Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the OCSP Nonce extension
Mohit Sahni <mohit06jan@gmail.com> Mon, 02 March 2020 21:49 UTC
Return-Path: <mohit06jan@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11B283A1296 for <spasm@ietfa.amsl.com>; Mon, 2 Mar 2020 13:49:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ME_QEzuG0l_l for <spasm@ietfa.amsl.com>; Mon, 2 Mar 2020 13:49:06 -0800 (PST)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83B553A12C6 for <spasm@ietf.org>; Mon, 2 Mar 2020 13:49:06 -0800 (PST)
Received: by mail-io1-xd2f.google.com with SMTP id r15so1223356iog.0 for <spasm@ietf.org>; Mon, 02 Mar 2020 13:49:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wrLwCyeX7UKUDyM4G+pClfP4yYvLFZc/sW8jwbYuBnU=; b=sIDefainUgd8DHrXyDa6M8KuulMsjrKUfuqxu/vTMCSQrMtYSjeKxk96aROB4yDJTC IvjRnpzbf3ICuNLPOBy6pfAXBGRq9v7rE0WA3F77yh9Q6ZKMXGUJI2DvPXobGQOezbnK xJ1cCwPJx1fsHGOaQzfPM1pMUYHEX641azDkBH/WXGtqOzrdV3VSW36g5LtqnR0DvsGk XP4txQQNyckuSfYf4HVYqOfQcN48Z4QUFqKozcPrY+nkw6vo11w3fwQkB2vm+NFl4La8 579jfu1juOK5iEFDoqJ+QAF5v6F/RUivmJIMKr9kaw8r7vSsPcyOwakPIX3LP2DsWqbJ 7JuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wrLwCyeX7UKUDyM4G+pClfP4yYvLFZc/sW8jwbYuBnU=; b=gx0nXICfCEAG4Xs2Mc/s7ijGe36sCuQEexfb3CKmr3My0Nci9jcciN8Kl0pbY46jqo 4VzSBq7E3EWE4xfkaCnCBA+AwdpllZJflKxYoEF4OYOLAJ2H6wz4ZnJPW68OxNdDfcZT +CsMqj9XDoKiSRVsgyxpROfw822Z/fkD2eaA7xikRT8RgxyIxNkEk3DjM4q3TZLebNgx zoJ2LuuuHVmRYyuXJceuYETFTBoHCtHRtM18D2ejAk/fQBlQXaWGiyAIxNBkjtX0/yEM eLfgF1VQJwqs4tLYzfOFdxB3pviyzXKyIKIbm+fw7vKpojRG/SjrvcZtQiSBU9JPNpo7 MhZw==
X-Gm-Message-State: ANhLgQ1JLZ7i10/kkHCH4QVAI+balA/s8DSYEwNBIBAc/QyX4mVgSm6w rgGkTWLqrxrcM8dGb3DuzA4s6luEn3XE4FrWaxc=
X-Google-Smtp-Source: ADFU+vuAsShO//HgGd1SrCHCSYO+JVKki+WzQdDGovAWbMu9CU9lBjymYJ/WTOFzBeXXNFnACKXAmCYwqRCNWYCEWLI=
X-Received: by 2002:a02:7317:: with SMTP id y23mr1089005jab.85.1583185745800; Mon, 02 Mar 2020 13:49:05 -0800 (PST)
MIME-Version: 1.0
References: <CAEpwuw0p7SWKTmOv8Au7O+9dgfAbGwunVhWNgDt-TaYc6pnrDg@mail.gmail.com> <D03D7B94-01CF-416D-A160-B2FB6AF73B18@vigilsec.com> <CAEpwuw0tQdUaB1nygVuUmBurQcgmwvpjXNzyL=unL+mUzajDDg@mail.gmail.com> <DM6PR11MB3915D171160F54297CA478E09BE70@DM6PR11MB3915.namprd11.prod.outlook.com> <CAEpwuw3=ZOxMCvtG35L9xkb4TD_Q35Sjxw_JNi162zB2Aah42w@mail.gmail.com> <c1290e1b-cd27-34b8-6ff4-74d390a49802@primekey.com> <96FC0A60-3642-4BF3-8237-E204F1F37994@akamai.com>
In-Reply-To: <96FC0A60-3642-4BF3-8237-E204F1F37994@akamai.com>
From: Mohit Sahni <mohit06jan@gmail.com>
Date: Mon, 02 Mar 2020 13:48:54 -0800
Message-ID: <CAEpwuw0WCqcv=WhUCXzK35iAQKNdUrt6eemfSi3wBF6TjpeDzQ@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Tomas Gustavsson <tomas.gustavsson@primekey.com>, Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>, "spasm@ietf.org" <spasm@ietf.org>, Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="000000000000fdf219059fe62759"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Ra06I2haUDaWAaqYSIsYUCdg_Co>
Subject: Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the OCSP Nonce extension
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2020 21:49:18 -0000
Hi Rich, Currently RFC 6960 defines the OCSP nonce in section 4.4.1 and it does not mention anything about minimum and a maximum length on nonce. I proposed a range for length as1-32 octets keeping in mind the backward compatibility. There may be some older clients and responders which may be sending/processing different lengths of nonce. Based on the feedback by Thomas, I proposed an upper bound of 32 as its already working in a popular PKI implementation and they have not seen any issues with that. Please see this link for more background on this: https://mailarchive.ietf.org/arch/msg/spasm/2aKuvO6YomMsxbuCv4lHq05Uaac/ I will add text to strongly suggest that a nonce length should be between 16-32 octets and make sure implementations know the risk of using smaller size nonce. Thanks Mohit On Mon, Mar 2, 2020 at 1:33 PM Salz, Rich <rsalz@akamai.com> wrote: > Which is more important than cryptographically strong. A one-byte value > can all too easily wrap. A 32bit sequence number probably suffices. > > On 3/2/20, 4:32 PM, "Tomas Gustavsson" <tomas.gustavsson@primekey.com> > wrote: > > > Agreed. And never re-use a nonce, should be new, random, for every > request. > > Cheers, > Tomas > > On 2020-03-02 13:26, Mohit Sahni wrote: > > I agree to you regarding the nonce, collision and I will update the > > draft with statement that clients SHOULD use “cryptographically > strong > > randomness” and it's more secure to have nonce to be between 16-32 > > octets long. > > > >
- [lamps] RFC6960: Issue with the OCSP Nonce extens… Mohit Sahni
- Re: [lamps] RFC6960: Issue with the OCSP Nonce ex… Tomas Gustavsson
- Re: [lamps] RFC6960: Issue with the OCSP Nonce ex… Russ Housley
- Re: [lamps] RFC6960: Issue with the OCSP Nonce ex… Mohit Sahni
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Mike Ounsworth
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Mohit Sahni
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Tomas Gustavsson
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Salz, Rich
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Mohit Sahni
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Salz, Rich
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Tomas Gustavsson
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Russ Housley
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Tomas Gustavsson
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Mike Ounsworth
- Re: [lamps] [EXTERNAL]Re: RFC6960: Issue with the… Mohit Sahni