IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-cached-info-14

"Piyush Jain" <piyush@ditenity.com> Wed, 10 April 2013 14:45 UTC

Return-Path: <piyush@ditenity.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EACD421F94CC for <tls@ietfa.amsl.com>; Wed, 10 Apr 2013 07:45:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.128
X-Spam-Level:
X-Spam-Status: No, score=-0.128 tagged_above=-999 required=5 tests=[AWL=-0.724, BAYES_00=-2.599, DOS_OUTLOOK_TO_MX=1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_EQ_LT4=0.442, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PfoChVPjx6DL for <tls@ietfa.amsl.com>; Wed, 10 Apr 2013 07:45:51 -0700 (PDT)
Received: from mail-yh0-x231.google.com (mail-yh0-x231.google.com [IPv6:2607:f8b0:4002:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 8D77721F93B2 for <tls@ietf.org>; Wed, 10 Apr 2013 07:45:51 -0700 (PDT)
Received: by mail-yh0-f49.google.com with SMTP id q14so60369yhf.22 for <tls@ietf.org>; Wed, 10 Apr 2013 07:45:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:content-language:x-gm-message-state; bh=nuV4jx5uX/F7reB7NMuPVTpniA2p/wLiRly6BNgaAxg=; b=ZfAzHbGTfhwtZQmHem+A9lUddOYJw89VS+9Oyfql0p30yEDNhiYqzkIUXH9BJew4gb 3awPxOF5TFksZhefSpoSDKDJIErR42boZ8E43BtMLHQbNLK6yQKRwvgwpzqQFbKJcfH+ 57stn/C02Uo6rc0aKtI+kzvI66aHqQmZq5Bqt/vdBCfFR0txdySqys4CQDnyw5aFgPZu fFCdS+0QmhSAL1JH0Bnl554x12PMjL7HDdvBPO+kIsRFBH1D5sFcXB+2J3E7619/m3id i7rZRZoyiU+dZjxfZ3jPnhl4PPeNV6t8EZPbLpSYf2z5+zAX+QyuhKX6S9fUyJKjIXbR HCdQ==
X-Received: by 10.236.199.78 with SMTP id w54mr1303024yhn.101.1365605150679; Wed, 10 Apr 2013 07:45:50 -0700 (PDT)
Received: from hp13 (75-25-128-241.lightspeed.sjcpca.sbcglobal.net. [75.25.128.241]) by mx.google.com with ESMTPS id b78sm358210yhi.2.2013.04.10.07.45.48 (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 10 Apr 2013 07:45:49 -0700 (PDT)
From: Piyush Jain <piyush@ditenity.com>
To: "'Yngve N. Pettersen'" <yngve@spec-work.net>, tls@ietf.org, 'Rob Stradling' <rob.stradling@comodo.com>
References: <2C078811-2A81-4B37-82F0-FAD94A7395BD@gmx.net> <51547C0C.20806@ieca.com> <A3EEC7FB-665B-4543-8D42-A997100506E5@gmx.net> <5154B4C9.1070405@comodo.com> <5096AB41-02FD-4E01-A78E-BEF272181F42@gmx.net> <5162C154.1010202@comodo.com> <op.wu76e6o73dfyax@killashandra.invalid.invalid> <5163200D.2030300@comodo.com> <op.wu8nh01v3dfyax@killashandra.invalid.invalid> <51646709.4030803@comodo.com> <op.wvakl2sk3dfyax@killashandra.invalid.invalid> <097601ce3574$f4495c50$dcdc14f0$@ditenity.com> <51656C00.8030200@comodo.com> <op.wvbvjwm73dfyax@killashandra.invalid.invalid>
In-Reply-To: <op.wvbvjwm73dfyax@killashandra.invalid.invalid>
Date: Wed, 10 Apr 2013 07:45:34 -0700
Message-ID: <0a1801ce35fa$10283650$3078a2f0$@ditenity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJlAb7NsstXjqmQRSHXKYXg2JOPjAHY6j2EAi7U10ICrEPZfgKTKz73AOQ2LZoBb2wfGgHhzkwPAfgjWBgCU4m1cQJXslm/AcH7iVICHlM1kgJCjcGGls/OHMA=
Content-Language: en-us
X-Gm-Message-State: ALoCoQn9JtEzNEKljJwLPe6eYgbB3OBQmZTehSY4W8Fn9PB+Llnib+mLPTrHC7oLvUPC5xTS9vV0
Subject: Re: [TLS] draft-ietf-tls-cached-info-14
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2013 14:45:53 -0000

> Please keep in mind that the certificate chain sequence can be changed at
> any time. Any mechanism used would need to take that into consideration.
[Piyush] Not sure if I understood it correctly. TLS has strict guidelines on
sequence of certificates in the chain. The certificate chain sequence would
change only when the server certificate changes (or in some rare cases when
intermediate CA's certificate rolls over). Right? If that happens than
certificate_list cached object held by the client would become invalid and
consequently any stapled responses associated with the old certificate chain
would also become invalid.

Let's make sure that we are on the same page regarding this before I respond
to your other points below, otherwise we'll get past each other because we
would be working off different set of assumptions.

> 
> Therefore, such a solution would have to link it to the fingerprint of the
chain
> of stapled responses. However, once you provide that information you don't
> need a boolean value to indicate which responses you have and that are
> valid, because the server will already have that information.
> It might be conceivable to link the information to the fingerprint of the
> certificate chain and then use the bools, but that would actually require
(a
> few) more bytes on the wire than indicating the fingerprint of the stapled
> response list (although: one could get past that by linking the stapled
list with
> the entry for cached certificates, but I think that would complicate
matters
> more than is necessary to save a few bytes; particularly if the client for
some
> reason is not caching the certificate chain).
> On Wed, 10 Apr 2013 15:41:20 +0200, Rob Stradling
> <rob.stradling@comodo.com> wrote:
> 
> > On 09/04/13 23:52, Piyush Jain wrote:
> >> I'm having a basic problem understanding OCSPResponse cachedinfo
> >> object and the need to obtain the latest cert_status from the server.
> >>
> >> Why does a TLS client care if it has the same OCSP responses (for
> >> server and any intermediate certificate) as the TLS server, as long
> >> as it has some valid OCSP responses for those certificates? IMO, all
> >> the client cares about is the fact that it can build a valid status
> >> checked path to the locally configured trust anchor.
> >>
> >> So the only thing that the client needs to tell the server is the
> >> list of certificates for which it needs the status (either because
> >> the status in the cache expired or because it never got the status
> >> from this or other server).
> >> This can be communicated easily through a list of Boolean values. The
> >> position of the value corresponds to the position of certificate in
> >> the certificate chain and the value indicates if the client wants the
> >> server to include the status of corresponding cert.
> >> This makes the cached info object for OCSP responses much smaller
> >> compared to the representation that uses hash and also allows the
> >> clients to make use of locally cached OCSP responses irrespective of
> >> where they came from.
> >
> > Thanks Piyush.  I think that a "list of Boolean values" for requesting
> > cert statuses is a much better idea.  :-)
> >
> > When you say "The position of the value corresponds to the position of
> > certificate in the certificate chain", I presume you're referring to
> > the
> > CachedObject(s) of type "certificate_chain" that the client sends.
> >
> > If a client were to send >1 CachedObjects of type "certificate_chain"
> > and >1 "list of Boolean values" CachedObjects, there could be
> > ambiguity over which "certificate_chain" is paired with which "list of
> > Boolean values".
> >
> > Would we simply say that the CachedObject(s) of these two types must
> > be sent in the same order?
> > Or would we need to squeeze the "list of Boolean values" into the
> > "certificate_chain" CachedObject type somehow?
> >
> >> -Piyush
> >>
> >>> -----Original Message-----
> >>> From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf
> >>> Of Yngve N. Pettersen
> >>> Sent: Tuesday, April 09, 2013 2:00 PM
> >>> To: Rob Stradling
> >>> Cc: tls@ietf.org
> >>> Subject: Re: [TLS] draft-ietf-tls-cached-info-14
> >>>
> >>> On Tue, 09 Apr 2013 21:07:53 +0200, Rob Stradling
> >>> <rob.stradling@comodo.com> wrote:
> >>>
> >>>> On 08/04/13 21:07, Yngve N. Pettersen wrote:
> >>>> <snip>
> >>>>>> Example:
> >>>>>>     - Client visits https://www.google.com and
> >>>>>> https://mail.google.com, each for the first time ever, and caches
> >>>>>> the certificate chains and OCSP Responses for the End-entity and
> >>>>>> Intermediate certs.  Client observes that the same "Google
> >>>>>> Internet Authority" Intermediate is used in both cases.
> >>>>>>     - A while later, client performs another full handshake to
> >>>>>> https://www.google.com and gets back a different OCSP Response
> >>> (with
> >>>>>> a more recent thisUpdate value) for the same Intermediate cert.
> >>>>>>     - A while later, client performs another full handshake to
> >>>>>> https://mail.google.com.  It sends the CachedObject for the
> >>>>>> Intermediate OCSP Response that https://www.google.com just
> >>>>>> returned, because it knows that this OCSP Response is relevant
> >>>>>> for the Intermediate cert that https://mail.google.com used last
> >>>>>> time the client connected to it, and because this OCSP Response
> >>>>>> is the freshest one that the client has available.
> >>>>>
> >>>>> What about www.co.uk and bank.co.uk?
> >>>>>
> >>>>> Such things get complicated very fast, which is why we had to
> >>>>> develop the public suffix list.
> >>>>>
> >>>>> Please, let us stay way, way, *way* out of that particular thorny
> >>>>> area.
> >>>>
> >>>> If the End-entity certs at https://www.co.uk and https://bank.co.uk
> >>>> are both issued by the same Intermediate, then what's the problem?
> >>>> Why are the domain names even relevant when deciding whether or
> not
> >>>> it's "safe" for the client to send an Intermediate cert's OCSP
> >>>> Response that a different server provided?
> >>>
> >>> Tip: If domain names are irrelevant, make sure they do not carry
> >>> meaning
> >> in
> >>> the discussion, particularly when combined with the word "safe".
> >>> Might confuse things.
> >>>
> >>>> I agree that my proposal should be rejected _if_ the consensus is
> >>>> that it adds too much extra complexity.  But IMHO the more bytes on
> >>>> the wire we can save, the more chance there is that Multi-Stapling
> >>>> + Cached-Info will actually get deployed widely.
> >>>
> >>> The concept still assumes that server1 and server2 will have same
> >>> binary response R for certificate X at time T, even if the client
> >>> have previously
> >> only
> >>> seen R from server1, and instead seen response S from server2.
> >>>
> >>> If, at time T both R and S are valid, but R is valid longer than S,
> >>> which
> >> should
> >>> be indicated to server2? If both, that means more (unnecessary)
> >>> bytes on the wire, particularly if you have more than 2 servers
> >>> (e.g. 200) with the
> >> same
> >>> (issuer) certificate, each with binary different valid responses.
> >>>
> >>> What if the client indicates R to server2 and leaves out S, but
> >>> server2
> >> does
> >>> not have R (and might get response Q if it requested an update)?
> >>> Most
> >> likely
> >>> server2 would then resend response S. Result: unnecessary bytes on
> >>> the wire.
> >>>
> >>> Personally, I think it is better to assume that the OCSP responses
> >>> kept by
> >> two
> >>> servers are different, even if they are signed by the same issuer.
> >>> It
> >> might be
> >>> that servers in different geographical areas connect to different
> >>> OCSP responders which have responses generated at different times
> >>> (or who generate on-the-fly responses).
> >>>
> >>> As mentioned above, the potential problems becomes even more
> >>> pronounced if you are dealing with hundreds or thousands of servers
> >>> (as we would likely do with servers using Comodo issued
> >>> certificates, for
> >> example).
> >>>
> >>> My advice: Keep cache lists for each server separate from the lists
> >>> used
> >> for
> >>> other servers. That does not mean that the client cannot optimize
> >>> storage
> >> by
> >>> combining the storage for each entry in the list, though. There is
> >>> too
> >> much
> >>> chance of guessing wrong about what the server should know based on
> >>> what the client knows.
> >>>
> >>> --
> >>> Sincerely,
> >>> Yngve N. Pettersen
> >>>
> >>> Using Opera's mail client: http://www.opera.com/mail/
> >>> _______________________________________________
> >>> TLS mailing list
> >>> TLS@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/tls
> >>
> >>
> >
> 
> 
> --
> Sincerely,
> Yngve N. Pettersen
> 
> Using Opera's mail client: http://www.opera.com/mail/

v2.23.0 | Report a Bug | By Email