Re: [lamps] RFC6960: Issue with the OCSP Nonce extension
Mohit Sahni <mohit06jan@gmail.com> Sat, 07 December 2019 21:54 UTC
Return-Path: <mohit06jan@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3ABF12004A for <spasm@ietfa.amsl.com>; Sat, 7 Dec 2019 13:54:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tCut1bstDGZW for <spasm@ietfa.amsl.com>; Sat, 7 Dec 2019 13:54:20 -0800 (PST)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4116F120830 for <spasm@ietf.org>; Sat, 7 Dec 2019 13:54:20 -0800 (PST)
Received: by mail-io1-xd2a.google.com with SMTP id i11so10868414iol.13 for <spasm@ietf.org>; Sat, 07 Dec 2019 13:54:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=e8vQBvXA+0bAGC6OdzZhSS2f9p+G6ngsQqDuK4uyk9s=; b=reeGG+QSE3eSNj2FMc6XkHROpvXxJv89+cju5QM4shb1tG4wUYA5psKETBSA5cIfG/ qcrzN9CbznTGzCEovWhLCA6tcdyLcnfqVPAV+YBKoAC6cXJx5zjuF9EZAI9Z9p6zluUk guCGOtpK5+sBorCxlIuJCpDX3COk8yPF8FgHjflw6TIOcZUoLzHjrtirjknIZ2vWxWg3 12mI3GgMFST/U/eFgAs9qQ1S6iUE9wZPczccLh480bPfQgvswKULN5+0cxE3wNLSM8iH o8EcjReL+97LtGQSdzatNcl/9Tf9Ok0dF45lvVJ8vdTFJav/woG5+dYtyBiVXiZXGDVw LLlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=e8vQBvXA+0bAGC6OdzZhSS2f9p+G6ngsQqDuK4uyk9s=; b=Vvsgbv1kSsSIB8khBS2m2xA6Adqzm+aCX7J3/x/2K6PO9xQto3VDryafYHIYI1j3lu 0ykwsyBwCvAzuLuP5ky2mTp40I4s1xmYnikAfcQKi+R5U4gGltVIKerPSzpHCo52t47V 80X1jTdYGTPUxbw1RngMDKCTRC6TJD0Q5z9CQSQLeKZrLgeMV9ubdqmRkVfs0yj7ovIs FCrus6MRbftu5s6E6G4OwSp6eTyJLu2QSCWmb1ndc1ekKsDnZcZTOu9ubOv0Vme2vEkw KsMMtB7Xm3OAuy6wdTXbYUhBXpH+jw5oreaoSaCeGrDKWfWOt9toOsbmRq4xnIEhwz3i MqDw==
X-Gm-Message-State: APjAAAVLmrxYn4zbDCPcO5NvKNtJmruLai1SUj8KaMBZsB06ZZ0q9mpJ yrYllIvekEF/GrbVYs6sKCokniYXVwdAAdT1btSBn7b0
X-Google-Smtp-Source: APXvYqysJtw3whAw1vawTAKFpV+yx6sCQ9VwJsK6t6Kbyl57OGZ9zMUJmXMp81s8S0l399g5u6ccnWnNqdwOJiKBeRM=
X-Received: by 2002:a05:6638:93a:: with SMTP id 26mr20605060jak.16.1575755659377; Sat, 07 Dec 2019 13:54:19 -0800 (PST)
MIME-Version: 1.0
References: <CAEpwuw2T6MnC7NDpu9wA2Vzm5vSKaK-Qpp49c096doDub65SkA@mail.gmail.com> <A1B0F914-AB90-4133-AADF-B8145D41D59D@vigilsec.com>
In-Reply-To: <A1B0F914-AB90-4133-AADF-B8145D41D59D@vigilsec.com>
From: Mohit Sahni <mohit06jan@gmail.com>
Date: Sat, 07 Dec 2019 13:54:08 -0800
Message-ID: <CAEpwuw1LPkRRrUTOEdRr8-XLkEiCMtB2CeGFnf0wiuC53pCRdA@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: spasm@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005480e10599243447"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/cMXquZOgr7twez1u_u5Z-5um4gE>
Subject: Re: [lamps] RFC6960: Issue with the OCSP Nonce extension
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Dec 2019 21:54:23 -0000
Thanks Russ, I will work on writing a draft. On Sat, Dec 7, 2019 at 12:47 PM Russ Housley <housley@vigilsec.com> wrote: > It seems like the easiest fix is to update the ASN.1 to be: > > Nonce ::= OCTET STRING (SIZE(1..256)) > > Your paragraph seems like the introduction to the update document. > > Russ > > > > On Dec 7, 2019, at 3:30 PM, Mohit Sahni <mohit06jan@gmail.com> wrote: > > > > Hi All, > > The section 4.1.1 of the RFC6960 describes the format and ID for the > Nonce extension in the OCSP request and response. According to the RFC the > nonce will have the identifier id-pkix-ocsp-nonce and the type of the Nonce > is an OCTATE STRING. The problem I see is that the RFC does not mention > whether the nonce should be of fixed length or should have a maximum > length. Due to this reason the current implementations that follow this > standard can accept very large OCSP requests and are vulnerable to denial > of service attacks and various evasion tricks using the nonce field as a > tunnel. Since most of the OCSP requests don't use TLS as transport someone > in the path can also modify the HTTP request to inject large nonce thus > making the situation worse. > > > > I would like to propose that the standard MUST define a maximum length > for Nonce or the Nonce MUST be of a defined fixed length. I lean towards > proposing the standard to have a maximum value of 256 bytes and minimum > value of 1 byte to make it backward compatible. > > > > Do you guys think it makes sense and if I should propose a draft for > making Nonce length with a maximum of 256 and minimum of 1. > > > > Here is the text from section 4.1.1 of RFC6960: > > > > The nonce cryptographically binds a request and a response to prevent > > replay attacks. The nonce is included as one of the > > requestExtensions in requests, while in responses it would be > > included as one of the responseExtensions. In both the request and > > the response, the nonce will be identified by the object identifier > > id-pkix-ocsp-nonce, while the extnValue is the value of the nonce. > > > > id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } > > id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } > > > > Nonce ::= OCTET STRING > > > > -Mohit > > _______________________________________________ > > Spasm mailing list > > Spasm@ietf.org > > https://www.ietf.org/mailman/listinfo/spasm > >
- [lamps] RFC6960: Issue with the OCSP Nonce extens… Mohit Sahni
- Re: [lamps] RFC6960: Issue with the OCSP Nonce ex… Russ Housley
- Re: [lamps] RFC6960: Issue with the OCSP Nonce ex… Mohit Sahni
- Re: [lamps] RFC6960: Issue with the OCSP Nonce ex… Tomas Gustavsson
- Re: [lamps] RFC6960: Issue with the OCSP Nonce ex… Russ Housley