.S. Soapbox: 
> https://www.ietf.org/archive/id/draft-housley-spasm-eku-constraints-03.txt 
> <https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-housley-spasm-eku-constraints-03.txt__;!!FJ-Y8qCqXTj2!bHnj-4YuoIQLG222sxpwt8cJKmL-XozMT9e_LDYk8VRyYa5Cmj_i53A0OeQK5_K_2lVsq-hsweeI5AdseIhf-hFREKHp$>
>
>
>
>     On May 23, 2023, at 2:59 PM, Mike Ounsworth
>     <Mike.Ounsworth@entrust.com> wrote:
>
>     Also, and this is commentary on the proposed errata: how does a
>     client enforce this? Should we be more precise about what “an OCSP
>     Responder” is? Like
>
>     “A CA MUST NOT include the extension id-pkix-ocsp-nocheck in a
>
>      certificate issued to an entity other than an OCSP Responder (ie
>     that contains the id-kp-OCSPSigning EKU).”
>
>     ?
>
>     ---
>
>     *Mike*Ounsworth
>
>     *From:*Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>
>     *Sent:*Tuesday, May 23, 2023 1:52 PM
>     *To:*Mike Ounsworth <Mike.Ounsworth@entrust.com>; Russ Housley
>     <housley@vigilsec.com>; Tim Hollebeek <tim.hollebeek@digicert.com>
>     *Cc:*Seo Suchan <tjtncks@gmail.com>; LAMPS <spasm@ietf.org>
>     *Subject:*RE: [lamps] [EXTERNAL] Re: draft-housley-lamps-norevavail-00
>
>     I’m curious for Tim to present this change at CA/B and see if
>     anyone freaks out that this will break their super clever use of
>     that extension.
>
>     ---
>
>     *Mike*Ounsworth
>
>     *From:*Spasm <spasm-bounces@ietf.org>*On Behalf Of*Mike Ounsworth
>     *Sent:*Tuesday, May 23, 2023 1:50 PM
>     *To:*Russ Housley <housley@vigilsec.com>; Tim Hollebeek
>     <tim.hollebeek@digicert.com>
>     *Cc:*Seo Suchan <tjtncks@gmail.com>; LAMPS <spasm@ietf.org>
>     *Subject:*Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-norevavail-00
>
>     Awesome.
>
>     ---
>
>     *Mike*Ounsworth
>
>     *From:*Spasm <spasm-bounces@ietf.org>*On Behalf Of*Russ Housley
>     *Sent:*Tuesday, May 23, 2023 1:28 PM
>     *To:*Tim Hollebeek <tim.hollebeek@digicert.com>
>     *Cc:*Seo Suchan <tjtncks@gmail.com>; LAMPS <spasm@ietf.org>
>     *Subject:*Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-norevavail-00
>
>     PROPOSED ERRATA for RFC 6960, Section 4.2.2.2.1
>
>     OLD:
>
>        - A CA may specify that an OCSP client can trust a responder
>     for the
>
>          lifetime of the responder's certificate.  The CA does so by
>
>          including the extension id-pkix-ocsp-nocheck.  This SHOULD be a
>
>          non-critical extension.  The value of the extension SHALL be
>     NULL.
>
>          CAs issuing such a certificate should realize that a
>     compromise of
>
>          the responder's key is as serious as the compromise of a CA key
>
>          used to sign CRLs, at least for the validity period of this
>
>          certificate.  CAs may choose to issue this type of
>     certificate with
>
>          a very short lifetime and renew it frequently.
>
>          id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
>
>     NEW:
>
>        - A CA may specify that an OCSP client can trust a responder
>     for the
>
>          lifetime of the responder's certificate.  The CA does so by
>
>          including the extension id-pkix-ocsp-nocheck.  This SHOULD be a
>
>          non-critical extension.  The value of the extension SHALL be
>     NULL.
>
>          CAs issuing such a certificate should realize that a
>     compromise of
>
>          the responder's key is as serious as the compromise of a CA key
>
>          used to sign CRLs, at least for the validity period of this
>
>          certificate.  CAs may choose to issue this type of
>     certificate with
>
>          a very short lifetime and renew it frequently.
>
>          id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
>
>         A CA MUST NOT include the extension id-pkix-ocsp-nocheck in a
>
>         certificate issued to an entity other than an OCSP Responder.
>
>     Russ
>
>         On May 23, 2023, at 11:34 AM, Tim Hollebeek
>         <tim.hollebeek=40digicert.com@dmarc.ietf.org> wrote:
>
>         Would it be useful to clearly and explicitly state this
>         unstated assumption somewhere, perhaps in an errata?
>
>         “id-pkix-ocsp-nocheck SHALL NOT appear in a certificate unless
>         that certificate is a delegated OCSP responder” would probably
>         be a good thing to have stated somewhere.
>
>         I suppose it could be added to the CABF BRs as well.  They
>         have the same bug (the BRs require nocheck in delegated OCSP
>         responders, but don’t prohibit it elsewhere).
>
>         -Tim
>
>         *From:*Spasm <spasm-bounces@ietf.org>*On Behalf Of*Russ Housley
>         *Sent:*Sunday, May 21, 2023 1:16 PM
>         *To:*Mike Ounsworth <Mike.Ounsworth@entrust.com>
>         *Cc:*Seo Suchan <tjtncks@gmail.com>; LAMPS <spasm@ietf.org>
>         *Subject:*Re: [lamps] [EXTERNAL] Re:
>         draft-housley-lamps-norevavail-00
>
>         Mike:
>
>             Interesting
>
>             RFC6960, section “4.2.2.2.1  <https://urldefense.com/v3/__https:/www.rfc-editor.org/rfc/rfc6960*section-4.2.2.2.1__;Iw!!FJ-Y8qCqXTj2!bi4AP-jeHViS93BjOd8QnyeP4SNKwkRxB41odNjHI9eRADjzQrv6bxRkdoqg26cVEf1o0ymsz-zvssr8LsCiZYw0OHYB$>.  Revocation Checking of an Authorized Responder”
>
>             “A CA may specify that an OCSP client can trust a responder for the
>
>             lifetime of the responder's certificate.  The CA does so by
>
>             including the extension id-pkix-ocsp-nocheck”
>
>             Are you allowed to put an id-pkix-ocsp-nocheck extension
>             in end entity certs? If so, what does that mean?
>
>         My reading of the description is that id-pkix-ocsp-nocheck
>         should only appear in a certificate issued to an OCSP responder.
>
>         Russ
>
>         _______________________________________________
>         Spasm mailing list
>         Spasm@ietf.org <mailto:Spasm@ietf.org>
>         https://www.ietf.org/mailman/listinfo/spasm
>         <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!bi4AP-jeHViS93BjOd8QnyeP4SNKwkRxB41odNjHI9eRADjzQrv6bxRkdoqg26cVEf1o0ymsz-zvssr8LsCiZf8_jufn$>
>
>     /Any email and files/attachments transmitted with it are
>     confidential and are intended solely for the use of the individual
>     or entity to whom they are addressed. If this message has been
>     sent to you in error, you must not copy, distribute or disclose of
>     the information it contains._Please notify Entrust immediately_and
>     delete the message from your system./
>
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email