IETF Logo Mail Archive

Re: [TLS] [pkix] New version of Multiple OCSP mode of Certificate

Nicolas Williams <Nicolas.Williams@oracle.com> Thu, 05 August 2010 21:00 UTC

Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5626F3A67D3; Thu, 5 Aug 2010 14:00:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.503
X-Spam-Level:
X-Spam-Status: No, score=-6.503 tagged_above=-999 required=5 tests=[AWL=0.095, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54xGmkz+vmrz; Thu, 5 Aug 2010 14:00:42 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 59F813A680D; Thu, 5 Aug 2010 14:00:42 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id o75L1BA8007813 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 5 Aug 2010 21:01:13 GMT
Received: from acsmt355.oracle.com (acsmt355.oracle.com [141.146.40.155]) by rcsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o75KxcZM009668; Thu, 5 Aug 2010 21:00:02 GMT
Received: from abhmt020.oracle.com by acsmt355.oracle.com with ESMTP id 470292041281039469; Thu, 05 Aug 2010 13:17:49 -0700
Received: from oracle.com (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 05 Aug 2010 13:17:49 -0700
Date: Thu, 05 Aug 2010 15:17:43 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: "Miller, Timothy J." <tmiller@mitre.org>
Message-ID: <20100805201743.GY5213@oracle.com>
References: <20100805001137.GE5213@oracle.com> <201008050103.o7513F15000806@fs4113.wdf.sap.corp> <17FD76C1ECD0AB49817637E21809ABF908A316DF81@IMCMBX2.MITRE.ORG>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <17FD76C1ECD0AB49817637E21809ABF908A316DF81@IMCMBX2.MITRE.ORG>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Source-IP: acsmt355.oracle.com [141.146.40.155]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090206.4C5B2697.0109:SCFMA4539814,ss=1,fgs=0
Cc: "pkix@ietf.org" <pkix@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] [pkix] New version of Multiple OCSP mode of Certificate
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2010 21:00:43 -0000

On Thu, Aug 05, 2010 at 08:39:33AM -0400, Miller, Timothy J. wrote:
> You have yet to propose an alternative.  Absent an alternative, I'd
> support a security note to the effect that path construction modules
> should be careful to treat retrieved data as potentially unsafe until
> validated.

You were responding to Martin, but I'll take a crack at this too, based
on Martin's idea for using "hints":

 - Define hints that peers can tell each other about what PKI / what
   part of a PKI they "live in";

    - this could take the form of a name, domainname, whatever (requires
      naming conventions)
    - or it could take the form of a list of trust anchor names (can be
      quite large, so not ideal)

   I prefer using names to listing TAs.  To prevent namespace collisions
   I'd use domainames to name PKIs.

 - Given a peer's hints send a full cert chain that they should be able
   to verify;

 - Then the peer will validate the cert chain you send them from the
   trust anchor to your EE cert.

This takes the onus of path construction from the rp's shoulders (where
it is dangerous to the rp) and puts it on the rp's peer (where it
belongs).  Validation path construction is not elided completely, just
moved to where it belongs.

Alternatively, and even concurrently, I'd like to constraint AIA as I've
described before and which I'll repeat here:

 - AIA URLs should be limited to HTTP an LDAP schemes only;
 - The server name must be a domainname, to be resolved to an IP
   address;
 - The local part of AIA HTTP URLs should be left empty because it will
   be well-known (see host-meta);
 - The local part of AIA LDAP URLs should be left empty because there
   will be a simple convention for searching the DIT (try a well-defined
   scope sub search from each naming context provided by the server);

This is still not entirely safe because an rp's peer can still cause you
to try to retrieve a CA cert from any hostname they want.

Alternatively, and even concurrently:

 - Replace AIA with a URL construction convention based on the
   certificate's issuer's Name.

This last is still not entirely safe if you're constructing a path from
a peer's EE cert to any of your TAs because the peer's EE cert's issuer
can be anything they want it to be.

Nico
--

v2.23.0 | Report a Bug | By Email