IETF Logo Mail Archive

Re: [lamps] The Status of OCSP and its future

Ryan Sleevi <ryan-ietf@sleevi.com> Thu, 24 October 2019 15:37 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48EBB1208BE for <spasm@ietfa.amsl.com>; Thu, 24 Oct 2019 08:37:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.423
X-Spam-Level:
X-Spam-Status: No, score=-1.423 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.226, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JN72FCra8Myk for <spasm@ietfa.amsl.com>; Thu, 24 Oct 2019 08:37:47 -0700 (PDT)
Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 434EC1209D8 for <spasm@ietf.org>; Thu, 24 Oct 2019 08:37:47 -0700 (PDT)
Received: by mail-ed1-f52.google.com with SMTP id r4so18998072edy.4 for <spasm@ietf.org>; Thu, 24 Oct 2019 08:37:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pQMfAbYM24vmUf9PKDhihiDv6lN1TSQTJpYFOenBtAk=; b=mBvbLC8JxPfpKNPD8X8W9aIykSV4hWxEL7CG8EzExLG9n/o7gqZRvyVGnow8cQbOVD MLPMVJSVlIMJu5SwDaZ3ulVxaf+ebXvwHPjK6GATV/z0oEjoxW0VIhI9KeWwdbavEng/ Q2dvqEtMfHpDGkiMFK5PdpHxHqwVok1oZ9kX9cxWfM1WJARiA+RUIhN2bMtWg9c0JJx6 jd12ks2ojr6khJMb0bI++h5y5yJnuNPWoxuSdGTaSr03lUTT5ITxhCQZyxWxF9r9bcbs FP6k+7YkHWlBL/tbe22VkYUWFqUr6SQIwIvHx/CsDEQhUxXEeMUqPYU1S/qy2RfZMDFY 42+w==
X-Gm-Message-State: APjAAAXN2Sh9IFX/o7NMqdKnM2O3mHRtLL0Y3SYV4VkLO7j+7qvBaTi8 av0CLXPu/p6JRexAyu0mHPOX/CuJ
X-Google-Smtp-Source: APXvYqx7t1/IJeLqzC196Irh5+ih9DMMPSp51D52YsCNzMcwhijqc9L6sZQfhHj0PeffYZA3l0Uc+w==
X-Received: by 2002:a17:906:5bcf:: with SMTP id w15mr17307471ejs.84.1571931465285; Thu, 24 Oct 2019 08:37:45 -0700 (PDT)
Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com. [209.85.221.46]) by smtp.gmail.com with ESMTPSA id h14sm229159edq.70.2019.10.24.08.37.44 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 24 Oct 2019 08:37:45 -0700 (PDT)
Received: by mail-wr1-f46.google.com with SMTP id s1so17847631wro.0 for <spasm@ietf.org>; Thu, 24 Oct 2019 08:37:44 -0700 (PDT)
X-Received: by 2002:adf:ab5b:: with SMTP id r27mr4627671wrc.13.1571931464610; Thu, 24 Oct 2019 08:37:44 -0700 (PDT)
MIME-Version: 1.0
References: <8c84cf2c-c192-c13b-17e5-7ae09b748530@openca.org>
In-Reply-To: <8c84cf2c-c192-c13b-17e5-7ae09b748530@openca.org>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Thu, 24 Oct 2019 11:37:33 -0400
X-Gmail-Original-Message-ID: <CAErg=HE6fJ3nfXhakckbf=ghJ6=kXQCmYy5_+LNHprqvYeEJFA@mail.gmail.com>
Message-ID: <CAErg=HE6fJ3nfXhakckbf=ghJ6=kXQCmYy5_+LNHprqvYeEJFA@mail.gmail.com>
To: "Dr. Pala" <madwolf@openca.org>
Cc: LAMPS WG <spasm@ietf.org>
Content-Type: multipart/related; boundary="0000000000008f66300595a9d0a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/SDvvpD0EjTeKlejfbnHHg6hqJPo>
Subject: Re: [lamps] The Status of OCSP and its future
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2019 15:37:49 -0000

On Thu, Oct 24, 2019 at 11:01 AM Dr. Pala <madwolf@openca.org> wrote:

> Hi All,
>
> I just wanted to start the conversation around the status of revocation
> infrastructures and possible work we can be doing to address some of new
> issues deriving from the deployment of large PKIs. In particular, we are
> working on the optimization of the OCSP protocol to better serve some of
> the use-cases we have.
>
> Specifically, for very large PKIs (i.e., few hundreds million certificates
> valid at any given time), the OCSP protocol does not scale well. In fact,
> taking into consideration how we operate OCSP responders today, the larger
> the PKI is, the higher the costs of providing a good revocation
> infrastructure is.
>
> Our approach stem from two practical considerations: the occasion to
> provide optimized responses for the non-revoked case, and the possibility
> to reduce the number of round trips required to retrieve the revocation
> status for the full chain of certificates.
>
Don't CRLs address this use case?

That is, it's not clear "Why OCSP" vs "Why not something else" in your
overall message here.

> In particular:
>
>    - *Optimizing for the common case (non-revoked certificate).* In
>    particular, for certificates that have no revocation information, we do not
>    have to provide specific responses for each individual certificate (as we
>    do in the revoked case), but we can provide responses for ranges of
>    certificates where the status is not revoked. In a PKI with a population of
>    100M certificate and a revocation rate of 5%, using "range" response types
>    reduces the need for calculating OCSP responses from 100M to 1M (i.e. 2N +
>    1 where N is the population of revoked certificates). This allows to
>    pre-generate responses more quickly, allows for lower costs of running the
>    revocation infrastructure, and it is better for the planet :D
>
> On a conceptual level, how is the concept of "Signed status information
for a range of certificates" functionally or conceptually different than a
CRL, potentially sharded (e.g. by varying the issuerDistributionPoint
extension within the CRL and the crlDistributionPoint within the range of
certificates).

As best I can tell, the only difference is that it allows the CA to
rebalance the ranges post-issuance, but it's unclear if that's either good
or desirable from a validator perspective.


>
>    - *Providing Full Chain responses.* Although single OCSP responders
>    can be authoritative for their own CA only, they can attach the responses
>    for the full chain as additional data. If we add this possibility, then a
>    single OCSP request can provide the client/server with the full chain of
>    certificates up to the Root. This might be tricky in complex scenarios
>    where cross-certification is used, but it would definitely work for the Web
>    PKI and IoT use cases.
>
> Similarly, this is unclear the set of problems you're trying to solve. Did
you mean to provide status information about the full chain? Or did you
actually meant the full chain?

Clients already presumably have the full chain, as they're using OCSP in
the context of RFC 5280 path validation. If the goal is to be able to use
this within protocols that make OCSP available (e.g. TLS), then you already
have the means to deliver the additional certificates.

So I'm not sure how to interpret this suggestion here, and/or why OCSP is
somehow the appropriate technology for it.

v2.34.0 | Report a Bug | By Email | System Status