IETF Logo Mail Archive

Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections

"Fries, Steffen" <steffen.fries@siemens.com> Tue, 09 March 2021 07:28 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBE1D3A15C0 for <tls@ietfa.amsl.com>; Mon, 8 Mar 2021 23:28:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SpZ9TwC_kHfA for <tls@ietfa.amsl.com>; Mon, 8 Mar 2021 23:28:32 -0800 (PST)
Received: from gw-eagle2.siemens.com (gw-eagle2.siemens.com [194.138.20.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C5273A15BF for <tls@ietf.org>; Mon, 8 Mar 2021 23:28:31 -0800 (PST)
Received: from mail1.dc4ca.siemens.de (mail1.dc4ca.siemens.de [139.25.224.78]) by gw-eagle2.siemens.com (Postfix) with ESMTPS id 86C54468026 for <tls@ietf.org>; Tue, 9 Mar 2021 08:28:26 +0100 (CET)
Received: from DEMCHDC89XA.ad011.siemens.net (demchdc89xa.ad011.siemens.net [139.25.226.103]) by mail1.dc4ca.siemens.de (Postfix) with ESMTPS id 9B71918DE07A8 for <tls@ietf.org>; Tue, 9 Mar 2021 08:28:26 +0100 (CET)
Received: from DEMCHDC89XA.ad011.siemens.net (139.25.226.103) by DEMCHDC89XA.ad011.siemens.net (139.25.226.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 9 Mar 2021 08:28:26 +0100
Received: from DEMCHDC89XA.ad011.siemens.net ([139.25.226.103]) by DEMCHDC89XA.ad011.siemens.net ([139.25.226.103]) with mapi id 15.01.2106.013; Tue, 9 Mar 2021 08:28:26 +0100
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
Thread-Index: AQHXEeEgKe23eiCLoE+KwrPix1Q1lap1l0qAgAAS1ACAAA6hAIACZKcAgAGaHsCAAJ8RgIAA7xIw
Date: Tue, 09 Mar 2021 07:28:26 +0000
Message-ID: <02f23fa168b64d7d9294cf986bc56717@siemens.com>
References: <DE27E5E0-4AB9-4B53-92F6-1057015A8F6C@ericsson.com> <20210305173516.GV30153@localhost> <701E874C-EA40-47FD-A4E4-C4C595E96337@ericsson.com> <20210305193502.GW30153@localhost> <AM0PR08MB3716A4C8D0F9BB007F9A0CBCFA949@AM0PR08MB3716.eurprd08.prod.outlook.com> <40166b1968e04cc392c16e2de559e684@siemens.com> <YEZnS1Fi6GRxBMH5@straasha.imrryr.org>
In-Reply-To: <YEZnS1Fi6GRxBMH5@straasha.imrryr.org>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-03-09T07:28:24Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=019b72ec-a6c4-4712-b062-f4a98983d87d; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
x-originating-ip: [139.21.146.198]
x-tm-as-product-ver: SMEX-14.0.0.1158-8.6.1012-26018.005
x-tm-as-result: No-10--27.949500-8.000000
x-tmase-matchedrid: aGuL5piyGFoaWGjWtG8govgvzSw1wUIjDDw2a573DPfAsQvj68mG0+3G 9kzqF3HisVBYqUB/OYRyctOzpsTyWspEqTm4vobWwB7toSEnNVJwf8MFxSHWbGepF8UkUEqlEDn DEqNPduoL9Tj77wy87Gk2+zXcKM6bOLwcGCM9rM0KMK8p5K5PjoDVR1zNwvHu9FQh3flUIh4Gch EhVwJY3yUUey8AOzZez6WgMbOY/onYWMV5Pbe/nK/BhcxTU+D4AVeYrJDUIadJAwwrP0/gGQPfn +3SI1uECD7rjpXrwMowaSqkJSfwOaoCN/ZVgVxgylvBGKunWoj92uS9OE04svCkDKmV2gs54SkI dSwphgaY10nSMWzjivN+oA4oIb1dafrC0wghMNq6v2h/OAYyr6wsur+QkQnOxcDvxm0Uv+A8/9b DwLOgR759Yrw3aQCH9TvadhXG9g0++xlORU5mprycYpjvZqrDY+RJCAYminxDbiUnjRcCmEyQ5f RSh265e5Q84fGfhIahPTx3lW8C2XPj9QPJiWup7diltlqPQV96bMYbioM9qSsIuzCLc2mNktBHf vLK/JqbKItl61J/ybLn+0Vm71Lcq7rFUcuGp/G8QIu4z6HhEH7cGd19dSFd
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
x-tmase-result: 10--27.949500-8.000000
x-tmase-version: SMEX-14.0.0.1158-8.6.1012-26018.005
x-tm-snts-smtp: 215C08BAD9098C74866FB712A29FC7BD65C91B5A64153D83C54B3DF512B3F0F12000:8
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5j52zlJ4RHlQFHNPKBReKTIJ51Y>
Subject: Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Mar 2021 07:28:34 -0000

> -----Original Message-----
> From: TLS <tls-bounces@ietf.org> On Behalf Of Viktor Dukhovni, Sent: Montag, 8. März 2021 19:05
> > The problem that was addressed so far with the session renegotiation in TLS
> 1.2 was motivated by different points.
> >
> > - Recommendation in RFC 5246 regarding the use of the SessionID
> > lifetime
> > - Regular session key update for the ongoing TLS Session
> > - Trigger to verify the certificates used by both sides on a regular
> >   base, ideally in relation to the update of locally available
> >   revocation information
> >
> > For the latter, the assumption was that some of the processes, when a
> > long term key is compromised, may not be perfectly synchronized,
> > meaning that the entity with a potentially compromised
> > certificate/private key (long term key) is not immediately taken from
> > the network.
> 
> So it sounds like the concern is that the key may have already been
> compromised at the time the session was established, but was not yet published
> on a CRL?  And so you want to keep checking the CRL periodically, in case the
> client is talking to an MiTM attacker, and it isn't too late to undo the damage.
Yes, that would be one scenario. 

> 
> Now of course the client can just check its CRL any time it wants, without
> redoing the handshake.  It typically has (or can arrange to
> retain) the server's certificate chain from the initial handshake.
True, which requires either a timer to do the checks periodically (either using CRL or OCSP) or a trigger when a new CRL is locally available.
So I already gathered, that this may be the solution.

> So the only case that comes to mind where a new handshake is needed to
> refresh the certificate validity is with stapled OCSP, where the server is the
> source of the certificate freshness data.
Agree. This would be the case, in which the receiver may have no access to an OCSP responder.


> 
> My take is such measures are much too complicated.  Just keep the connection
> lifetime short, and make a new one from time to time.  Also keep certificate
> lifetimes short.  Where DNSSEC is an option on both ends, you can also use
> DANE TLSA records instead of CRLs, just publish a
> "1 1 1" (PKIX + DANE) or "3 1 1" (DANE only) record that validates the server's
> public key, and give it a short-enough TTL that it can be replaced quickly.
> Presto-magic, no need for OCSP, CRLs, ...
While this may be a solution in general, it may not fit for power systems (like a substation). 
The application of DNSSEC or DANE is not very common and may not be used. Also due to 
Existing deployments, which do not feature these services (yet). 

Regards
Steffen
> 
> --
>     Viktor.
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email