IETF Logo Mail Archive

Re: [lamps] The Status of OCSP and its future

"Dr. Pala" <madwolf@openca.org> Fri, 25 October 2019 15:18 UTC

Return-Path: <madwolf@openca.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9C41120123 for <spasm@ietfa.amsl.com>; Fri, 25 Oct 2019 08:18:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TU3gsr7K7HcT for <spasm@ietfa.amsl.com>; Fri, 25 Oct 2019 08:18:15 -0700 (PDT)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 33E4E120105 for <spasm@ietf.org>; Fri, 25 Oct 2019 08:18:15 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id EA051374288F; Fri, 25 Oct 2019 15:18:14 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id nJHEJ5rvl9Be; Fri, 25 Oct 2019 11:18:14 -0400 (EDT)
Received: from Maxs-MBP-2.cablelabs.com (unknown [192.160.73.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id E4BFD3741074; Fri, 25 Oct 2019 11:18:13 -0400 (EDT)
To: Ryan Sleevi <ryan-ietf@sleevi.com>
Cc: LAMPS WG <spasm@ietf.org>
References: <8c84cf2c-c192-c13b-17e5-7ae09b748530@openca.org> <CAErg=HE6fJ3nfXhakckbf=ghJ6=kXQCmYy5_+LNHprqvYeEJFA@mail.gmail.com>
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <07ee43b6-a1b2-c2d4-2361-e6f87d0197c0@openca.org>
Date: Fri, 25 Oct 2019 09:18:13 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <CAErg=HE6fJ3nfXhakckbf=ghJ6=kXQCmYy5_+LNHprqvYeEJFA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------7E30010E0AE6F07E5C36392F"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/yS-a6XX7PauDo0CCBCY-hK7ecdE>
Subject: Re: [lamps] The Status of OCSP and its future
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 15:18:17 -0000

Hi Ryan,

On 10/24/19 9:37 AM, Ryan Sleevi wrote:
>
>
> On Thu, Oct 24, 2019 at 11:01 AM Dr. Pala <madwolf@openca.org 
> <mailto:madwolf@openca.org>> wrote:
>
>     Hi All,
>
>     I just wanted to start the conversation around the status of
>     revocation infrastructures and possible work we can be doing to
>     address some of new issues deriving [...]Our approach stem from
>     two practical considerations: the occasion to provide optimized
>     responses for the non-revoked case, and the possibility to reduce
>     the number of round trips required to retrieve the revocation
>     status for the full chain of certificates.
>
> Don't CRLs address this use case?
Yes and No. "Yes" because CRLs provide the same type of information - 
you are correct :D "No" because CRLs provide all the information at once 
- the reason we have OCSP today is to address the "Large CRLs" problem.
> That is, it's not clear "Why OCSP" vs "Why not something else" in your 
> overall message here.

Well, I do not want to exclude the possibility to work on "something 
else" :D

Our proposal is to provide a more efficient way to deliver the service 
that can still be used with current protocols (e.g., OCSP stapling) - 
this addresses the medium-term deployment and, we believe, provide an 
additional tool for the PKI architects when planning / designing the 
revocation infrastructure for their PKIs.

If there are other proposals on the table for improving efficiency, it 
would be great to hear them - this can spark an healthy discussion 
around handling revocation in PKIX (maybe a dedicated WG if LAMPS is not 
the right place... ?) :D However, until then, our proposal is to work on 
something rather than not do anything :D

>     [ ...]
>
> On a conceptual level, how is the concept of "Signed status 
> information for a range of certificates" functionally or conceptually 
> different than a CRL, potentially sharded (e.g. by varying the 
> issuerDistributionPoint extension within the CRL and the 
> crlDistributionPoint within the range of certificates).
>
> As best I can tell, the only difference is that it allows the CA to 
> rebalance the ranges post-issuance, but it's unclear if that's either 
> good or desirable from a validator perspective.
I think you got it right :D The main difference is that the 
issuerDistributionPoint is a static assignment and that might not be 
optimal. As you point out, it is a possibility today to do this, however 
there is no guarantee for the client that the target CRLs will not be 
big in size (since it is a static assignment, that is an unknown). 
Therefore, to provide the same level of flexibility, you might need to 
plan for thousands or even millions of different endpoints for a single 
CA. Conceptually, not a big issue. From a DevOps perspective... very 
scary, IMHO.
> [...]
>
> Similarly, this is unclear the set of problems you're trying to solve. 
> Did you mean to provide status information about the full chain? Or 
> did you actually meant the full chain?
>
> Clients already presumably have the full chain, as they're using OCSP 
> in the context of RFC 5280 path validation. If the goal is to be able 
> to use this within protocols that make OCSP available (e.g. TLS), then 
> you already have the means to deliver the additional certificates.
>
> So I'm not sure how to interpret this suggestion here, and/or why OCSP 
> is somehow the appropriate technology for it.
Sorry for the lack of clarity here - I meant providing the revocation 
information for the full chain, not the full chain itself :D In 
particular, although this is possible with today's protocol, it is a 
feature that is not used by clients. There might be several 
considerations as to why this is (my personal point of view is because 
of a series of different practical reasons - trust model, AIA in 
certificates, how path-building and validation is approached by crypto 
libraries).

As discussed before, there might be some other technologies for this - 
our proposal is to provide an updated version of the OCSP that optimizes 
responses for the non-revoked case and lowers the operational 
requirements and costs associated with it.

Does this address your questions ? Would you be interested in 
participating to the work ?

Cheers,
Max

-- 
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo

v2.34.0 | Report a Bug | By Email | System Status