IETF Logo Mail Archive

Re: [TLS] OCSP Stapling in RFC 6066

"Fries, Steffen" <steffen.fries@siemens.com> Thu, 12 February 2015 07:56 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 195F21A0399 for <tls@ietfa.amsl.com>; Wed, 11 Feb 2015 23:56:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.549
X-Spam-Level:
X-Spam-Status: No, score=-6.549 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hHSN252X_r0s for <tls@ietfa.amsl.com>; Wed, 11 Feb 2015 23:55:58 -0800 (PST)
Received: from david.siemens.de (david.siemens.de [192.35.17.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 701211A1B35 for <tls@ietf.org>; Wed, 11 Feb 2015 23:55:58 -0800 (PST)
Received: from mail2.sbs.de (localhost [127.0.0.1]) by david.siemens.de (8.14.3/8.14.3) with ESMTP id t1C7tsQO020887; Thu, 12 Feb 2015 08:55:54 +0100
Received: from DEFTHW99ERLMSX.ww902.siemens.net (defthw99erlmsx.ww902.siemens.net [139.22.70.136]) by mail2.sbs.de (8.14.3/8.14.3) with ESMTP id t1C7trUI013590 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 12 Feb 2015 08:55:53 +0100
Received: from DENBGAT9EH2MSX.ww902.siemens.net ([169.254.6.229]) by DEFTHW99ERLMSX.ww902.siemens.net ([139.22.70.136]) with mapi id 14.03.0224.002; Thu, 12 Feb 2015 08:55:53 +0100
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "Salz, Rich" <rsalz@akamai.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: OCSP Stapling in RFC 6066
Thread-Index: AdBF9exNOGm/PrWhQsmE6GzwNtr/qAAFoOZQACLbXWA=
Date: Thu, 12 Feb 2015 07:55:52 +0000
Message-ID: <E6C9F0E527F94F4692731382340B33781D47B4@DENBGAT9EH2MSX.ww902.siemens.net>
References: <E6C9F0E527F94F4692731382340B33781D3E82@DENBGAT9EH2MSX.ww902.siemens.net> <adf23d68f8a9401ab0b37f7c2cea87ef@ustx2ex-dag1mb2.msg.corp.akamai.com>
In-Reply-To: <adf23d68f8a9401ab0b37f7c2cea87ef@ustx2ex-dag1mb2.msg.corp.akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [139.22.70.44]
Content-Type: multipart/alternative; boundary="_000_E6C9F0E527F94F4692731382340B33781D47B4DENBGAT9EH2MSXww9_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/-6p-RhN-tNNLZ7VkD3jH1-4vtCk>
Subject: Re: [TLS] OCSP Stapling in RFC 6066
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2015 07:56:02 -0000

Hi Rich,

thank you for the feedback. Yes, putting it into the ServerHello would probably be the most easy approach, as it allows extensions. It could probably also be put into the CertificateRequest direcly, but certainly requires more specification.

Regards
Steffen

From: Salz, Rich [mailto:rsalz@akamai.com]
Sent: Mittwoch, 11. Februar 2015 16:10
To: Fries, Steffen; tls@ietf.org
Subject: RE: OCSP Stapling in RFC 6066

You are correct; there is no way for a client to include its OCSP status.   Defining a new extension that the client could put in its hello message would be interesting; it might even work.

--
Principal Security Engineer, Akamai Technologies
IM: rsalz@jabber.me<mailto:rsalz@jabber.me> Twitter: RichSalz

v2.23.0 | Report a Bug | By Email