Re: [TLS] OCSP must staple

"Ryan Sleevi" <ryan-ietftls@sleevi.com> Mon, 09 June 2014 04:15 UTC

Return-Path: <ryan-ietftls@sleevi.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 359F41A0654 for <tls@ietfa.amsl.com>; Sun, 8 Jun 2014 21:15:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.034
X-Spam-Level: *
X-Spam-Status: No, score=1.034 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aOsdZ4SBFcKV for <tls@ietfa.amsl.com>; Sun, 8 Jun 2014 21:15:11 -0700 (PDT)
Received: from homiemail-a113.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 5C06E1A04AE for <tls@ietf.org>; Sun, 8 Jun 2014 21:15:11 -0700 (PDT)
Received: from homiemail-a113.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a113.g.dreamhost.com (Postfix) with ESMTP id E542920047B59; Sun, 8 Jun 2014 21:15:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=message-id :in-reply-to:references:date:subject:from:to:cc:reply-to :mime-version:content-type:content-transfer-encoding; s= sleevi.com; bh=LDCtzb3vKt0v4vIOvXnFmHnE4JA=; b=NS1WfV8qSffKvWURP +4J0mG29S3Sw3oiFQCdqyuy8tkHRlyJBcp2ad2THpPI2BSao1fS7Fvs0ZJi8T5Gt cj1aUTKjNZvzMeUZSeT0W6SxQ+baqU5NtAS95LMxBwFUMZiXZeYf02t9l68+W0gb YRITdMxvf6WHkshhaoBCO3FmR4=
Received: from webmail.dreamhost.com (caiajhbihbdd.dreamhost.com [208.97.187.133]) (Authenticated sender: ryan@sleevi.com) by homiemail-a113.g.dreamhost.com (Postfix) with ESMTPA id BEF4F20047B57; Sun, 8 Jun 2014 21:15:10 -0700 (PDT)
Received: from 173.8.157.162 (proxying for 173.8.157.162) (SquirrelMail authenticated user ryan@sleevi.com) by webmail.dreamhost.com with HTTP; Sun, 8 Jun 2014 21:15:10 -0700
Message-ID: <455964081e9c154c6a68781b35d87ba9.squirrel@webmail.dreamhost.com>
In-Reply-To: <CA+cU71nPXxpk05F+5bthRDXyJKVQwHQGSmT0B3qkCg875B69AQ@mail.gmail.com>
References: <097101cf7aa7$17f960a0$47ec21e0$@digicert.com> <4AA8E7B7-A19D-4E65-AF18-C4D02A513652@ieca.com> <538EF79B.3000506@cs.tcd.ie> <CAMm+LwgTnva9jJgVfkaOZ1qP0Rk3w-mFfepnubosgtrCEARv=g@mail.gmail.com> <539069CC.5010304@cs.tcd.ie> <CAFewVt4p4rJ738Yo=XQm6T_jyvG3TnJsSQ5HDZDrqAkyNDa7tg@mail.gmail.com> <20140605173223.GK27883@mournblade.imrryr.org> <20140607164945.GA23329@roeckx.be> <20140607170619.GC27883@mournblade.imrryr.org> <2A0EFB9C05D0164E98F19BB0AF3708C7130F434F7A@USMBX1.msg.corp.akamai.com> <20140607184737.GD27883@mournblade.imrryr.org> <2A0EFB9C05D0164E98F19BB0AF3708C7130F434F7D@USMBX1.msg.corp.akamai.com> <155f01cf82ce$7cfa8360$76ef8a20$@digicert.com> <C877733F-EBCC-4D88-8B99-271914A517B4@gmail.com> <CA+cU71nPXxpk05F+5bthRDXyJKVQwHQGSmT0B3qkCg875B69AQ@mail.gmail.com>
Date: Sun, 8 Jun 2014 21:15:10 -0700
From: "Ryan Sleevi" <ryan-ietftls@sleevi.com>
To: "Tom Ritter" <tom@ritter.vg>
User-Agent: SquirrelMail/1.4.21
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/1xLijw2Hk0Ay8vxygQ8kRmWAGDk
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] OCSP must staple
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ryan-ietftls@sleevi.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jun 2014 04:15:12 -0000

On Sat, June 7, 2014 10:10 pm, Tom Ritter wrote:

>  While it looks some of the semantics of 'Must Staple', I think either
>  behavior could be acceptable for a client.  Either closing the connection
>  without attempting to contact a OCSP server, or switching to a 'Hard Fail'
>  OCSP lookup.
>
>  I can imagine some servers deciding that they would want clients to fail
>  if
>  they didn't send a staple, rather than leak the OCSP lookup to the CA.  I
>  could imagine other servers wanting to hedge their bets and have the
>  client
>  make an attempt before giving up.
>
>  I don't understand what you mean by the OCSP server rejcting them.

It's not really "must staple" if clients fall back to doing lookups, is
it? It's more like "should consider staple" (RFC 6919)

I would expect conforming clients to fail if must-staple is present but
not stapled. This includes ignoring OCSP cached responses, and prevents
online lookups.

This interpretation is key among the reasons why Chrom{e/ium} has not
(yet) begun experimenting with must staple, since the APIs used don't
offer as much flexibility. However, that interpretation is exactly what
ensures interoperability - these sorts of "soft fallbacks" cause a number
of issues, as everyone in the TLS WG can attest to elsewhere (eg: TLS
version rollback, AIA chasing, etc)